zyre 0.3.1 → 0.4.0

data/ext/zyre_ext/zyre_ext.h

@@ -10,14 +10,23 @@
 #ifndef ZYRE_EXT_H_90322ABD
 #define ZYRE_EXT_H_90322ABD
 
+#include "extconf.h"
+
 #include <ruby.h>
 #include <ruby/intern.h>
 #include <ruby/thread.h>
 #include <ruby/encoding.h>
+#include <ruby/version.h>
+
+#ifdef HAVE_ZCERT_UNSET_META
+#	define CZMQ_BUILD_DRAFT_API 1
+#endif
+#ifdef HAVE_ZYRE_SET_BEACON_PEER_PORT
+#	define ZYRE_BUILD_DRAFT_API 1
+#endif
 
 #include "zyre.h"
 #include "czmq.h"
-#include "extconf.h"
 
 #ifndef TRUE
 # define TRUE    1
@@ -28,7 +37,8 @@
 #endif
 
 
-// For synthesized events
+// For synthesized events, sizeof calculations, copied from the czmq and zyre
+// source
 struct _zyre_event_t {
     char *type;             //  Event type as string
     char *peer_uuid;        //  Sender UUID as string
@@ -40,6 +50,7 @@ struct _zyre_event_t {
 };
 
 
+
 /* --------------------------------------------------------------
  * Declarations
  * -------------------------------------------------------------- */
@@ -74,6 +85,9 @@ extern VALUE rzyre_mZyre;
 extern VALUE rzyre_cZyreNode;
 extern VALUE rzyre_cZyreEvent;
 extern VALUE rzyre_cZyrePoller;
+extern VALUE rzyre_cZyreCert;
+
+extern zactor_t *auth_actor;
 
 
 /* --------------------------------------------------------------
@@ -83,6 +97,7 @@ extern VALUE rzyre_cZyrePoller;
 #define IsZyreNode( obj ) rb_obj_is_kind_of( (obj), rzyre_cZyreNode )
 #define IsZyreEvent( obj ) rb_obj_is_kind_of( (obj), rzyre_cZyreEvent )
 #define IsZyrePoller( obj ) rb_obj_is_kind_of( (obj), rzyre_cZyrePoller )
+#define IsZyreCert( obj ) rb_obj_is_kind_of( (obj), rzyre_cZyreCert )
 
 /* --------------------------------------------------------------
  * Utility functions
@@ -98,8 +113,10 @@ extern void Init_zyre_ext _(( void ));
 extern void rzyre_init_node _(( void ));
 extern void rzyre_init_event _(( void ));
 extern void rzyre_init_poller _(( void ));
+extern void rzyre_init_cert _(( void ));
 
 extern zyre_t * rzyre_get_node _(( VALUE ));
+extern zcert_t * rzyre_get_cert _(( VALUE ));
 
 #endif /* end of include guard: ZYRE_EXT_H_90322ABD */
 

data/lib/zyre.rb

@@ -1,35 +1,28 @@
 # -*- ruby -*-
 # frozen_string_literal: true
 
+require 'set'
 require 'loggability'
 
 require_relative 'zyre_ext'
 
 
-# A binding to libzyre
+#--
+# See also: ext/zyre_ext/zyre_ext.c
 module Zyre
 	extend Loggability
 
 
 	# Gem version (semver)
-	VERSION = '0.3.1'
+	VERSION = '0.4.0'
 
 
 	# Set up a logger for Zyre classes
 	log_as :zyre
 
 
-	### Wait on one or more +nodes+ to become readable, returning the first one that does
-	### or +nil+ if the +timeout+ is zero or greater and at least that many seconds elapse.
-	### Specify a +timeout+ of -1 to wait indefinitely. The timeout is in floating-point
-	### seconds.
-	###
-	### Raises an Interrupt if the call is interrupted or the ZMQ context is destroyed.
-	def self::wait( *nodes, timeout: -1 )
-		nodes = nodes.flatten
-		return nil if nodes.empty?
-		return self.wait2( nodes, timeout )
-	end
+	@whitelisted_ips = Set.new
+	@blacklisted_ips = Set.new
 
 
 	### If the given +key+ is a Symbol, transform it into an RFC822-style header key. If
@@ -50,4 +43,36 @@ module Zyre
 			transform_values {|v| v.to_s.encode('us-ascii') }
 	end
 
