heroic-sns 1.0.1 → 1.1.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    N2Q1NmY1MjNhNGViOTI4NDk1N2FjZmQzYWZjNTE2ZTM4MzM3OTlkNA==
+    ZGJmMTYxNjFmNmJlZGFkM2E4ZDMzN2I0ODY1ODJmYzc5ZWMxNTAxZA==
   data.tar.gz: !binary |-
-    ZmFkMjY5YzdiMDQ3ODMwZjQyNDNkNzY1ZGM3MzU3OWVmNWYzNDJkYQ==
+    ODU4NTFjMTM2MTBjZTY0MWMzNDNjZGZhYTQ1YjdhZTE0OWEwODAzOQ==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    MDZkY2QwOTkwZmRkMzc4ZmMwNTcyYTc5MDRlZjQ1ZTkxN2JmZjMwZWI4MTA4
-    MTRmYzRjMmRjM2M3YTJiOTdlOGZlN2IyMzQyMjAyYWJiZjQ4OTc2Zjg1Yjll
-    MGQ5NjM5ZmM5ZmY5YjdmYjg4Y2ZmZjFiNmUzZDc2Zjk3OWQwMDI=
+    ZTkxZjczZTVjODdjMjBlMTM0OWU2YjFmYzI4NzM1YzZmMWYzZWFlZjQ2YzMx
+    ODM1ODk3ZmNlMDRmYjE4NmI3MWE4ZTVmM2RmNTgwZTc2YjMwMjEzZjRhNjEy
+    NTVhMDZkZjlmN2IwYjkxNTdjM2M1Mzc2ODFjMzU3ZjhhZGRjZTg=
   data.tar.gz: !binary |-
-    NDBhNWZmMzY1N2M0YTM5MWY4Njk0ZWQyNTc0NGY0NDk2NTQ4N2U4NDIwODE1
-    NWMwNjhlNzYyNWUzZmE2YjZiMzBkN2Q3ZGM1NjczMDJiOGQ2MGVlNzAyZDQ5
-    MWY4N2RkZDJlOGQ4YWJlM2U0OTUzN2ZmNDNlZWIyODdjYmEwZDU=
+    ZTY3YzJmZWRkZTE3OGE4ODRkNjgxNjMwMmYwYzRmZGQ4ODQ1MzE1YjMzZTcw
+    ZmYzMTJkYzhhM2Y5MmQ2YTQ5ZGRlYmUwMWMwYTc5YWUwM2RhMGFiOGJkZmVh
+    OWUyODNjYWE3Njg3Y2MyMzQ1ODI2N2Q0MGE4MmU5MTU0ODIzMDU=

data/.travis.yml

@@ -1,6 +1,5 @@
 language: ruby
 rvm:
-  - ruby-head
   - "2.0.0"
   - "1.9.3"
   - "1.8.7"

data/CHANGELOG

@@ -1,3 +1,7 @@
+### 1.1.0 (June 20, 2013)
+
+* Rework Cert logic - [@sbeckeriv]
+
 ### 1.0.1 (May 17, 2013)
 
 * Gem housekeeping, based on [advice by dblock](http://code.dblock.org/your-first-ruby-gem)

data/heroic-sns.gemspec

@@ -7,7 +7,15 @@ Gem::Specification.new do |s|
   s.name        = 'heroic-sns'
   s.version     = Heroic::SNS::VERSION
   s.summary     = "Lightweight Rack middleware for AWS SNS endpoints"
-  s.description = File.read('description.txt')
+  s.description = <<-EOD
+Secure, lightweight Rack middleware for Amazon Simple Notification Service (SNS)
+endpoints. SNS messages are intercepted, parsed, verified, and then passed along
+to the web application via the 'sns.message' environment key. Heroic::SNS has no
+dependencies besides Rack (specifically, the aws-sdk gem is not needed).
+SNS message signatures are verified in order to reject forgeries and replay
+attacks.
+EOD
+
   s.license     = 'Apache'
 
   s.author      = "Benjamin Ragheb"

data/lib/heroic/lru_cache.rb

@@ -0,0 +1,156 @@
+module Heroic
+
+  # This LRU Cache is a generic key-value store that is designed to be safe for
+  # concurrent access. It uses a doubly-linked-list to identify which item was
+  # least recently retrieved, and a Hash for fast retrieval by key.
+
+  # To support concurrent access, it uses two levels of locks: a cache-level lock
+  # is used to locate or create the desired node and move it to the front of the
+  # LRU list. A node-level lock is used to synchronize access to the node's
+  # value.
+
+  # If a thread is busy generating a value to be stored in the cache, other
+  # threads will still be able to read and write to other keys with no conflict.
+  # However, if a second thread tries to read the value that the first thread is
+  # generating, it will block until the first thread has completed its work.
+
+  class LRUCache
+
+    class Node
+      attr_reader :key
+      attr_accessor :left, :right
+      def initialize(key)
+        @key = key
+        @lock = Mutex.new
+      end
+      def read
+        @lock.synchronize { @value ||= yield(@key) }
+      end
+      def write(value)
+        @lock.synchronize { @value = value }
+      end
+      def to_s
+        sprintf '<Node:%x(%s)>', self.object_id, @key.inspect
+      end
+    end
+
+    # If you yield a block to the constructor, it will be called on every cache
+    # miss to generate the needed value. This is optional but recommended, as
+    # the block will run while holding a lock on the cache node associated with
+    # the key. Additional attempts to retrieve the same key will wait for your
+    # block to return a result, avoiding duplication of work. However, this also
+    # means you MUST NOT access the cache itself from the block, or you will risk
+    # creating deadlock. (If you need to create cacheable items from other
+    # cacheable items, consider using two separate caches.)
+
+    def initialize(capacity, &block)
+      raise ArgumentError unless capacity > 0
+      @capacity = capacity
+      @block = block || Proc.new { nil }
+      @lock = Mutex.new
+      @store = Hash.new
+      @leftmost = nil
+      @rightmost = nil
+    end
+
+    def get(key)
+      node = node_for_key(key)
+      node.read(&@block)
+    end
+
+    def put(key, value)
+      node = node_for_key(key)
+      node.write(value)
+    end
+
+    def empty!
+      @lock.synchronize do
+        @store.empty!
+        @leftmost = nil
+        @rightmost = nil
+      end
+    end
+
+    # Verify the list structure. Intended for testing and debugging only.
+    def verify!
+      @lock.synchronize do
+        left_to_right = Array.new
+        begin
+          node = @leftmost
+          while node
+            left_to_right << node
+            node = node.right
+          end
+        end
+        right_to_left = Array.new
+        begin
+          node = @rightmost
+          while node
+            right_to_left << node
+            node = node.left
+          end
+        end
+        begin
+          raise "leftmost has a left node" if @leftmost && @leftmost.left
+          raise "rightmost has a right node" if @rightmost && @rightmost.right
+          raise "leftmost pointer mismatch" unless @leftmost == left_to_right.first
+          raise "rightmost pointer mismatch" unless @rightmost == right_to_left.first
+          raise "list size mismatch" unless right_to_left.length == left_to_right.length
+          raise "list order mismatch" unless left_to_right.reverse == right_to_left
+          raise "node missing from list" if left_to_right.length < @store.size
+          raise "node missing from store" if left_to_right.length > @store.size
+          raise "store size exceeds capacity" if @store.size > @capacity
+        rescue
+          $stderr.puts "Store: #{@store}"
+          $stderr.puts "L-to-R: #{left_to_right}"
+          $stderr.puts "R-to-L: #{right_to_left}"
+          raise
+        end
+      end
+    end
+
+    private
+
+    def node_for_key(key)
+      @lock.synchronize do
+        node = @store[key]
+        if node.nil?
+          # I am a new node, add me to the head of the list!
+          node = @store[key] = Node.new(key)
+          if @leftmost
+            node.right = @leftmost
+            @leftmost.left = node
+          end
+          @leftmost = node
+          @rightmost = @leftmost if @rightmost.nil?
+          if @store.size > @capacity
+            # Uh oh, time to evict the tail node!
+            evicted_node = @store.delete(@rightmost.key)
+            @rightmost = evicted_node.left
+            @rightmost.right = nil
+          end
+        elsif node != @leftmost
+          # Move me to the head of the list!
+          if node == @rightmost
+            # I was the rightmost node, now the node on my left is.
+            @rightmost = node.left
+            node.left.right = nil
+          else
+            # The node on my left should now point to the node on my right.
+            node.left.right = node.right
+            # The node on my right should point to the node on my left.
+            node.right.left = node.left
+          end
+          former_leftmost = @leftmost
+          # I am the new head node!
+          @leftmost = node
+          @leftmost.left = nil
+          @leftmost.right = former_leftmost
+          former_leftmost.left = @leftmost
+        end
+        node
+      end
+    end
+
+  end
+end

data/lib/heroic/sns/message.rb

@@ -1,19 +1,21 @@
 require 'json'
 require 'base64'
+require 'heroic/lru_cache'
 
 module Heroic
   module SNS
 
     MAXIMUM_ALLOWED_AGE = 3600 # reject messages older than one hour
+    MAXIMUM_ALLOWED_CERTIFICATES = 50
 
