cf-uaac 1.3.0

data/lib/cli/version.rb

@@ -0,0 +1,18 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+module CF
+  module UAA
+    CLI_VERSION = "1.3.0"
+  end
+end

data/lib/stub/scim.rb

@@ -0,0 +1,387 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+require 'set'
+require 'time'
+require 'uaa/util'
+
+module CF::UAA
+
+class SchemaViolation < RuntimeError; end
+class AlreadyExists < RuntimeError; end
+class BadFilter < RuntimeError; end
+class BadVersion < RuntimeError; end
+
+class StubScim
+
+  private
+
+  # attribute types. Anything not listed is case-ignore string
+  HIDDEN_ATTRS = [:rtype, :password, :client_secret].to_set
+  READ_ONLY_ATTRS = [:rtype, :id, :meta, :groups].to_set
+  BOOLEANS = [:active].to_set
+  NUMBERS = [:access_token_validity, :refresh_token_validity].to_set
+  GROUPS = [:groups, :auto_approved_scope, :scope, :authorities].to_set
+  REFERENCES = [*GROUPS, :members, :owners, :readers].to_set # users or groups
+  ENUMS = { authorized_grant_types: ["client_credentials", "implicit",
+      "authorization_code", "password", "refresh_token"].to_set }
+  GENERAL_MULTI = [:emails, :phonenumbers, :ims, :photos, :entitlements,
+      :roles, :x509certificates].to_set
+  GENERAL_SUBATTRS = [:value, :display, :primary, :type].to_set
+  EXPLICIT_SINGLE = {
+      name: [:formatted, :familyname, :givenname, :middlename,
+          :honorificprefix, :honorificsuffix].to_set,
+      meta: [:created, :lastmodified, :location, :version].to_set }
+  EXPLICIT_MULTI = {
+      addresses: [:formatted, :streetaddress, :locality, :region,
+          :postal_code, :country, :primary, :type].to_set,
+      authorizations: [:client_id, :approved, :denied, :exp].to_set }
+
+  # resource class definitions: naming and legal attributes
+  NAME_ATTR = { user: :username, client: :client_id, group: :displayname }
+  COMMON_ATTRS = [:rtype, :externalid, :id, :meta].to_set
+  LEGAL_ATTRS = {
+      user: [*COMMON_ATTRS, :displayname, :username, :nickname,
+        :profileurl, :title, :usertype, :preferredlanguage, :locale,
+        :timezone, :active, :password, :emails, :phonenumbers, :ims, :photos,
+        :entitlements, :roles, :x509certificates, :name, :addresses,
+        :authorizations, :groups].to_set,
+      client: [*COMMON_ATTRS, :client_id, :client_secret, :authorities,
+        :authorized_grant_types, :scope, :auto_approved_scope, 
+        :access_token_validity, :refresh_token_validity, :redirect_uri].to_set,
+      group: [*COMMON_ATTRS, :displayname, :members, :owners, :readers].to_set }
+  VISIBLE_ATTRS = {user: Set.new(LEGAL_ATTRS[:user] - HIDDEN_ATTRS),
+      client: Set.new(LEGAL_ATTRS[:client] - HIDDEN_ATTRS), 
+      group: Set.new(LEGAL_ATTRS[:group] - HIDDEN_ATTRS)}
+  ATTR_NAMES = LEGAL_ATTRS.each_with_object(Set.new) { |(k, v), s|
+    v.each {|a| s << a.to_s }
+  }
+  SUBATTR_NAMES = GENERAL_SUBATTRS.each_with_object(Set.new) { |sa, s| s << sa.to_s } +
+    [*EXPLICIT_SINGLE, *EXPLICIT_MULTI].each_with_object(Set.new) { |(k, v), s|
+      v.each {|sa| s << sa.to_s }