+
+	### Allow (whitelist) a list of IP +addresses+. For NULL, all clients from
+	### these addresses will be accepted. For PLAIN and CURVE, they will be
+	### allowed to continue with authentication. You can call this method
+	### multiple times to whitelist more IP addresses. If you whitelist one
+	### or more addresses, any non-whitelisted addresses are treated as
+	### blacklisted:
+	def self::allow( *addresses )
+		@whitelisted_ips.merge( addresses )
+	end
+
+
+	### Deny (blacklist) a list of IP +addresses+. For all security mechanisms,
+	### this rejects the connection without any further authentication. Use
+	### either a whitelist, or a blacklist, not not both. If you define both
+	### a whitelist and a blacklist, only the whitelist takes effect:
+	def self::deny( *addresses )
+		@blacklisted_ips.merge( addresses )
+	end
+
+
+	### Returns +true+ if the underlying Czmq library was built with draft APIs.
+	def self::has_draft_czmq_apis?
+		return Zyre::BUILT_WITH_DRAFT_CZMQ_API ? true : false
+	end
+
+
+	### Returns +true+ if the underlying Zyre library was built with draft APIs.
+	def self::has_draft_apis?
+		return Zyre::BUILT_WITH_DRAFT_API ? true : false
+	end
+
 end # module Zyre

data/lib/zyre/cert.rb

@@ -0,0 +1,75 @@
+# -*- ruby -*-
+# frozen_string_literal: true
+
+require 'loggability'
+
+require 'zyre' unless defined?( Zyre )
+
+
+#--
+# See also: ext/zyre_ext/cert.c
+class Zyre::Cert
+	extend Loggability
+
+
+	# The placeholder key that is set as the secret key for a public certificate.
+	EMPTY_KEY = "\x00" * 32
+
+
+	# Use the Zyre module's logger
+	log_to :zyre
+
+
+	# Set up some more Rubyish aliases
+	alias_method :private_key, :secret_key
+	alias_method :==, :eql?
+
+
+	### Fetch the value for the cert metadata with the given +name+.
+	def []( name )
+		return self.meta( name.to_s )
+	end
+
+
+	### Set the value for the cert metadata with the given +name+ to +value+.
+	def []=( name, value )
+		return self.set_meta( name.to_s, value.to_s )
+	end
+
+
+	### Return the metadata from the cert as a Hash.
+	def meta_hash
+		hash = self.meta_keys.each_with_object( {} ) do |key, h|
+			h[ key ] = self[ key ]
+		end
+		hash.freeze
+		return hash
+	end
+
+
+	### Delete the value for the cert metadata with the given +name+. Requires
+	### CZMQ to have been built with Draft APIs.
+	def delete( name )
+		name = name.to_s
+
+		deleted_val = self[ name ]
+		self.unset_meta( name )
+
+		return deleted_val
+	end
+
+
+	### Returns +true+ if the certificate has a secret key.
+	def have_secret_key?
+		return self.secret_key != EMPTY_KEY
+	end
+
+
+	### Apply the certificate to the specified +zyre_node+, i.e. use the
+	### cert for CURVE security. If the receiving certificate doesn't have a
+	### private key, an exception will be raised.
+	def apply( zyre_node )
+		return zyre_node.zcert = self
+	end
+
+end # class Zyre::Cert

data/lib/zyre/event.rb

@@ -25,6 +25,7 @@ class Zyre::Event
 	autoload :Exit, 'zyre/event/exit'
 	autoload :Join, 'zyre/event/join'
 	autoload :Leave, 'zyre/event/leave'
+	autoload :Leader, 'zyre/event/leader'
 	autoload :Shout, 'zyre/event/shout'
 	autoload :Silent, 'zyre/event/silent'
 	autoload :Stop, 'zyre/event/stop'

data/lib/zyre/event/stop.rb

@@ -6,4 +6,9 @@ require 'zyre/event' unless defined?( Zyre::Event )
 
 class Zyre::Event::Stop < Zyre::Event
 
+	### Provide the details of the inspect message.
+	def inspect_details
+		return " node is stopping"
+	end
+
 end # class Zyre::Event::Stop

