right_agent 2.0.7-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. data/LICENSE +20 -0
  2. data/README.rdoc +82 -0
  3. data/Rakefile +113 -0
  4. data/lib/right_agent.rb +59 -0
  5. data/lib/right_agent/actor.rb +182 -0
  6. data/lib/right_agent/actor_registry.rb +76 -0
  7. data/lib/right_agent/actors/agent_manager.rb +232 -0
  8. data/lib/right_agent/agent.rb +1149 -0
  9. data/lib/right_agent/agent_config.rb +480 -0
  10. data/lib/right_agent/agent_identity.rb +210 -0
  11. data/lib/right_agent/agent_tag_manager.rb +237 -0
  12. data/lib/right_agent/audit_formatter.rb +107 -0
  13. data/lib/right_agent/clients.rb +31 -0
  14. data/lib/right_agent/clients/api_client.rb +383 -0
  15. data/lib/right_agent/clients/auth_client.rb +247 -0
  16. data/lib/right_agent/clients/balanced_http_client.rb +369 -0
  17. data/lib/right_agent/clients/base_retry_client.rb +495 -0
  18. data/lib/right_agent/clients/right_http_client.rb +279 -0
  19. data/lib/right_agent/clients/router_client.rb +493 -0
  20. data/lib/right_agent/command.rb +30 -0
  21. data/lib/right_agent/command/agent_manager_commands.rb +150 -0
  22. data/lib/right_agent/command/command_client.rb +136 -0
  23. data/lib/right_agent/command/command_constants.rb +33 -0
  24. data/lib/right_agent/command/command_io.rb +126 -0
  25. data/lib/right_agent/command/command_parser.rb +87 -0
  26. data/lib/right_agent/command/command_runner.rb +118 -0
  27. data/lib/right_agent/command/command_serializer.rb +63 -0
  28. data/lib/right_agent/connectivity_checker.rb +179 -0
  29. data/lib/right_agent/console.rb +65 -0
  30. data/lib/right_agent/core_payload_types.rb +44 -0
  31. data/lib/right_agent/core_payload_types/cookbook.rb +61 -0
  32. data/lib/right_agent/core_payload_types/cookbook_position.rb +46 -0
  33. data/lib/right_agent/core_payload_types/cookbook_repository.rb +116 -0
  34. data/lib/right_agent/core_payload_types/cookbook_sequence.rb +70 -0
  35. data/lib/right_agent/core_payload_types/dev_repositories.rb +100 -0
  36. data/lib/right_agent/core_payload_types/dev_repository.rb +76 -0
  37. data/lib/right_agent/core_payload_types/event_categories.rb +38 -0
  38. data/lib/right_agent/core_payload_types/executable_bundle.rb +130 -0
  39. data/lib/right_agent/core_payload_types/login_policy.rb +72 -0
  40. data/lib/right_agent/core_payload_types/login_user.rb +79 -0
  41. data/lib/right_agent/core_payload_types/planned_volume.rb +94 -0
  42. data/lib/right_agent/core_payload_types/recipe_instantiation.rb +73 -0
  43. data/lib/right_agent/core_payload_types/repositories_bundle.rb +50 -0
  44. data/lib/right_agent/core_payload_types/right_script_attachment.rb +95 -0
  45. data/lib/right_agent/core_payload_types/right_script_instantiation.rb +94 -0
  46. data/lib/right_agent/core_payload_types/runlist_policy.rb +44 -0
  47. data/lib/right_agent/core_payload_types/secure_document.rb +66 -0
  48. data/lib/right_agent/core_payload_types/secure_document_location.rb +63 -0
  49. data/lib/right_agent/core_payload_types/software_repository_instantiation.rb +61 -0
  50. data/lib/right_agent/daemonize.rb +35 -0
  51. data/lib/right_agent/dispatched_cache.rb +109 -0
  52. data/lib/right_agent/dispatcher.rb +272 -0
  53. data/lib/right_agent/enrollment_result.rb +221 -0
  54. data/lib/right_agent/exceptions.rb +87 -0
  55. data/lib/right_agent/history.rb +145 -0
  56. data/lib/right_agent/log.rb +460 -0
  57. data/lib/right_agent/minimal.rb +46 -0
  58. data/lib/right_agent/monkey_patches.rb +30 -0