+  }
+
+  def self.remove_hidden(attrs = nil) attrs - HIDDEN_ATTRS if attrs end
+  def self.searchable_attribute(attr)
+    attr if ATTR_NAMES.include?(attr) && !HIDDEN_ATTRS.include?(attr = attr.to_sym)
+  end
+
+  def remove_attrs(stuff, attrs = HIDDEN_ATTRS) 
+    attrs.each { |a| stuff.delete(a.to_s) }
+    stuff
+  end
+
+  def valid_id?(id, rtype) 
+    id && (t = @things_by_id[id]) && (rtype.nil? || t[:rtype] == rtype) 
+  end
+  
+  def ref_by_name(name, rtype) @things_by_name[rtype.to_s + name.downcase] end
+
+  def ref_by_id(id, rtype = nil)
+    (t = @things_by_id[id]) && (rtype.nil? || t[:rtype] == rtype) ? t : nil
+  end
+
+  def valid_complex?(value, subattrs, simple_ok = false)
+    return true if simple_ok && value.is_a?(String)
+    return unless value.is_a?(Hash) && (!simple_ok || value.key?("value"))
+    value.each { |k, v| return unless SUBATTR_NAMES.include?(k) && subattrs.include?(k.to_sym) }
+  end
+
+  def valid_multi?(values, subattrs, simple_ok = false)
+    return unless values.is_a?(Array)
+    values.each { |value| return unless valid_complex?(value, subattrs, simple_ok) }
+  end
+
+  def valid_ids?(value, rtype = nil)
+    return unless value.is_a?(Array)
+    value.each do |ref|
+      return unless ref.is_a?(String) && valid_id?(ref, rtype) ||
+          ref.is_a?(Hash) && valid_id?(ref["value"], rtype)
+    end
+  end
+
+  def enforce_schema(rtype, stuff)
+    stuff.each do |ks, v|
+      unless ATTR_NAMES.include?(ks.to_s) && LEGAL_ATTRS[rtype].include?(k = ks.to_sym)
+        raise SchemaViolation, "illegal #{ks} on #{rtype}"
+      end
+      if READ_ONLY_ATTRS.include?(k)
+        raise SchemaViolation, "attempt to modify read-only attribute #{k} on #{rtype}"
+      end
+      valid_attr = case k
+        when *BOOLEANS then v == !!v
+        when *NUMBERS then v.is_a?(Integer)
+        when *GENERAL_MULTI then valid_multi?(v, GENERAL_SUBATTRS, true)
+        when *GROUPS then valid_ids?(v, :group)
+        when *REFERENCES then valid_ids?(v)
+        when ENUMS[k] then ENUMS[k].include?(v)
+        when *EXPLICIT_SINGLE.keys then valid_complex?(v, EXPLICIT_SINGLE[k])
+        when *EXPLICIT_MULTI.keys then valid_multi?(v, EXPLICIT_MULTI[k])
+        else k.is_a?(String) || k.is_a?(Symbol)
+      end
+      raise SchemaViolation, "#{v} is an invalid #{k}" unless valid_attr
+    end
+  end
+
+  def input(stuff)
+    thing = Util.hash_keys(stuff.dup, :tosym)
+    REFERENCES.each {|a|
+      next unless thing[a]
+      thing[a] = thing[a].each_with_object(Set.new) { |r, s| 
+        s << (r.is_a?(Hash)? r[:value] : r )
+      }
+    }
+    GENERAL_MULTI.each {|a|
+      next unless thing[a]
+      thing[a] = thing[a].each_with_object({}) { |v, o|
+        v = {value: v} unless v.is_a?(Hash)
+        # enforce values are unique by type and value
+        k = URI.encode_www_form(t: [v[:type], v: v[:value]]).downcase
+        o[k] = v
+      }
+    }
+    thing
+  end
+
+  def output(thing, attrs = nil)
+    attrs = thing.keys if attrs.nil? || attrs.empty?
