pantry 0.0.0 → 0.1.0

data/test/unit/communication/publish_socket_test.rb

@@ -0,0 +1,19 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::PublishSocket do
+
+  before do
+    Celluloid.boot
+  end
+
+  let(:security) { Pantry::Communication::Security.new_client }
+
+  it "opens a ZMQ PubSocket, bound to host / port" do
+    Celluloid::ZMQ::PubSocket.any_instance.expects(:linger=).with(0)
+    Celluloid::ZMQ::PubSocket.any_instance.expects(:bind).with("tcp://host:1234")
+
+    socket = Pantry::Communication::PublishSocket.new("host", 1234, security)
+    socket.open
+  end
+
+end

data/test/unit/communication/reading_socket_test.rb

@@ -0,0 +1,110 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::ReadingSocket do
+
+  class TestSocket < Pantry::Communication::ReadingSocket
+    attr_accessor :socket_impl
+    attr_accessor :has_source_header
+
+    def build_socket
+      @socket_impl
+    end
+
+    def open_socket(socket)
+    end
+
+    def process_next_message
+      @socket = @socket_impl
+      super
+    end
+
+    def has_source_header?
+      @has_source_header
+    end
+  end
+
+  before do
+    Celluloid.init
+  end
+
+  let(:security) { Pantry::Communication::Security.new_client }
+
+  it "builds messages and passes each message to a listener" do
+    zmq_socket = Class.new do
+      def read
+        @buffer ||= [
+          "stream",
+          {:type => "message_type", :from => "zee client", :to => "stream", :requires_response => false}.to_json,
+          "body part 1",
+          "body part 2"
+        ]
+        @buffer.shift
+      end
+
+      def more_parts?
+        @responses ||= [true, true, true, false]
+        @responses.shift
+      end
+    end.new
+
+    listener = Class.new do
+      attr_reader :handled_message
+      def handle_message(message)
+        @handled_message = message
+      end
+    end.new
+
+    reader = TestSocket.new("host", 1235, security)
+    reader.add_listener(listener)
+    reader.socket_impl = zmq_socket
+
+    reader.process_next_message
+
+    message = listener.handled_message
+    assert_equal "stream", message.to
+    assert_equal "zee client", message.from
+    assert_equal "message_type", message.type
+    assert_false message.requires_response?
+    assert_equal ["body part 1", "body part 2"], message.body
+  end
+
+  it "ignores the first token (ZMQ source identity) if configured to do so" do
+    zmq_socket = Class.new do
+      def read
+        @buffer ||= [
+          "Source",
+          "stream",
+          {:type => "message_type", :source => nil, :requires_response => false}.to_json,
+          "body part 1",
+          "body part 2"
+        ]
+        @buffer.shift
+      end
+
+      def more_parts?
+        @responses ||= [true, true, true, false]
+        @responses.shift
+      end
+    end.new
+
+    listener = Class.new do
+      attr_reader :handled_message
+      def handle_message(message)
+        @handled_message = message
+      end
+    end.new
+
+    reader = TestSocket.new("host", 1235, security)
+    reader.has_source_header = true
+    reader.add_listener(listener)
+    reader.socket_impl = zmq_socket
+
+    reader.process_next_message
+
+    message = listener.handled_message
+    assert_equal "message_type", message.type
+    assert_false message.requires_response?
+    assert_equal ["body part 1", "body part 2"], message.body
+  end
+
+end

data/test/unit/communication/receive_socket_test.rb

@@ -0,0 +1,20 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::ReceiveSocket do
+
+  before do
+    Celluloid.init
+
+    Celluloid::ZMQ::RouterSocket.any_instance.stubs(:bind)
+  end
+
+  let(:security) { Pantry::Communication::Security.new_client }
+
+  it "binds and subscribes to the given host and port" do
+    Celluloid::ZMQ::RouterSocket.any_instance.expects(:bind).with("tcp://host:4567")
+
+    socket = Pantry::Communication::ReceiveSocket.new("host", 4567, security)
+    socket.open
+  end
+
+end

