right_agent 2.0.7-x86-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/LICENSE +20 -0
- data/README.rdoc +82 -0
- data/Rakefile +113 -0
- data/lib/right_agent.rb +59 -0
- data/lib/right_agent/actor.rb +182 -0
- data/lib/right_agent/actor_registry.rb +76 -0
- data/lib/right_agent/actors/agent_manager.rb +232 -0
- data/lib/right_agent/agent.rb +1149 -0
- data/lib/right_agent/agent_config.rb +480 -0
- data/lib/right_agent/agent_identity.rb +210 -0
- data/lib/right_agent/agent_tag_manager.rb +237 -0
- data/lib/right_agent/audit_formatter.rb +107 -0
- data/lib/right_agent/clients.rb +31 -0
- data/lib/right_agent/clients/api_client.rb +383 -0
- data/lib/right_agent/clients/auth_client.rb +247 -0
- data/lib/right_agent/clients/balanced_http_client.rb +369 -0
- data/lib/right_agent/clients/base_retry_client.rb +495 -0
- data/lib/right_agent/clients/right_http_client.rb +279 -0
- data/lib/right_agent/clients/router_client.rb +493 -0
- data/lib/right_agent/command.rb +30 -0
- data/lib/right_agent/command/agent_manager_commands.rb +150 -0
- data/lib/right_agent/command/command_client.rb +136 -0
- data/lib/right_agent/command/command_constants.rb +33 -0
- data/lib/right_agent/command/command_io.rb +126 -0
- data/lib/right_agent/command/command_parser.rb +87 -0
- data/lib/right_agent/command/command_runner.rb +118 -0
- data/lib/right_agent/command/command_serializer.rb +63 -0
- data/lib/right_agent/connectivity_checker.rb +179 -0
- data/lib/right_agent/console.rb +65 -0
- data/lib/right_agent/core_payload_types.rb +44 -0
- data/lib/right_agent/core_payload_types/cookbook.rb +61 -0
- data/lib/right_agent/core_payload_types/cookbook_position.rb +46 -0
- data/lib/right_agent/core_payload_types/cookbook_repository.rb +116 -0
- data/lib/right_agent/core_payload_types/cookbook_sequence.rb +70 -0
- data/lib/right_agent/core_payload_types/dev_repositories.rb +100 -0
- data/lib/right_agent/core_payload_types/dev_repository.rb +76 -0
- data/lib/right_agent/core_payload_types/event_categories.rb +38 -0
- data/lib/right_agent/core_payload_types/executable_bundle.rb +130 -0
- data/lib/right_agent/core_payload_types/login_policy.rb +72 -0
- data/lib/right_agent/core_payload_types/login_user.rb +79 -0
- data/lib/right_agent/core_payload_types/planned_volume.rb +94 -0
- data/lib/right_agent/core_payload_types/recipe_instantiation.rb +73 -0
- data/lib/right_agent/core_payload_types/repositories_bundle.rb +50 -0
- data/lib/right_agent/core_payload_types/right_script_attachment.rb +95 -0
- data/lib/right_agent/core_payload_types/right_script_instantiation.rb +94 -0
- data/lib/right_agent/core_payload_types/runlist_policy.rb +44 -0
- data/lib/right_agent/core_payload_types/secure_document.rb +66 -0
- data/lib/right_agent/core_payload_types/secure_document_location.rb +63 -0
- data/lib/right_agent/core_payload_types/software_repository_instantiation.rb +61 -0
- data/lib/right_agent/daemonize.rb +35 -0
- data/lib/right_agent/dispatched_cache.rb +109 -0
- data/lib/right_agent/dispatcher.rb +272 -0
- data/lib/right_agent/enrollment_result.rb +221 -0
- data/lib/right_agent/exceptions.rb +87 -0
- data/lib/right_agent/history.rb +145 -0
- data/lib/right_agent/log.rb +460 -0
- data/lib/right_agent/minimal.rb +46 -0
- data/lib/right_agent/monkey_patches.rb +30 -0
- data/lib/right_agent/monkey_patches/ruby_patch.rb +55 -0
- data/lib/right_agent/monkey_patches/ruby_patch/array_patch.rb +29 -0
- data/lib/right_agent/monkey_patches/ruby_patch/darwin_patch.rb +24 -0