+    attrs.each_with_object({}) {|a, o|
+      next unless thing[a]
+      case a
+      when *REFERENCES then o[a] = thing[a].to_a
+      when *GENERAL_MULTI then o[a] = thing[a].values
+      else o[a] = thing[a]
+      end
+    }
+  end
+
+  def add_user_groups(gid, members)
+    members.each {|m| (m[:groups] ||= Set.new) << gid if m = ref_by_id(m, :user)} if members
+  end
+
+  def remove_user_groups(gid, members)
+    members.each {|m| m[:groups].delete(gid) if m = ref_by_id(m, :user) } if members
+  end
+
+  public
+
+  def initialize; @things_by_id, @things_by_name = {}, {} end
+  def name(id, rtype = nil) (t = ref_by_id(id, rtype))? t[NAME_ATTR[t[:rtype]]]: nil end
+  def id(name, rtype) (t = ref_by_name(name, rtype))? t[:id] : nil end
+
+  def add(rtype, stuff)
+    unless stuff.is_a?(Hash) && (name = stuff[NAME_ATTR[rtype].to_s])
+      raise SchemaViolation, "new #{rtype} has no name #{NAME_ATTR[rtype]}"
+    end
+    raise AlreadyExists if @things_by_name.key?(name = rtype.to_s + name.downcase)
+    enforce_schema(rtype, stuff)
+    thing = input(stuff).merge!(rtype: rtype, id: (id = SecureRandom.uuid),
+        meta: { created: Time.now.iso8601, last_modified: Time.now.iso8601, version: 1 })
+    add_user_groups(id, thing[:members])
+    @things_by_id[id] = @things_by_name[name] = thing
+    id
+  end
+
+  def update(id, stuff, match_version = nil, match_type = nil)
+    raise NotFound unless thing = ref_by_id(id, match_type)
+    raise BadVersion if match_version && match_version != thing[:meta][:version]
+    enforce_schema(rtype = thing[:rtype], remove_attrs(stuff, READ_ONLY_ATTRS))
+    new_thing = input(stuff)
+    if newname = new_thing[NAME_ATTR[rtype]]
+      oldname = rtype.to_s + thing[NAME_ATTR[rtype]].downcase
+      unless (newname = rtype.to_s + newname.downcase) == oldname
+        raise AlreadyExists if @things_by_name.key?(newname)
+        @things_by_name.delete(oldname)
+        @things_by_name[newname] = thing
+      end
+    end
+    if new_thing[:members] || thing[:members]
+      old_members = thing[:members] || Set.new
+      new_members = new_thing[:members] || Set.new
+      remove_user_groups(id, old_members - new_members)
+      add_user_groups(id, new_members - old_members)
+    end
+    READ_ONLY_ATTRS.each { |a| new_thing[a] = thing[a] if thing[a] }
+    HIDDEN_ATTRS.each { |a| new_thing[a] = thing[a] if thing[a] }
+    thing.replace new_thing
+    thing[:meta][:version] += 1
+    thing[:meta][:lastmodified] == Time.now.iso8601
+    id
+  end
+
+  def add_member(gid, member)
+    return unless g = ref_by_id(gid, :group)
+    (g[:members] ||= Set.new) << member
+    add_user_groups(gid, Set[member])
+  end
+
+  def set_hidden_attr(id, attr, value)
+    raise NotFound unless thing = ref_by_id(id)
+    raise ArgumentError unless HIDDEN_ATTRS.include?(attr)
+    thing[attr] = value
+  end
+
+  def remove(id, rtype = nil)
+    return unless thing = ref_by_id(id, rtype)
+    rtype = thing[:rtype]
+    remove_user_groups(id, thing[:members])
+    @things_by_id.delete(id)
+    thing = @things_by_name.delete(rtype.to_s + thing[NAME_ATTR[rtype]].downcase)
+    remove_attrs(output(thing))
+  end
+
+  def get(id, rtype = nil, *attrs)
