Module: Capricorn::Server::Security::ClassMethods

Defined in:
lib/capricorn/server/security.rb

Instance Method Summary collapse

Instance Method Details

#dump_quick_cert_config!Object



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/capricorn/server/security.rb', line 54

def dump_quick_cert_config!
  return if File.file? Capricorn.system.path('quick_cert', 'qc_config')
  
  config = %{
full_hostname = `hostname`.strip
domainname = full_hostname.split('.')[1..-1].join('.')
hostname = full_hostname.split('.')[0]

CA[:hostname] = hostname
CA[:domainname] = domainname
CA[:CA_dir] = File.join Dir.pwd, "CA"
CA[:password] = '#{rand(100_000)}'

CERTS << {
:type => 'server',
:hostname => 'capricorn',
# :password => '#{rand(100_000)}',
}

CERTS << {
:type => 'client',
:user => 'core',
:email => '[email protected]',
}
}
  FileUtils.mkdir_p(Capricorn.system.path('quick_cert'))
  File.chmod(0700, Capricorn.system.path('quick_cert'))
  File.open(Capricorn.system.path('quick_cert', 'qc_config'), 'w+') { |f| f.write config }
end

#install_quick_cert!Object



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/capricorn/server/security.rb', line 34

def install_quick_cert!
  unless Capricorn.system.find_bin('QuickCert')
    FileUtils.mkdir_p('/tmp/quick_cert')
    File.chmod(0700, '/tmp/quick_cert')
    
    Dir.chdir('/tmp/quick_cert') do
      Capricorn.system.run "curl -O #{Capricorn::QUICK_CERT}"
      Capricorn.system.run "tar xzf QuickCert-1.0.2.tar.gz"
      
      Dir.chdir('/tmp/quick_cert/QuickCert-1.0.2') do
        Capricorn.system.run "#{Capricorn.system.ruby_path} ./setup.rb config"
        Capricorn.system.run "#{Capricorn.system.ruby_path} ./setup.rb setup"
        Capricorn.system.run "#{Capricorn.system.ruby_path} ./setup.rb install"
      end
    end
    
    FileUtils.rm_rf('/tmp/quick_cert')
  end
end

#make_client_cert_public!Object



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/capricorn/server/security.rb', line 92

def make_client_cert_public!
  token = nil
  if Capricorn.system.use_ssl?
    token = Capricorn::Client::AuthToken.new(
      :target_uri => self.construct_uri(DRb.uri),
      :verify_mode => OpenSSL::SSL::VERIFY_PEER,
      :private_key_data => File.read(Capricorn.system.path('quick_cert', 'core', 'core_keypair.pem')),
      :certificate_data => File.read(Capricorn.system.path('quick_cert', 'core', 'cert_core.pem')),
      :ca_certificate_data => File.read(Capricorn.system.path('quick_cert', 'CA', 'cacert.pem'))
    )
  else
    token = Capricorn::Client::AuthToken.new(
      :target_uri => self.construct_uri(DRb.uri))
  end
  token.dump_file(Capricorn.system.path('core.token'))
  FileUtils.chmod_R(0775, Capricorn.system.path('core.token'))
end

#options_for_serverObject



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/capricorn/server/security.rb', line 12

def options_for_server
  
  config = {}
  if Capricorn.system.use_ssl?
    install_quick_cert!
    dump_quick_cert_config!
    run_quick_cert!
    
    keypair = Capricorn.system.path('quick_cert', 'capricorn', 'capricorn_keypair.pem')
    cert    = Capricorn.system.path('quick_cert', 'capricorn', 'cert_capricorn.pem')
    
    config = {
      :SSLPrivateKey  => OpenSSL::PKey::RSA.new(File.read(keypair)),
      :SSLCertificate => OpenSSL::X509::Certificate.new(File.read(cert)),
      :SSLVerifyMode  => OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
      :SSLCACertificateFile => Capricorn.system.path('quick_cert', 'CA', 'cacert.pem')
    }
  end
  
  config
end

#run_quick_cert!Object



84
85
86
87
88
89
90
# File 'lib/capricorn/server/security.rb', line 84

def run_quick_cert!
  return if File.directory? Capricorn.system.path('quick_cert', 'CA')
  
  Dir.chdir(Capricorn.system.path('quick_cert')) do
    Capricorn.system.run Capricorn.system.find_bin('QuickCert')
  end
end