chef-encrypted-attributes 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/API.md +163 -0
- data/CHANGELOG.md +7 -0
- data/INTERNAL.md +111 -0
- data/LICENSE +190 -0
- data/README.md +330 -0
- data/Rakefile +46 -0
- data/TESTING.md +45 -0
- data/TODO.md +20 -0
- data/lib/chef-encrypted-attributes.rb +19 -0
- data/lib/chef/encrypted_attribute.rb +218 -0
- data/lib/chef/encrypted_attribute/cache_lru.rb +74 -0
- data/lib/chef/encrypted_attribute/config.rb +200 -0
- data/lib/chef/encrypted_attribute/encrypted_mash.rb +122 -0
- data/lib/chef/encrypted_attribute/encrypted_mash/version0.rb +143 -0
- data/lib/chef/encrypted_attribute/encrypted_mash/version1.rb +140 -0
- data/lib/chef/encrypted_attribute/exceptions.rb +38 -0
- data/lib/chef/encrypted_attribute/local_node.rb +38 -0
- data/lib/chef/encrypted_attribute/remote_clients.rb +46 -0
- data/lib/chef/encrypted_attribute/remote_node.rb +111 -0
- data/lib/chef/encrypted_attribute/remote_users.rb +73 -0
- data/lib/chef/encrypted_attribute/search_helper.rb +144 -0
- data/lib/chef/encrypted_attribute/version.rb +23 -0
- data/lib/chef/knife/core/config.rb +19 -0
- data/lib/chef/knife/core/encrypted_attribute_editor_options.rb +100 -0
- data/lib/chef/knife/encrypted_attribute_create.rb +67 -0
- data/lib/chef/knife/encrypted_attribute_delete.rb +71 -0
- data/lib/chef/knife/encrypted_attribute_edit.rb +68 -0
- data/lib/chef/knife/encrypted_attribute_show.rb +86 -0
- data/lib/chef/knife/encrypted_attribute_update.rb +65 -0
- data/spec/benchmark_helper.rb +32 -0
- data/spec/integration_helper.rb +20 -0
- data/spec/spec_helper.rb +38 -0
- metadata +204 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 4457a367d12530c417f70d98a8a605e38da1c87b
|
4
|
+
data.tar.gz: 0ea836eb01e192f6dfcb851764b85c2fe0ed7798
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4db3eb8c4777c354b74885f85e480525a02fb90877d563ce4c056060b79680fe199767bff212e7a6eb3c7d479cc40c2b50525aab3d0b8da5eceb87f34d148570
|
7
|
+
data.tar.gz: bc645990a5ee3bc2ac9134710a8bc6013f7325f9d0ee0ac2df543ec14e41c224fce8736461df1b87d5d4cd5d4bdee5030167bf6170eee39bb0f712297291221a
|
data/API.md
ADDED
@@ -0,0 +1,163 @@
|
|
1
|
+
# Chef::EncryptedAttribute API Documentation
|
2
|
+
|
3
|
+
`Chef::EncryptedAttribute` has some static methods intended to be used from cookbooks.
|
4
|
+
|
5
|
+
## Static Methods
|
6
|
+
|
7
|
+
### Chef::EncryptedAttribute.load(hs [, config])
|
8
|
+
|
9
|
+
Reads an encrypted attribute from a hash, usually a node attribute.
|
10
|
+
|
11
|
+
* `hs` - An encrypted hash, usually a node attribute. For example: `node["myapp"]["ftp_password"]`.
|
12
|
+
* `config` - A configuration hash (optional). For example: `{ :partial_search => false }`.
|
13
|
+
|
14
|
+
Returns the attribute in clear text, decrypted.
|
15
|
+
|
16
|
+
An exception is thrown if the attribute cannot be decrypted or no encrypted attribute is found.
|
17
|
+
|
18
|
+
### Chef::EncryptedAttribute.create(value [, config])
|
19
|
+
|
20
|
+
Creates an encrypted attribute. The returned value should be saved in a node attribute, like `node.normal[...] = `.
|
21
|
+
|
22
|
+
* `value` - The value to be encrypted. Can be a boolean, a number, a string, an array or a hash (the value will be converted to JSON internally).
|
23
|
+
* `config` - A configuration hash (optional). For example: `{ :client_search => "admin:true" }`.