+    return unless thing = ref_by_id(id, rtype)
+    output(thing, attrs)
+  end
+
+  def get_by_name(name, rtype, *attrs)
+    return unless thing = ref_by_name(name, rtype)
+    output(thing, attrs)
+  end
+
+  def find(rtype, start = 0, count = nil, filter_string = nil, attrs = nil)
+    filter, total = ScimFilter.new(filter_string), 0
+    objs = @things_by_id.each_with_object([]) { |(k, v), o|
+      next unless rtype == v[:rtype] && filter.match?(v)
+      o << output(v, attrs) if total >= start && (count.nil? || o.length < count)
+      total += 1
+    }
+    [objs, total]
+  end
+
+end
+
+class ScimFilter
+
+  private
+
+  def eat_json_string
+    raise BadFilter unless @input.skip(/\s*"/)
+    str = ""
+    while true
+      case
+      when @input.scan(/[^\\"]+/); str << @input.matched
+      when @input.scan(%r{\\["\\/]}); str << @input.matched[-1]
+      when @input.scan(/\\[bfnrt]/); str << eval(%Q{"#{@input.matched}"})
+      when @input.scan(/\\u[0-9a-fA-F]{4}/); str << [Integer("0x#{@input.matched[2..-1]}")].pack("U")
+      else break
+      end
+    end
+    raise BadFilter unless @input.skip(/"\s*/)
+    str
+  end
+
+  def eat_word(*words)
+    @input.skip(/\s*/)
+    return unless s = @input.scan(/(\S+)\s*/)
+    w = @input[1].downcase
+    return w if words.empty? || words.include?(w)
+    @input.unscan
+    false
+  end
+
+  def eat_expr
+    if @input.skip(/\s*\(\s*/)
+      phrase = eat_phrase
+      raise BadFilter unless @input.skip(/\s*\)\s*/)
+      return phrase
+    end
+    raise BadFilter unless (attr = eat_word) &&
+        (op = eat_word("eq", "co", "sw", "pr", "gt", "ge", "lt", "le")) &&
+        (op == "pr" || value = eat_json_string)
+    (attr_sym = StubScim.searchable_attribute(attr)) ?
+        [:item, attr_sym, op, value] : [:undefined, attr, op, value]
+  end
+
+  # AND level
+  def eat_subphrase
+    phrase = [:and, eat_expr]
+    while eat_word("and"); phrase << eat_expr end
+    phrase.length == 2 ? phrase[1] : phrase
+  end
+
+  # OR level
+  def eat_phrase
+    phrase = [:or, eat_subphrase]
+    while eat_word("or"); phrase << eat_subphrase end
+    phrase.length == 2 ? phrase[1] : phrase
+  end
+
+  def eval_expr(entry, attr, op, value)
+    return false unless val = entry[attr]
+    return true if op == "pr"
+    case attr
+    when *StubScim::REFERENCES
+      return nil unless op == "eq"
+      val.each {|v| return true if v.casecmp(value) == 0 }
+      false
+    when *StubScim::GENERAL_MULTI
+      return nil unless op == "eq"
+      val.each {|k, v| return true if v.casecmp(value) == 0 }
+      false
+    else
+      case op
+      when "eq"; val.casecmp(value) == 0
+      when "sw"; val =~ /^#{Regexp.escape(value)}/i
+      when "co"; val =~ /#{Regexp.escape(value)}/i
+      when "gt"; val.casecmp(value) > 0
+      when "ge"; val.casecmp(value) >= 0
+      when "lt"; val.casecmp(value) < 0
+      when "le"; val.casecmp(value) <= 0
+      end
+    end
+  end
+
+  def eval(entry, filtr)
+    undefd = 0
+    case filtr[0]
+    when :undefined ; nil
+    when :item ; eval_expr(entry, filtr[1], filtr[2], filtr[3])
+    when :or
+      filtr[1..-1].each { |f|
+        return true if (res = eval(entry, f)) == true
+        undefd += 1 if res.nil?
