right_agent 2.0.7-x86-mingw32

data/lib/right_agent/serialize.rb

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+SERIALIZE_BASE_DIR = File.join(File.dirname(__FILE__), 'serialize')
+
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'message_pack'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'secure_serializer'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'secure_serializer_initializer'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'serializable'))
+require File.normalize_path(File.join(SERIALIZE_BASE_DIR, 'serializer'))

data/lib/right_agent/serialize/message_pack.rb

@@ -0,0 +1,107 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'rubygems'
+require 'msgpack'
+
+# Extend MessagePack to conform to load/dump interface of other serializers like JSON
+# and to create internal class objects when they are encountered when unserializing
+module MessagePack
+
+  # Unserialize data and generate any msgpack_class objects within
+  #
+  # === Parameters
+  # data(String):: MessagePack string to unserialize
+  #
+  # === Return
+  # obj(Object):: Unserialized object
+  def self.load(data)
+    if data.respond_to?(:force_encoding)
+      # For Ruby 1.9 need to ensure that MessagePack receives ASCII-8BIT data
+      create(unpack(data.force_encoding("ASCII-8BIT")))
+    else
+      create(unpack(data))
+    end
+  end
+
+  # Create any msgpack_class objects nested within the unserialized data by calling
+  # their associated msgpack_create method
+  #
+  # === Parameters
+  # object(Object):: Unserialized object that may contain other objects that need to be created
+  #
+  # === Return
+  # object(Object):: Fully unserialized object
+  #
+  # === Raises
+  # ArgumentError:: If object to be created does not have a msgpack_create method
+  def self.create(object)
+    if object.is_a?(Hash)
+      object.each { |k, v| object[k] = create(v) if v.is_a?(Hash) || v.is_a?(Array) }
+      if klass_name = object['msgpack_class']
+        klass = deep_const_get(klass_name)
+        raise ArgumentError, "#{klass_name} missing msgpack_create method" unless klass.respond_to?(:msgpack_create)
+        object = klass.msgpack_create(object)
+      end
+    elsif object.is_a?(Array)
+      object = object.map { |v| v.is_a?(Hash) || v.is_a?(Array) ? create(v) : v }
+    end
+    object
+  end
+
+  # Serialize object
+  # Any non-standard objects must have an associated to_msgpack instance method
+  #
+  # === Parameters
+  # object(Object):: Object to be serialized
+  #
+  # === Return
+  # (String):: Serialized object
+  def self.dump(object)
+    pack(object)
+  end
+
+  protected
+
+  # Return the constant located at the specified path
+  #
+  # === Parameters
+  # path(String):: Absolute namespace path that is of the form ::A::B::C or A::B::C,
+  #   with A always being at the top level
+  #
+  # === Return
+  # (Object):: Constant at the end of the path
+  #
+  # === Raises
+  # ArgumentError:: If there is no constant at the given path
+  def self.deep_const_get(path)
+    path = path.to_s
+    path.split(/::/).inject(Object) do |p, c|
+      case
+      when c.empty?             then p
+      when p.const_defined?(c)  then p.const_get(c)
+      else                      raise ArgumentError, "Cannot find const #{path}"
+      end
+    end
+  end
+
+end # MessagePack

