omf_common 6.0.7.1 → 6.0.8.pre.1

data/lib/omf_common/auth/certificate_store.rb

@@ -11,6 +11,7 @@ require 'omf_common/auth'
 module OmfCommon::Auth
 
   class MissingPrivateKeyException < AuthException; end
+  class MissingCertificateException < AuthException; end
 
   class CertificateStore
     include MonitorMixin
@@ -29,44 +30,56 @@ module OmfCommon::Auth
       @@instance
     end
 
-    def register(certificate, address = nil)
+    def register_trusted(certificate)
       @@instance.synchronize do
         begin
-          @x509_store.add_cert(certificate.to_x509) if @certs[address].nil? && @certs[certificate.subject].nil?
+          @x509_store.add_cert(certificate.to_x509)
         rescue OpenSSL::X509::StoreError => e
           if e.message == "cert already in hash table"
-            raise "X509 cert '#{address}' already registered in X509 store"
+            warn "X509 cert '#{certificate.subject}' already registered in X509 store"
           else
             raise e
           end
         end
+        @certs[certificate.subject] ||= certificate
+      end
+    end
 
-        address ||= certificate.address
+    def register(certificate)
+      raise "Expected Certificate, but got '#{certificate.class}'" unless certificate.is_a? Certificate
 
-        if address
-          @certs[address] ||= certificate
-        else
-          debug "Register certificate without address - #{certificate}, is it a CA cert?"
+      debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}"
+      @@instance.synchronize do
+        _set(certificate.subject, certificate)
+        if rid = certificate.resource_id
+          _set(rid, certificate)
+        end
+        certificate.addresses.each do |type, name|
+          _set(name, certificate)
         end
-
-        @certs[certificate.subject] ||= certificate
       end
     end
 
-    def register_x509(cert_pem, address = nil)
-      if (cert = Certificate.create_from_x509(cert_pem))
+    def register_x509(cert_pem)
+      if (cert = Certificate.create_from_pem(cert_pem))
         debug "REGISTERED #{cert}"
-        register(cert, address)
+        register(cert)
       end
     end
 
     def cert_for(url)
-      @certs[url]
+      # The key of @certs could be a OpenSSL::X509::Name instance
+      unless (cert = @certs.find { |k, v| k.to_s == url.to_s })
+        warn "Unknown cert '#{url}'"
+        raise MissingCertificateException.new(url)
+      end
+      cert[1]
     end
 
     # @param [OpenSSL::X509::Certificate] cert
     #
     def verify(cert)
+      #puts "VERIFY: #{cert}::#{cert.class}}"
       cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate
       v_result = @x509_store.verify(cert)
       warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result
@@ -79,7 +92,7 @@ module OmfCommon::Auth
     #
     def register_default_certs(folder)
       Dir["#{folder}/*"].each do |cert|
-        register_x509(File.read(cert))
+        register_trusted(Certificate.create_from_pem(File.read(cert)))
       end
     end
 
@@ -97,6 +110,17 @@ module OmfCommon::Auth
 
       super()
     end
+
+    def _set(name, certificate)
+      if old = @certs[name]
+        return if old.to_pem == certificate.to_pem
+        warn "Overriding certificate '#{name}' - new: #{certificate.subject} old: #{old.subject}"
+      end
+      @certs[name] = certificate
+      unless name.is_a? String
+        _set(name.to_s, certificate)
+      end
+    end
   end # class
 
