right_support 1.0.11 → 1.1.0

data/lib/right_support/crypto/signed_hash.rb

@@ -0,0 +1,130 @@
+require 'json'
+
+module RightSupport::Crypto
+  class SignedHash
+    DEFAULT_OPTIONS = {
+      :digest   => Digest::SHA1,
+      :encoding => JSON
+    }
+
+    def initialize(hash={}, options={})
+      options = DEFAULT_OPTIONS.merge(options)
+      @hash        = hash
+      @digest      = options[:digest]
+      @encoding    = options[:encoding]
+      @public_key  = options[:public_key]
+      @private_key = options[:private_key]
+      duck_type_check
+    end
+
+    def sign(expires_at)
+      raise ArgumentError, "Cannot sign; missing private_key" unless @private_key
+      raise ArgumentError, "expires_at must be a Time in the future" unless time_check(expires_at)
+
+      metadata = {:expires_at => expires_at}
+      @private_key.private_encrypt( digest( encode( canonicalize( frame(@hash, metadata) ) ) ) )
+    end
+
+    def verify!(signature, expires_at)
+      raise ArgumentError, "Cannot verify; missing public_key" unless @public_key
+
+      metadata = {:expires_at => expires_at}
+      expected = digest( encode( canonicalize( frame(@hash, metadata) ) ) )
+      actual = @public_key.public_decrypt(signature)
+      raise SecurityError, "Signature mismatch: expected #{expected}, got #{actual}" unless actual == expected
+      raise SecurityError, "The signature has expired (or expires_at is not a Time)" unless time_check(expires_at)
+    end
+
+    def verify(signature, expires_at)
+      verify!(signature, expires_at)
+      true
+    rescue Exception => e
+      false
+    end
+
+    def method_missing(meth, *args)
+      @hash.__send__(meth, *args)
+    end
+
+    private
+
+    def duck_type_check
+      unless @digest.is_a?(Class) &&
+             @digest.instance_methods.include?(str_or_symb('update')) &&
+             @digest.instance_methods.include?(str_or_symb('digest'))
+        raise ArgumentError, "Digest class must respond to #update and #digest instance methods"
+      end
+      unless @encoding.respond_to?(str_or_symb('dump'))
+        raise ArgumentError, "Encoding class/module/object must respond to .dump method"
+      end
+      if @public_key && !@public_key.respond_to?(str_or_symb('public_decrypt'))
+        raise ArgumentError, "Public key must respond to :public_decrypt (e.g. an OpenSSL::PKey instance)"
+      end
+      if @private_key && !@private_key.respond_to?(str_or_symb('private_encrypt'))
+        raise ArgumentError, "Private key must respond to :private_encrypt (e.g. an OpenSSL::PKey instance)"
+      end
+    end
+
+    def str_or_symb(method)
+      RUBY_VERSION > '1.9' ? method.to_sym : method.to_s
+    end
+
+    def time_check(t)
+      t.is_a?(Time) && (t >= Time.now)
+    end
+
+    def frame(data, metadata) # :nodoc:
+      {:data => data, :metadata => metadata}
+    end
+
+    def digest(input) # :nodoc:
+      @digest.new.update(input).digest
+    end
+
+    def encode(input)
+      @encoding.dump(input)
+    end
+
+    def canonicalize(input) # :nodoc:
+      case input
+        when Hash
+          # Hash is the only complex case. We canonicalize a Hash as an Array of pairs, each of which
+          # consists of one key and one value. The ordering of the pairs is consistent with the
+          # ordering of the keys.
+          output = Array.new
+
+          # First, transform the original input hash into something that has canonicalized keys
+          # (which should make them sortable, too). Also canonicalize the values while we are
+          # at it...
+          sortable_input = {}
+          input.each { |k,v| sortable_input[canonicalize(k)] = canonicalize(v) }
+
+          # Sort the keys; guard this operation so we can raise an intelligent error if
+          # something is still not sortable even after canonicalization.
+          begin
+            ordered_keys = sortable_input.keys.sort
+          rescue Exception => e
+            msg = "SignedHash requires sortable hash keys; cannot sort #{sortable_input.keys.inspect} " +
+                  "due to #{e.class.name}: #{e.message}"
+            e2 = ArgumentError.new(msg)
+            e2.set_backtrace(e.backtrace)
+            raise e2
+          end
+
+          ordered_keys.each do |key|
+            output << [ key, sortable_input[key] ]
+          end
+        when Array
+          output = input.collect { |x| canonicalize(x) }
+        when Time
+          output = input.to_i
+        when Symbol
+          output = input.to_s
+        else
+          output = input
+      end
+
+      output
+    end
+  end
+end

data/lib/right_support/crypto.rb

@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module RightSupport
+  #
+  # A namespace for cryptographic functionality.
+  #
+  module Crypto
+
+  end
+end
+
+require 'right_support/crypto/signed_hash'

