omf_common 6.0.2.pre.2 → 6.0.2

data/lib/omf_common/auth.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 
 
 module OmfCommon

data/lib/omf_common/auth/certificate.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'openssl'
 require 'omf_common/auth'
 require 'omf_common/auth/ssh_pub_key_convert'
@@ -32,9 +37,11 @@ module OmfCommon::Auth
     # @param [String] pem is the content of existing x509 cert
     # @param [OpenSSL::PKey::RSA|String] key is the private key which can be attached to the instance for signing.
     def self.create_from_x509(pem, key = nil)
-      unless pem.start_with? BEGIN_CERT
+      # Some command list generated cert can use \r\n as newline char
+      unless pem =~ /^-----BEGIN CERTIFICATE-----/
         pem = "#{BEGIN_CERT}#{pem}#{END_CERT}"
       end
+
       cert = OpenSSL::X509::Certificate.new(pem)
 
       key = OpenSSL::PKey::RSA.new(key) if key && key.is_a?(String)
@@ -64,7 +71,9 @@ module OmfCommon::Auth
 
     # Create a X509 certificate
     #
-    # @param [] address
+    # @param [String] address
+    # @param [String] subject
+    # @param [OpenSSL::PKey::RSA] key
     # @return {cert, key}
     #
     def self._create_x509_cert(address, subject, key, digest = nil,
@@ -127,8 +136,18 @@ module OmfCommon::Auth
       @cert ||= _create_x509_cert(@address, @subject, @key, @digest)[:cert]
     end
 
+    # @param [OpenSSL::PKey::RSA|String] key is most likely the public key of the resource.
+    #
     def create_for(address, name, type, domain = DEF_DOMAIN_NAME, duration = 3600, key = nil)
       raise ArgumentError, "Address required" unless address
+
+      begin
+        key = OpenSSL::PKey::RSA.new(key) if key && key.is_a?(String)
+      rescue OpenSSL::PKey::RSAError
+        # It might be a SSH pub key, try that
+        key = OmfCommon::Auth::SSHPubKeyConvert.convert(key)
+      end
+
       cert = self.class.create(address, name, type, domain, self, Time.now, duration, key)
       CertificateStore.instance.register(cert, address)
       cert

data/lib/omf_common/auth/certificate_store.rb

@@ -1,27 +1,19 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'openssl'
+require 'monitor'
 
 require 'omf_common/auth'
 
-#require 'singleton'
-
-# module OmfCommon
-  # class Key
-    # include Singleton
-#
-    # attr_accessor :private_key
-#
-    # def import(filename)
-      # self.private_key = OpenSSL::PKey.read(File.read(filename))
-    # end
-  # end
-# end
-
 module OmfCommon::Auth
 
   class MissingPrivateKeyException < AuthException; end
 
   class CertificateStore
-
+    include MonitorMixin
 
     @@instance = nil
 
@@ -38,12 +30,27 @@ module OmfCommon::Auth
     end
 
     def register(certificate, address = nil)
-      if address ||= certificate.address
-        @certs[address] = certificate if address
-      else
-        warn "Register certificate without address - #{certificate}"
+      @@instance.synchronize do
+        begin
+          @x509_store.add_cert(certificate.to_x509) if @certs[address].nil? && @certs[certificate.subject].nil?
+        rescue OpenSSL::X509::StoreError => e
+          if e.message == "cert already in hash table"
+            raise "X509 cert '#{address}' already registered in X509 store"
+          else
+            raise e
+          end
+        end
+
+        address ||= certificate.address
+
+        if address
+          @certs[address] ||= certificate
+        else
+          debug "Register certificate without address - #{certificate}, is it a CA cert?"
+        end
+
+        @certs[certificate.subject] ||= certificate
       end
-      @certs[certificate.subject] = certificate
     end
 
     def register_x509(cert_pem, address = nil)
@@ -57,15 +64,38 @@ module OmfCommon::Auth
       @certs[url]
     end
 
