right_agent 0.5.1

data/lib/right_agent/serialize.rb

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+SERIALIZE_BASE_DIR = File.join(File.dirname(__FILE__), 'serialize')
+
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'message_pack'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'secure_serializer'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'secure_serializer_initializer'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'serializable'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'serializer'))

data/lib/right_agent/serialize/message_pack.rb

@@ -0,0 +1,102 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'rubygems'
+require 'msgpack'
+
+# Extend MessagePack to conform to load/dump interface of other serializers like JSON
+# and to create internal class objects when they are encountered when unserializing
+module MessagePack
+
+  # Unserialize data and generate any msgpack_class objects within
+  #
+  # === Parameters
+  # data(String):: MessagePack string to unserialize
+  #
+  # === Return
+  # obj(Object):: Unserialized object
+  def self.load(data)
+    create(unpack(data))
+  end
+
+  # Create any msgpack_class objects nested within the unserialized data by calling
+  # their associated msgpack_create method
+  #
+  # === Parameters
+  # object(Object):: Unserialized object that may contain other objects that need to be created
+  #
+  # === Return
+  # object(Object):: Fully unserialized object
+  #
+  # === Raises
+  # ArgumentError:: If object to be created does not have a msgpack_create method
+  def self.create(object)
+    if object.is_a?(Hash)
+      object.each { |k, v| object[k] = create(v) if v.is_a?(Hash) || v.is_a?(Array) }
+      if klass_name = object['msgpack_class']
+        klass = deep_const_get(klass_name)
+        raise ArgumentError, "#{klass_name} missing msgpack_create method" unless klass.respond_to?(:msgpack_create)
+        object = klass.msgpack_create(object)
+      end
+    elsif object.is_a?(Array)
+      object = object.map { |v| v.is_a?(Hash) || v.is_a?(Array) ? create(v) : v }
+    end
+    object
+  end
+
+  # Serialize object
+  # Any non-standard objects must have an associated to_msgpack instance method
+  #
+  # === Parameters
+  # object(Object):: Object to be serialized
+  #
+  # === Return
+  # (String):: Serialized object
+  def self.dump(object)
+    pack(object)
+  end
+
+  protected
+
+  # Return the constant located at the specified path
+  #
+  # === Parameters
+  # path(String):: Absolute namespace path that is of the form ::A::B::C or A::B::C,
+  #   with A always being at the top level
+  #
+  # === Return
+  # (Object):: Constant at the end of the path
+  #
+  # === Raises
+  # ArgumentError:: If there is no constant at the given path
+  def self.deep_const_get(path)
+    path = path.to_s
+    path.split(/::/).inject(Object) do |p, c|
+      case
+      when c.empty?             then p
+      when p.const_defined?(c)  then p.const_get(c)
+      else                      raise ArgumentError, "Cannot find const #{path}"
+      end
+    end
+  end
+
+end # MessagePack

data/lib/right_agent/serialize/secure_serializer.rb

@@ -0,0 +1,131 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+  
+  # Serializer implementation which secures messages by using
+  # X.509 certificate signing
+  class SecureSerializer
+
+    class MissingCertificate < Exception; end
+    class InvalidSignature < Exception; end
+
+    # Initialize serializer, must be called prior to using it
+    #
+    # === Parameters
+    # serializer(Serializer):: Object serializer
+    # identity(String):: Serialized identity associated with serialized messages
+    # cert(String):: Certificate used to sign and decrypt serialized messages
+    # key(RsaKeyPair):: Private key corresponding to specified cert
+    # store(Object):: Certificate store exposing certificates used for
+    #   encryption (get_recipients) and signature validation (get_signer)
+    # encrypt(Boolean):: true if data should be signed and encrypted, otherwise
+    #   just signed, true by default
+    def self.init(serializer, identity, cert, key, store, encrypt = true)
+      @identity = identity
+      @cert = cert
+      @key = key
+      @store = store
+      @encrypt = encrypt
+      @serializer = serializer
+    end
+    
+    # Was serializer initialized?
+    def self.initialized?
+      @identity && @cert && @key && @store
+    end
+
+    # Serialize, sign, and encrypt message
+    # Sign and encrypt using X.509 certificate
+    #
+    # === Parameters
+    # obj(Object):: Object to be serialized and encrypted
+    # encrypt(Boolean|nil):: true if object should be signed and encrypted,
+    #   false if just signed, nil means use class setting
+    #
+    # === Return
+    # (String):: MessagePack serialized and optionally encrypted object
+    #
+    # === Raise
+    # Exception:: If certificate identity, certificate store, certificate, or private key missing
+    def self.dump(obj, encrypt = nil)
+      raise "Missing certificate identity" unless @identity
+      raise "Missing certificate" unless @cert
+      raise "Missing certificate key" unless @key
+      raise "Missing certificate store" unless @store || !@encrypt
+      must_encrypt = encrypt.nil? ? @encrypt : encrypt
+      serialize_format = if obj.respond_to?(:send_version) && obj.send_version >= 12
+        @serializer.format
+      else
+        :json
+      end
+      encode_format = serialize_format == :json ? :pem : :der
+      msg = @serializer.dump(obj, serialize_format)
+      if must_encrypt
+        certs = @store.get_recipients(obj)
+        if certs
+          msg = EncryptedDocument.new(msg, certs).encrypted_data(encode_format)
+        else
+          target = obj.target_for_encryption if obj.respond_to?(:target_for_encryption)
+          Log.warning("No certs available for object #{obj.class} being sent to #{target.inspect}\n") if target
+        end
+      end
+      sig = Signature.new(msg, @cert, @key).data(encode_format)
+      @serializer.dump({'id' => @identity, 'data' => msg, 'signature' => sig, 'encrypted' => !certs.nil?}, serialize_format)
+    end
+    
+    # Decrypt, authorize signature, and unserialize message
+    # Use x.509 certificate store for decrypting and validating signature
+    #
+    # === Parameters
+    # msg(String):: Serialized and optionally encrypted object using MessagePack or JSON
+    #
+    # === Return
+    # (Object):: Unserialized object
+    #
+    # === Raise
+    # Exception:: If certificate store, certificate, or private key missing
+    # MissingCertificate:: If could not find certificate for message signer
+    # InvalidSignature:: If message signature check failed for message
+    def self.load(msg)
+      raise "Missing certificate store" unless @store
+      raise "Missing certificate" unless @cert || !@encrypt
+      raise "Missing certificate key" unless @key || !@encrypt
+
+      msg = @serializer.load(msg)
+      sig = Signature.from_data(msg['signature'])
+      certs = @store.get_signer(msg['id'])
+      raise MissingCertificate.new("Could not find a certificate for signer #{msg['id']}") unless certs
+
+      certs = [ certs ] unless certs.respond_to?(:any?)
+      raise InvalidSignature.new("Failed signature check for signer #{msg['id']}") unless certs.any? { |c| sig.match?(c) }
+
+      data = msg['data']
+      if data && @encrypt && msg['encrypted']
+        data = EncryptedDocument.from_data(data).decrypted_data(@key, @cert)
+      end
+      @serializer.load(data) if data
+    end
+
+  end # SecureSerializer
+
+end # RightScale