data/lib/right_agent/serialize/secure_serializer.rb

@@ -0,0 +1,151 @@
+#
+# Copyright (c) 2009-2013 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+  
+  # Serializer implementation which secures messages by using
+  # X.509 certificate signing
+  class SecureSerializer
+
+    include ProtocolVersionMixin
+
+    class MissingPrivateKey < Exception; end
+    class MissingCertificate < Exception; end
+    class InvalidSignature < Exception; end
+
+    # Create the one and only SecureSerializer
+    def self.init(serializer, identity, store, encrypt = true)
+      @serializer = SecureSerializer.new(serializer, identity, store, encrypt)
+      true
+    end
+
+    # Was serializer initialized?
+    def self.initialized?
+      !@serializer.nil?
+    end
+
+    # See SecureSerializer#dump
+    def self.dump(obj, encrypt = nil)
+      raise "Secure serializer not initialized" unless initialized?
+      @serializer.dump(obj, encrypt)
+    end
+
+    # See SecureSerializer#load
+    def self.load(msg, id = nil)
+      raise "Secure serializer not initialized" unless initialized?
+      @serializer.load(msg, id)
+    end
+
+    # Initialize serializer, must be called prior to using it
+    #
+    # === Parameters
+    # serializer(Serializer):: Object serializer
+    # identity(String):: Serialized identity associated with serialized messages
+    # store(Object):: Credentials store exposing certificates used for
+    #   encryption (:get_target), signature validation (:get_signer), and
+    #   certificate(s)/key(s) used for decryption (:get_receiver)
+    # encrypt(Boolean):: true if data should be signed and encrypted, otherwise
+    #   just signed, true by default
+    def initialize(serializer, identity, store, encrypt = true)
+      @identity = identity
+      raise "Missing local agent identity" unless @identity
+      @store = store
+      raise "Missing credentials store" unless @store
+      @cert, @key = @store.get_receiver(@identity)
+      raise "Missing local agent public certificate" unless @cert
+      raise "Missing local agent private key" unless @key
+      @encrypt = encrypt
+      @serializer = serializer
+    end
+
+    # Serialize, sign, and encrypt message
+    # Sign and encrypt using X.509 certificate
+    #
+    # === Parameters
+    # obj(Object):: Object to be serialized and encrypted
+    # encrypt(Boolean|nil):: true if object should be signed and encrypted,
+    #   false if just signed, nil means use class setting
+    #
+    # === Return
+    # (String):: MessagePack serialized and optionally encrypted object
+    #
+    # === Raise
+    # Exception:: If certificate identity, certificate store, certificate, or private key missing
+    def dump(obj, encrypt = nil)
+      must_encrypt = encrypt || @encrypt
+      serialize_format = if obj.respond_to?(:send_version) && can_handle_msgpack_result?(obj.send_version)
+        @serializer.format
+      else
+        :json
+      end
+      encode_format = serialize_format == :json ? :pem : :der
+      msg = @serializer.dump(obj, serialize_format)
+      if must_encrypt
+        certs = @store.get_target(obj)
+        if certs
+          msg = EncryptedDocument.new(msg, certs).encrypted_data(encode_format)
+        else
+          target = obj.target_for_encryption if obj.respond_to?(:target_for_encryption)
+          Log.error("No certs available for object #{obj.class} being sent to #{target.inspect}\n") if target
+        end
+      end
+      sig = Signature.new(msg, @cert, @key).data(encode_format)
+      @serializer.dump({'id' => @identity, 'data' => msg, 'signature' => sig, 'encrypted' => !certs.nil?}, serialize_format)
+    end
+    
+    # Decrypt, authorize signature, and unserialize message
+    # Use x.509 certificate store for decrypting and validating signature
+    #
+    # === Parameters
+    # msg(String):: Serialized and optionally encrypted object using MessagePack or JSON
+    # id(String|nil):: Optional identifier of source of data for use
+    #   in determining who is the receiver
+    #
+    # === Return
+    # (Object):: Unserialized object
+    #
+    # === Raise
+    # Exception:: If certificate store, certificate, or private key missing
+    # MissingCertificate:: If could not find certificate for message signer
+    # InvalidSignature:: If message signature check failed for message
+    def load(msg, id = nil)
+      msg = @serializer.load(msg)
+      sig = Signature.from_data(msg['signature'])
+      certs = @store.get_signer(msg['id'])
+      raise MissingCertificate.new("Could not find a certificate for signer #{msg['id']}") unless certs
+
+      certs = [ certs ] unless certs.respond_to?(:any?)
+      raise InvalidSignature.new("Failed signature check for signer #{msg['id']}") unless certs.any? { |c| sig.match?(c) }
+
+      data = msg['data']
+      if data && msg['encrypted']
+        cert, key = @store.get_receiver(id)
+        raise MissingCertificate.new("Could not find a certificate for #{id.inspect}") unless cert
+        raise MissingPrivateKey.new("Could not find a private key for #{id.inspect}") unless key
+        data = EncryptedDocument.from_data(data).decrypted_data(key, cert)
+      end
+      @serializer.load(data) if data
+    end
+
+  end # SecureSerializer
+
+end # RightScale