 end # module

data/lib/omf_common/auth/jwt_authenticator.rb

@@ -0,0 +1,69 @@
+
+require 'json'
+require 'json/jwt'
+
+module OmfCommon::Auth
+  class JWTAuthenticator
+
+    def self.sign(content, signer, signer_name = signer.subject)
+      msg = {cnt: content, iss: signer_name.to_s}
+      JSON::JWT.new(msg).sign(signer.key , :RS256).to_s
+    end
+
+    def self.parse(jwt_string)
+      jwt_string = jwt_string.split.join
+      # Code lifted from 'json-jwt-0.4.3/lib/json/jwt.rb'
+      case jwt_string.count('.')
+      when 2 # JWT / JWS
+        header, claims, signature = jwt_string.split('.', 3).collect do |segment|
+          UrlSafeBase64.decode64 segment.to_s
+        end
+        header, claims = [header, claims].collect do |json|
+          #MultiJson.load(json).with_indifferent_access
+          puts "JSON>>> #{json}"
+          JSON.parse(json, :symbolize_names => true)
+        end
+        signature_base_string = jwt_string.split('.')[0, 2].join('.')
+        jwt = JSON::JWT.new claims
+        jwt.header = header
+        jwt.signature = signature
+
+        # NOTE:
+        #  Some JSON libraries generates wrong format of JSON (spaces between keys and values etc.)
+        #  So we need to use raw base64 strings for signature verification.
+        unless issuer = claims[:iss]
+          warn "JWT: Message is missing :iss element"
+          return nil
+        end
+        # if cert_pem = claims[:crt]
+          # # let's the credential store take care of it
+          # OmfCommon::Auth::CertificateStore.instance.register_x509(cert_pem, src)
+        # end
+        cert = nil
+        issuer.split(',').compact.select do |addr|
+          begin
+            cert = OmfCommon::Auth::CertificateStore.instance.cert_for(addr)
+          rescue OmfCommon::Auth::MissingCertificateException
+            nil
+          end
+        end
+        unless cert
+          warn "JWT: Can't find cert for issuer '#{issuer}'"
+          return nil
+        end
+
+        unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
+          warn "JWT: Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
+        end
+
+        jwt.verify signature_base_string, cert.to_x509.public_key
+        #JSON.parse(claims[:cnt], :symbolize_names => true)
+        claims[:cnt]
+      else
+        warn('JWT: Invalid Format. JWT should include 2 or 3 dots.')
+        return nil
+      end
+    end
+
+  end # class
+end # module

data/lib/omf_common/auth/pdp/test_pdp.rb

@@ -0,0 +1,21 @@
+# Copyright (c) 2012 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
+require 'omf_common/auth'
+
+module OmfCommon::Auth::PDP
+  class TestPDP
+
+    def initialize(opts = {})
+      puts "AUTH INIT>>> #{opts}"
+    end
+
+    def authorize(msg, &block)
+      puts "AUTH(#{msg.issuer})>>> #{msg}"
+      sender = msg.src.address
+      msg
+    end
+  end
+end

data/lib/omf_common/comm.rb

@@ -67,7 +67,7 @@ module OmfCommon
       end
       @@instance = inst
       mopts = provider[:message_provider]
-      mopts[:authenticate] = (opts[:auth] != nil)
+      mopts[:authenticate] = opts[:auth]
       Message.init(mopts)
 
       if aopts = opts[:auth]
@@ -132,6 +132,13 @@ module OmfCommon
       { proto: nil, user: nil, domain: nil }
     end
 
+    # Return a valid address for this type of communicator
+    # Must be implemented by subclasses
+    #
+    def string_to_address(a_string)
+      raise NotImplementedError
+    end
+
     # Subscribe to a pubsub topic
     #
     # @param [String, Array] topic_name Pubsub topic name

data/lib/omf_common/comm/amqp/amqp_communicator.rb

@@ -41,8 +41,14 @@ module OmfCommon
           { proto: :amqp, user: ::AMQP.settings[:user], domain: ::AMQP.settings[:host] }
         end
 
+        def string_to_address(a_string)
+          @address_prefix+a_string 
+        end
+
         # Shut down comms layer
         def disconnect(opts = {})
+          info "Disconnecting..."
+          OmfCommon.eventloop.stop
         end
 
