hurley 0.1

data/lib/hurley/options.rb

@@ -0,0 +1,142 @@
+require "openssl"
+require "securerandom"
+
+module Hurley
+  class RequestOptions < Struct.new(
+    # Integer or Fixnum number of seconds to wait for one block to be read.
+    :timeout,
+
+    # Integer or Fixnum number of seconds to wait for the connection to open.
+    :open_timeout,
+
+    # String boundary to use for multipart request bodies.
+    :boundary,
+
+    # A SocketBinding specifying the host and/or port of the local client
+    # socket.
+    :bind,
+
+    # Hurley::Url instance of an HTTP Proxy address.
+    :proxy,
+
+    # Integer limit on the number of redirects that are automatically followed.
+    # Default: 5
+    :redirection_limit,
+
+    # Hurley::Query subclass to use for query objects.  Defaults to
+    # Hurley::Query.default.
+    :query_class,
+  )
+
+    def redirection_limit
+      self[:redirection_limit] ||= 5
+    end
+
+    def bind=(b)
+      self[:bind] = SocketBinding.parse(b)
+    end
+
+    def build_form(body)
+      query_class.new(body).to_form(self)
+    end
+
+    def boundary
+      self[:boundary] || "Hurley-#{SecureRandom.hex}"
+    end
+
+    def query_class
+      self[:query_class] ||= Query.default
+    end
+  end
+
+  class SslOptions < Struct.new(
+    # Boolean that specifies whether to skip SSL verification.
+    :skip_verification,
+
+    # Sets the maximum depth for the certificate chain verification.
+    :verify_depth,
+
+    # String path of a CA certification file in PEM format.
+    :ca_file,
+
+    # String path of a CA certification directory containing certifications in PEM format.
+    :ca_path,
+
+    # String client cert contents.
+    :client_cert,
+
+    # String path to client certificate.
+    :client_cert_path,
+
+    # String private key contents.
+    :private_key,
+
+    # String path to private key.
+    :private_key_path,
+
+    # String pass for the private key
+    :private_key_pass,
+
+    # An OpenSSL::X509::Certificate object for a client certificate.
+    :openssl_client_cert,
+
+    # An OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
+    :openssl_client_key,
+
+    # The X509::Store to verify peer certificate.
+    :openssl_cert_store,
+
+    # Sets the SSL version.  See OpenSSL::SSL::SSLContext::METHODS for available
+    # versions.
+    :version,
+  )
+
+    def skip_verification?
+      self[:skip_verification]
+    end
+
+    def openssl_verify_mode
+      skip_verification ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
+    end
+
+    def openssl_client_cert
+      self[:openssl_client_cert] ||= begin
+        cert_contents = self[:client_cert] || (self[:client_cert_path] && IO.read(self[:client_cert_path]))
+        return unless cert_contents
+        OpenSSL::X509::Certificate.new(cert_contents)
+      end
+    end
+
+    def openssl_cert_store
+      self[:openssl_cert_store] ||= OpenSSL::X509::Store.new.tap do |store|
+        store.set_default_paths
+      end
+    end
+
+    def openssl_private_key
+      @openssl_private_key ||= begin
+        pkey = if pkey_path = self[:private_key_path]
+          File.read(pkey_path)
+        else
+          self[:private_key]
+        end
+
+        return unless pkey
+
+        if OpenSSL::PKey.respond_to?(:read)
+          OpenSSL::PKey.read(pkey, self[:private_key_pass])
+        else
+          OpenSSL::PKey::RSA.new(pkey, self[:private_key_pass])
+        end
+      end
+    end
+  end
+
+  class SocketBinding < Struct.new(:host, :port)
+    def self.parse(bind)
+      h, p = bind.to_s.split(":", 2)
+      p = p.to_i
+      new(h, p.zero? ? nil : p)
+    end
+  end
+end

