In Files
Parent
Object
Object
YALTools::MainWrapper is a class which has a responsibility to control information about the authentication.
The YALTools::MainWrapper::getCouch method returns an instance of YALTools::Main.
The conf_file can hold multiple authentication entries. The label specifies the entry which will be used for authentication.
![[+]](../images/find.png "show/hide quicksearch"){kind=small}
wrapper = YALTools::MainWrapper.new("config.yaml", "default.user")
wrapper.set_masster_pwfile("master_pw.json")
@couch = wrapper.getCouch
h = @couch.get("/example/_all_docs")
These are standard form of the yaml conf file.
The net-http-digest_auth library is required for the digest auth.
label:
host:
port:
user:
password:
password_salt: ## option for encrypted password.
password_pass_file: ## option.
digest_auth: ## option for digest_auth.
cacert: ## option for ssl.
Stunnel or other deligation server is required for the ssl client auth.
label:
host:
port:
user:
password:
cacert:
ssl_client_cert_file:
password_salt: ## option.
password_pass_file: ## option.
ssl_client_key_file:
ssl_client_key_file_pass: ## option for the encrypted ssl_client_key_file.
ssl_client_key_file_pass_salt: ## option.
ssl_client_key_file_pass_file: ## option.
ssl_verify_depth: ## option.
ssl_verify_mode: ## option. one of "OpenSSL::SSL::VERIFY_NONE",
## "OpenSSL::SSL::VERIFY_PEER",
## "OpenSSL::SSL::VERIFY_CLIENT_ONCE",
## "OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT"
The proxy authentication is a rare case, I think. But it’s possible.
label:
host:
port:
user:
password:
password_salt: ## option.
password_pass_file: ## option.
proxy_auth_user:
proxy_auth_token:
proxy_auth_rules:
cacert: ## option for ssl.
YALTools::MainWrapper class supports the password encryption and decription. A master password file is essential for this function.
The set_master_pwfile(filepath) method is prepared for your convenience.
Instead of the set_master_pwfile() method, please use password_pass_file and ssl_client_key_file_pass_file config entries.
case1.admin:
host: localhost
port: 5984
user: admin
password: xxxxxx
case2.admin:
host: localhost
port: 5984
user: admin
password: d3a5a45f8c5e1ad0dd134a9c46e1c82f
password_salt: 3c31184f5193ef30
The password, xxxxxx, was encrypted by the salt and the master-password text;
{"sec_text":"f4fcf31194e12f3fbfefa3d1f5256e2cf19859f63f5cf2ab1e5778f85afa40f2"}.
After saving the above line to the file like as ‘sec_text.txt’, the encrypted string can be decrypted;
$ utils/sbin/decpassword -m sec_text.txt -t d3a5a45f8c5e1ad0dd134a9c46e1c82f -s 3c31184f5193ef30 xxxxxx
In this case, apache is working as a proxy and listening on 443 port with the following setting;
<IfModule mod_proxy.c>
ProxyPass / http://127.0.0.1:5984/
ProxyPassReverse / http://127.0.0.1:5984/
</IfModule>
case3.admin:
host: localhost
port: 443
user: admin
password: xxxxxx
cacert: /etc/ssl/certs/cacerts.pem
The user and password will be confirmed by the CouchDB.
admin.admin:
host: ssl.yasundial.org
port: 6984
user: admin
password: xxxxxx
cacert: /etc/ssl/certs/cacerts.pem
ssl_client_cert_file: /etc/ssl/certs/client.cert.pem
ssl_client_key_file: /etc/ssl/certs/client.key.pem
ssl_client_key_file_pass: xyxyxyxy
ssl_verify_mode: OpenSSL::SSL::VERIFY_PEER
causes from
initialize
If the label is not defined on the conf_file, it raises the exception, YALTools::LabelNotFoundError.