+      }
+      filtr.length == undefd + 1 ? nil: false
+    when :and
+      filtr[1..-1].each { |f|
+        return false if (res = eval(entry, f)) == false
+        undefd += 1 if res.nil?
+      }
+      filtr.length == undefd + 1 ? nil: true
+    end
+  end
+
+  public
+
+  def initialize(filter_string)
+    if filter_string.nil?
+      @filter = true
+    else
+      @input = StringScanner.new(filter_string)
+      @filter = eat_phrase
+      raise BadFilter unless @input.eos?
+    end
+    self
+  rescue BadFilter => b
+    raise BadFilter, "invalid filter expression at offset #{@input.pos}: #{@input.string}"
+  end
+
+  def match?(entry)
+    @filter == true || eval(entry, @filter)
+  end
+
+end
+
+end

data/lib/stub/server.rb

@@ -0,0 +1,310 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+require 'eventmachine'
+require 'date'
+require 'logger'
+require 'pp'
+require 'erb'
+require 'multi_json'
+
+module Stub
+
+class StubError < RuntimeError; end
+class BadHeader < StubError; end
+
+#------------------------------------------------------------------------------
+class Request
+
+  attr_reader :headers, :body, :path, :method
+  def initialize; @state, @prelude = :init, "" end
+
+  private
+
+  def bslice(str, range)
+    # byteslice is available in ruby 1.9.3
+    str.respond_to?(:byteslice) ? str.byteslice(range) : str.slice(range)
+  end
+
+  def add_lines(str)
+    return @body << str if @state == :body
+    processed = 0
+    str.each_line("\r\n") do |ln|
+      processed += ln.bytesize
+      unless ln.chomp!("\r\n")
+        raise BadHeader unless ln.ascii_only?
+        return @prelude = ln # must be partial header at end of str
+      end
+      if @state == :init
+        start = ln.split(/\s+/)
+        @method, @path, @headers, @body = start[0].downcase, start[1], {}, ""
+        raise BadHeader unless @method.ascii_only? && @path.ascii_only?
+        @state = :headers
+      elsif ln.empty?
+        @state, @content_length = :body, headers["content-length"].to_i
+        return @body << bslice(str, processed..-1)
+      else
+        raise BadHeader unless ln.ascii_only?
+        key, sep, val = ln.partition(/:\s+/)
+        @headers[key.downcase] = val
+      end
+    end
+  end
+
+  public
+
+  # adds data to the request, returns true if request is complete
+  def completed?(str)
+    str, @prelude = @prelude + str, "" unless @prelude.empty?
+    add_lines(str)
+    return unless @state == :body && @body.bytesize >= @content_length
+    @prelude = bslice(@body, @content_length..-1)
+    @body = bslice(@body, 0..@content_length)
+    @state = :init
+  end
+
+  def cookies
+    return {} unless chdr = @headers["cookie"]
+    chdr.strip.split(/\s*;\s*/).each_with_object({}) do |pair, o|
+      k, v = pair.split(/\s*=\s*/)
+      o[k.downcase] = v
+    end
+  end
+
+end
+
+#------------------------------------------------------------------------------
+class Reply
+  attr_accessor :status, :headers, :body
+  def initialize(status = 200) @status, @headers, @cookies, @body = status, {}, [], "" end
+  def to_s
+    reply = "HTTP/1.1 #{@status} OK\r\n"
+    headers["server"] = "stub server"
+    headers["date"] = DateTime.now.httpdate
+    headers["content-length"] = body.bytesize
+    headers.each { |k, v| reply << "#{k}: #{v}\r\n" }
+    @cookies.each { |c| reply << "Set-Cookie: #{c}\r\n" }
+    reply << "\r\n" << body
+  end
+  def json(status = nil, info)
+    info = {message: info} unless info.respond_to? :each
+    @status = status if status
+    headers["content-type"] = "application/json"
+    @body = MultiJson.dump(info)
+    nil
+  end
+  def text(status = nil, info)
+    @status = status if status
+    headers["content-type"] = "text/plain"
+    @body = info.pretty_inspect
+    nil
+  end
+  def html(status = nil, info)
+    @status = status if status
+    headers["content-type"] = "text/html"
+    info = ERB::Util.html_escape(info.pretty_inspect) unless info.is_a?(String)
+    @body = "<html><body>#{info}</body></html>"
+    nil
+  end
+  def set_cookie(name, value, options = {})
+    @cookies << options.each_with_object("#{name}=#{value}") { |(k, v), o|
+      o << (v.nil? ? "; #{k}" : "; #{k}=#{v}")
+    }
+  end
+end
+
+#------------------------------------------------------------------------------
+# request handler logic -- server is initialized with a class derived from this.
