omf_common 6.1.12 → 6.1.14.pre.1

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZTMyNzlmNTJhNGJjOTdlOTE1M2IyNGU2ZGVjZDdkZTdkYTdiMGI4Ng==
+    ZTU3MjhjYTRhNzY0YWNhNjc2NzcxMTQzODcyNWY3N2I2NWE5NjNjYw==
   data.tar.gz: !binary |-
-    MDM5MzVjNjkzNDgyMDFkMjJjZjliYmMyZjdiYWM0ZjQ3NTViYzkzYQ==
+    NDY3ZTU1YTA5MTY5MTFmNjg0NDBiMDI5ODFhYzIzMTAyMWQ1ZTlhYg==
 SHA512:
   metadata.gz: !binary |-
-    NGQyODIxZDdjMjI4ZjMzNzMxMWY2NmM2OGRiZTgwZmYyYzhjZWY5MTkwOTli
-    OGRlNGY2Mzg5ODUyNzA5ZTUyYjA2OGJlMGQ2ZmVkNzIxZTM0ZjRlOGNhODVm
-    MjMxZWJlNmZjMmJjYzQ3ZGU0MDJkZWFmMzMxYjQ4ZTViNTFhODc=
+    ZTNmMmRmNGVjYjA3NzBlY2JlN2Y0Zjg3NjNkNmQ1MDhjNGUxMzVlNzljNzk5
+    ZmZjODQ2MWFmN2ViMmRiZDM5MDIwZGY0MjBmZWRiMDRiYzkxMTE2ZDYxMDZj
+    ODkwMWFiMDU4OWVlZjY3NzIzM2MxYmI0ZjdkYTg4YmUzM2FlNWU=
   data.tar.gz: !binary |-
-    ZjUxYWFmOTBiMDY1OGNjYzA1Nzk5NzBjODUwMjNiNzFkYmFhYTEzMTZiNjgy
-    MzU4NmE0YTA5YTBlMzc2YmExOWI4ZjE0ZGE0Mjc3NzcxOTU1ZmY3OWEwNWZi
-    OTZlMzE3OGFiNzhlZDA1MjBhY2ZmOTE0ZmY4ZWQwYjJjYjBjMjI=
+    N2EzZjJjYjNlMWZiYjhhYzcyNDU1MGRhYzQ0NzEzNzdmNGFhMmE3MGE3ODY1
+    N2QxZTE4M2Y5NGFjNzMyNTU2NmMyMWI5NTE0ZGJjNDBmZWM2MjY2ZTBhZDI1
+    NTBmN2ZjZWNhNzIzMWEwNTFmNzgxYjI0ZmU0NjRkYTVkYTljNmU=

data/example/auth_test_assertion.rb

@@ -0,0 +1,79 @@
+#!/usr/bin/env ruby
+#
+# ruby example/auth_test_2.rb inside omf_common dir
+#
+require 'bundler'
+Bundler.require
+
+require 'omf_common'
+
+env_opts = {
+  environment: 'development',
+  communication: {
+    local_address: 'adam',
+    url: 'amqp://localhost',
+    auth: {
+      authenticate: true,
+      pdp: {
+        require: 'omf_common/auth/pdp/job_service',
+        constructor: 'OmfCommon::Auth::PDP::JobService',
+        slice: 'slice_a'
+      }
+    }
+  },
+  logging: {
+    level: { default: 'debug' },
+    appenders: {
+      stdout: {
+        level: :info,
+        date_pattern: '%H:%M:%S',
+        pattern: '%d %5l %c{2}: %m\n',
+        color_scheme: 'default'
+      }
+    }
+  }
+}
+
+def init_auth_store
+  root_ca = OmfCommon::Auth::Certificate.create_root
+
+  root_ca.create_for_resource 'god', :authoriser
+  root_ca.create_for_resource 'adam', :requester
+  root_ca.create_for_resource 'eve', :requester
+end
+
+
+OmfCommon.init(:development, env_opts) do |event_loop|
+  OmfCommon.comm.on_connected do |comm|
+    init_auth_store
+
+    # Can generate a new assertion
+    #
+    assert_str = OmfCommon::Auth::Assertion.generate(
+      'adam can use slice slice_a', iss: 'god'
+    ).to_s
+
+    # OR parse from an existing one
+    #
+    assert = OmfCommon::Auth::Assertion.parse(assert_str)
+
+    comm.subscribe(:test) do |topic|
+      topic.on_message do |msg|
+        info "MSG >> #{msg}"
+      end
+
+      topic.configure(
+        { foo: 1 },
+        { issuer: 'adam',
+          assert: assert }
+      )
+
+      event_loop.after(1) do
+        topic.configure(
+          { foo: 2 },
+          { issuer: 'eve' }
+        )
+      end
+    end
+  end
+end