  59. data/lib/right_agent/monkey_patches/ruby_patch.rb +55 -0
  60. data/lib/right_agent/monkey_patches/ruby_patch/array_patch.rb +29 -0
  61. data/lib/right_agent/monkey_patches/ruby_patch/darwin_patch.rb +24 -0
  62. data/lib/right_agent/monkey_patches/ruby_patch/linux_patch.rb +24 -0
  63. data/lib/right_agent/monkey_patches/ruby_patch/linux_patch/file_patch.rb +30 -0
  64. data/lib/right_agent/monkey_patches/ruby_patch/object_patch.rb +49 -0
  65. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch.rb +32 -0
  66. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/file_patch.rb +60 -0
  67. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/process_patch.rb +63 -0
  68. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/stdio_patch.rb +27 -0
  69. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/time_patch.rb +55 -0
  70. data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/win32ole_patch.rb +34 -0
  71. data/lib/right_agent/multiplexer.rb +102 -0
  72. data/lib/right_agent/offline_handler.rb +270 -0
  73. data/lib/right_agent/operation_result.rb +300 -0
  74. data/lib/right_agent/packets.rb +673 -0
  75. data/lib/right_agent/payload_formatter.rb +104 -0
  76. data/lib/right_agent/pending_requests.rb +128 -0
  77. data/lib/right_agent/pid_file.rb +159 -0
  78. data/lib/right_agent/platform.rb +770 -0
  79. data/lib/right_agent/platform/unix/darwin/platform.rb +102 -0
  80. data/lib/right_agent/platform/unix/linux/platform.rb +305 -0
  81. data/lib/right_agent/platform/unix/platform.rb +226 -0
  82. data/lib/right_agent/platform/windows/mingw/platform.rb +447 -0
  83. data/lib/right_agent/platform/windows/mswin/platform.rb +236 -0
  84. data/lib/right_agent/platform/windows/platform.rb +1808 -0
  85. data/lib/right_agent/protocol_version_mixin.rb +69 -0
  86. data/lib/right_agent/retryable_request.rb +195 -0
  87. data/lib/right_agent/scripts/agent_controller.rb +543 -0
  88. data/lib/right_agent/scripts/agent_deployer.rb +400 -0
  89. data/lib/right_agent/scripts/common_parser.rb +160 -0
  90. data/lib/right_agent/scripts/log_level_manager.rb +192 -0
  91. data/lib/right_agent/scripts/stats_manager.rb +268 -0
  92. data/lib/right_agent/scripts/usage.rb +58 -0
  93. data/lib/right_agent/secure_identity.rb +92 -0
  94. data/lib/right_agent/security.rb +32 -0
  95. data/lib/right_agent/security/cached_certificate_store_proxy.rb +77 -0
  96. data/lib/right_agent/security/certificate.rb +102 -0
  97. data/lib/right_agent/security/certificate_cache.rb +89 -0
  98. data/lib/right_agent/security/distinguished_name.rb +56 -0
  99. data/lib/right_agent/security/encrypted_document.rb +83 -0
  100. data/lib/right_agent/security/rsa_key_pair.rb +76 -0
  101. data/lib/right_agent/security/signature.rb +86 -0
  102. data/lib/right_agent/security/static_certificate_store.rb +85 -0
  103. data/lib/right_agent/sender.rb +792 -0
  104. data/lib/right_agent/serialize.rb +29 -0
  105. data/lib/right_agent/serialize/message_pack.rb +107 -0
  106. data/lib/right_agent/serialize/secure_serializer.rb +151 -0
  107. data/lib/right_agent/serialize/secure_serializer_initializer.rb +47 -0
  108. data/lib/right_agent/serialize/serializable.rb +151 -0
  109. data/lib/right_agent/serialize/serializer.rb +159 -0
  110. data/lib/right_agent/subprocess.rb +38 -0
  111. data/lib/right_agent/tracer.rb +124 -0
  112. data/right_agent.gemspec +101 -0
  113. data/spec/actor_registry_spec.rb +80 -0
  114. data/spec/actor_spec.rb +162 -0