- data/lib/right_agent/monkey_patches/ruby_patch/linux_patch.rb +24 -0
- data/lib/right_agent/monkey_patches/ruby_patch/linux_patch/file_patch.rb +30 -0
- data/lib/right_agent/monkey_patches/ruby_patch/object_patch.rb +49 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch.rb +32 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/file_patch.rb +60 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/process_patch.rb +63 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/stdio_patch.rb +27 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/time_patch.rb +55 -0
- data/lib/right_agent/monkey_patches/ruby_patch/windows_patch/win32ole_patch.rb +34 -0
- data/lib/right_agent/multiplexer.rb +102 -0
- data/lib/right_agent/offline_handler.rb +270 -0
- data/lib/right_agent/operation_result.rb +300 -0
- data/lib/right_agent/packets.rb +673 -0
- data/lib/right_agent/payload_formatter.rb +104 -0
- data/lib/right_agent/pending_requests.rb +128 -0
- data/lib/right_agent/pid_file.rb +159 -0
- data/lib/right_agent/platform.rb +770 -0
- data/lib/right_agent/platform/unix/darwin/platform.rb +102 -0
- data/lib/right_agent/platform/unix/linux/platform.rb +305 -0
- data/lib/right_agent/platform/unix/platform.rb +226 -0
- data/lib/right_agent/platform/windows/mingw/platform.rb +447 -0
- data/lib/right_agent/platform/windows/mswin/platform.rb +236 -0
- data/lib/right_agent/platform/windows/platform.rb +1808 -0
- data/lib/right_agent/protocol_version_mixin.rb +69 -0
- data/lib/right_agent/retryable_request.rb +195 -0
- data/lib/right_agent/scripts/agent_controller.rb +543 -0
- data/lib/right_agent/scripts/agent_deployer.rb +400 -0
- data/lib/right_agent/scripts/common_parser.rb +160 -0
- data/lib/right_agent/scripts/log_level_manager.rb +192 -0
- data/lib/right_agent/scripts/stats_manager.rb +268 -0
- data/lib/right_agent/scripts/usage.rb +58 -0
- data/lib/right_agent/secure_identity.rb +92 -0
- data/lib/right_agent/security.rb +32 -0
- data/lib/right_agent/security/cached_certificate_store_proxy.rb +77 -0
- data/lib/right_agent/security/certificate.rb +102 -0
- data/lib/right_agent/security/certificate_cache.rb +89 -0
- data/lib/right_agent/security/distinguished_name.rb +56 -0
- data/lib/right_agent/security/encrypted_document.rb +83 -0
- data/lib/right_agent/security/rsa_key_pair.rb +76 -0
- data/lib/right_agent/security/signature.rb +86 -0
- data/lib/right_agent/security/static_certificate_store.rb +85 -0
- data/lib/right_agent/sender.rb +792 -0
- data/lib/right_agent/serialize.rb +29 -0
- data/lib/right_agent/serialize/message_pack.rb +107 -0
- data/lib/right_agent/serialize/secure_serializer.rb +151 -0
- data/lib/right_agent/serialize/secure_serializer_initializer.rb +47 -0
- data/lib/right_agent/serialize/serializable.rb +151 -0
- data/lib/right_agent/serialize/serializer.rb +159 -0
- data/lib/right_agent/subprocess.rb +38 -0
- data/lib/right_agent/tracer.rb +124 -0
- data/right_agent.gemspec +101 -0
- data/spec/actor_registry_spec.rb +80 -0
- data/spec/actor_spec.rb +162 -0
- data/spec/agent_config_spec.rb +235 -0
- data/spec/agent_identity_spec.rb +78 -0
- data/spec/agent_spec.rb +734 -0
- data/spec/agent_tag_manager_spec.rb +319 -0
- data/spec/clients/api_client_spec.rb +423 -0
- data/spec/clients/auth_client_spec.rb +272 -0
- data/spec/clients/balanced_http_client_spec.rb +576 -0
- data/spec/clients/base_retry_client_spec.rb +635 -0
- data/spec/clients/router_client_spec.rb +594 -0
- data/spec/clients/spec_helper.rb +111 -0
