Parent

YALTools::MainWrapper

YALTools::MainWrapper is a class which has a responsibility to control information about the authentication.

The YALTools::MainWrapper::getCouch method returns an instance of YALTools::Main.

The conf_file can hold multiple authentication entries. The label specifies the entry which will be used for authentication.

Usage

   wrapper = YALTools::MainWrapper.new("config.yaml", "default.user")
   wrapper.set_masster_pwfile("master_pw.json")
   @couch = wrapper.getCouch
   h = @couch.get("/example/_all_docs")

Configuration File Format

These are standard form of the yaml conf file.

For basic/digest authentication

The net-http-digest_auth library is required for the digest auth.

  label:
    host:
    port:
    user:
    password:
    password_salt:       ## option for encrypted password.
    password_pass_file:  ## option.
    digest_auth:         ## option for digest_auth.
    cacert:              ## option for ssl.
for ssl_client authentication

Stunnel or other deligation server is required for the ssl client auth.

  label:
    host:
    port:
    user:
    password:
    cacert:
    ssl_client_cert_file:
    password_salt:        ## option.
    password_pass_file:   ## option.
    ssl_client_key_file:
    ssl_client_key_file_pass:       ## option for the encrypted ssl_client_key_file.
    ssl_client_key_file_pass_salt:  ## option.
    ssl_client_key_file_pass_file:  ## option.
    ssl_verify_depth:     ## option.
    ssl_verify_mode:      ## option. one of "OpenSSL::SSL::VERIFY_NONE",
                          ##                "OpenSSL::SSL::VERIFY_PEER",
                          ##                "OpenSSL::SSL::VERIFY_CLIENT_ONCE",
                          ##                "OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT"
for proxy_authentication

The proxy authentication is a rare case, I think. But it’s possible.

  label:
    host:
    port:
    user:
    password:
    password_salt:       ## option.
    password_pass_file:  ## option.
    proxy_auth_user:
    proxy_auth_token:
    proxy_auth_rules:
    cacert:              ## option for ssl.

Requirements for encryption/decryption support.

YALTools::MainWrapper class supports the password encryption and decription. A master password file is essential for this function.

The set_master_pwfile(filepath) method is prepared for your convenience.

Instead of the set_master_pwfile() method, please use password_pass_file and ssl_client_key_file_pass_file config entries.

Examples

Case 1. Connect directly to CouchDB.

 case1.admin:
    host: localhost
    port: 5984
    user: admin
    password: xxxxxx

Case 2. Connect directly to CouchDB, but password is encrypted.

  case2.admin:
    host: localhost
    port: 5984
    user: admin
    password: d3a5a45f8c5e1ad0dd134a9c46e1c82f
    password_salt: 3c31184f5193ef30

The password, xxxxxx, was encrypted by the salt and the master-password text;

  {"sec_text":"f4fcf31194e12f3fbfefa3d1f5256e2cf19859f63f5cf2ab1e5778f85afa40f2"}.

After saving the above line to the file like as ‘sec_text.txt’, the encrypted string can be decrypted;

   $ utils/sbin/decpassword -m sec_text.txt -t d3a5a45f8c5e1ad0dd134a9c46e1c82f -s 3c31184f5193ef30
   xxxxxx

Case 3. Connect to CouchDB via Apache working as a ssl web proxy.

In this case, apache is working as a proxy and listening on 443 port with the following setting;

  <IfModule mod_proxy.c>
        ProxyPass / http://127.0.0.1:5984/
        ProxyPassReverse / http://127.0.0.1:5984/
  </IfModule>

  case3.admin:
    host: localhost
    port: 443
    user: admin
    password: xxxxxx
    cacert: /etc/ssl/certs/cacerts.pem

The user and password will be confirmed by the CouchDB.

Case 4. Connect to CouchDB via stunnel.

  admin.admin:
    host: ssl.yasundial.org
    port: 6984
    user: admin
    password: xxxxxx
    cacert: /etc/ssl/certs/cacerts.pem
    ssl_client_cert_file: /etc/ssl/certs/client.cert.pem
    ssl_client_key_file: /etc/ssl/certs/client.key.pem
    ssl_client_key_file_pass: xyxyxyxy
    ssl_verify_mode: OpenSSL::SSL::VERIFY_PEER

Exceptions

YALTools::LabelNotFoundError

causes from

  • initialize

Attributes

debug[RW]

Public Class Methods

new(conf_file, label) click to toggle source

If the label is not defined on the conf_file, it raises the exception, YALTools::LabelNotFoundError.