+    # @param [OpenSSL::X509::Certificate] cert
+    #
+    def verify(cert)
+      cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate
+      v_result = @x509_store.verify(cert)
+      warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result
+      v_result
+    end
+
+    # Load a set of CA certs into cert store from a given location
+    #
+    # @param [String] folder contains all the CA certs
+    #
+    def register_default_certs(folder)
+      Dir["#{folder}/*"].each do |cert|
+        register_x509(File.read(cert))
+      end
+    end
 
     private
+
     def initialize(opts)
+      @x509_store = OpenSSL::X509::Store.new
+
       @certs = {}
       if store = opts[:store]
       else
         @store = {private: {}, public: {}}
       end
       @serial = 0
+
+      super()
     end
   end # class
 

data/lib/omf_common/auth/ssh_pub_key_convert.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'base64'
 require 'openssl'
 require 'omf_common/auth'
@@ -42,6 +47,8 @@ module OmfCommon::Auth
     #
     def self.convert(keystring)
       (type, b64, id) = keystring.split(' ')
+      raise ArgumentError, "Invalid SSH public key '#{keystring}'" if b64.nil?
+
       decoded_key = Base64.decode64(b64)
       (n, bytes) = unpack_u32(decoded_key)
       (keytype, bytes) = unpack_string(bytes, n)

data/lib/omf_common/comm.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'omf_common/comm/topic'
 
 module OmfCommon
@@ -122,7 +127,7 @@ module OmfCommon
 
     # Returning connection information
     #
-    # @retun [Hash] connection information hash, with type, user and domain.
+    # @return [Hash] connection information hash, with type, user and domain.
     def conn_info
       { proto: nil, user: nil, domain: nil }
     end

data/lib/omf_common/comm/amqp/amqp_communicator.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'amqp'
 require 'omf_common/comm/amqp/amqp_topic'
 #require 'omf_common/comm/monkey_patches'
@@ -11,23 +16,25 @@ module OmfCommon
           # # ignore arguments
         # end
 
+        attr_reader :channel
+
         # Initialize comms layer
         #
         def init(opts = {})
-          unless (@url = opts[:url])
+          @opts = {
+            #:ssl (Hash) � TLS (SSL) parameters to use.
+            heartbeat: 20, # (Fixnum) � default: 0 � Connection heartbeat, in seconds. 0 means no heartbeat. Can also be configured server-side starting with RabbitMQ 3.0.
+            #:on_tcp_connection_failure (#call) � A callable object that will be run if connection to server fails
+            #:on_possible_authentication_failure (#call) � A callable object that will be run if authentication fails (see Authentication failure section)
+            reconnect_delay: 20 # (Fixnum) Delay in seconds before attempting reconnect on detected failure
+          }.merge(opts)
+
+          unless (@url = @opts.delete(:url))
             raise "Missing 'url' option for AQMP layer"
           end
           @address_prefix = @url + '/'
-          ::AMQP.connect(@url) do |connection|
-            @channel  = ::AMQP::Channel.new(connection)
-            @on_connected_procs.each do |proc|
-              proc.arity == 1 ? proc.call(self) : proc.call
-            end
-
-            OmfCommon.eventloop.on_stop do
-              connection.close
-            end
-          end
+          _connect()
+          #AMQP::Session#on_skipped_heartbeats callback that can be used to handle skipped heartbeats
           super
         end
 
@@ -44,13 +51,25 @@ module OmfCommon
           @on_connected_procs << block
         end
 