# File yalt/mainwrapper.rb, line 153
153: def initialize(conf_file, label)
154: begin
155: @conf = YAML::load_file(conf_file)
156: rescue
157: @conf = {}
158: end
159: @label = label
160: @debug = false
161: @master_pwfile = ""
162:
163: raise YALTools::LabelNotFoundError if not @conf.has_key?(@label)
164: end
returns the instance of the YALTools::Main or nil if failed.
# File yalt/mainwrapper.rb, line 180
180: def getCouch()
181: main = nil
182:
183: opts = {}
184: begin
185: @conf[@label].keys.each do |l|
186: case l
187: when 'ssl_client_cert_file'
188: opts['ssl_client_cert'] =
189: OpenSSL::X509::Certificate.new(File.new(@conf[@label][l]))
190:
191: when 'ssl_client_key_file'
192: if @conf[@label].has_key?('ssl_client_key_file_pass')
193: ssl_client_key_file_pass = ""
194: if @conf[@label].has_key?('ssl_client_key_file_pass_salt')
195: if @conf[@label].has_key?('ssl_client_key_file_pass_file')
196: ssl_master_pwfile = @conf[@label]['ssl_client_key_file_pass_file']
197: else
198: ssl_master_pwfile = @master_pwfile
199: end
200: ssl_client_key_file_pass = YALTools::Crypt::decrypt_text(ssl_master_pwfile,
201: @conf[@label]['ssl_client_key_file_pass_salt'],
202: @conf[@label]['ssl_client_key_file_pass'])
203: else
204: ssl_client_key_file_pass = @conf[@label]['ssl_client_key_file_pass']
205: end
206: opts['ssl_client_key'] = OpenSSL::PKey::RSA.new(File.new(@conf[@label][l]),
207: ssl_client_key_file_pass)
208: else
209: opts['ssl_client_key'] = OpenSSL::PKey::RSA.new(File.new(@conf[@label][l]))
210: end
211: when 'ssl_verify_mode'
212: begin
213: opts[l] = eval(@conf[@label][l])
214: rescue
215: opts[l] = nil
216: end
217: when 'password'
218: if @conf[@label].has_key?('password_salt')
219: password_master_pwfile = @master_pwfile
220: password_master_pwfile = @conf[@label]['password_pass_file'] if @conf[@label].has_key?('password_pass_file')
221: opts[l] = YALTools::Crypt::decrypt_text(password_master_pwfile,
222: @conf[@label]['password_salt'], @conf[@label][l])
223: else
224: opts[l] = @conf[@label][l]
225: end
226: when 'host','port'
227: when 'password_salt','password_pass_file'
228: when 'ssl_client_key_file_pass','ssl_client_key_file_pass_salt','ssl_client_key_file_pass_file'
229: ## do nothing
230: else
231: opts[l] = @conf[@label][l]
232: end
233: end
234:
235: opts["debug"] = true if debug
236: $stderr.puts "opts: #{opts}" if debug
237:
238: main = YALTools::Main.new(Couch::Server.new(@conf[@label]["host"], @conf[@label]["port"], opts))
239: main.debug = debug if debug and main.respond_to?(:debug)
240: rescue
241: $stderr.puts $! if debug
242: end
243: checkCouchDBVersion(main)
244: return main
245: end
sets the master password filepath for encryption and decription.
The file format of the master password file is ;
{"sec_text":"xxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
The value of “sec_text“ must be string, but there is no limitation of its length.
# File yalt/mainwrapper.rb, line 174
174: def set_master_pwfile(filepath)
175: @master_pwfile = filepath
176: $stderr.puts "[debug] set master_pwfile to #{filepath}." if @debug
177: end
returns true or false.
couch is an instance of Couch::Server or YALTools::Main.
The “true” means that it successfully connected to CouchDB.
# File yalt/mainwrapper.rb, line 254
254: def checkCouchDBVersion(couch)
255: flag = false
256: begin
257: json = couch.get("/")
258: case json
259: when Hash
260: flag = true if json.has_key?("version")
261: when Net::HTTPResponse
262: flag = true if json.body =~ /version/
263: end
264: rescue
265: end
266: raise YALTools::ServerConnectionError if flag == false
267: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.