     # File yalt/mainwrapper.rb, line 153
153:     def initialize(conf_file, label)
154:       begin
155:         @conf = YAML::load_file(conf_file)
156:       rescue
157:         @conf = {}
158:       end
159:       @label = label
160:       @debug = false
161:       @master_pwfile = ""
162:       
163:       raise YALTools::LabelNotFoundError if not @conf.has_key?(@label)
164:     end

Public Instance Methods

getCouch() click to toggle source

returns the instance of the YALTools::Main or nil if failed.

     # File yalt/mainwrapper.rb, line 180
180:     def getCouch()
181:       main = nil
182:       
183:       opts = {}
184:       begin
185:         @conf[@label].keys.each do |l|
186:           case l
187:           when 'ssl_client_cert_file'
188:             opts['ssl_client_cert'] = 
189:               OpenSSL::X509::Certificate.new(File.new(@conf[@label][l]))
190:             
191:           when 'ssl_client_key_file'
192:             if @conf[@label].has_key?('ssl_client_key_file_pass')
193:               ssl_client_key_file_pass = ""              
194:               if @conf[@label].has_key?('ssl_client_key_file_pass_salt')
195:                 if @conf[@label].has_key?('ssl_client_key_file_pass_file')
196:                    ssl_master_pwfile = @conf[@label]['ssl_client_key_file_pass_file']
197:                 else
198:                   ssl_master_pwfile = @master_pwfile
199:                 end
200:                 ssl_client_key_file_pass = YALTools::Crypt::decrypt_text(ssl_master_pwfile,
201:                                                                         @conf[@label]['ssl_client_key_file_pass_salt'], 
202:                                                                         @conf[@label]['ssl_client_key_file_pass'])
203:               else
204:                 ssl_client_key_file_pass = @conf[@label]['ssl_client_key_file_pass']
205:               end
206:               opts['ssl_client_key'] = OpenSSL::PKey::RSA.new(File.new(@conf[@label][l]),
207:                                                               ssl_client_key_file_pass)
208:             else
209:               opts['ssl_client_key'] = OpenSSL::PKey::RSA.new(File.new(@conf[@label][l]))
210:             end
211:           when 'ssl_verify_mode'
212:             begin
213:               opts[l] = eval(@conf[@label][l])
214:             rescue
215:               opts[l] = nil
216:             end
217:           when 'password'
218:             if @conf[@label].has_key?('password_salt')
219:               password_master_pwfile = @master_pwfile
220:               password_master_pwfile = @conf[@label]['password_pass_file'] if @conf[@label].has_key?('password_pass_file')
221:               opts[l] = YALTools::Crypt::decrypt_text(password_master_pwfile,
222:                                                      @conf[@label]['password_salt'], @conf[@label][l])
223:             else
224:               opts[l] = @conf[@label][l]
225:             end
226:           when 'host','port'
227:           when 'password_salt','password_pass_file'
228:           when 'ssl_client_key_file_pass','ssl_client_key_file_pass_salt','ssl_client_key_file_pass_file'
229:             ## do nothing
230:           else
231:             opts[l] = @conf[@label][l]
232:           end
233:         end
234:         
235:         opts["debug"] = true if debug
236:         $stderr.puts "opts: #{opts}" if debug
237:         
238:         main = YALTools::Main.new(Couch::Server.new(@conf[@label]["host"], @conf[@label]["port"], opts))
239:         main.debug = debug if debug and main.respond_to?(:debug)
240:       rescue
241:         $stderr.puts $! if debug
242:       end
243:       checkCouchDBVersion(main)
244:       return main
245:     end
set_master_pwfile(filepath) click to toggle source

sets the master password filepath for encryption and decription.

The file format of the master password file is ;

  {"sec_text":"xxxxxxxxxxxxxxxxxxxxxxxxxxxx"}

The value of “sec_text“ must be string, but there is no limitation of its length.

     # File yalt/mainwrapper.rb, line 174
174:     def set_master_pwfile(filepath)
175:       @master_pwfile = filepath
176:       $stderr.puts "[debug] set master_pwfile to #{filepath}." if @debug
177:     end

Private Instance Methods

checkCouchDBVersion(couch) click to toggle source

returns true or false.

couch is an instance of Couch::Server or YALTools::Main.

The “true” means that it successfully connected to CouchDB.

     # File yalt/mainwrapper.rb, line 254
254:     def checkCouchDBVersion(couch)
255:       flag = false
256:       begin
257:         json = couch.get("/")
258:         case json
259:         when Hash 
260:           flag = true if json.has_key?("version")
261:         when Net::HTTPResponse
262:           flag = true if json.body =~ /version/
263:         end
264:       rescue
265:       end
266:       raise YALTools::ServerConnectionError if flag == false
267:     end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.