omf_common 6.1.12 → 6.1.14.pre.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/example/auth_test_assertion.rb +79 -0
- data/lib/omf_common/auth/assertion.rb +74 -0
- data/lib/omf_common/auth/certificate.rb +1 -1
- data/lib/omf_common/auth/pdp/job_service.rb +39 -0
- data/lib/omf_common/comm/topic.rb +1 -1
- data/lib/omf_common/message.rb +2 -2
- data/test/omf_common/comm/topic_spec.rb +1 -1
- metadata +9 -30
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZTU3MjhjYTRhNzY0YWNhNjc2NzcxMTQzODcyNWY3N2I2NWE5NjNjYw==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
NDY3ZTU1YTA5MTY5MTFmNjg0NDBiMDI5ODFhYzIzMTAyMWQ1ZTlhYg==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
ZTNmMmRmNGVjYjA3NzBlY2JlN2Y0Zjg3NjNkNmQ1MDhjNGUxMzVlNzljNzk5
|
10
|
+
ZmZjODQ2MWFmN2ViMmRiZDM5MDIwZGY0MjBmZWRiMDRiYzkxMTE2ZDYxMDZj
|
11
|
+
ODkwMWFiMDU4OWVlZjY3NzIzM2MxYmI0ZjdkYTg4YmUzM2FlNWU=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
N2EzZjJjYjNlMWZiYjhhYzcyNDU1MGRhYzQ0NzEzNzdmNGFhMmE3MGE3ODY1
|
14
|
+
N2QxZTE4M2Y5NGFjNzMyNTU2NmMyMWI5NTE0ZGJjNDBmZWM2MjY2ZTBhZDI1
|
15
|
+
NTBmN2ZjZWNhNzIzMWEwNTFmNzgxYjI0ZmU0NjRkYTVkYTljNmU=
|
@@ -0,0 +1,79 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
# ruby example/auth_test_2.rb inside omf_common dir
|
4
|
+
#
|
5
|
+
require 'bundler'
|
6
|
+
Bundler.require
|
7
|
+
|
8
|
+
require 'omf_common'
|
9
|
+
|
10
|
+
env_opts = {
|
11
|
+
environment: 'development',
|
12
|
+
communication: {
|
13
|
+
local_address: 'adam',
|
14
|
+
url: 'amqp://localhost',
|
15
|
+
auth: {
|
16
|
+
authenticate: true,
|
17
|
+
pdp: {
|
18
|
+
require: 'omf_common/auth/pdp/job_service',
|
19
|
+
constructor: 'OmfCommon::Auth::PDP::JobService',
|
20
|
+
slice: 'slice_a'
|
21
|
+
}
|
22
|
+
}
|
23
|
+
},
|
24
|
+
logging: {
|
25
|
+
level: { default: 'debug' },
|
26
|
+
appenders: {
|
27
|
+
stdout: {
|
28
|
+
level: :info,
|
29
|
+
date_pattern: '%H:%M:%S',
|
30
|
+
pattern: '%d %5l %c{2}: %m\n',
|
31
|
+
color_scheme: 'default'
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
def init_auth_store
|
38
|
+
root_ca = OmfCommon::Auth::Certificate.create_root
|
39
|
+
|
40
|
+
root_ca.create_for_resource 'god', :authoriser
|
41
|
+
root_ca.create_for_resource 'adam', :requester
|
42
|
+
root_ca.create_for_resource 'eve', :requester
|
43
|
+
end
|
44
|
+
|
45
|
+
|
46
|
+
OmfCommon.init(:development, env_opts) do |event_loop|
|
47
|
+
OmfCommon.comm.on_connected do |comm|
|
48
|
+
init_auth_store
|
49
|
+
|
50
|
+
# Can generate a new assertion
|
51
|
+
#
|
52
|
+
assert_str = OmfCommon::Auth::Assertion.generate(
|
53
|
+
'adam can use slice slice_a', iss: 'god'
|
54
|
+
).to_s
|
55
|
+
|
56
|
+
# OR parse from an existing one
|
57
|
+
#
|
58
|
+
assert = OmfCommon::Auth::Assertion.parse(assert_str)
|
59
|
+
|
60
|
+
comm.subscribe(:test) do |topic|
|
61
|
+
topic.on_message do |msg|
|
62
|
+
info "MSG >> #{msg}"
|
63
|
+
end
|
64
|
+
|
65
|
+
topic.configure(
|
66
|
+
{ foo: 1 },
|
67
|
+
{ issuer: 'adam',
|
68
|
+
assert: assert }
|
69
|
+
)
|
70
|
+
|
71
|
+
event_loop.after(1) do
|
72
|
+
topic.configure(
|
73
|
+
{ foo: 2 },
|
74
|
+
{ issuer: 'eve' }
|
75
|
+
)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'omf_common/auth'
|
2
|
+
|
3
|
+
module OmfCommon::Auth
|
4
|
+
class Assertion
|
5
|
+
attr_reader :content, :iss, :type
|
6
|
+
|
7
|
+
# Parse from a serialised assertion
|
8
|
+
#
|
9
|
+
def self.parse(str, opts = {})
|
10
|
+
opts[:type] ||= 'json'
|
11
|
+
|
12
|
+
case opts[:type]
|
13
|
+
when 'json'
|
14
|
+
new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
# Factory method to generate new assertion
|
19
|
+
#
|
20
|
+
def self.generate(str, opts = {})
|
21
|
+
raise 'Missing iss of assertion' if opts[:iss].nil?