- data/spec/command/agent_manager_commands_spec.rb +51 -0
- data/spec/command/command_io_spec.rb +93 -0
- data/spec/command/command_parser_spec.rb +79 -0
- data/spec/command/command_runner_spec.rb +107 -0
- data/spec/command/command_serializer_spec.rb +51 -0
- data/spec/connectivity_checker_spec.rb +83 -0
- data/spec/core_payload_types/dev_repositories_spec.rb +64 -0
- data/spec/core_payload_types/dev_repository_spec.rb +33 -0
- data/spec/core_payload_types/executable_bundle_spec.rb +67 -0
- data/spec/core_payload_types/login_user_spec.rb +102 -0
- data/spec/core_payload_types/recipe_instantiation_spec.rb +81 -0
- data/spec/core_payload_types/right_script_attachment_spec.rb +65 -0
- data/spec/core_payload_types/right_script_instantiation_spec.rb +79 -0
- data/spec/core_payload_types/spec_helper.rb +23 -0
- data/spec/dispatched_cache_spec.rb +136 -0
- data/spec/dispatcher_spec.rb +324 -0
- data/spec/enrollment_result_spec.rb +53 -0
- data/spec/history_spec.rb +246 -0
- data/spec/log_spec.rb +192 -0
- data/spec/monkey_patches/eventmachine_spec.rb +62 -0
- data/spec/multiplexer_spec.rb +48 -0
- data/spec/offline_handler_spec.rb +340 -0
- data/spec/operation_result_spec.rb +208 -0
- data/spec/packets_spec.rb +461 -0
- data/spec/pending_requests_spec.rb +136 -0
- data/spec/platform/spec_helper.rb +216 -0
- data/spec/platform/unix/darwin/platform_spec.rb +181 -0
- data/spec/platform/unix/linux/platform_spec.rb +540 -0
- data/spec/platform/unix/spec_helper.rb +149 -0
- data/spec/platform/windows/mingw/platform_spec.rb +222 -0
- data/spec/platform/windows/mswin/platform_spec.rb +259 -0
- data/spec/platform/windows/spec_helper.rb +720 -0
- data/spec/retryable_request_spec.rb +306 -0
- data/spec/secure_identity_spec.rb +50 -0
- data/spec/security/cached_certificate_store_proxy_spec.rb +62 -0
- data/spec/security/certificate_cache_spec.rb +71 -0
- data/spec/security/certificate_spec.rb +49 -0
- data/spec/security/distinguished_name_spec.rb +46 -0
- data/spec/security/encrypted_document_spec.rb +55 -0
- data/spec/security/rsa_key_pair_spec.rb +55 -0
- data/spec/security/signature_spec.rb +66 -0
- data/spec/security/static_certificate_store_spec.rb +58 -0
- data/spec/sender_spec.rb +1045 -0
- data/spec/serialize/message_pack_spec.rb +131 -0
- data/spec/serialize/secure_serializer_spec.rb +132 -0
- data/spec/serialize/serializable_spec.rb +90 -0
- data/spec/serialize/serializer_spec.rb +197 -0
- data/spec/spec.opts +2 -0
- data/spec/spec.win32.opts +1 -0
- data/spec/spec_helper.rb +130 -0
- data/spec/tracer_spec.rb +114 -0
- metadata +447 -0
@@ -0,0 +1,58 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2011 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
# Scans the 'usage' for a given file and returns the resulting String.
|
24
|
+
#
|
25
|
+
# Note : no formatting occurs. Rdoc is nice as is.
|
26
|
+
#
|
27
|
+
|
28
|
+
module Usage
|
29
|
+
|
30
|
+
# Scans the given file from its usage (the top comment block) and
|
31
|
+
# returns it
|
32
|
+
#
|
33
|
+
# === Parameters
|
34
|
+
# file(String)::
|
35
|
+
# path to file to read
|
36
|
+
#
|
37
|
+
# === Return
|
38
|
+
# String::
|
39
|
+
# the usage as found in the file
|
40
|
+
#
|
41
|
+
def self.scan(file)
|
42
|
+
|
43
|
+
lines = File.readlines(file) # Display usage from the given file
|
44
|
+
result = []
|
45
|
+
|
46
|
+
while line = lines.shift
|
47
|
+
if m = line.match(/^ *#(.*)$/)
|
48
|
+
result << m[1]
|
49
|
+
else
|
50
|
+
break unless result.empty?