+# there will be one instance of this object per connection.
+class Base
+  attr_accessor :request, :reply, :match, :server
+
+  def self.route(http_methods, matcher, filters = {}, &handler)
+    fail unless !EM.reactor_running? || EM.reactor_thread?
+    matcher = Regexp.new("^#{Regexp.escape(matcher.to_s)}$") unless matcher.is_a?(Regexp)
+    filters = filters.each_with_object({}) { |(k, v), o|
+      o[k.downcase] = v.is_a?(Regexp) ? v : Regexp.new("^#{Regexp.escape(v.to_s)}$")
+    }
+    @routes ||= {}
+    @route_number = @route_number.to_i + 1
+    route_name = "route_#{@route_number}".to_sym
+    define_method(route_name, handler)
+    [*http_methods].each do |m|
+      m = m.to_s.downcase
+      @routes[m] ||= []
+      i = @routes[m].index { |r| r[0].to_s.length < matcher.to_s.length }
+      unless i && @routes[m][i][0] == matcher
+        @routes[m].insert(i || -1, [matcher, filters, route_name])
+      end
+    end
+  end
+
+  def self.find_route(request)
+    fail unless EM.reactor_thread?
+    if @routes && (rary = @routes[request.method])
+      rary.each { |r; m|
+        next unless (m = r[0].match(request.path))
+        r[1].each { |k, v|
+          next if v.match(request.headers[k])
+          return reply_in_kind(400,  "header '#{k}: #{request.headers[k]}' is not accepted")
+        }
+        return [m, r[2]]
+      }
+    end
+    [nil, :default_route]
+  end
+
+  def initialize(server)
+    @server, @request, @reply, @match = server, Request.new, Reply.new, nil
+  end
+
+  def process
+    @reply = Reply.new
+    @match, handler = self.class.find_route(request)
+    server.logger.debug "processing request to path #{request.path} for route #{@match ? @match.regexp : 'default'}"
+    send handler
+    reply.headers['connection'] ||= request.headers['connection'] if request.headers['connection']
+    server.logger.debug "replying to path #{request.path} with #{reply.body.length} bytes of #{reply.headers['content-type']}"
+    #server.logger.debug "full reply is: #{reply.body.inspect}"
+  rescue Exception => e
+    server.logger.debug "exception from route handler: #{e.message}"
+    server.trace { e.backtrace }
+    reply_in_kind 500, e
+  end
+
+  def reply_in_kind(status = nil, info)
+    case request.headers['accept']
+    when /application\/json/ then reply.json(status, info)
+    when /text\/html/ then reply.html(status, info)
+    else reply.text(status, info)
+    end
+  end
+
+  def default_route
+    reply_in_kind(404, error: "path not handled")
+  end
+
+end
+
+#------------------------------------------------------------------------------
+module Connection
+  attr_accessor :req_handler
+  def unbind; req_handler.server.delete_connection(self) end
+
+  def receive_data(data)
+    #req_handler.server.logger.debug "got #{data.bytesize} bytes: #{data.inspect}"
+    return unless req_handler.request.completed? data
+    req_handler.process
+    send_data req_handler.reply.to_s
+    if req_handler.reply.headers['connection'] =~ /^close$/i || req_handler.server.status != :running
+      close_connection_after_writing
+    end
+  rescue Exception => e
+    req_handler.server.logger.debug "exception from receive_data: #{e.message}"
+    req_handler.server.trace { e.backtrace }
+    close_connection