  115. data/spec/agent_config_spec.rb +235 -0
  116. data/spec/agent_identity_spec.rb +78 -0
  117. data/spec/agent_spec.rb +734 -0
  118. data/spec/agent_tag_manager_spec.rb +319 -0
  119. data/spec/clients/api_client_spec.rb +423 -0
  120. data/spec/clients/auth_client_spec.rb +272 -0
  121. data/spec/clients/balanced_http_client_spec.rb +576 -0
  122. data/spec/clients/base_retry_client_spec.rb +635 -0
  123. data/spec/clients/router_client_spec.rb +594 -0
  124. data/spec/clients/spec_helper.rb +111 -0
  125. data/spec/command/agent_manager_commands_spec.rb +51 -0
  126. data/spec/command/command_io_spec.rb +93 -0
  127. data/spec/command/command_parser_spec.rb +79 -0
  128. data/spec/command/command_runner_spec.rb +107 -0
  129. data/spec/command/command_serializer_spec.rb +51 -0
  130. data/spec/connectivity_checker_spec.rb +83 -0
  131. data/spec/core_payload_types/dev_repositories_spec.rb +64 -0
  132. data/spec/core_payload_types/dev_repository_spec.rb +33 -0
  133. data/spec/core_payload_types/executable_bundle_spec.rb +67 -0
  134. data/spec/core_payload_types/login_user_spec.rb +102 -0
  135. data/spec/core_payload_types/recipe_instantiation_spec.rb +81 -0
  136. data/spec/core_payload_types/right_script_attachment_spec.rb +65 -0
  137. data/spec/core_payload_types/right_script_instantiation_spec.rb +79 -0
  138. data/spec/core_payload_types/spec_helper.rb +23 -0
  139. data/spec/dispatched_cache_spec.rb +136 -0
  140. data/spec/dispatcher_spec.rb +324 -0
  141. data/spec/enrollment_result_spec.rb +53 -0
  142. data/spec/history_spec.rb +246 -0
  143. data/spec/log_spec.rb +192 -0
  144. data/spec/monkey_patches/eventmachine_spec.rb +62 -0
  145. data/spec/multiplexer_spec.rb +48 -0
  146. data/spec/offline_handler_spec.rb +340 -0
  147. data/spec/operation_result_spec.rb +208 -0
  148. data/spec/packets_spec.rb +461 -0
  149. data/spec/pending_requests_spec.rb +136 -0
  150. data/spec/platform/spec_helper.rb +216 -0
  151. data/spec/platform/unix/darwin/platform_spec.rb +181 -0
  152. data/spec/platform/unix/linux/platform_spec.rb +540 -0
  153. data/spec/platform/unix/spec_helper.rb +149 -0
  154. data/spec/platform/windows/mingw/platform_spec.rb +222 -0
  155. data/spec/platform/windows/mswin/platform_spec.rb +259 -0
  156. data/spec/platform/windows/spec_helper.rb +720 -0
  157. data/spec/retryable_request_spec.rb +306 -0
  158. data/spec/secure_identity_spec.rb +50 -0
  159. data/spec/security/cached_certificate_store_proxy_spec.rb +62 -0
  160. data/spec/security/certificate_cache_spec.rb +71 -0
  161. data/spec/security/certificate_spec.rb +49 -0
  162. data/spec/security/distinguished_name_spec.rb +46 -0
  163. data/spec/security/encrypted_document_spec.rb +55 -0
  164. data/spec/security/rsa_key_pair_spec.rb +55 -0
  165. data/spec/security/signature_spec.rb +66 -0
  166. data/spec/security/static_certificate_store_spec.rb +58 -0
  167. data/spec/sender_spec.rb +1045 -0
  168. data/spec/serialize/message_pack_spec.rb +131 -0
  169. data/spec/serialize/secure_serializer_spec.rb +132 -0
  170. data/spec/serialize/serializable_spec.rb +90 -0
  171. data/spec/serialize/serializer_spec.rb +197 -0
  172. data/spec/spec.opts +2 -0
  173. data/spec/spec.win32.opts +1 -0
  174. data/spec/spec_helper.rb +130 -0
  175. data/spec/tracer_spec.rb +114 -0
  176. metadata +447 -0
@@ -0,0 +1,58 @@
1
+ #
2
+ # Copyright (c) 2009-2011 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ # Scans the 'usage' for a given file and returns the resulting String.