data/lib/hurley/query.rb

@@ -0,0 +1,252 @@
+require "cgi"
+require "forwardable"
+require "stringio"
+
+module Hurley
+  class Query
+    def self.default
+      @default ||= Nested
+    end
+
+    def self.parse(raw_query)
+      default.parse(raw_query)
+    end
+
+    def initialize(initial = nil)
+      @hash = {}
+      update(initial) if initial
+    end
+
+    extend Forwardable
+    def_delegators(:@hash,
+      :[], :[]=,
+      :each,
+      :keys,
+      :size,
+      :delete,
+      :key?,
+    )
+
+    def subset_of?(url)
+      query = url.respond_to?(:query) ? url.query : url
+      @hash.keys.all? do |key|
+        query[key] == @hash[key]
+      end
+    end
+
+    def update(absolute)
+      absolute.each do |key, value|
+        @hash[key] = value unless key?(key)
+      end
+    end
+
+    def parse_query(raw_query)
+      raw_query.to_s.split(AMP).each do |pair|
+        escaped_key, escaped_value = pair.split(EQ, 2)
+        key = CGI.unescape(escaped_key)
+        value = escaped_value ? CGI.unescape(escaped_value) : nil
+        send(:decode_pair, key, value)
+      end
+    end
+
+    def multipart?
+      any_multipart?(@hash.values)
+    end
+
+    def to_query_string
+      build_pairs.map!(&:to_s).join(AMP)
+    end
+
+    def to_form(options = nil)
+      if multipart?
+        boundary = (options || RequestOptions.new).boundary
+        return MULTIPART_TYPE % boundary, to_io(boundary)
+      else
+        return FORM_TYPE, StringIO.new(to_query_string)
+      end
+    end
+
+    alias to_s to_query_string
+
+    def inspect
+      "#<%s %s>" % [
+        self.class.name,
+        @hash.inspect,
+      ]
+    end
+
+    def self.inherited(base)
+      super
+      class << base
+        def parse(raw_query)
+          q = new
+          q.parse_query(raw_query)
+          q
+        end
+      end
+    end
+
+    class Nested < self
+      private
+
+      def decode_pair(key, value)
+        if key !~ END_BRACKET
+          self[key] = value
+          return
+        end
+
+        first_key = key[0, key.index(START_BRACKET)]
+        hash_keys = [first_key, *key.scan(/\[([^\]]+)?\]/).map(&:first)]
+        last_index = hash_keys.size - 1
+        container = self
+        hash_keys.each_with_index do |hash_key, index|
+          if index < last_index
+            if hash_keys[index+1]
+              container = if hash_key
+                container[hash_key] ||= {}
+              else
+                c = {}
+                container << c
+                container = c
+              end
+            else
+              container = container[hash_key] ||= []
+            end
+          else
+            if hash_key
+              container[hash_key] = value
+            else
+              container << value
+            end
+          end
+        end
+      end
+
+      def encode_array(pairs, key, escaped_key, value)
+        encode_nested_value(pairs, key, escaped_key, value)
+      end
+
+      def encode_hash(pairs, key, escaped_key, value)
+        value.each do |value_key, item|
+          nested_key = "#{key}[#{value_key}]"
+          nested_escaped_key = "#{escaped_key}%5B#{Url.escape_path(value_key)}%5D"
+          encode_nested_value(pairs, nested_key, nested_escaped_key, item)
+        end
+      end
+
+      def encode_nested_value(pairs, key, escaped_key, value)
+        case value
+        when Array
+          arr_key = "#{key}#{EMPTY_BRACKET}"
+          arr_escaped_key = escaped_key + EMPTY_ESCAPED_BRACKET
+          value.each do |item|
+            encode_nested_value(pairs, arr_key, arr_escaped_key, item)
+          end
+        when Hash
+          value.each do |hash_key, hash_value|
+            nested_key = "#{key}[#{hash_key}]"
+            nested_escaped_key = "#{escaped_key}%5B#{Url.escape_path(hash_key)}%5D"
+            encode_nested_value(pairs, nested_key, nested_escaped_key, hash_value)
+          end
+        else
+          pairs << Pair.new(key, escaped_key, value)
+        end
+      end
+    end
+
+    class Flat < self
+      private
+
+      def decode_pair(key, value)
+        self[key] = if key?(key)
+          Array(self[key]) << value
+        else
+          value
+        end
+      end
+
+      def encode_array(pairs, key, escaped_key, value)
+        value.each do |item|
+          pairs << Pair.new(key, escaped_key, item)
+        end
+      end
+    end
+
+    class Pair < Struct.new(:key, :escaped_key, :value)
+      def to_s
+        if value
+          "#{escaped_key}=#{Url.escape_path(value)}"
+        else
+          escaped_key
+        end
+      end
+    end
+
+    # Private Hurley::Query methods
+
+    private
+
+    def any_multipart?(array)
+      array.any? do |v|
+        case v
+        when Array then any_multipart?(v)
+        when Hash then any_multipart?(v.values)
+        else
+          v.respond_to?(:read)
+        end
+      end
+    end
+
+    def to_io(boundary, part_headers = nil)
+      parts = []
+
+      part_headers ||= {}
+      build_pairs.each do |pair|
+        parts << Multipart::Part.new(boundary, pair.key, pair.value, part_headers[pair.key])
+      end
+      parts << Multipart::EpiloguePart.new(boundary)
+      ios = []
+      len = 0
+      parts.each do |part|
+        len += part.length
+        ios << part.to_io
+      end
+
+      CompositeReadIO.new(len, *ios)
+    end
+
+    def build_pairs
+      pairs = []
+      @hash.each do |key, value|
+        escaped_key = Url.escape_path(key)
+        case value
+        when nil then pairs << Pair.new(key, escaped_key, nil)
+        when Array
+          encode_array(pairs, key, escaped_key, value)
+        when Hash
+          encode_hash(pairs, key, escaped_key, value)
+        else
+          pairs << Pair.new(key, escaped_key, value)
+        end
+      end
+      pairs
+    end
+
+    def encode_array(pairs, key, escaped_key, value)
+      raise NotImplementedError
+    end
+
+    def encode_hash(pairs, key, escaped_key, value)
+      raise NotImplementedError
+    end
+
+    AMP = "&".freeze
+    EQ = "=".freeze
+    EMPTY_BRACKET = "[]".freeze
+    EMPTY_ESCAPED_BRACKET = "%5B%5D".freeze
+    START_BRACKET = "[".freeze
+    END_BRACKET = /\]\z/
+    FORM_TYPE = "application/x-www-form-urlencoded".freeze
+    MULTIPART_TYPE = "multipart/form-data; boundary=%s".freeze
+  end
+end

