diff --git a/Gemfile b/Gemfile index 8be2464..851fabc 100644 --- a/Gemfile +++ b/Gemfile @@ -1,9 +1,2 @@ source 'https://rubygems.org' - -gem "rspec" -gem "insist" -gem "stud" -gem "fpm" -gem "pleaserun" - -gem "jruby-openssl", :platform => :jruby +gemspec diff --git a/jls-lumberjack.gemspec b/jls-lumberjack.gemspec index e275714..0ca133f 100644 --- a/jls-lumberjack.gemspec +++ b/jls-lumberjack.gemspec @@ -5,17 +5,14 @@ Gem::Specification.new do |gem| gem.summary = gem.description gem.homepage = "https://github.com/jordansissel/lumberjack" - gem.files = %w{ - lib/lumberjack/server.rb - lib/lumberjack/client.rb - } - #lib/lumberjack/server2.rb + gem.files = Dir.glob("lib/**/*.rb") - gem.test_files = [] + gem.test_files = Dir.glob("spec/**/*.rb") gem.name = "jls-lumberjack" gem.require_paths = ["lib"] - gem.version = "0.0.22" + gem.version = "0.0.23" - # This isn't used yet because the new protocol isn't ready - #gem.add_runtime_dependency "ffi-rzmq", "~> 1.0.0" + gem.add_development_dependency "flores", "~>0.0.6" + gem.add_development_dependency "rspec" + gem.add_development_dependency "stud" end diff --git a/lib/lumberjack/client.rb b/lib/lumberjack/client.rb index b258a0d..e353685 100644 --- a/lib/lumberjack/client.rb +++ b/lib/lumberjack/client.rb @@ -80,7 +80,17 @@ def initialize(opts={}) private def connection_start(opts) tcp_socket = TCPSocket.new(opts[:address], opts[:port]) - @socket = OpenSSL::SSL::SSLSocket.new(tcp_socket) + + certificate = OpenSSL::X509::Certificate.new(File.read(opts[:ssl_certificate])) + + certificate_store = OpenSSL::X509::Store.new + certificate_store.add_cert(certificate) + + ssl_context = OpenSSL::SSL::SSLContext.new + ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER + ssl_context.cert_store = certificate_store + + @socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ssl_context) @socket.connect @socket.syswrite(["1", "W", @window_size].pack("AAN")) end diff --git a/spec/integration_spec.rb b/spec/integration_spec.rb new file mode 100644 index 0000000..7591eb9 --- /dev/null +++ b/spec/integration_spec.rb @@ -0,0 +1,61 @@ +# encoding: utf-8 +require "lumberjack/client" +require "lumberjack/server" +require "stud/temporary" +require "flores/pki" +require "fileutils" +require "thread" +require "spec_helper" + +describe "A client" do + let(:certificate) { Flores::PKI.generate } + let(:certificate_file_crt) { "certificate.crt" } + let(:certificate_file_key) { "certificate.key" } + let(:port) { Flores::Random.integer(1024..65335) } + let(:host) { "127.0.0.1" } + + before do + expect(File).to receive(:read).at_least(1).with(certificate_file_crt) { certificate.first.to_s } + expect(File).to receive(:read).at_least(1).with(certificate_file_key) { certificate.last.to_s } + + server = Lumberjack::Server.new(:port => port, + :address => host, + :ssl_certificate => certificate_file_crt, + :ssl_key => certificate_file_key) + + Thread.new do + server.run { |data| } + end + end + + context "with a valid certificate" do + it "successfully connect to the server" do + expect { + Lumberjack::Client.new(:port => port, + :host => host, + :addresses => host, + :ssl_certificate => certificate_file_crt) + + }.not_to raise_error + end + end + + context "with an invalid certificate" do + let(:invalid_certificate) { Flores::PKI.generate } + let(:invalid_certificate_file) { "invalid.crt" } + + before do + expect(File).to receive(:read).with(invalid_certificate_file) { invalid_certificate.first.to_s } + end + + it "should refuse to connect" do + expect { + Lumberjack::Client.new(:port => port, + :host => host, + :addresses => host, + :ssl_certificate => invalid_certificate_file) + + }.to raise_error(OpenSSL::SSL::SSLError, /certificate verify failed/) + end + end +end