24
+ #
25
+ # Note : no formatting occurs. Rdoc is nice as is.
26
+ #
27
+
28
+ module Usage
29
+
30
+ # Scans the given file from its usage (the top comment block) and
31
+ # returns it
32
+ #
33
+ # === Parameters
34
+ # file(String)::
35
+ # path to file to read
36
+ #
37
+ # === Return
38
+ # String::
39
+ # the usage as found in the file
40
+ #
41
+ def self.scan(file)
42
+
43
+ lines = File.readlines(file) # Display usage from the given file
44
+ result = []
45
+
46
+ while line = lines.shift
47
+ if m = line.match(/^ *#(.*)$/)
48
+ result << m[1]
49
+ else
50
+ break unless result.empty?
51
+ end
52
+ end
53
+
54
+ result.join("\n")
55
+ end
56
+
57
+ end
58
+
@@ -0,0 +1,92 @@
1
+ #
2
+ # Copyright (c) 2009-2011 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ require 'openssl'
24
+
25
+ module RightScale
26
+ # Utility class that makes it easier to derive RightAgent identities in a
27
+ # secure, predictable and globally consistent fashion.
28
+ #
29
+ # Given an agent base ID and a secret token shared by all relying parties,
30
+ # the #derive method will generate a public token that can be printed to
31
+ # log files, to a console, or sent in the clear over public networks
32
+ # without compromising the original token. Note that the public token is
33
+ # not guaranteed to be unique; if uniqueness is required (e.g. for an
34
+ # Agent ID) the public token should be combined with the base ID.
35
+ #
36
+ # The #create_verifier method can be used by parties who both possess
37
+ # a secret token to prove their knowledge of the token to one another
38
+ # without disclosing the token. This would facilitate authentication
39
+ # over a public network. Note that this utility class does not
40
+ # implement an entire authentication protocol, it merely facilitates
41
+ # one.
42
+ class SecureIdentity
43
+ # Separator used to differentiate between identity components when serialized
44
+ ID_SEPARATOR = '*'
45
+
46
+ # Derive a public Identity Token from a base ID and a secret authentication
47
+ # token. The public token is useful for including in world-readable values such
48
+ # as the name of an agent.
49
+ #
50
+ # Public tokens are generated by taking the SHA1 hash of the base ID and the
51
+ # auth token, separated by a delimiter. Thus a public token can always be
52
+ # deterministically derived from its inputs.
53
+ #
54
+ # === Parameters
55
+ # base_id(Integer):: Numeric ID of the auth token
56
+ # auth_token(String):: Secret authentication token
57
+ #
58
+ # === Return
59
+ # public_token(String):: Public token
60
+ def self.derive(base_id, auth_token)
61
+ sha = OpenSSL::Digest::SHA1.new
62
+ sha.update(base_id.to_s)
63
+ sha.update(ID_SEPARATOR)
64
+ sha.update(auth_token.to_s)
65
+ return sha.hexdigest
66
+ end
67
+
68
+ # Create a cryptographic token verifier that can be used to demonstrate to another party
69
+ # that you have knowledge of an authentication token, without disclosing the token itself
70
+ # via a clear-text communications channel. The other party must also possess the secret
71
+ # authentication token so they can compute a corresponding verifier for comparison.
72
+ #
73
+ # THIS METHOD DOES NOT CHECK TOKENS OR TIMESTAMPS FOR YOU; it is only useful to compute
74
+ # the token. The caller must check the outputs, compare the timestamp and make a decision
75
+ # about whether to trust the entity who is supplying the verifier.