data/lib/right_agent/serialize/secure_serializer_initializer.rb

@@ -0,0 +1,47 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+
+  # Helper class used to initialize secure serializer for agents
+  class SecureSerializerInitializer
+
+    # Initialize serializer
+    #
+    # === Parameters
+    # agent_type(String):: Agent type used to build filename of certificate and key
+    # agent_id(String):: Serialized agent identity
+    #
+    # === Return
+    # true:: Always return true
+    def self.init(agent_type, agent_id)
+      cert = Certificate.load(AgentConfig.certs_file("#{agent_type}.cert"))
+      key = RsaKeyPair.load(AgentConfig.certs_file("#{agent_type}.key"))
+      mapper_cert = Certificate.load(AgentConfig.certs_file("mapper.cert"))
+      store = StaticCertificateStore.new(mapper_cert, mapper_cert)
+      SecureSerializer.init(Serializer.new, agent_id, cert, key, store)
+      true
+    end
+
+  end
+
+end

data/lib/right_agent/serialize/serializable.rb

@@ -0,0 +1,135 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module RightScale
+
+  # MessagePack and JSON serializable types that are sent to and from agents
+  module Serializable
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.send(:include, InstanceMethods)
+    end
+
+    module ClassMethods
+
+      # Called when deserializing MessagePack to create object
+      #
+      # === Parameters
+      # o(Hash):: Unserialized object data
+      #
+      # === Return
+      # (Object):: Unserialized object
+      def msgpack_create(o)
+        new(*o['data'])
+      end
+
+      # Called by JSON serializer to create object
+      #
+      # === Parameters
+      # o(Hash):: Unserialized object data
+      #
+      # === Return
+      # (Object):: Unserialized object
+      def json_create(o)
+        new(*o['data'])
+      end
+
+    end
+
+    module InstanceMethods
+
+      # Called by MessagePack serializer to serialise object's members
+      #
+      # === Parameters
+      # *a(Array):: Pass-through to Hash's 'to_msgpack' method
+      #
+      # === Return
+      # (String):: MessagePack representation
+      def to_msgpack(*a)
+        {
+          'msgpack_class' => self.class.name,
+          'data'          => serialized_members
+        }.to_msgpack(*a)
+      end
+
+      # Called by JSON serializer to serialise object's members
+      #
+      # === Parameters
+      # *a(Array):: Pass-through to Hash's 'to_json' method
+      #
+      # === Return
+      # (String):: JSON representation
+      def to_json(*a)
+        {
+          'json_class' => self.class.name,
+          'data'       => serialized_members
+        }.to_json(*a)
+      end
+
+      # Implement in serializable class and return array of fields
+      # that should be given to constructor when deserializing
+      #
+      # === Raise
+      # RuntimeError:: Always raised. Override in heir.
+      def serialized_members
+        raise NotImplemented.new("Must be implemented by #{self.class.name}")
+      end
+
+      # Use serialized members to compare two serializable instances
+      #
+      # === Parameters
+      # other(Serializable):: Other instance to compare self to
+      #
+      # === Return
+      # true:: If both serializable have identical serialized fields
+      # false:: Otherwise
+      def ==(other)
+        return false unless other.respond_to?(:serialized_members)
+        self.serialized_members == other.serialized_members
+      end
+
+    end
+
+  end
+
+  class SerializationHelper
+    
+    # Symbolize keys of hash, use when retrieving hashes that use symbols
+    # for keys as JSON and MessagePack serialization will produce strings instead
+    #
+    # === Parameters
+    # hash(Hash):: Hash whose keys are to be symbolized
+    #
+    # === Return
+    # (Hash):: Hash with same values but symbol keys
+    def self.symbolize_keys(hash)
+      hash.inject({}) do |h, (key, value)|
+        h[(key.to_sym rescue key) || key] = value
+        h
+      end
+    end
+
+  end # Serializable
+ 
+end # RightScale