data/lib/right_agent/serialize/secure_serializer_initializer.rb

@@ -0,0 +1,47 @@
+#
+# Copyright (c) 2009-2013 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightScale
+
+  # Helper class used to initialize secure serializer for agents
+  class SecureSerializerInitializer
+
+    # Initialize serializer
+    #
+    # === Parameters
+    # agent_type(String):: Agent type used to build filename of certificate and key
+    # agent_id(String):: Serialized agent identity
+    #
+    # === Return
+    # true:: Always return true
+    def self.init(agent_type, agent_id)
+      cert = Certificate.load(AgentConfig.certs_file("#{agent_type}.cert"))
+      key = RsaKeyPair.load(AgentConfig.certs_file("#{agent_type}.key"))
+      router_cert = Certificate.load(AgentConfig.certs_file("router.cert"))
+      store = StaticCertificateStore.new(cert, key, router_cert, router_cert)
+      SecureSerializer.init(Serializer.new, agent_id, store)
+      true
+    end
+
+  end
+
+end

data/lib/right_agent/serialize/serializable.rb

@@ -0,0 +1,151 @@
+#
+# Copyright (c) 2009-2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+module RightScale
+
+  # MessagePack and JSON serializable types that are sent to and from agents
+  module Serializable
+
+    @check_active_support = true
+
+    def self.included(base)
+      if @check_active_support
+        if require_succeeds?("active_support") && (v = Gem.loaded_specs['activesupport'].version.to_s) != "2.3.5"
+          raise Exception.new("Some versions of the activesupport gem modify json in ways that are incompatible with this " +
+                              "RightScale::Serializable module. Version #{v} used here is not allowed, use 2.3.5 instead.")
+        else
+          @check_active_support = false
+        end
+      end
+
+      base.extend ClassMethods
+      base.send(:include, InstanceMethods)
+    end
+
+    module ClassMethods
+
+      # Called when deserializing MessagePack to create object
+      #
+      # === Parameters
+      # o(Hash):: Unserialized object data
+      #
+      # === Return
+      # (Object):: Unserialized object
+      def msgpack_create(o)
+        new(*o['data'])
+      end
+
+      # Called by JSON serializer to create object
+      #
+      # === Parameters
+      # o(Hash):: Unserialized object data
+      #
+      # === Return
+      # (Object):: Unserialized object
+      def json_create(o)
+        new(*o['data'])
+      end
+
+    end
+
+    module InstanceMethods
+
+      # Called by MessagePack serializer to serialise object's members
+      #
+      # === Parameters
+      # *a(Array):: Pass-through to Hash's 'to_msgpack' method
+      #
+      # === Return
+      # (String):: MessagePack representation
+      def to_msgpack(*a)
+        {
+          'msgpack_class' => self.class.name,
+          'data'          => serialized_members
+        }.to_msgpack(*a).to_s
+      end
+
+      # Called by JSON serializer to serialise object's members
+      #
+      # === Parameters
+      # *a(Array):: Pass-through to Hash's 'to_json' method
+      #
+      # === Return
+      # (String):: JSON representation
+      def to_json(*a)
+        {
+          'json_class' => self.class.name,
+          'data'       => serialized_members
+        }.to_json(*a)
+      end
+
+      # Implement in serializable class and return array of fields
+      # that should be given to constructor when deserializing
+      #
+      # === Raise
+      # RuntimeError:: Always raised. Override in heir.
+      def serialized_members
+        raise NotImplemented.new("Must be implemented by #{self.class.name}")
+      end
+
+      # Use serialized members to compare two serializable instances
+      #
+      # === Parameters
+      # other(Serializable):: Other instance to compare self to
+      #
+      # === Return
+      # true:: If both serializable have identical serialized fields
+      # false:: Otherwise
+      def ==(other)
+        return false unless other.respond_to?(:serialized_members)
+        self.serialized_members == other.serialized_members
+      end
+
+    end
+
+  end
+
+  class SerializationHelper
+    
+    # Symbolize keys of hash, use when retrieving hashes that use symbols
+    # for keys as JSON and MessagePack serialization will produce strings instead
+    # Simply return any object that is not a hash as is
+    #
+    # === Parameters
+    # hash(Hash):: Hash whose keys are to be symbolized
+    #
+    # === Return
+    # (Hash):: Hash with same values but symbol keys
+    def self.symbolize_keys(hash)
+      if hash.is_a?(Hash)
+        hash.inject({}) do |h, (key, value)|
+          h[(key.to_sym rescue key) || key] = value
+          h
+        end
+      else
+        hash
+      end
+    end
+
+  end # Serializable
+ 
+end # RightScale