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
result.join("\n")
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
|
@@ -0,0 +1,92 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2011 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
require 'openssl'
|
24
|
+
|
25
|
+
module RightScale
|
26
|
+
# Utility class that makes it easier to derive RightAgent identities in a
|
27
|
+
# secure, predictable and globally consistent fashion.
|
28
|
+
#
|
29
|
+
# Given an agent base ID and a secret token shared by all relying parties,
|
30
|
+
# the #derive method will generate a public token that can be printed to
|
31
|
+
# log files, to a console, or sent in the clear over public networks
|
32
|
+
# without compromising the original token. Note that the public token is
|
33
|
+
# not guaranteed to be unique; if uniqueness is required (e.g. for an
|
34
|
+
# Agent ID) the public token should be combined with the base ID.
|
35
|
+
#
|
36
|
+
# The #create_verifier method can be used by parties who both possess
|
37
|
+
# a secret token to prove their knowledge of the token to one another
|
38
|
+
# without disclosing the token. This would facilitate authentication
|
39
|
+
# over a public network. Note that this utility class does not
|
40
|
+
# implement an entire authentication protocol, it merely facilitates
|
41
|
+
# one.
|
42
|
+
class SecureIdentity
|
43
|
+
# Separator used to differentiate between identity components when serialized
|
44
|
+
ID_SEPARATOR = '*'
|
45
|
+
|
46
|
+
# Derive a public Identity Token from a base ID and a secret authentication
|
47
|
+
# token. The public token is useful for including in world-readable values such
|
48
|
+
# as the name of an agent.
|
49
|
+
#
|
50
|
+
# Public tokens are generated by taking the SHA1 hash of the base ID and the
|
51
|
+
# auth token, separated by a delimiter. Thus a public token can always be
|
52
|
+
# deterministically derived from its inputs.
|
53
|
+
#
|
54
|
+
# === Parameters
|
55
|
+
# base_id(Integer):: Numeric ID of the auth token
|
56
|
+
# auth_token(String):: Secret authentication token
|
57
|
+
#
|
58
|
+
# === Return
|
59
|
+
# public_token(String):: Public token
|
60
|
+
def self.derive(base_id, auth_token)
|
61
|
+
sha = OpenSSL::Digest::SHA1.new
|
62
|
+
sha.update(base_id.to_s)
|
63
|
+
sha.update(ID_SEPARATOR)
|
64
|
+
sha.update(auth_token.to_s)
|
65
|
+
return sha.hexdigest
|
66
|
+
end
|
67
|
+
|
68
|
+
# Create a cryptographic token verifier that can be used to demonstrate to another party
|
69
|
+
# that you have knowledge of an authentication token, without disclosing the token itself
|
70
|
+
# via a clear-text communications channel. The other party must also possess the secret
|
71
|
+
# authentication token so they can compute a corresponding verifier for comparison.
|
72
|
+
#
|
73
|
+
# THIS METHOD DOES NOT CHECK TOKENS OR TIMESTAMPS FOR YOU; it is only useful to compute
|
74
|
+
# the token. The caller must check the outputs, compare the timestamp and make a decision
|
75
|
+
# about whether to trust the entity who is supplying the verifier.
|
76
|
+
#
|
77
|
+
# === Parameters
|
78
|
+
# base_id(Integer):: Numeric ID of the auth token
|
79
|
+
# auth_token(String):: Secret authentication token
|
80
|
+
# timestamp(Time|Integer):: Unix-epoch timestamp to help prevent replay attacks
|
81
|
+
#
|
82
|
+
# === Return
|
83
|
+
# verifier(String):: HMAC-SHA1(base_id, timestamp) keyed using auth_token
|
84
|
+
def self.create_verifier(base_id, auth_token, timestamp)
|
85
|
+
hmac = OpenSSL::HMAC.new(auth_token, OpenSSL::Digest::SHA1.new)
|
86
|
+
hmac.update(base_id.to_s)
|
87
|
+
hmac.update(ID_SEPARATOR)
|
88
|
+
hmac.update(timestamp.to_i.to_s)
|
89
|
+
return hmac.hexdigest
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2011 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