         # TODO: Should be thread safe and check if already connected
@@ -66,7 +72,7 @@ module OmfCommon
         #
         # @param [String] topic Pubsub topic name
         def create_topic(topic, opts = {})
-          raise "Topic can't be nil or empty" if topic.nil? || topic.empty?
+          raise "Topic can't be nil or empty" if topic.nil? || topic.to_s.empty?
           opts = opts.dup
           opts[:communicator] = self
           topic = topic.to_s

data/lib/omf_common/comm/amqp/amqp_mp.rb

@@ -0,0 +1,29 @@
+# Copyright (c) 2013 National ICT Australia Limited (NICTA).
+# This software may be used and distributed solely under the terms of the MIT license (License).
+# You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
+# By downloading or using this software you accept the terms and the liability disclaimer in the License.
+
+require 'oml4r'
+
+module OmfCommon
+  class Comm
+    class AMQP
+
+      class MPPublished < OML4R::MPBase
+        name :amqp_published
+        param :time, :type => :double
+        param :topic, :type => :string
+        param :mid, :type => :string
+      end
+
+      class MPReceived < OML4R::MPBase
+        name :amqp_received
+        param :time, :type => :double
+        param :topic, :type => :string
+        param :mid, :type => :string
+      end
+
+    end
+  end
+end
+

data/lib/omf_common/comm/amqp/amqp_topic.rb

@@ -3,7 +3,7 @@
 # You should find a copy of the License in LICENSE.TXT or at http://opensource.org/licenses/MIT.
 # By downloading or using this software you accept the terms and the liability disclaimer in the License.
 
-
+require 'omf_common/comm/amqp/amqp_mp'
 
 module OmfCommon
   class Comm
@@ -11,7 +11,7 @@ module OmfCommon
       class Topic < OmfCommon::Comm::Topic
 
         def to_s
-          "AMQP::Topic<#{id}>"
+          @address
         end
 
         def address
@@ -70,6 +70,7 @@ module OmfCommon
             queue.subscribe do |headers, payload|
               #puts "===(#{id}) Incoming message '#{headers.content_type}'"
               debug "Received message on #{@address}"
+              MPReceived.inject(Time.now.to_f, @address, payload.to_s[/mid\":\"(.{36})/, 1]) if OmfCommon::Measure.enabled?
               Message.parse(payload, headers.content_type) do |msg|
                 #puts "---(#{id}) Parsed message '#{msg}'"
                 on_incoming_message(msg)
@@ -93,6 +94,7 @@ module OmfCommon
           debug "(#{id}) Send message (#{content_type}) #{msg.inspect}"
           if @exchange
             @exchange.publish(content, content_type: content_type, message_id: msg.mid)
+            MPPublished.inject(Time.now.to_f, @address, msg.mid) if OmfCommon::Measure.enabled?
           else
             warn "Unavailable AMQP channel. Dropping message '#{msg}'"
           end

data/lib/omf_common/comm/local/local_topic.rb

@@ -10,35 +10,35 @@ module OmfCommon
     class Local
       class Topic < OmfCommon::Comm::Topic
         @@marshall_messages = true
-        
+
         # If set to 'true' marshall and immediately unmarshall before handing it on
         # messages
         def self.marshall_messages=(flag)
           @@marshall_messages = (flag == true)
         end
-        
+
         # def self.address_for(name)
           # "#{name}@local"
         # end
-        
+
         def to_s
-          "Mock::Topic<#{id}>"
+          "Local::Topic<#{id}>"
         end
-        
+
         def address
-          "local:/#{id}"
+          @id
         end
-        
+
         def on_subscribed(&block)
           return unless block
-          
+
           OmfCommon.eventloop.after(0) do
             block.arity == 1 ? block.call(self) : block.call
           end
-        end  
-              
+        end
+
         private
-        
+
         def _send_message(msg, block = nil)
           super
           debug "(#{id}) Send message #{msg.inspect}"
@@ -47,7 +47,7 @@ module OmfCommon
             Message.parse(payload, content_type) do
               OmfCommon.eventloop.after(0) do
                 on_incoming_message(msg)
-              end   
+              end
             end
           else
             OmfCommon.eventloop.after(0) do
@@ -55,9 +55,9 @@ module OmfCommon
             end
           end
         end
-        
+
 
       end # class
-    end # module 
+    end # module
   end # module
 end # module

data/lib/omf_common/comm/xmpp/communicator.rb

@@ -57,6 +57,10 @@ class Comm
         { proto: :xmpp, user: jid.node, domain: jid.domain }
       end
 