|
24
|
+
|
25
|
+
Returns the encrypted attribute.
|
26
|
+
|
27
|
+
An exception is thrown if any error arises in the encryption process.
|
28
|
+
|
29
|
+
### Chef::EncryptedAttribute.update(hs [, config])
|
30
|
+
|
31
|
+
Updates who can read the attribute. This is intended to be used to update to the new nodes returned by the `:client_search` or perhaps global configuration changes.
|
32
|
+
|
33
|
+
For example, in case new nodes are added or some are removed, and the clients returned by `:client_search` are different, this `#update` method will decrypt the attribute and encrypt it again for the new nodes (or remove the old ones).
|
34
|
+
|
35
|
+
If an update is made, the shared secrets are regenerated.
|
36
|
+
|
37
|
+
* `hs` - This must be a node encrypted attribute, this attribute will be updated, so it is mandatory to specify the type (usually `normal`). For example: `node.normal["myapp"]["ftp_password"]`.
|
38
|
+
* `config` - A configuration hash (optional). Surely you want this `#update` method to use the same `config` that the `#create` call.
|
39
|
+
|
40
|
+
Returns `true` if the encrypted attribute has been updated, `false` if not.
|
41
|
+
|
42
|
+
An exception is thrown if there is any error in the updating process.
|
43
|
+
|
44
|
+
### Chef::EncryptedAttribute.exists?(hs)
|
45
|
+
|
46
|
+
Checks whether an encrypted attribute exists.
|
47
|
+
|
48
|
+
* `hs` - An encrypted hash, usually a node attribute. The attribute type can be specified but is not necessary. For example: `node["myapp"]["ftp_password"]`.
|
49
|
+
|
50
|
+
Returns `true` if an encrypted attribute is found, `false` if not.
|
51
|
+
|
52
|
+
### Chef::EncryptedAttribute.load_from_node(name, attr_ary [, config])
|
53
|
+
|
54
|
+
Reads an encrypted attribute from a remote node.
|
55
|
+
|
56
|
+
* `name` - The node name.
|
57
|
+
* `attr_ary` - The attribute path as *array of strings*. For example: `[ "myapp", "ftp_password" ]`.
|
58
|
+
* `config` - A configuration hash (optional). For example: `{ :partial_search => false }`.
|
59
|
+
|
60
|
+
An exception is thrown if the attribute cannot be decrypted or no encrypted attribute is found.
|
61
|
+
|
62
|
+
### Chef::EncryptedAttribute.create_on_node(name, attr_ary, value [, config])
|
63
|
+
|
64
|
+
Creates an encrypted attribute on a remote node.
|
65
|
+
|
66
|
+
* `name` - The node name.
|
67
|
+
* `attr_ary` - The attribute path as *array of strings*. For example: `[ "myapp", "ftp_password" ]`.
|
68
|
+
* `value` - The value to be encrypted. Can be a boolean, a number, a string, an array or a hash (the value will be converted to JSON internally).
|
69
|
+
* `config` - A configuration hash (optional). For example: `{ :client_search => "admin:true" }`.
|
70
|
+
|
71
|
+
An exception is thrown if any error arises in the encryption process.
|
72
|
+
|
73
|
+
This method **requires admin privileges**. So in most cases, cannot be used from cookbooks.
|
74
|
+
|
75
|
+
### Chef::EncryptedAttribute.update_on_node(name, attr_ary [, config])
|
76
|
+
|
77
|
+
Updates who can read the attribute.
|
78
|
+
|
79
|
+
* `name` - The node name.
|
80
|
+
* `attr_ary` - The attribute path as *array of strings*. For example: `[ "myapp", "ftp_password" ]`.
|
81
|
+
* `config` - A configuration hash (optional). Surely you want this `#update_on_node` method to use the same `config` that the `#create` call.
|
82
|
+
|
83
|
+
Returns `true` if the encrypted attribute has been updated, `false` if not.
|
84
|
+
|
85
|
+
An exception is thrown if there is any error in the updating process.
|
86
|
+
|
87
|
+
This method **requires admin privileges**. So in most cases, cannot be used from cookbooks.