data/test/unit/communication/security/authentication_test.rb

@@ -0,0 +1,97 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::Security::Authentication do
+
+  break unless Pantry::Communication::Security.curve_supported?
+
+  let(:key_store) { Pantry::Communication::Security::CurveKeyStore.new("server_keys") }
+  let(:auth) { Pantry::Communication::Security::Authentication.new(key_store) }
+
+  class BogusZapSocket
+    def initialize(client_key: nil, mechanism: "CURVE")
+      @client_key = client_key
+      @mechanism = mechanism
+    end
+
+    def read
+      @buffer ||= [
+        "1.0",
+        "1",
+        "domain",
+        "127.0.0.1",
+        "identity",
+        @mechanism,
+        @client_key
+      ]
+      @buffer.shift
+    end
+
+    def more_parts?
+      @buffer.length > 0
+    end
+
+    attr_reader :message
+    def write(message)
+      @message = message
+    end
+  end
+
+  def assert_response_valid(response)
+    assert_equal 6, response.length, "Response message wasn't long enough"
+    assert_equal "1.0", response[0], "Invalid version code"
+    assert_equal "1", response[1], "Invalid sequence in response"
+    assert_equal "", response[4] # username
+    assert_equal "", response[5] # metadata
+  end
+
+  def assert_authorized(response)
+    assert_response_valid(response)
+    assert_equal "200", response[2], "Invalid response code"
+    assert_equal "OK", response[3], "Invalid response message"
+  end
+
+  def assert_not_authorized(response, expected_message)
+    assert_response_valid(response)
+    assert_equal "400", response[2], "Invalid response code"
+    assert_equal expected_message, response[3], "Invalid response message"
+  end
+
+  it "authenticates a client with a known client public key" do
+    key_store.expects(:known_client?).with("client_key").returns(true)
+    zmq_socket = BogusZapSocket.new(client_key: "client_key")
+
+    auth.instance_variable_set("@socket", zmq_socket)
+    auth.process_next_request
+
+    assert_authorized(zmq_socket.message)
+  end
+
+  it "rejects a client with an unknown public key" do
+    key_store.expects(:known_client?).with("client_key").returns(false)
+    zmq_socket = BogusZapSocket.new(client_key: "client_key")
+
+    auth.instance_variable_set("@socket", zmq_socket)
+    auth.process_next_request
+
+    assert_not_authorized(zmq_socket.message, "Unknown Client")
+  end
+
+  it "rejects auth attempts for PLAIN security" do
+    zmq_socket = BogusZapSocket.new(client_key: "client_key", mechanism: "PLAIN")
+
+    auth.instance_variable_set("@socket", zmq_socket)
+    auth.process_next_request
+
+    assert_not_authorized(zmq_socket.message, "Invalid Mechanism")
+  end
+
+  it "rejects auth attempts for NULL security" do
+    zmq_socket = BogusZapSocket.new(client_key: "client_key", mechanism: "NULL")
+
+    auth.instance_variable_set("@socket", zmq_socket)
+    auth.process_next_request
+
+    assert_not_authorized(zmq_socket.message, "Invalid Mechanism")
+  end
+
+end

data/test/unit/communication/security/curve_key_store_test.rb

@@ -0,0 +1,110 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::Security::CurveKeyStore do
+
+  break unless Pantry::Communication::Security.curve_supported?
+
+  let(:key_store) { Pantry::Communication::Security::CurveKeyStore.new("my_keys") }
+  let(:curve_dir) { Pantry.root.join("security", "curve") }
+
+  def write_test_keys(known_client_keys = nil)
+    security_dir = Pantry.root.join("security", "curve")
+    keys_file = security_dir.join("my_keys.yml")
+    FileUtils.mkdir_p security_dir
+    File.open(keys_file, "w+") do |f|
+      f.write(YAML.dump({
+        "private_key" => "private key", "public_key" => "public key",
+        "server_public_key" => "server key",
+        "client_keys" => known_client_keys || ["client1", "client2"]
+      }))
+    end
+
+    keys_file
+  end
+
+  it "sets up directory structure in Pantry.root for storing credentials" do
+    key_store
+
+    assert File.directory?(curve_dir), "Storage stucture not set up"
+  end
+
+  it "generates a new set of public/private keys if none exist" do
+    key_store
+
+    assert File.exists?(curve_dir.join("my_keys.yml")), "Did not generate my keys"
+
+    keys = YAML.load_file(curve_dir.join("my_keys.yml"))
+    assert_not_nil keys["private_key"], "Did not generate a private key"
+    assert_not_nil keys["public_key"],  "Did not generate a public key"
+  end
+
+  it "generates a new set of public/private keys even if a server public key is set" do
+    keys_file = write_test_keys([])
+    File.open(keys_file, "w+") do |f|
+      f.write(YAML.dump({ "server_public_key" => "server key" }))
+    end
+
+    key_store
+
+    full_keys = YAML.load_file(keys_file)
+    assert_equal "server key", full_keys["server_public_key"], "Chomped the pre-set server public key"
+    assert_not_nil full_keys["private_key"], "Did not write out a new private key"
+    assert_not_nil full_keys["public_key"],  "Did not write out a new public key"
+  end
+
+  it "can read back the public key" do
+    write_test_keys
+    assert_equal "public key", key_store.public_key
+  end
+
+  it "can read back the private key" do
+    write_test_keys
+    assert_equal "private key", key_store.private_key
+  end
+
+  it "can read back the server public key" do
+    write_test_keys
+    assert_equal "server key", key_store.server_public_key
+  end
+
+  it "encodes binary client public key for checking against known list" do
+    client_pub, priv = ZMQ::Util.curve_keypair
+    write_test_keys([client_pub])
+
+    decoded = FFI::MemoryPointer.from_string(' ' * 32)
+    binary_pub = LibZMQ.zmq_z85_decode(decoded, client_pub)
+    assert key_store.known_client?(binary_pub), "Should have matched binary with z85 encoded"
+  end
+
+  it "stores the z85 encoded of the first client to auth to the server (no known clients)" do
+    write_test_keys([])
+    client_pub, _ = ZMQ::Util.curve_keypair
+
+    decoded = FFI::MemoryPointer.from_string(' ' * 32)
+    binary_pub = LibZMQ.zmq_z85_decode(decoded, client_pub)
+    assert key_store.known_client?(binary_pub), "Should have allowed the first Client"
+
+    all_keys = YAML.load_file(curve_dir.join("my_keys.yml"))
+    assert_equal [client_pub], all_keys["client_keys"]
+  end
+
+  it "generates a new set of client keys, storing the new public and returning the lot" do
+    write_test_keys
+
+    new_client_keys = key_store.create_client
+
+    assert_equal "public key", new_client_keys[:server_public_key]
+    assert_not_nil new_client_keys[:public_key],  "Didn't generate a client public key"
+    assert_not_nil new_client_keys[:private_key], "Didn't generate a client private key"
+  end
+
+  it "stores the newly generated client public key in the key store" do
+    write_test_keys([])
+
+    new_client_keys = key_store.create_client
+
+    all_keys = YAML.load_file(curve_dir.join("my_keys.yml"))
+    assert_equal [new_client_keys[:public_key]], all_keys["client_keys"]
+  end
+
+end