|
22
|
+
|
23
|
+
cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])
|
24
|
+
|
25
|
+
raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?
|
26
|
+
|
27
|
+
sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')
|
28
|
+
|
29
|
+
new(opts.merge(content: str, sig: sig))
|
30
|
+
end
|
31
|
+
|
32
|
+
# Verify cert and sig validity
|
33
|
+
#
|
34
|
+
def verify
|
35
|
+
begin
|
36
|
+
cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
|
37
|
+
rescue MissingCertificateException => e
|
38
|
+
return false
|
39
|
+
end
|
40
|
+
# Verify cert
|
41
|
+
#
|
42
|
+
unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
|
43
|
+
warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
|
44
|
+
return false
|
45
|
+
end
|
46
|
+
|
47
|
+
if cert.nil?
|
48
|
+
warn "Certifcate of #{@iss} NOT found"
|
49
|
+
return false
|
50
|
+
end
|
51
|
+
|
52
|
+
# Verify sig
|
53
|
+
#
|
54
|
+
cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
|
55
|
+
end
|
56
|
+
|
57
|
+
def to_s
|
58
|
+
case @type
|
59
|
+
when 'json'
|
60
|
+
{ type: @type, iss: @iss, sig: @sig, content: @content }.to_json
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def initialize(opts = {})
|
67
|
+
@type = opts[:type] || 'json'
|
68
|
+
@iss = opts[:iss]
|
69
|
+
# Signature of assertion content signed by issuer
|
70
|
+
@sig = opts[:sig]
|
71
|
+
@content = opts[:content]
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'omf_common/auth'
|
2
|
+
require 'omf_common/auth/assertion'
|
3
|
+
|
4
|
+
module OmfCommon::Auth::PDP
|
5
|
+
# Authorise job service (experiment controller) messages
|
6
|
+
class JobService
|
7
|
+
def initialize(opts = {})
|
8
|
+
@slice = opts[:slice]
|
9
|
+
end
|
10
|
+
|
11
|
+
def authorize(msg, &block)
|
12
|
+
if msg.assert.nil?
|
13
|
+
warn 'No assertion found, drop it'
|
14
|
+
return nil
|
15
|
+
end
|
16
|
+
|
17
|
+
assert = OmfCommon::Auth::Assertion.new(msg.assert)
|
18
|
+
|
19
|
+
unless assert.verify
|
20
|
+
return nil
|
21
|
+
else
|
22
|
+
info "#{msg.src.address} tells >> #{assert.iss} says >> #{assert.content}"
|
23
|
+
end
|
24
|
+
|
25
|
+
# Check current slice with slice specified in assertion
|
26
|
+
if assert.content =~ /(.+) can use slice (.+)/ &&
|
27
|
+
$1 == msg.src.id.to_s &&
|
28
|
+
$2 == @slice.to_s
|
29
|
+
|
30
|
+
block.call(msg) if block
|
31
|
+
return msg
|
32
|
+
else
|
33
|
+
warn 'Drop it'
|
34
|
+
return nil
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
@@ -74,7 +74,7 @@ module OmfCommon
|
|
74
74
|
end
|
75
75
|
|
76
76
|
def create_message_and_publish(type, props = {}, core_props = {}, block = nil)
|
77
|
-
debug "(#{id}) create_message_and_publish '#{type}': #{props.inspect}"
|
77
|
+
debug "(#{id}) create_message_and_publish '#{type}': #{props.inspect}: #{core_props.inspect}"
|
78
78
|
core_props[:src] ||= OmfCommon.comm.local_address
|
79
79
|
msg = OmfCommon::Message.create(type, props, core_props)
|
80
80
|
publish(msg, &block)
|
data/lib/omf_common/message.rb
CHANGED
@@ -17,8 +17,8 @@ module OmfCommon
|
|
17
17
|
class Message
|
18
18
|
|
19
19
|
OMF_NAMESPACE = "http://schema.mytestbed.net/omf/#{OmfCommon::PROTOCOL_VERSION}/protocol"
|
20
|
-
OMF_CORE_READ = [:operation, :ts, :src, :mid, :replyto, :cid, :itype, :rtype, :guard, :res_id]
|
21
|
-
OMF_CORE_WRITE = [:replyto, :itype, :guard]
|
20
|
+
OMF_CORE_READ = [:operation, :ts, :src, :mid, :replyto, :cid, :itype, :rtype, :guard, :res_id, :assert]
|
21
|
+
OMF_CORE_WRITE = [:replyto, :itype, :guard, :assert]
|
22
22
|
|
23
23
|
@@providers = {
|
24
24
|
xml: {
|
@@ -61,7 +61,7 @@ describe OmfCommon::Comm::Topic do
|
|
61
61
|
OmfCommon::Message.reset
|
62
62
|
OmfCommon.unstub(:comm)
|
63
63
|
#OmfCommon::Message::XML::Message.any_instance.unstub(:mid)
|
64
|
-
OmfCommon::Message::Json::Message.any_instance.unstub(:mid)
|
64
|
+
#OmfCommon::Message::Json::Message.any_instance.unstub(:mid)
|
65
65
|
end
|
66
66
|
|
67
67
|
it "must create and send frcp create message" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omf_common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.