data/lib/right_support/net/request_balancer.rb

@@ -13,20 +13,33 @@ module RightSupport::Net
   #
   # The balancer does not actually perform requests by itself, which makes this
   # class usable for various network protocols, and potentially even for non-
-  # networking purposes. The block does all the work; the balancer merely selects
-  # a random request endpoint to pass to the block.
+  # networking purposes. The block passed to #request does all the work; the
+  # balancer merely selects a suitable endpoint to pass to its block.
   #
-  # PLEASE NOTE that the request balancer has a rather dumb notion of what is considered
-  # a "fatal" error for purposes of being able to retry; by default, it will consider
-  # any StandardError or any RestClient::Exception whose code is between 400-499. This
-  # MAY NOT BE SUFFICIENT for some uses of the request balancer! Please use the :fatal
-  # option if you need different behavior.
+  # PLEASE NOTE that it is VERY IMPORTANT that the balancer is able to properly
+  # distinguish between fatal and non-fatal (retryable) errors. Before you pass
+  # a :fatal option to the RequestBalancer constructor, carefully examine its
+  # default list of fatal exceptions and default logic for deciding whether a
+  # given exception is fatal! There are some subtleties.
   class RequestBalancer
     DEFAULT_RETRY_PROC = lambda do |ep, n|
       n < ep.size
     end
 
-    DEFAULT_FATAL_EXCEPTIONS = [ScriptError, ArgumentError, IndexError, LocalJumpError, NameError]
+    # Built-in Ruby exceptions that should be considered fatal. Normally one would be
+    # inclined to simply say RuntimeError or StandardError, but because gem authors
+    # frequently make unwise choices of exception base class, including these top-level
+    # base classes could cause us to falsely think that retryable exceptions are fatal.
+    #
+    # A good example of this phenomenon is the rest-client gem, whose base exception
+    # class is derived from RuntimeError!!
+    DEFAULT_FATAL_EXCEPTIONS = [
+      NoMemoryError, SystemStackError, SignalException, SystemExit,
+      ScriptError,
+      #Subclasses of StandardError, which we can't mention directly
+      ArgumentError, IndexError, LocalJumpError, NameError, RangeError,
+      RegexpError, ThreadError, TypeError, ZeroDivisionError
+    ]
 
     DEFAULT_FATAL_PROC = lambda do |e|
       if DEFAULT_FATAL_EXCEPTIONS.any? { |c| e.is_a?(c) }
@@ -136,15 +149,13 @@ module RightSupport::Net
       complete   = false
       n          = 0
 
-      retry_opt     = @options[:retry] || DEFAULT_RETRY_PROC
-
       loop do
         if complete
           break
         else
-          max_n = retry_opt
-          max_n = max_n.call(@endpoints, n) if max_n.respond_to?(:call)
-          break if (max_n.is_a?(Integer) && n >= max_n) || [nil, false].include?(max_n)
+          do_retry = @options[:retry] || DEFAULT_RETRY_PROC
+          do_retry = do_retry.call(@endpoints, n) if do_retry.respond_to?(:call)
+          break if (do_retry.is_a?(Integer) && n >= do_retry) || [nil, false].include?(do_retry)
         end
 
         endpoint, need_health_check  = @policy.next

data/lib/right_support/net/string_encoder.rb

@@ -0,0 +1,99 @@
+# Copyright (c) 2011 RightScale Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'cgi'
+require 'base64'
+require 'zlib'
+
+#
+# A tool that encodes (binary or ASCII) strings into 7-bit ASCII
+# using one or more encoding algorithms which are applied sequentially.
+# The order of algorithms is reversed on decode, naturally!
+#
+# This class is designed to be used with network protocols implemented
+# on top of HTTP, where binary data needs to be encapsulated in URL query
+# strings, request bodies or other textual payloads. Sometimes multiple
+# encodings are necessary in order to prevent unnecessary expansion of
+# the encoded text.
+#
+module RightSupport::Net
+  class StringEncoder
+    ENCODINGS = [:base64, :url]
+    ENCODINGS.freeze
+
+    #
+    # Create a new instance.
+    #
+    # === Parameters
+    # *encodings:: list of Symbols representing an ordered sequence of encodings
+    #
+    def initialize(*args)
+      args = args.flatten
+      args.each do |enc|
+        raise ArgumentError, "Unknown encoding #{enc}" unless ENCODINGS.include?(enc)
+      end
+
+      @encodings = args
+    end
+
+    #
+    # Encode a binary or textual string.
+    #
+    # === Parameters
+    # value(String):: the value to be encoded
+    #
+    # === Return
+    # The encoded value, with all encodings applied.
+    def encode(value)
+      @encodings.each do |enc|
+        case enc
+          when :base64
+            value = Base64.encode64(value)
+          when :url
+            value = CGI.escape(value)
+        end
+      end
+
+      value
+    end
+
+    #
+    # Decode a binary or textual string.
+    #
+    # === Parameters
+    # value(String):: the value to be decoded
+    #
+    # === Return
+    # The decoded string value
+    def decode(value)
+      @encodings.reverse.each do |enc|
+        case enc
+          when :base64
+            value = Base64.decode64(value)
+          when :url
+            value = CGI.unescape(value)
+        end
+      end
+
+      value
+    end
+  end
+end