-    CERTIFICATE_CACHE = Hash.new do |cache, cert_url|
+    CERTIFICATE_CACHE = Heroic::LRUCache.new(MAXIMUM_ALLOWED_CERTIFICATES) do |cert_url|
       begin
         cert_data = open(cert_url)
-        cache[cert_url] = OpenSSL::X509::Certificate.new(cert_data.read)
-      rescue OpenURI::HTTPError => e
-        raise Error.new("unable to retrieve signing certificate: #{e.message}; URL: #{cert_url}")
+        OpenSSL::X509::Certificate.new(cert_data.read)
       rescue OpenSSL::X509::CertificateError => e
-        raise Error.new("unable to parse signing certificate: #{e.message}; URL: #{cert_url}")
+        raise SNS::Error.new("unable to parse signing certificate: #{e.message}; URL: #{cert_url}")
+      rescue => e
+        raise SNS::Error.new("unable to retrieve signing certificate: #{e.message}; URL: #{cert_url}")
       end
     end
 
@@ -104,7 +106,7 @@ module Heroic
       # See: http://docs.aws.amazon.com/sns/latest/gsg/SendMessageToHttp.verify.signature.html
       def verify!
         age = Time.now - timestamp
-        raise Errow.new("timestamp is in the future", self) if age < 0
+        raise Error.new("timestamp is in the future", self) if age < 0
         raise Error.new("timestamp is too old", self) if age > MAXIMUM_ALLOWED_AGE
         if signature_version != '1'
           raise Error.new("unknown signature version: #{signature_version}", self)
@@ -113,7 +115,7 @@ module Heroic
           raise Error.new("signing certificate is not from amazonaws.com", self)
         end
         text = string_to_sign # will warn of invalid Type
-        cert = CERTIFICATE_CACHE[signing_cert_url]
+        cert = CERTIFICATE_CACHE.get(signing_cert_url)
         digest = OpenSSL::Digest::SHA1.new
         unless cert.public_key.verify(digest, signature, text)
           raise Error.new("message signature is invalid", self)

data/lib/heroic/sns/version.rb

@@ -1,5 +1,5 @@
 module Heroic
   module SNS
-    VERSION = '1.0.1'
+    VERSION = '1.1.0'
   end
 end

data/test/helper.rb

@@ -9,11 +9,11 @@ module Heroic
     TEST_CERT_URL = 'https://sns.test.amazonaws.com/self-signed.pem'
     TEST_CERT_KEY = OpenSSL::PKey::RSA.new(File.read('test/fixtures/sns.key'))
 
-    CERTIFICATE_CACHE[TEST_CERT_URL] = begin
+    begin
       # Insert the certificate in the cache so that these tests aren't dependent
       # on network access (or the fact that the certificate is fake).
       cert_data = File.read('test/fixtures/sns.crt')
-      OpenSSL::X509::Certificate.new(cert_data)
+      CERTIFICATE_CACHE.put(TEST_CERT_URL, OpenSSL::X509::Certificate.new(cert_data))
     end
 