data/lib/hurley/tasks.rb

@@ -0,0 +1,111 @@
+require "rake"
+
+namespace :hurley do
+  desc "Start server for live tests.  HURLEY_PORT=4000"
+  task :start_server do
+    without_verbose do
+      require File.expand_path("../test/server", __FILE__)
+    end
+
+    Hurley::Live.start_server(
+      :port => (ENV["HURLEY_PORT"] || 4000).to_i,
+      :ssl_key => ENV["HURLEY_SSL_KEY"],
+      :ssl_file => ENV["HURLEY_SSL_FILE"],
+    )
+  end
+
+  desc "Start proxy server for live tests.  HURLEY_PORT=4001, HURLEY_PROXY_AUTH=user:pass"
+  task :start_proxy do
+    without_verbose do
+      require "webrick"
+      require "webrick/httpproxy"
+    end
+
+    if found = ENV["HURLEY_PROXY_AUTH"]
+      username, password = ENV["HURLEY_PROXY_AUTH"].split(":", 2)
+    end
+
+    match_credentials = lambda { |credentials|
+      got_username, got_password = credentials.to_s.unpack("m*")[0].split(":", 2)
+      got_username == username && got_password == password
+    }
+
+    log_io = $stdout
+    log_io.sync = true
+
+    webrick_opts = {
+      :Port => (ENV["HURLEY_PORT"] || 4001).to_i,
+      :Logger => WEBrick::Log::new(log_io),
+      :AccessLog => [[log_io, "[%{X-Hurley-Connection}i] %m  %U  ->  %s %b"]],
+      :ProxyAuthProc => lambda { |req, res|
+        if username
+          type, credentials = req.header["proxy-authorization"].first.to_s.split(/\s+/, 2)
+          unless "Basic" == type && match_credentials.call(credentials)
+            res["proxy-authenticate"] = %{Basic realm="testing"}
+            raise WEBrick::HTTPStatus::ProxyAuthenticationRequired
+          end
+        end
+      }
+    }
+
+    proxy = WEBrick::HTTPProxyServer.new(webrick_opts)
+
+    trap(:TERM) { proxy.shutdown }
+    trap(:INT) { proxy.shutdown }
+
+    proxy.start
+  end
+
+  desc "Generate test certs for testing Hurley with SSL"
+  task :generate_certs do
+    without_verbose do
+      require "openssl"
+      require "fileutils"
+    end
+
+    $shell = !!ENV["IN_SHELL"]
+
+    # Adapted from WEBrick::Utils. Skips cert extensions so it
+    # can be used as a CA bundle
+    def create_self_signed_cert(bits, cn, comment)
+      rsa = OpenSSL::PKey::RSA.new(bits)
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 1
+      name = OpenSSL::X509::Name.new(cn)
+      cert.subject = name
+      cert.issuer = name
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (365*24*60*60)
+      cert.public_key = rsa.public_key
+      cert.sign(rsa, OpenSSL::Digest::SHA1.new)
+      return [cert, rsa]
+    end
+
+    def write(file, contents, env_var)
+      FileUtils.mkdir_p(File.dirname(file))
+      File.open(file, "w") do |f|
+        f.puts(contents)
+      end
+      puts %(export #{env_var}="#{file}") if $shell
+    end
+
+
+    # One cert / CA for ease of testing when ignoring verification
+    cert, key = create_self_signed_cert(1024, [["CN", "localhost"]], "Hurley Test CA")
+    write "tmp/hurley-cert.key", key,  "HURLEY_SSL_KEY"
+    write "tmp/hurley-cert.crt", cert, "HURLEY_SSL_FILE"
+
+    # And a second CA to prove that verification can fail
+    cert, key = create_self_signed_cert(1024, [["CN", "real-ca.com"]], "A different CA")
+    write "tmp/hurley-different-ca-cert.key", key,  "HURLEY_SSL_KEY_ALT"
+    write "tmp/hurley-different-ca-cert.crt", cert, "HURLEY_SSL_FILE_ALT"
+  end
+end
+
+def without_verbose
+  old_verbose, $VERBOSE = $VERBOSE, nil
+  yield
+ensure
+  $VERBOSE = old_verbose
+end