|
88
|
+
|
89
|
+
### Chef::EncryptedAttribute.exists_on_node?(name, attr_ary [, config])
|
90
|
+
|
91
|
+
Checks whether an encrypted attribute exists in a remote node.
|
92
|
+
|
93
|
+
* `name` - The node name.
|
94
|
+
* `attr_ary` - The attribute path as *array of strings*. For example: `[ "myapp", "ftp_password" ]`.
|
95
|
+
* `config` - A configuration hash (optional). For example: `{ :partial_search => false }`.
|
96
|
+
|
97
|
+
Returns `true` if an encrypted attribute is found, `false` if not.
|
98
|
+
|
99
|
+
## Configuration
|
100
|
+
|
101
|
+
All the methods read the default configuration from the `Chef::Config[:encrypted_attributes]` hash. Most of methods also support setting some configuration parameters as last argument. Both the global and the method argument configuration will be merged.
|
102
|
+
|
103
|
+
If the configuration value to be merged is an array or a hash (for example `keys`), the method argument configuration value has preference over the global configuration. Arrays and hashes are not merged.
|
104
|
+
|
105
|
+
Both `Chef::Config[:encrypted_attributes]` and methods `config` parameter should be a hash which may have any of the following keys:
|
106
|
+
|
107
|
+
* `:version` - `EncryptedMash` format version to use, by default `1` is used which is considered best.
|
108
|
+
* `:partial_search` - Whether to use Chef Server partial search, enabled by default. It may not work in some old versions of Chef Server.
|
109
|
+
* `:client_search` - Search query for clients allowed to read the encrypted attribute. Can be a simple string or an array of queries to be *OR*-ed.
|
110
|
+
* `:users` - Array of user names to be allowed to read the encrypted attribute(s). `"*"` to allow access to all users. Keep in mind that only admin clients or admin users are allowed to read user public keys. It is **not recommended** to use this from cookbooks unless you know what you are doing.
|
111
|
+
* `:keys` - raw RSA public keys to be allowed to read encrypted attributes(s), in PEM (string) format. Can be client public keys, user public keys or any other RSA public key.
|
112
|
+
|
113
|
+
For example, to disable Partial Search globally:
|
114
|
+
|
115
|
+
```ruby
|
116
|
+
Chef::Config[:encrypted_attributes][:partial_search] = false
|
117
|
+
|
118
|
+
# ftp_pass = Chef::EncryptedAttribute.load(node["myapp"]["ftp_password"])
|
119
|
+
# ...
|
120
|
+
```
|
121
|
+
|
122
|
+
To disable Partial Search locally:
|
123
|
+
|
124
|
+
```ruby
|
125
|
+
ftp_pass = Chef::EncryptedAttribute.load(node["myapp"]["ftp_password"], { :partial_search => false })
|
126
|
+
```
|
127
|
+
|
128
|
+
If you want to use knife to work with encrypted attributes, surely you will need to save your Chef User public keys in a Data Bag (there is no need to encrypt them because they are public) and add them to the `:keys` configuration option. See the [Example Using User Keys Data Bag](README.md#example-using-user-keys-data-bag) in the README for more information on this.
|
129
|
+
|
130
|
+
## Caches
|
131
|
+
|
132
|
+
This API uses some LRU caches to avoid making many requests to the Chef Server. All the caches are global and has the following methods:
|
133
|
+
|
134
|
+
* `max_size` - Gets or sets the cache maximum item size.
|
135
|
+
* `clear` - To empty the cache.
|
136
|
+
* `[]` - To read a cache value (used internally).
|
137
|
+
* `[]=` - To set a cache value (used internally).
|
138
|
+
|
139
|
+
This are the currently available caches:
|
140
|
+
|
141
|
+
* `Chef::EncryptedAttribute::RemoteClients.cache` - Caches the `:client_search` query results (max_size: `1024`).
|
142
|
+
* `Chef::EncryptedAttribute::RemoteUsers.cache` - Caches the Chef Users public keys (max_size: `1024`).
|
143
|
+
* `Chef::EncryptedAttribute::RemoteNode.cache` - Caches the node (encrypted) attributes. Disabled by default (max_size: `0`).