data/lib/omf_common/auth/assertion.rb

@@ -0,0 +1,74 @@
+require 'omf_common/auth'
+
+module OmfCommon::Auth
+  class Assertion
+    attr_reader :content, :iss, :type
+
+    # Parse from a serialised assertion
+    #
+    def self.parse(str, opts = {})
+      opts[:type] ||= 'json'
+
+      case opts[:type]
+      when 'json'
+        new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
+      end
+    end
+
+    # Factory method to generate new assertion
+    #
+    def self.generate(str, opts = {})
+      raise 'Missing iss of assertion' if opts[:iss].nil?
+
+      cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])
+
+      raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?
+
+      sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')
+
+      new(opts.merge(content: str, sig: sig))
+    end
+
+    # Verify cert and sig validity
+    #
+    def verify
+      begin
+        cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
+      rescue MissingCertificateException => e
+        return false
+      end
+      # Verify cert
+      #
+      unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
+        warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
+        return false
+      end
+
+      if cert.nil?
+        warn "Certifcate of #{@iss} NOT found"
+        return false
+      end
+
+      # Verify sig
+      #
+      cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
+    end
+
+    def to_s
+      case @type
+      when 'json'
+        { type: @type, iss: @iss, sig: @sig, content: @content }.to_json
+      end
+    end
+
+    private
+
+    def initialize(opts = {})
+      @type = opts[:type] || 'json'
+      @iss = opts[:iss]
+      # Signature of assertion content signed by issuer
+      @sig = opts[:sig]
+      @content = opts[:content]
+    end
+  end
+end

data/lib/omf_common/auth/certificate.rb

@@ -241,7 +241,7 @@ module OmfCommon::Auth
     end
 
     def cert_expired?
-      debug "Certificate expired!" unless valid?
+      error "Certificate expired!" unless valid?
       !valid?
     end
 

data/lib/omf_common/auth/pdp/job_service.rb

@@ -0,0 +1,39 @@
+require 'omf_common/auth'
+require 'omf_common/auth/assertion'
+
+module OmfCommon::Auth::PDP
+  # Authorise job service (experiment controller) messages
+  class JobService
+    def initialize(opts = {})
+      @slice = opts[:slice]
+    end
+
+    def authorize(msg, &block)
+      if msg.assert.nil?
+        warn 'No assertion found, drop it'
+        return nil
+      end
+
+      assert = OmfCommon::Auth::Assertion.new(msg.assert)
+
+      unless assert.verify
+        return nil
+      else
+        info "#{msg.src.address} tells >> #{assert.iss} says >> #{assert.content}"
+      end
+
+      # Check current slice with slice specified in assertion
+      if assert.content =~ /(.+) can use slice (.+)/ &&
+        $1 == msg.src.id.to_s &&
+        $2 == @slice.to_s
+
+        block.call(msg) if block
+        return msg
+      else
+        warn 'Drop it'
+        return nil
+      end
+    end
+
+  end
+end