data/lib/zyre/testing.rb

@@ -221,6 +221,18 @@ module Zyre::Testing
 		end
 
 
+		### Generate a LEADER event.
+		def leader( **overrides )
+			uuid = overrides.delete( :peer_uuid ) || self.peer_uuid
+			config = {
+				peer_name: self.peer_name,
+				group: self.group
+			}.merge( overrides )
+
+			return Zyre::Event.synthesize( :leader, uuid, **config )
+		end
+
+
 		### Generate an EXIT event.
 		def exit( **overrides )
 			uuid = overrides.delete( :peer_uuid ) || self.peer_uuid
@@ -231,6 +243,17 @@ module Zyre::Testing
 			return Zyre::Event.synthesize( :exit, uuid, **config )
 		end
 
+
+		### Generate a STOP event.
+		def stop( **overrides )
+			uuid = overrides.delete( :peer_uuid ) || self.peer_uuid
+			config = {
+				peer_name: self.peer_name
+			}.merge( overrides )
+
+			return Zyre::Event.synthesize( :stop, uuid, **config )
+		end
+
 	end # class EventFactory
 
 
@@ -260,6 +283,7 @@ module Zyre::Testing
 	def started_node( name=nil )
 		node = Zyre::Node.new( name )
 		node.endpoint = 'inproc://node-test-%s' % [ SecureRandom.hex(16) ]
+
 		yield( node ) if block_given?
 
 		if @gossip_endpoint

data/spec/spec_helper.rb

@@ -55,6 +55,10 @@ RSpec.configure do |config|
 		Zyre::Testing.check_fdmax
 	end
 
+	config.filter_run_excluding( :draft_api ) unless Zyre.has_draft_apis?
+	config.filter_run_excluding( :czmq_draft_api ) unless Zyre.has_draft_czmq_apis?
+	config.filter_run_excluding( :no_czmq_draft_api ) if Zyre.has_draft_czmq_apis?
+
 	config.include( Zyre::Testing )
 	config.include( Loggability::SpecHelpers )
 end