+        # register callbacks to be called when the underlying AMQP layer
+        # needs to reconnect to the AMQP server. This may require some additional
+        # repairs. If 'block' is nil, the callback is removed
+        #
+        def on_reconnect(key, &block)
+          if block.nil?
+            @on_reconnect.delete(key)
+          else
+            @on_reconnect[key] = block
+          end
+        end
+
         # Create a new pubsub topic with additional configuration
         #
         # @param [String] topic Pubsub topic name
         def create_topic(topic, opts = {})
           raise "Topic can't be nil or empty" if topic.nil? || topic.empty?
           opts = opts.dup
-          opts[:channel] = @channel
+          opts[:communicator] = self
           topic = topic.to_s
           if topic.start_with? 'amqp:'
             # absolute address
@@ -95,8 +114,65 @@ module OmfCommon
         private
         def initialize(opts = {})
           @on_connected_procs = []
+          @on_reconnect = {}
           super
         end
+
+        def _connect()
+          last_reported_timestamp = nil
+          @session = ::AMQP.connect(@url, @opts) do |connection|
+            connection.on_tcp_connection_loss do |conn, settings|
+              now = Time.now
+              if last_reported_timestamp == nil || (now - last_reported_timestamp) > 60
+                warn "Lost connectivity. Trying to reconnect..."
+                last_reported_timestamp = now
+              end
+              conn.reconnect(false, 2)
+            end
+            @channel  = ::AMQP::Channel.new(connection)
+            @channel.auto_recovery = true
+
+
+            @on_connected_procs.each do |proc|
+              proc.arity == 1 ? proc.call(self) : proc.call
+            end
+
+            OmfCommon.eventloop.on_stop do
+              connection.close
+            end
+          end
+
+          rec_delay = @opts[:reconnect_delay]
+          @session.on_tcp_connection_failure do
+            warn "Cannot connect to AMQP server '#{@url}'. Attempt to retry in #{rec_delay} sec"
+            @session = nil
+            OmfCommon.eventloop.after(rec_delay) do
+              info 'Retrying'
+              _connect
+            end
+          end
+          # @session.on_tcp_connection_loss do
+            # _reconnect "Appear to have lost tcp connection. Attempt to reconnect in #{rec_delay} sec"
+          # end
+          # @session.on_skipped_heartbeats do
+            # _reconnect "Appear to have lost heartbeat. Attempt to reconnect in #{rec_delay} sec"
+          # end
+          @session.on_recovery do
+            info 'Recovered!'
+            last_reported_timestamp = nil
+            @on_reconnect.values.each do |block|
+              block.call()
+            end
+          end
+        end
+
+        # def _reconnect(warn_message = nil)
+          # warn(warn_message) if warn_message
+          # OmfCommon.eventloop.after(@opts[:reconnect_delay]) do
+            # info 'Reconnecting'
+            # @session.reconnect
+          # end
+        # end
       end
     end
   end

data/lib/omf_common/comm/amqp/amqp_file_transfer.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 require 'set'
 require 'monitor'
 

data/lib/omf_common/comm/amqp/amqp_topic.rb

@@ -1,3 +1,8 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
 
 
 module OmfCommon
@@ -8,17 +13,17 @@ module OmfCommon
         def to_s
           "AMQP::Topic<#{id}>"
         end
-        
+
         def address
           @address
         end
-        
+
         # Call 'block' when topic is subscribed to underlying messaging
-        # infrastructure. 
+        # infrastructure.
         #
         def on_subscribed(&block)
           return unless block
-          
+
           call_now = false
           @lock.synchronize do
             if @subscribed
@@ -30,24 +35,35 @@ module OmfCommon
           if call_now
             after(0, &block)
           end
-        end  
-        
-        
+        end
+
+
         private
-        
+
         def initialize(id, opts = {})
-          unless channel = opts.delete(:channel)
-            raise "Missing :channel option"
+          unless @communicator = opts.delete(:communicator)
+            raise "Missing :communicator option"
           end
           super
           @address = opts[:address]
-          @exchange = channel.topic(id, :auto_delete => true)
           @lock = Monitor.new
           @subscribed = false
           @on_subscribed_handlers = []
-          
-          # Subscribe as well
-          #puts "QQ0(#{id})"
+
+          # @communicator.on_reconnect(self) do
+            # info "Resubscribe '#{self}'"
+            # _init_amqp
+          # end
+          _init_amqp
+        end
+
+        def _init_amqp()
+          channel = @communicator.channel
+          @exchange = channel.topic(id, :auto_delete => true)
+          # @exchange.on_connection_interruption do |ex|
+            # warn "Exchange #{ex.name} detected connection interruption"
+            # @exchange = nil
+          # end
           channel.queue("", :exclusive => true) do |queue|
             #puts "QQ1(#{id}): #{queue}"
             queue.bind(@exchange)
@@ -70,15 +86,18 @@ module OmfCommon
             end
           end
         end
-        
-        
+
         def _send_message(msg, block = nil)
           super
           content_type, content = msg.marshall(self)
           debug "(#{id}) Send message (#{content_type}) #{msg.inspect}"
-          @exchange.publish(content, content_type: content_type, message_id: msg.mid)
+          if @exchange
+            @exchange.publish(content, content_type: content_type, message_id: msg.mid)
+          else
+            warn "Unavailable AMQP channel. Dropping message '#{msg}'"
+          end
         end
       end # class
-    end # module 
+    end # module
   end # module
 end # module