SECURITY_BASE_DIR = File.join(File.dirname(__FILE__), 'security')
|
24
|
+
|
25
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'cached_certificate_store_proxy'))
|
26
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'certificate'))
|
27
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'certificate_cache'))
|
28
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'distinguished_name'))
|
29
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'encrypted_document'))
|
30
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'rsa_key_pair'))
|
31
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'signature'))
|
32
|
+
require File.normalize_path(File.join(SECURITY_BASE_DIR, 'static_certificate_store'))
|
@@ -0,0 +1,77 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2013 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
module RightScale
|
24
|
+
|
25
|
+
# Proxy to actual certificate store which caches results in an LRU cache
|
26
|
+
class CachedCertificateStoreProxy
|
27
|
+
|
28
|
+
# Initialize cache proxy with given certificate store
|
29
|
+
#
|
30
|
+
# === Parameters
|
31
|
+
# store(Object):: Certificate store responding to get_signer, get_target,
|
32
|
+
# and get_receiver
|
33
|
+
def initialize(store)
|
34
|
+
@signer_cache = CertificateCache.new
|
35
|
+
@store = store
|
36
|
+
end
|
37
|
+
|
38
|
+
# Retrieve signer certificates for use in verifying a signature
|
39
|
+
# Check cache first and cache results
|
40
|
+
#
|
41
|
+
# === Parameters
|
42
|
+
# id(String):: Serialized identity of signer
|
43
|
+
#
|
44
|
+
# === Return
|
45
|
+
# (Array|Certificate):: Signer certificate(s)
|
46
|
+
def get_signer(id)
|
47
|
+
@signer_cache.get(id) { @store.get_signer(id) }
|
48
|
+
end
|
49
|
+
|
50
|
+
# Retrieve certificates of target for encryption
|
51
|
+
# Results are not cached
|
52
|
+
#
|
53
|
+
# === Parameters
|
54
|
+
# packet(RightScale::Packet):: Packet containing target identity
|
55
|
+
#
|
56
|
+
# === Return
|
57
|
+
# (Array|Certificate):: Target certificate(s)
|
58
|
+
def get_target(obj)
|
59
|
+
@store.get_target(obj)
|
60
|
+
end
|
61
|
+
|
62
|
+
# Retrieve receiver's certificate and key for decryption
|
63
|
+
# Results are not cached
|
64
|
+
#
|
65
|
+
# === Parameters
|
66
|
+
# id(String|nil):: Optional identifier of source of data for use
|
67
|
+
# in determining who is the receiver
|
68
|
+
#
|
69
|
+
# === Return
|
70
|
+
# (Array):: Certificate and key
|
71
|
+
def get_receiver(id)
|
72
|
+
@store.get_receiver(id)
|
73
|
+
end
|
74
|
+
|
75
|
+
end # CachedCertificateStoreProxy
|
76
|
+
|
77
|
+
end # RightScale
|
@@ -0,0 +1,102 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2011 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
module RightScale
|
24
|
+
|
25
|
+
# X.509 Certificate management
|
26
|
+
class Certificate
|
27
|
+
|
28
|
+
# Underlying OpenSSL cert
|
29
|
+
attr_accessor :raw_cert
|
30
|
+
|
31
|
+
# Generate a signed X.509 certificate
|
32
|
+
#
|
33
|
+
# === Parameters
|
34
|
+
# key(RsaKeyPair):: Key pair used to sign certificate
|
35
|
+
# issuer(DistinguishedName):: Certificate issuer
|
36
|
+
# subject(DistinguishedName):: Certificate subject
|
37
|
+
# valid_for(Integer):: Time in seconds before certificate expires, defaults to 10 years
|
38
|
+
def initialize(key, issuer, subject, valid_for = 3600*24*365*10)
|
39
|
+
@raw_cert = OpenSSL::X509::Certificate.new
|
40
|
+
@raw_cert.version = 2
|
41
|
+
@raw_cert.serial = 1
|
42
|
+
@raw_cert.subject = subject.to_x509
|
43
|
+
@raw_cert.issuer = issuer.to_x509
|
44
|
+
@raw_cert.public_key = key.to_public.raw_key
|
45
|
+
@raw_cert.not_before = Time.now
|
46
|
+
@raw_cert.not_after = Time.now + valid_for
|
47
|
+
@raw_cert.sign(key.raw_key, OpenSSL::Digest::SHA1.new)
|
48
|
+
end
|
49
|
+
|
50
|
+
# Load certificate from file
|
51
|
+
#
|
52
|
+
# === Parameters
|
53
|