data/spec/zyre/cert_spec.rb

@@ -0,0 +1,218 @@
+#!/usr/bin/env rspec -cfd
+
+require_relative '../spec_helper'
+
+require 'tempfile'
+
+require 'zyre/cert'
+
+
+RSpec.describe( Zyre::Cert ) do
+
+	let( :cert_file ) { Tempfile.new('zyre_cert_test') }
+
+
+	it "can be created in-memory" do
+		expect( described_class.new ).to be_a( described_class )
+	end
+
+
+	it "can be created from a keypair" do
+		cert = described_class.new
+
+		result = described_class.from( cert.public_key, cert.private_key )
+
+		expect( result ).to be_a( described_class )
+		expect( result ).to eq( cert )
+	end
+
+
+	it "can be saved to and loaded from a file" do
+		cert = described_class.new
+		cert.save( cert_file.path )
+
+		result = described_class.load( cert_file.path )
+
+		expect( result ).to be_a( described_class )
+		expect( result ).to eq( cert )
+	end
+
+
+	it "can be saved as a public cert to and loaded from a file" do
+		cert = described_class.new
+		cert.save_public( cert_file.path )
+
+		result = described_class.load( cert_file.path )
+
+		expect( result ).to be_a( described_class )
+		expect( result.public_key ).to eq( cert.public_key )
+		expect( result.secret_key ).to eq( Zyre::Cert::EMPTY_KEY )
+	end
+
+
+	it "can be saved as a secret cert to and loaded from a file" do
+		cert = described_class.new
+		cert.save_secret( cert_file.path )
+
+		result = described_class.load( cert_file.path )
+
+		expect( result ).to be_a( described_class )
+		expect( result ).to eq( cert )
+	end
+
+
+	it "knows what its public key is" do
+		cert = described_class.new
+
+		key = cert.public_key
+
+		expect( key.encoding ).to eq( Encoding::ASCII_8BIT )
+		expect( key.bytesize ).to eq( 32 )
+	end
+
+
+	it "knows what its secret key is" do
+		cert = described_class.new
+
+		key = cert.secret_key
+
+		expect( key.encoding ).to eq( Encoding::ASCII_8BIT )
+		expect( key.bytesize ).to eq( 32 )
+	end
+
+
+	it "knows what its Z85-armored public key is" do
+		cert = described_class.new
+
+		key = cert.public_txt
+
+		expect( key.encoding ).to eq( Encoding::US_ASCII )
+		expect( key.length ).to eq( 40 )
+	end
+
+
+	it "knows what its Z85-armored secret key is" do
+		cert = described_class.new
+
+		key = cert.secret_txt
+
+		expect( key.encoding ).to eq( Encoding::US_ASCII )
+		expect( key.length ).to eq( 40 )
+	end
+
+
+	it "can set metadata on the cert" do
+		cert = described_class.new
+
+		cert[ :username ] = 'timmy'
+
+		expect( cert['username'] ).to eq( 'timmy' )
+	end
+
+
+	it "stringifies non-string metadata on the cert" do
+		cert = described_class.new
+
+		cert[ :euid ] = 12
+
+		expect( cert[:euid] ).to eq( '12' )
+	end
+
+
+	it "fetches non-existant values as nil" do
+		cert = described_class.new
+
+		expect( cert[:nonexistant_key] ).to be_nil
+	end
+
+
+	it "silently ignores overwrites of a metadata value if not built with Drafts", :no_czmq_draft_api do
+		cert = described_class.new
+
+		cert.set_meta( 'foo', 'bar' )
+		cert.set_meta( 'foo', 'baz' )
+
+		expect( cert.meta('foo') ).to eq( 'bar' )
+	end
+
+
+	it "can overwrite a metadata value if built with Drafts", :czmq_draft_api do
+		cert = described_class.new
+
+		cert.set_meta( 'foo', 'bar' )
+		cert.set_meta( 'foo', 'baz' )
+
+		expect( cert.meta('foo') ).to eq( 'baz' )
+	end
+
+
+	it "knows what metadata has been set on the cert" do
+		cert = described_class.new
+
+		cert[ :euid ]      = 0
+		cert[ :username ]  = 'jrandom'
+		cert[ 'firstname' ] = 'James'
+		cert[ :lastname ]  = 'Random'
+		cert[ 'key 2' ] = 'cf67c750-c704-4ef7-ab83-ecb2cd2e326c'
+
+		expect( cert.meta_keys ).
+			to contain_exactly( 'euid', 'username', 'firstname', 'lastname', 'key 2' )
+	end
+
+
+	it "can delete one of its metadata key-value pairs", :czmq_draft_api do
+		cert = described_class.new
+
+		cert[ :euid ]      = 0
+		cert[ :username ]  = 'jrandom'
+		cert[ 'firstname' ] = 'James'
+		cert[ :lastname ]  = 'Random'
+		cert[ 'key 2' ] = 'cf67c750-c704-4ef7-ab83-ecb2cd2e326c'
+
+		cert.delete( 'lastname' )
+
+		expect( cert.meta_keys ).
+			to contain_exactly( 'euid', 'username', 'firstname', 'key 2' )
+	end
+
+
+	it "can return all of its metadata as a Hash" do
+		cert = described_class.new
+
+		cert[ :euid ]      = 0
+		cert[ :username ]  = 'jrandom'
+		cert[ 'firstname' ] = 'James'
+		cert[ :lastname ]  = 'Random'
+		cert[ 'key 2' ] = 'cf67c750-c704-4ef7-ab83-ecb2cd2e326c'
+
+		expect( cert.meta_hash ).to eq({
+			'euid'      => '0',
+			'username'  => 'jrandom',
+			'firstname' => 'James',
+			'lastname'  => 'Random',
+			'key 2'     => 'cf67c750-c704-4ef7-ab83-ecb2cd2e326c',
+		})
+	end
+
+
+	it "can be applied to a Zyre node", :draft_apis do
+		node = instance_double( Zyre::Node )
+		cert = Zyre::Cert.new
+
+		expect( node ).to receive( :zcert= ).with( cert )
+		cert.apply( node )
+	end
+
+
+	it "can be duplicated" do
+		cert = described_class.new
+		cert[ :node_id ] = '05343500-f908-4903-9441-e648eb1754ec'
+		cert[ :node_order ] = 1
+
+		other = cert.dup
+
+		expect( other.object_id ).not_to eq( cert.object_id )
+	end
+
+
+end