data/lib/omf_common/comm/topic.rb

@@ -74,7 +74,7 @@ module OmfCommon
       end
 
       def create_message_and_publish(type, props = {}, core_props = {}, block = nil)
-        debug "(#{id}) create_message_and_publish '#{type}': #{props.inspect}"
+        debug "(#{id}) create_message_and_publish '#{type}': #{props.inspect}: #{core_props.inspect}"
         core_props[:src] ||= OmfCommon.comm.local_address
         msg = OmfCommon::Message.create(type, props, core_props)
         publish(msg, &block)

data/lib/omf_common/message.rb

@@ -17,8 +17,8 @@ module OmfCommon
   class Message
 
     OMF_NAMESPACE = "http://schema.mytestbed.net/omf/#{OmfCommon::PROTOCOL_VERSION}/protocol"
-    OMF_CORE_READ = [:operation, :ts, :src, :mid, :replyto, :cid, :itype, :rtype, :guard, :res_id]
-    OMF_CORE_WRITE = [:replyto, :itype, :guard]
+    OMF_CORE_READ = [:operation, :ts, :src, :mid, :replyto, :cid, :itype, :rtype, :guard, :res_id, :assert]
+    OMF_CORE_WRITE = [:replyto, :itype, :guard, :assert]
 
     @@providers = {
       xml: {

data/test/omf_common/comm/topic_spec.rb

@@ -61,7 +61,7 @@ describe OmfCommon::Comm::Topic do
       OmfCommon::Message.reset
       OmfCommon.unstub(:comm)
       #OmfCommon::Message::XML::Message.any_instance.unstub(:mid)
-      OmfCommon::Message::Json::Message.any_instance.unstub(:mid)
+      #OmfCommon::Message::Json::Message.any_instance.unstub(:mid)
     end
 
     it "must create and send frcp create message" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omf_common
 version: !ruby/object:Gem::Version
-  version: 6.1.12
+  version: 6.1.14.pre.1
 platform: ruby
 authors:
 - NICTA
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-16 00:00:00.000000000 Z
+date: 2015-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -220,6 +220,7 @@ files:
 - bin/omf_send_create
 - bin/omf_send_request
 - example/auth_test.rb
+- example/auth_test_assertion.rb
 - example/engine_alt.rb
 - example/ls_app.yaml
 - example/viz/garage_monitor.rb
@@ -230,9 +231,11 @@ files:
 - example/vm_alt.rb
 - lib/omf_common.rb
 - lib/omf_common/auth.rb
+- lib/omf_common/auth/assertion.rb
 - lib/omf_common/auth/certificate.rb
 - lib/omf_common/auth/certificate_store.rb
 - lib/omf_common/auth/jwt_authenticator.rb
+- lib/omf_common/auth/pdp/job_service.rb
 - lib/omf_common/auth/pdp/test_pdp.rb
 - lib/omf_common/auth/ssh_pub_key_convert.rb
 - lib/omf_common/comm.rb
@@ -302,37 +305,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: omf_common
-rubygems_version: 2.1.10
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: Common library of OMF
-test_files:
-- test/fixture/1st_level.pem
-- test/fixture/2nd_level.pem
-- test/fixture/alice-cert.pem
-- test/fixture/alice-key.pem
-- test/fixture/omf_test.cert.pem
-- test/fixture/omf_test.pem
-- test/fixture/omf_test.pub
-- test/fixture/omf_test.pub.pem
-- test/fixture/pubsub.rb
-- test/fixture/rc.pem
-- test/fixture/root.pem
-- test/omf_common/auth/certificate_spec.rb
-- test/omf_common/auth/certificate_store_spec.rb
-- test/omf_common/auth/ssh_pub_key_convert_spec.rb
-- test/omf_common/comm/amqp/communicator_spec.rb
-- test/omf_common/comm/topic_spec.rb
-- test/omf_common/comm/xmpp/communicator_spec.rb
-- test/omf_common/comm/xmpp/topic_spec.rb
-- test/omf_common/comm_spec.rb
-- test/omf_common/command_spec.rb
-- test/omf_common/core_ext/string_spec.rb
-- test/omf_common/message/xml/message_spec.rb
-- test/omf_common/message_spec.rb
-- test/test_helper.rb
+test_files: []