data/test/unit/communication/security/curve_security_test.rb

@@ -0,0 +1,44 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::Security::CurveSecurity do
+
+  break unless Pantry::Communication::Security.curve_supported?
+
+  fake_fs!
+
+  describe "Client" do
+
+    it "configures the client with the stored server's public key and client keys" do
+      client = Pantry::Communication::Security::CurveSecurity.client
+
+      curve_dir = Pantry.root.join("security", "curve")
+      client_keys = YAML.load_file(curve_dir.join("client_keys.yml"))
+
+      socket = mock
+      socket.expects(:set).with(::ZMQ::CURVE_SERVERKEY, client_keys["server_public_key"])
+      socket.expects(:set).with(::ZMQ::CURVE_PUBLICKEY, client_keys["public_key"])
+      socket.expects(:set).with(::ZMQ::CURVE_SECRETKEY, client_keys["private_key"])
+
+      client.configure_socket(socket)
+    end
+
+  end
+
+  describe "Server" do
+
+    it "configures the socket with the stored server private key" do
+      server = Pantry::Communication::Security::CurveSecurity.server
+
+      curve_dir = Pantry.root.join("security", "curve")
+      server_keys = YAML.load_file(curve_dir.join("server_keys.yml"))
+
+      socket = mock
+      socket.expects(:set).with(::ZMQ::CURVE_SERVER, 1)
+      socket.expects(:set).with(::ZMQ::CURVE_SECRETKEY, server_keys["private_key"])
+
+      server.configure_socket(socket)
+    end
+
+  end
+
+end

data/test/unit/communication/security/null_security_test.rb

@@ -0,0 +1,15 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::Security::NullSecurity do
+
+  it "exists" do
+    client = Pantry::Communication::Security::NullSecurity.new
+    assert_not_nil client
+  end
+
+  it "does nothing for configuring sockets" do
+    client = Pantry::Communication::Security::NullSecurity.new
+    client.configure_socket("something")
+  end
+
+end

data/test/unit/communication/security_test.rb

@@ -0,0 +1,49 @@
+require 'unit/test_helper'
+
+describe Pantry::Communication::Security do
+
+  describe ".new_client" do
+    it "returns the Client side of the configured security model" do
+      config = Pantry::Config.new
+      config.security = nil
+
+      client_handler = Pantry::Communication::Security.new_client(config)
+
+      assert_not_nil client_handler
+      assert client_handler.is_a?(Pantry::Communication::Security::NullSecurity),
+        "Returned the wrong kind of client handler"
+    end
+
+    it "raises if given security type is unknown" do
+      config = Pantry::Config.new
+      config.security = "--unknown--"
+
+      assert_raises(Pantry::Communication::Security::UnknownSecurityStrategyError) do
+        Pantry::Communication::Security.new_client(config)
+      end
+    end
+  end
+
+  describe ".new_server" do
+    it "returns the Server side of the configured security model" do
+      config = Pantry::Config.new
+      config.security = nil
+
+      server_handler = Pantry::Communication::Security.new_server(config)
+
+      assert_not_nil server_handler
+      assert server_handler.is_a?(Pantry::Communication::Security::NullSecurity),
+        "Returned the wrong kind of server handler"
+    end
+
+    it "raises if given security type is unknown" do
+      config = Pantry::Config.new
+      config.security = "--unknown--"
+
+      assert_raises(Pantry::Communication::Security::UnknownSecurityStrategyError) do
+        Pantry::Communication::Security.new_server(config)
+      end
+    end
+  end
+
+end