+
# file(String):: File path name
|
54
|
+
#
|
55
|
+
# === Return
|
56
|
+
# res(Certificate):: Certificate
|
57
|
+
def self.load(file)
|
58
|
+
res = nil
|
59
|
+
File.open(file, 'r') { |f| res = from_data(f) } if file
|
60
|
+
res
|
61
|
+
end
|
62
|
+
|
63
|
+
# Initialize with raw certificate
|
64
|
+
#
|
65
|
+
# === Parameters
|
66
|
+
# data(String):: Raw certificate data
|
67
|
+
#
|
68
|
+
# === Return
|
69
|
+
# res(Certificate):: Certificate
|
70
|
+
def self.from_data(data)
|
71
|
+
cert = OpenSSL::X509::Certificate.new(data)
|
72
|
+
res = Certificate.allocate
|
73
|
+
res.instance_variable_set(:@raw_cert, cert)
|
74
|
+
res
|
75
|
+
end
|
76
|
+
|
77
|
+
# Save certificate to file in PEM format
|
78
|
+
#
|
79
|
+
# === Parameters
|
80
|
+
# file(String):: File path name
|
81
|
+
#
|
82
|
+
# === Return
|
83
|
+
# true:: Always return true
|
84
|
+
def save(file)
|
85
|
+
File.open(file, "w") do |f|
|
86
|
+
f.write(@raw_cert.to_pem)
|
87
|
+
end
|
88
|
+
true
|
89
|
+
end
|
90
|
+
|
91
|
+
# Certificate data in PEM format
|
92
|
+
#
|
93
|
+
# === Return
|
94
|
+
# (String):: Certificate data
|
95
|
+
def data
|
96
|
+
@raw_cert.to_pem
|
97
|
+
end
|
98
|
+
alias :to_s :data
|
99
|
+
|
100
|
+
end # Certificate
|
101
|
+
|
102
|
+
end # RightScale
|
@@ -0,0 +1,89 @@
|
|
1
|
+
#
|
2
|
+
# Copyright (c) 2009-2011 RightScale Inc
|
3
|
+
#
|
4
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
5
|
+
# a copy of this software and associated documentation files (the
|
6
|
+
# "Software"), to deal in the Software without restriction, including
|
7
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
8
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
9
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
10
|
+
# the following conditions:
|
11
|
+
#
|
12
|
+
# The above copyright notice and this permission notice shall be
|
13
|
+
# included in all copies or substantial portions of the Software.
|
14
|
+
#
|
15
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
17
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
19
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
20
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
21
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
22
|
+
|
23
|
+
module RightScale
|
24
|
+
|
25
|
+
# Implements a simple LRU cache: items that are the least accessed are
|
26
|
+
# deleted first.
|
27
|
+
class CertificateCache
|
28
|
+
|
29
|
+
# Max number of items to keep in memory
|
30
|
+
DEFAULT_CACHE_MAX_COUNT = 100
|
31
|
+
|
32
|
+
# Initialize cache
|
33
|
+
def initialize(max_count = DEFAULT_CACHE_MAX_COUNT)
|
34
|
+
@items = {}
|
35
|
+
@list = []
|
36
|
+
@max_count = max_count
|
37
|
+
end
|
38
|
+
|
39
|
+
# Add item to cache
|
40
|
+
def put(key, item)
|
41
|
+
if @items.include?(key)
|
42
|
+
delete(key)
|
43
|
+
end
|
44
|
+
if @list.size == @max_count
|
45
|
+
delete(@list.first)
|
46
|
+
end
|
47
|
+
@items[key] = item
|
48
|
+
@list.push(key)
|
49
|
+
item
|
50
|
+
end
|
51
|
+
alias :[]= :put
|
52
|
+
|
53
|
+
# Retrieve item from cache
|
54
|
+
# Store item returned by given block if any
|
55
|
+
def get(key)
|
56
|
+
if @items.include?(key)
|
57
|
+
@list.each_index do |i|
|
58
|
+
if @list[i] == key
|
59
|
+
@list.delete_at(i)
|
60
|
+
break
|
61
|
+
end
|
62
|
+
end
|
63
|
+
@list.push(key)
|
64
|
+
@items[key]
|
65
|
+
else
|
66
|
+
return nil unless block_given?
|
67
|
+
self[key] = yield
|
68
|
+
end
|
69
|
+
end
|
70
|
+
alias :[] :get
|
71
|
+
|
72
|
+
# Delete item from cache
|
73
|
+
def delete(key)
|
74
|
+
c = @items[key]
|
75
|
+
if c
|
76
|
+
@items.delete(key)
|
77
|
+
@list.each_index do |i|
|
78
|
+
if @list[i] == key
|
79
|
+
@list.delete_at(i)
|
80
|
+
break
|
81
|
+
end
|
82
|
+
end
|
83
|
+
c
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
end # CertificateCache
|
88
|
+
|
89
|
+
end # RightScale
|