+      def string_to_address(a_string)
+        "xmpp://#{a_string}@#{jid.domain}"
+      end
+
       # Capture system :INT & :TERM signal
       def on_interrupted(&block)
         @cbks[:interpreted] << block
@@ -100,6 +104,7 @@ class Comm
             info "Reconnected"
           else
             info "Connected"
+            OmfCommon::DSL::Xmpp::MPConnection.inject(Time.now.to_f, jid, 'connected') if OmfCommon::Measure.enabled?
             @cbks[:connected].each { |cbk| cbk.call(self) }
             # It will be reconnection after this
             @lock.synchronize do
@@ -196,7 +201,7 @@ class Comm
       def subscribe(topic, opts = {}, &block)
         topic = topic.first if topic.is_a? Array
         OmfCommon::Comm::XMPP::Topic.create(topic, &block)
-        MPSubscription.inject(Time.now.to_f, jid, 'join', topic) if OmfCommon::Measure.enabled?
+        OmfCommon::DSL::Xmpp::MPSubscription.inject(Time.now.to_f, jid, 'join', topic) if OmfCommon::Measure.enabled?
       end
 
       def _subscribe(topic, pubsub_host = default_host, &block)
@@ -212,7 +217,7 @@ class Comm
         pubsub.subscriptions(pubsub_host) do |m|
           m[:subscribed] && m[:subscribed].each do |s|
             pubsub.unsubscribe(s[:node], nil, s[:subid], pubsub_host, &callback_logging(__method__, s[:node], s[:subid]))
-            MPSubscription.inject(Time.now.to_f, jid, 'leave', s[:node]) if OmfCommon::Measure.enabled?
+            OmfCommon::DSL::Xmpp::MPSubscription.inject(Time.now.to_f, jid, 'leave', s[:node]) if OmfCommon::Measure.enabled?
           end
         end
       end
@@ -240,7 +245,7 @@ class Comm
         end
 
         pubsub.publish(topic, message, pubsub_host, &callback_logging(__method__, topic, &new_block))
-        MPPublished.inject(Time.now.to_f, jid, topic, message.to_s.gsub("\n",'')) if OmfCommon::Measure.enabled?
+        OmfCommon::DSL::Xmpp::MPPublished.inject(Time.now.to_f, jid, topic, message.to_s[/mid="(.{36})/, 1]) if OmfCommon::Measure.enabled?
       end
 
       # Event callback for pubsub topic event(item published)
@@ -250,15 +255,18 @@ class Comm
           passed = !event.delayed? && event.items? && !event.items.first.payload.nil? #&&
             #!published_messages.include?(OpenSSL::Digest::SHA1.new(event.items.first.payload))
 
-          MPReceived.inject(Time.now.to_f, jid, event.node, event.items.first.payload.to_s.gsub("\n",'')) if OmfCommon::Measure.enabled? && passed
-
           if additional_guard
             passed && additional_guard.call(event)
           else
             passed
           end
         end
-        pubsub_event(guard_block, &callback_logging(__method__, &block))
+
+        mblock = proc do |stanza|
+          OmfCommon::DSL::Xmpp::MPReceived.inject(Time.now.to_f, jid, stanza.node, stanza.to_s[/mid="(.{36})/, 1]) if OmfCommon::Measure.enabled? 
+          block.call(stanza) if block
+        end
+        pubsub_event(guard_block, &callback_logging(__method__, &mblock))
       end
 
       private

data/lib/omf_common/comm/xmpp/xmpp_mp.rb

@@ -20,7 +20,7 @@ module OmfCommon
         param :time, :type => :double
         param :jid, :type => :string
         param :topic, :type => :string
-        param :xml_stanza, :type => :string
+        param :mid, :type => :string
       end
 
       class MPReceived < OML4R::MPBase
@@ -28,7 +28,7 @@ module OmfCommon
         param :time, :type => :double
         param :jid, :type => :string
         param :topic, :type => :string
-        param :xml_stanza, :type => :string
+        param :mid, :type => :string
       end
 
       class MPSubscription < OML4R::MPBase