|
4
|
+
version: 6.1.14.pre.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- NICTA
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2015-03-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -220,6 +220,7 @@ files:
|
|
220
220
|
- bin/omf_send_create
|
221
221
|
- bin/omf_send_request
|
222
222
|
- example/auth_test.rb
|
223
|
+
- example/auth_test_assertion.rb
|
223
224
|
- example/engine_alt.rb
|
224
225
|
- example/ls_app.yaml
|
225
226
|
- example/viz/garage_monitor.rb
|
@@ -230,9 +231,11 @@ files:
|
|
230
231
|
- example/vm_alt.rb
|
231
232
|
- lib/omf_common.rb
|
232
233
|
- lib/omf_common/auth.rb
|
234
|
+
- lib/omf_common/auth/assertion.rb
|
233
235
|
- lib/omf_common/auth/certificate.rb
|
234
236
|
- lib/omf_common/auth/certificate_store.rb
|
235
237
|
- lib/omf_common/auth/jwt_authenticator.rb
|
238
|
+
- lib/omf_common/auth/pdp/job_service.rb
|
236
239
|
- lib/omf_common/auth/pdp/test_pdp.rb
|
237
240
|
- lib/omf_common/auth/ssh_pub_key_convert.rb
|
238
241
|
- lib/omf_common/comm.rb
|
@@ -302,37 +305,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
302
305
|
version: 1.9.3
|
303
306
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
304
307
|
requirements:
|
305
|
-
- - ! '
|
308
|
+
- - ! '>'
|
306
309
|
- !ruby/object:Gem::Version
|
307
|
-
version:
|
310
|
+
version: 1.3.1
|
308
311
|
requirements: []
|
309
312
|
rubyforge_project: omf_common
|
310
|
-
rubygems_version: 2.
|
313
|
+
rubygems_version: 2.4.2
|
311
314
|
signing_key:
|
312
315
|
specification_version: 4
|
313
316
|
summary: Common library of OMF
|
314
|
-
test_files:
|
315
|
-
- test/fixture/1st_level.pem
|
316
|
-
- test/fixture/2nd_level.pem
|
317
|
-
- test/fixture/alice-cert.pem
|
318
|
-
- test/fixture/alice-key.pem
|
319
|
-
- test/fixture/omf_test.cert.pem
|
320
|
-
- test/fixture/omf_test.pem
|
321
|
-
- test/fixture/omf_test.pub
|
322
|
-
- test/fixture/omf_test.pub.pem
|
323
|
-
- test/fixture/pubsub.rb
|
324
|
-
- test/fixture/rc.pem
|
325
|
-
- test/fixture/root.pem
|
326
|
-
- test/omf_common/auth/certificate_spec.rb
|
327
|
-
- test/omf_common/auth/certificate_store_spec.rb
|
328
|
-
- test/omf_common/auth/ssh_pub_key_convert_spec.rb
|
329
|
-
- test/omf_common/comm/amqp/communicator_spec.rb
|
330
|
-
- test/omf_common/comm/topic_spec.rb
|
331
|
-
- test/omf_common/comm/xmpp/communicator_spec.rb
|
332
|
-
- test/omf_common/comm/xmpp/topic_spec.rb
|
333
|
-
- test/omf_common/comm_spec.rb
|
334
|
-
- test/omf_common/command_spec.rb
|
335
|
-
- test/omf_common/core_ext/string_spec.rb
|
336
|
-
- test/omf_common/message/xml/message_spec.rb
|
337
|
-
- test/omf_common/message_spec.rb
|
338
|
-
- test/test_helper.rb
|
317
|
+
test_files: []
|