|
144
|
+
|
145
|
+
### Clear All the Caches
|
146
|
+
|
147
|
+
You can clear all the caches with the following code:
|
148
|
+
|
149
|
+
```ruby
|
150
|
+
Chef::EncryptedAttribute::RemoteClients.cache.clear
|
151
|
+
Chef::EncryptedAttribute::RemoteUsers.cache.clear
|
152
|
+
Chef::EncryptedAttribute::RemoteNode.cache.clear
|
153
|
+
```
|
154
|
+
|
155
|
+
### Disable All the Caches
|
156
|
+
|
157
|
+
You can disable all the caches with the following code:
|
158
|
+
|
159
|
+
```ruby
|
160
|
+
Chef::EncryptedAttribute::RemoteClients.cache.max_size(0)
|
161
|
+
Chef::EncryptedAttribute::RemoteUsers.cache.max_size(0)
|
162
|
+
Chef::EncryptedAttribute::RemoteNode.cache.max_size(0)
|
163
|
+
```
|
data/CHANGELOG.md
ADDED
data/INTERNAL.md
ADDED
@@ -0,0 +1,111 @@
|
|
1
|
+
# Internal Documentation
|
2
|
+
|
3
|
+
## EncryptedAttribute Class
|
4
|
+
|
5
|
+
This class contains both static and instance level public methods. Internally, all work with `EncryptedMash` object instances.
|
6
|
+
|
7
|
+
The **static methods** are intended to be used from Cookbooks. The attributes are encrypted only for the local node by default. The static `*_on_node` methods can be used also, although they have not been designed for this purpose (have not been tested).
|
8
|
+
|
9
|
+
The **instance methods** are intended to be used from `knife` or external libraries. Usually only the `*_from_node/*_on_node` instance methods will be used. These methods will grant access only to the remote node by default.
|
10
|
+
|
11
|
+
## EncryptedMash Class
|
12
|
+
|
13
|
+
This is the most basic encrypted object, which inherits from `Chef::Mash`.
|
14
|
+
|
15
|
+
Currently two `EncryptedMash` versions exists. But you can create your own versions and name it with the `Chef::EncryptedAttribute::EncryptedMash::Version` prefix.
|
16
|
+
|
17
|
+
### EncryptedMash::Version0
|
18
|
+
|
19
|
+
This is the first version, considered old. Uses public key cryptography (PKI) to encrypt the data. There is no shared secret or HMAC for data integrity checking.
|
20
|
+
|
21
|
+
#### EncryptedMash::Version0 Structure
|
22
|
+
|
23
|
+
If you try to read this encrypted attribute structure, you can see a `Chef::Mash` attribute with the following content:
|
24
|
+
|
25
|
+
```
|
26
|
+
└── encrypted_data
|
27
|
+
├── pub_key_hash1: The data encrypted using PKI for the public key 1 (base64)
|
28
|
+
├── pub_key_hash2: The data encrypted using PKI for the public key 2 (base64)
|
29
|
+
└── ...
|
30
|
+
```
|
31
|
+
|
32
|
+
The `public_key_hash1` key value is the *SHA1* of the public key used for encryption.
|
33
|
+
|
34
|
+
Its content is the data encoded in *JSON*, then encrypted with the public key, and finally encoded in *base64*. The encryption is done using the *RSA* algorithm (PKI).
|
35
|
+
|
36
|
+
### EncryptedMash::Version1 (default)
|
37
|
+
|
38
|
+
This is the `EncryptedMash` version used by default. Uses public key cryptography (PKI) to encrypt a shared secret. Then this shared secret is used to encrypt the data.
|
39
|
+
|
40
|
+
* This implementation can be improved, is not optimized either for performance or for space.
|
41
|
+
* Every time the `EncryptedAttribute` is updated, all the shared secrets are regenerated.
|
42
|
+
|
43
|
+
#### EncryptedMash::Version1 Structure
|
44
|
+
|
45
|
+
If you try to read this encrypted attribute structure, you can see a *Mash* attribute with the following content:
|
46
|
+
|
47
|
+
```
|
48
|
+
EncryptedMash
|
49
|
+
├── chef_type: "encrypted_attribute" (string).
|
50
|
+
├── x_json_class: The used `EncryptedMash` version class name (string).
|
51
|
+
├── encrypted_data
|
52
|
+
│ ├── cipher: The used PKI algorithm, "aes-256-cbc" (string).