76
+ #
77
+ # === Parameters
78
+ # base_id(Integer):: Numeric ID of the auth token
79
+ # auth_token(String):: Secret authentication token
80
+ # timestamp(Time|Integer):: Unix-epoch timestamp to help prevent replay attacks
81
+ #
82
+ # === Return
83
+ # verifier(String):: HMAC-SHA1(base_id, timestamp) keyed using auth_token
84
+ def self.create_verifier(base_id, auth_token, timestamp)
85
+ hmac = OpenSSL::HMAC.new(auth_token, OpenSSL::Digest::SHA1.new)
86
+ hmac.update(base_id.to_s)
87
+ hmac.update(ID_SEPARATOR)
88
+ hmac.update(timestamp.to_i.to_s)
89
+ return hmac.hexdigest
90
+ end
91
+ end
92
+ end
@@ -0,0 +1,32 @@
1
+ #
2
+ # Copyright (c) 2009-2011 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ SECURITY_BASE_DIR = File.join(File.dirname(__FILE__), 'security')
24
+
25
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'cached_certificate_store_proxy'))
26
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'certificate'))
27
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'certificate_cache'))
28
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'distinguished_name'))
29
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'encrypted_document'))
30
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'rsa_key_pair'))
31
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'signature'))
32
+ require File.normalize_path(File.join(SECURITY_BASE_DIR, 'static_certificate_store'))
@@ -0,0 +1,77 @@
1
+ #
2
+ # Copyright (c) 2009-2013 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ module RightScale
24
+
25
+ # Proxy to actual certificate store which caches results in an LRU cache
26
+ class CachedCertificateStoreProxy
27
+
28
+ # Initialize cache proxy with given certificate store
29
+ #
30
+ # === Parameters
31
+ # store(Object):: Certificate store responding to get_signer, get_target,
32
+ # and get_receiver
33
+ def initialize(store)
34
+ @signer_cache = CertificateCache.new
35
+ @store = store
36
+ end
37
+
38
+ # Retrieve signer certificates for use in verifying a signature
39
+ # Check cache first and cache results
40
+ #
41
+ # === Parameters
42
+ # id(String):: Serialized identity of signer
43
+ #
44
+ # === Return
45
+ # (Array|Certificate):: Signer certificate(s)
46
+ def get_signer(id)
47
+ @signer_cache.get(id) { @store.get_signer(id) }
48
+ end
49
+
50
+ # Retrieve certificates of target for encryption
51
+ # Results are not cached
52
+ #
53
+ # === Parameters
54
+ # packet(RightScale::Packet):: Packet containing target identity
55
+ #
56
+ # === Return
57
+ # (Array|Certificate):: Target certificate(s)
58
+ def get_target(obj)
59
+ @store.get_target(obj)
60
+ end
61
+
62
+ # Retrieve receiver's certificate and key for decryption
63
+ # Results are not cached
64
+ #
65
+ # === Parameters
66
+ # id(String|nil):: Optional identifier of source of data for use
67
+ # in determining who is the receiver
68
+ #
69
+ # === Return
70
+ # (Array):: Certificate and key
71
+ def get_receiver(id)
72
+ @store.get_receiver(id)
73
+ end
74
+
75
+ end # CachedCertificateStoreProxy
76
+
77
+ end # RightScale
@@ -0,0 +1,102 @@
1
+ #
2
+ # Copyright (c) 2009-2011 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ module RightScale
24
+
25
+ # X.509 Certificate management
26
+ class Certificate
27
+
28
+ # Underlying OpenSSL cert
29
+ attr_accessor :raw_cert
30
+
31
+ # Generate a signed X.509 certificate
32
+ #
33
+ # === Parameters
34
+ # key(RsaKeyPair):: Key pair used to sign certificate
35
+ # issuer(DistinguishedName):: Certificate issuer
36
+ # subject(DistinguishedName):: Certificate subject
37
+ # valid_for(Integer):: Time in seconds before certificate expires, defaults to 10 years
38
+ def initialize(key, issuer, subject, valid_for = 3600*24*365*10)