+  end
+end
+
+#--------------------------------------------------------------------------
+class Server
+  attr_reader :host, :port, :status, :logger
+  attr_accessor :info
+  def url; "http://#{@host}:#{@port}" end
+  def trace(msg = nil, &blk); logger.trace(msg, &blk) if logger.respond_to?(:trace) end
+
+  def initialize(req_handler, logger = Logger.new($stdout), info = nil)
+    @req_handler, @logger, @info = req_handler, logger, info
+    @connections, @status, @sig, @em_thread = [], :stopped, nil, nil
+  end
+
+  def start(hostname = "localhost", port = nil)
+    raise ArgumentError, "attempt to start a server that's already running" unless @status == :stopped
+    @host = hostname
+    logger.debug "starting #{self.class} server #{@host}"
+    EM.schedule do
+      @sig = EM.start_server(@host, port || 0, Connection) { |c| initialize_connection(c) }
+      @port = Socket.unpack_sockaddr_in(EM.get_sockname(@sig))[0]
+      logger.debug "#{self.class} server started at #{url}, signature #{@sig}"
+    end
+    @status = :running
+    self
+  end
+
+  def run_on_thread(hostname = "localhost", port = 0)
+    raise ArgumentError, "can't run on thread, EventMachine already running" if EM.reactor_running?
+    logger.debug { "starting eventmachine on thread" }
+    cthred = Thread.current
+    @em_thread = Thread.new do
+      begin
+        EM.run { start(hostname, port); cthred.run }
+        logger.debug "server thread done"
+      rescue Exception => e
+        logger.debug { "unhandled exception on stub server thread: #{e.message}" }
+        trace { e.backtrace }
+        raise
+      end
+    end
+    Thread.stop
+    logger.debug "running on thread"
+    self
+  end
+
+  def run(hostname = "localhost", port = 0)
+    raise ArgumentError, "can't run, EventMachine already running" if EM.reactor_running?
+    @em_thread = Thread.current
+    EM.run { start(hostname, port) }
+    logger.debug "server and event machine done"
+  end
+
+  # if on reactor thread, start shutting down but return if connections still
+  # in process, and let them disconnect when complete -- server is not really
+  # done until it's status is stopped.
+  # if not on reactor thread, wait until everything's cleaned up and stopped
+  def stop
+    logger.debug "stopping server"
+    @status = :stopping
+    EM.stop_server @sig
+    done if @connections.empty?
+    sleep 0.1 while @status != :stopped unless EM.reactor_thread?
+  end
+
+  def delete_connection(conn)
+    logger.debug "deleting connection"
+    fail unless EM.reactor_thread?
+    @connections.delete(conn)
+    done if @status != :running && @connections.empty?
+  end
+
+  private
+
+  def done
+    fail unless @connections.empty?
+    EM.stop if @em_thread && EM.reactor_running?
+    @connections, @status, @sig, @em_thread = [], :stopped, nil, nil
+    sleep 0.1 unless EM.reactor_thread? # give EM a chance to stop
+    logger.debug EM.reactor_running? ?
+        "server done but EM still running" : "server really done"
+  end
+
+  def initialize_connection(conn)
+    logger.debug "starting connection"
+    fail unless EM.reactor_thread?
+    @connections << conn
+    conn.req_handler = @req_handler.new(self)
+    conn.comm_inactivity_timeout = 30
+  end
+
+end
+
+end