|
53
|
+
│ ├── data: PKI encrypted data (base64).
|
54
|
+
│ └── iv: Initialization vector (in base64).
|
55
|
+
├── encrypted_secret
|
56
|
+
│ ├── pub_key_hash1: The shared secrets encrypted for the public key 1 (base64).
|
57
|
+
│ ├── pub_key_hash2: The shared secrets encrypted for the public key 2 (base64).
|
58
|
+
│ └── ...
|
59
|
+
└── hmac
|
60
|
+
├── cipher: The used HMAC algorithm, currently ignored and always "sha256" (string).
|
61
|
+
└── data: Hash-based message authentication code value (base64).
|
62
|
+
```
|
63
|
+
|
64
|
+
* `x_json_class` field is used, with the `x_` prefix, to be easily integrated with Chef in the future.
|
65
|
+
|
66
|
+
##### EncryptedMash[encrypted_data][data]
|
67
|
+
|
68
|
+
The data inside `encrypted_data` is symmetrically encrypted using the secret shared key. The data is converted to *JSON* before the encryption, then encrypted and finally encoded in *base64*. By default, the `"aes-256-cbc"` algorithm is used for encryption.
|
69
|
+
|
70
|
+
After decryption, the *JSON* has the following structure:
|
71
|
+
|
72
|
+
```
|
73
|
+
└── encrypted_data
|
74
|
+
└── data (symmetrically encrypted JSON in base64)
|
75
|
+
└── content: attribute content as a Mash.
|
76
|
+
```
|
77
|
+
|
78
|
+
* In the future, this structure may contain some metadata like default configuration values.
|
79
|
+
|
80
|
+
##### EncryptedMash[encrypted_secret][pub_key_hash1]
|
81
|
+
|
82
|
+
The `public_key_hash1` key value is the *SHA1* of the public key used for encryption.
|
83
|
+
|
84
|
+
Its content is the encrypted shared secrets in *base64*. The encryption is done using the *RSA* algorithm (PKI).
|
85
|
+
|
86
|
+
After decryption, you find the following structure in *JSON*:
|
87
|
+
|
88
|
+
```
|
89
|
+
└── encrypted_secret
|
90
|
+
└── pub_key_hash1 (PKI encrypted JSON in base64)
|
91
|
+
├── data: The shared secret used to encrypt the data (base64).
|
92
|
+
└── hmac: The shared secret used for the HMAC calculation (base64).
|
93
|
+
```
|
94
|
+
|
95
|
+
##### EncryptedMash[hmac][data]
|
96
|
+
|
97
|
+
The HMAC data is in *base64*. The hashing algorithm used is `"sha256"`.
|
98
|
+
|
99
|
+
The following data is used in a alphabetically sorted *JSON* to calculate the HMAC:
|
100
|
+
|
101
|
+
```
|
102
|
+
Data to calculate the HMAC from
|
103
|
+
├── cipher: The algorithm used for `encrypted_data` encryption ("aes-256-cbc").
|
104
|
+
├── data: The `encrypted_data` data content after the encryption (encrypt-then-mac).
|
105
|
+
└── iv: The initialization vector used to encrypt the encrypted_data.
|
106
|
+
```
|
107
|
+
|
108
|
+
* All the data required for decryption is included in the HMAC (except the secret key, of course): `cipher`, `data` and `iv`.
|
109
|
+
* The data used to calculate the HMAC is the encrypted data, not the clear text data (**Encrypt-then-MAC**).
|
110
|
+
* The secret used to calculate the HMAC is not the same as the secret used to encrypt the data.
|
111
|
+
* The secret used to calculate the HMAC is shared inside `encrypted_secret` field with the data secret.
|
data/LICENSE
ADDED
@@ -0,0 +1,190 @@
|
|
1
|
+
Apache License
|
2
|
+
Version 2.0, January 2004
|
3
|
+
http://www.apache.org/licenses/
|
4
|
+
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
6
|
+
|
7
|
+
1. Definitions.
|
8
|
+
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
11
|
+
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
13
|
+
the copyright owner that is granting the License.
|
14
|
+
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
16
|
+
other entities that control, are controlled by, or are under common
|
17
|
+
control with that entity. For the purposes of this definition,
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
19
|
+
direction or management of such entity, whether by contract or
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
22
|
+
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
24
|
+
exercising permissions granted by this License.