39
+ @raw_cert = OpenSSL::X509::Certificate.new
40
+ @raw_cert.version = 2
41
+ @raw_cert.serial = 1
42
+ @raw_cert.subject = subject.to_x509
43
+ @raw_cert.issuer = issuer.to_x509
44
+ @raw_cert.public_key = key.to_public.raw_key
45
+ @raw_cert.not_before = Time.now
46
+ @raw_cert.not_after = Time.now + valid_for
47
+ @raw_cert.sign(key.raw_key, OpenSSL::Digest::SHA1.new)
48
+ end
49
+
50
+ # Load certificate from file
51
+ #
52
+ # === Parameters
53
+ # file(String):: File path name
54
+ #
55
+ # === Return
56
+ # res(Certificate):: Certificate
57
+ def self.load(file)
58
+ res = nil
59
+ File.open(file, 'r') { |f| res = from_data(f) } if file
60
+ res
61
+ end
62
+
63
+ # Initialize with raw certificate
64
+ #
65
+ # === Parameters
66
+ # data(String):: Raw certificate data
67
+ #
68
+ # === Return
69
+ # res(Certificate):: Certificate
70
+ def self.from_data(data)
71
+ cert = OpenSSL::X509::Certificate.new(data)
72
+ res = Certificate.allocate
73
+ res.instance_variable_set(:@raw_cert, cert)
74
+ res
75
+ end
76
+
77
+ # Save certificate to file in PEM format
78
+ #
79
+ # === Parameters
80
+ # file(String):: File path name
81
+ #
82
+ # === Return
83
+ # true:: Always return true
84
+ def save(file)
85
+ File.open(file, "w") do |f|
86
+ f.write(@raw_cert.to_pem)
87
+ end
88
+ true
89
+ end
90
+
91
+ # Certificate data in PEM format
92
+ #
93
+ # === Return
94
+ # (String):: Certificate data
95
+ def data
96
+ @raw_cert.to_pem
97
+ end
98
+ alias :to_s :data
99
+
100
+ end # Certificate
101
+
102
+ end # RightScale
@@ -0,0 +1,89 @@
1
+ #
2
+ # Copyright (c) 2009-2011 RightScale Inc
3
+ #
4
+ # Permission is hereby granted, free of charge, to any person obtaining
5
+ # a copy of this software and associated documentation files (the
6
+ # "Software"), to deal in the Software without restriction, including
7
+ # without limitation the rights to use, copy, modify, merge, publish,
8
+ # distribute, sublicense, and/or sell copies of the Software, and to
9
+ # permit persons to whom the Software is furnished to do so, subject to
10
+ # the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be
13
+ # included in all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
19
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
20
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
21
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22
+
23
+ module RightScale
24
+
25
+ # Implements a simple LRU cache: items that are the least accessed are
26
+ # deleted first.
27
+ class CertificateCache
28
+
29
+ # Max number of items to keep in memory
30
+ DEFAULT_CACHE_MAX_COUNT = 100
31
+
32
+ # Initialize cache
33
+ def initialize(max_count = DEFAULT_CACHE_MAX_COUNT)
34
+ @items = {}
35
+ @list = []
36
+ @max_count = max_count
37
+ end
38
+
39
+ # Add item to cache
40
+ def put(key, item)
41
+ if @items.include?(key)
42
+ delete(key)
43
+ end
44
+ if @list.size == @max_count
45
+ delete(@list.first)
46
+ end
47
+ @items[key] = item
48
+ @list.push(key)
49
+ item
50
+ end
51
+ alias :[]= :put
52
+
53
+ # Retrieve item from cache
54
+ # Store item returned by given block if any
55
+ def get(key)
56
+ if @items.include?(key)
57
+ @list.each_index do |i|
58
+ if @list[i] == key
59
+ @list.delete_at(i)
60
+ break
61
+ end
62
+ end
63
+ @list.push(key)
64
+ @items[key]
65
+ else
66
+ return nil unless block_given?
67
+ self[key] = yield
68
+ end
69
+ end
70
+ alias :[] :get
71
+
72
+ # Delete item from cache
73
+ def delete(key)
74
+ c = @items[key]
75
+ if c
76
+ @items.delete(key)
77
+ @list.each_index do |i|
78
+ if @list[i] == key
79
+ @list.delete_at(i)
80
+ break
81
+ end
82
+ end
83
+ c
84
+ end
85
+ end
86
+
87
+ end # CertificateCache
88
+
89
+ end # RightScale