     class Message

data/test/test_lru_cache.rb

@@ -0,0 +1,112 @@
+require 'test/unit'
+require 'heroic/lru_cache'
+
+class LRUCacheTest < Test::Unit::TestCase
+
+  def test_invalid_size
+    assert_raises ArgumentError do
+      Heroic::LRUCache.new(0) { |k| nil }
+    end
+    assert_raises ArgumentError do
+      Heroic::LRUCache.new(-1) { |k| nil }
+    end
+  end
+
+  def test_get_put
+    cache = Heroic::LRUCache.new(1)
+    assert_nil cache.get(:foo)
+    cache.put(:foo, :bar)
+    assert_equal :bar, cache.get(:foo)
+    cache.put(:answer, 42)
+    assert_equal 42, cache.get(:answer)
+    assert_nil cache.get(:foo)
+  end
+
+  def test_exceptions
+    @should_throw = true
+    cache = Heroic::LRUCache.new(3) do |k|
+      if @should_throw
+        raise "tried to load a value but failed"
+      else
+        4
+      end
+    end
+    assert_raises RuntimeError do
+      cache.get(:foo)
+    end
+    @should_throw = false
+    assert_equal 4, cache.get(:foo)
+  end
+
+  def test_dynamic
+    @counter = 0
+    cache = Heroic::LRUCache.new(3) { |k| @counter += 1; "hello, #{k}." }
+    assert_equal 0, @counter
+    cache.verify!
+    assert_equal "hello, leo.", cache.get(:leo); assert_equal 1, @counter
+    cache.verify!
+    assert_equal "hello, leo.", cache.get(:leo); assert_equal 1, @counter
+    cache.verify!
+    assert_equal "hello, donnie.", cache.get(:donnie); assert_equal 2, @counter
+    cache.verify!
+    assert_equal "hello, donnie.", cache.get(:donnie); assert_equal 2, @counter
+    cache.verify!
+    assert_equal "hello, mikey.", cache.get(:mikey); assert_equal 3, @counter
+    cache.verify!
+    assert_equal "hello, mikey.", cache.get(:mikey); assert_equal 3, @counter
+    cache.verify!
+    # raph will push leo out of cache
+    assert_equal "hello, raph.", cache.get(:raph); assert_equal 4, @counter
+    cache.verify!
+    assert_equal "hello, raph.", cache.get(:raph); assert_equal 4, @counter
+    cache.verify!
+    # mikey and donnie remain in cache
+    assert_equal "hello, mikey.", cache.get(:mikey); assert_equal 4, @counter
+    cache.verify!
+    assert_equal "hello, donnie.", cache.get(:donnie); assert_equal 4, @counter
+    cache.verify!
+    # leo will have to be refetched
+    assert_equal "hello, leo.", cache.get(:leo); assert_equal 5, @counter
+    cache.verify!
+  end
+
+  def test_sync
+    @lock = Mutex.new
+    @counter = 0
+    cache = Heroic::LRUCache.new(100) do |k|
+      sleep 1 # simulate slow generation, such as network I/O
+      @lock.synchronize { @counter += 1 }
+      k.to_s
+    end
+    # load the cache with things to read
+    cache.put(:a, 'a')
+    cache.put(:b, 'b')
+    cache.put(:c, 'c')
+    start_time = Time.now
+    # start fetch in background
+    td = Thread.new do
+      cache.get(:d)
+    end
+    te = Thread.new do
+      cache.get(:e)
+    end
+    # while background threads fetch, reading other keys should not be blocked
+    assert_equal 'a', cache.get(:a)
+    assert_equal 'b', cache.get(:b)
+    assert_equal 'c', cache.get(:c)
+    assert_equal 0, @lock.synchronize { @counter }
+    # now main thread should block until background items are fetched
+    assert_equal "d", cache.get(:d)
+    assert_equal "e", cache.get(:e)
+    assert_equal 2, @lock.synchronize { @counter }
+    # reading the same values should be fast (they are cached)
+    assert_equal "d", cache.get(:d)
+    assert_equal "e", cache.get(:e)
+    assert_equal 2, @lock.synchronize { @counter }
+    # look at time elapsed to make sure we didn't sleep more than once
+    [td, te].each { |t| t.join }
+    time_elapsed = (Time.now - start_time)
+    assert_in_delta time_elapsed, 1.0, 0.01
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: heroic-sns
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Benjamin Ragheb
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-17 00:00:00.000000000 Z
+date: 2013-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -68,8 +68,8 @@ files:
 - bin/fake-sns
 - demo/config.ru
 - demo/demo.erb
-- description.txt
 - heroic-sns.gemspec
+- lib/heroic/lru_cache.rb
 - lib/heroic/sns.rb
 - lib/heroic/sns/endpoint.rb
 - lib/heroic/sns/message.rb
@@ -81,6 +81,7 @@ files:
 - test/fixtures/unsubscribe.json
 - test/helper.rb
 - test/test_endpoint.rb
+- test/test_lru_cache.rb
 - test/test_message.rb
 homepage: https://github.com/benzado/heroic-sns
 licenses:

data/description.txt

@@ -1,6 +0,0 @@
-Secure, lightweight Rack middleware for Amazon Simple Notification Service (SNS)
-endpoints. SNS messages are intercepted, parsed, verified, and then passed along
-to the web application via the 'sns.message' environment key. Heroic::SNS has no
-dependencies besides Rack (specifically, the aws-sdk gem is not needed).
-SNS message signatures are verified in order to reject forgeries and replay
-attacks.