|
25
|
+
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
27
|
+
including but not limited to software source code, documentation
|
28
|
+
source, and configuration files.
|
29
|
+
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
31
|
+
transformation or translation of a Source form, including but
|
32
|
+
not limited to compiled object code, generated documentation,
|
33
|
+
and conversions to other media types.
|
34
|
+
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
36
|
+
Object form, made available under the License, as indicated by a
|
37
|
+
copyright notice that is included in or attached to the work
|
38
|
+
(an example is provided in the Appendix below).
|
39
|
+
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
46
|
+
the Work and Derivative Works thereof.
|
47
|
+
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
49
|
+
the original version of the Work and any modifications or additions
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
61
|
+
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
64
|
+
subsequently incorporated within the Work.
|
65
|
+
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
67
|
+
this License, each Contributor hereby grants to You a perpetual,
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
71
|
+
Work and such Derivative Works in Source or Object form.
|
72
|
+
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
74
|
+
this License, each Contributor hereby grants to You a perpetual,
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
78
|
+
where such license applies only to those patent claims licensable
|
79
|
+
by such Contributor that are necessarily infringed by their
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
82
|
+
institute patent litigation against any entity (including a
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
85
|
+
or contributory patent infringement, then any patent licenses
|
86
|
+
granted to You under this License for that Work shall terminate
|
87
|
+
as of the date such litigation is filed.
|
88
|
+
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
91
|
+
modifications, and in Source or Object form, provided that You
|
92
|
+
meet the following conditions:
|
93
|
+
|
94
|
+
(a) You must give any other recipients of the Work or
|
95
|
+
Derivative Works a copy of this License; and
|
96
|
+
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
98
|
+
stating that You changed the files; and
|
99
|
+
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
101
|
+
that You distribute, all copyright, patent, trademark, and
|
102
|
+
attribution notices from the Source form of the Work,
|
103
|
+
excluding those notices that do not pertain to any part of
|
104
|
+
the Derivative Works; and
|
105
|
+
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
108
|
+
include a readable copy of the attribution notices contained
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
111
|
+
of the following places: within a NOTICE text file distributed
|
112
|
+
as part of the Derivative Works; within the Source form or
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
114
|
+
within a display generated by the Derivative Works, if and
|
115
|
+
wherever such third-party notices normally appear. The contents
|
116
|
+
of the NOTICE file are for informational purposes only and
|
117
|
+
do not modify the License. You may add Your own attribution
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
120
|
+
that such additional attribution notices cannot be construed
|
121
|
+
as modifying the License.
|
122
|
+
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
124
|
+
may provide additional or different license terms and conditions
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
128
|
+
the conditions stated in this License.
|
129
|
+
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
133
|
+
this License, without any additional terms or conditions.
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
135
|
+
the terms of any separate license agreement you may have executed
|
136
|
+
with Licensor regarding such Contributions.
|
137
|
+
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
140
|
+
except as required for reasonable and customary use in describing the
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
142
|
+
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
144
|
+
agreed to in writing, Licensor provides the Work (and each
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
152
|
+
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
158
|
+
incidental, or consequential damages of any character arising as a
|
159
|
+
result of this License or out of the use or inability to use the
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
162
|
+
other commercial damages or losses), even if such Contributor
|
163
|
+
has been advised of the possibility of such damages.
|
164
|
+
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
168
|
+
or other liability obligations and/or rights consistent with this
|
169
|
+
License. However, in accepting such obligations, You may act only
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
174
|
+
of your accepting any such warranty or additional liability.
|
175
|
+
|
176
|
+
END OF TERMS AND CONDITIONS
|
177
|
+
|
178
|
+
Copyright 2014 Onddo Labs, SL. (www.onddo.com)
|
179
|
+
|
180
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
181
|
+
you may not use this file except in compliance with the License.
|
182
|
+
You may obtain a copy of the License at
|
183
|
+
|
184
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
185
|
+
|
186
|
+
Unless required by applicable law or agreed to in writing, software
|
187
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
188
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
189
|
+
See the License for the specific language governing permissions and
|
190
|
+
limitations under the License.
|