data/lib/right_support.rb

@@ -1,5 +1,6 @@
 # Namespaces for RightSupport
 require 'right_support/ruby'
+require 'right_support/crypto'
 require 'right_support/db'
 require 'right_support/log'
 require 'right_support/net'

data/right_support.gemspec

@@ -7,23 +7,17 @@ spec = Gem::Specification.new do |s|
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")
 
   s.name    = 'right_support'
-  s.version = '1.0.11'
-  s.date    = '2011-10-21'
+  s.version = '1.1.0'
+  s.date    = '2011-11-03'
 
-  s.authors = ['Tony Spataro']
-  s.email   = 'tony@rightscale.com'
-  s.homepage= 'https://github.com/xeger/right_support'
+  s.authors = ['Tony Spataro', 'Sergey Sergyenko', 'Ryan Williamson']
+  s.email   = 'support@rightscale.com'
+  s.homepage= 'https://github.com/rightscale/right_support'
 
   s.summary = %q{Reusable foundation code.}
-  s.description = %q{A toolkit of useful foundation code: logging, input validation, etc.}
+  s.description = %q{A toolkit of useful, reusable foundation code created by RightScale.}
 
-  s.add_development_dependency('rake', [">= 0.8.7"])
-  s.add_development_dependency('ruby-debug', [">= 0.10"])
-  s.add_development_dependency('rspec', ["~> 1.3"])
-  s.add_development_dependency('cucumber', ["~> 0.8"])
-  s.add_development_dependency('flexmock', ["~> 0.8"])
-  s.add_development_dependency('net-ssh', ["~> 2.0"])
-  s.add_development_dependency('rest-client', ["~> 1.6"])
+  s.add_dependency('json', ['~> 1.4'])
 
   basedir = File.dirname(__FILE__)
   candidates = ['right_support.gemspec', 'LICENSE', 'README.rdoc'] + Dir['lib/**/*']

metadata

@@ -1,131 +1,42 @@
 --- !ruby/object:Gem::Specification 
 name: right_support
 version: !ruby/object:Gem::Version 
-  hash: 1
+  hash: 19
   prerelease: false
   segments: 
   - 1
+  - 1
   - 0
-  - 11
-  version: 1.0.11
+  version: 1.1.0
 platform: ruby
 authors: 
 - Tony Spataro
+- Sergey Sergyenko
+- Ryan Williamson
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-10-21 00:00:00 -07:00
+date: 2011-11-03 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rake
+  name: json
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 49
-        segments: 
-        - 0
-        - 8
-        - 7
-        version: 0.8.7
-  type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: ruby-debug
-  prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 31
-        segments: 
-        - 0
-        - 10
-        version: "0.10"
-  type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rspec
-  prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 9
-        segments: 
-        - 1
-        - 3
-        version: "1.3"
-  type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: cucumber
-  prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 0
-        - 8
-        version: "0.8"
-  type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: flexmock
-  prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 0
-        - 8
-        version: "0.8"
-  type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: net-ssh
-  prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 2
-        - 0
-        version: "2.0"
-  type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
-  name: rest-client
-  prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 3
+        hash: 7
         segments: 
         - 1
-        - 6
-        version: "1.6"
-  type: :development
-  version_requirements: *id007
-description: "A toolkit of useful foundation code: logging, input validation, etc."
-email: tony@rightscale.com
+        - 4
+        version: "1.4"
+  type: :runtime
+  version_requirements: *id001
+description: A toolkit of useful, reusable foundation code created by RightScale.
+email: support@rightscale.com
 executables: []
 
 extensions: []
@@ -136,6 +47,8 @@ files:
 - LICENSE
 - README.rdoc
 - lib/right_support.rb
+- lib/right_support/crypto.rb
+- lib/right_support/crypto/signed_hash.rb
 - lib/right_support/db.rb
 - lib/right_support/db/cassandra_model.rb
 - lib/right_support/log.rb
@@ -149,6 +62,7 @@ files:
 - lib/right_support/net/balancing/round_robin.rb
 - lib/right_support/net/http_client.rb
 - lib/right_support/net/request_balancer.rb
+- lib/right_support/net/string_encoder.rb
 - lib/right_support/rack.rb
 - lib/right_support/rack/custom_logger.rb
 - lib/right_support/ruby.rb
@@ -158,7 +72,7 @@ files:
 - lib/right_support/validation/ssh.rb
 - right_support.gemspec
 has_rdoc: true
-homepage: https://github.com/xeger/right_support
+homepage: https://github.com/rightscale/right_support
 licenses: []
 
 post_install_message: