infinispan 0.8.0 → 0.10.0

package/lib/sasl/digest.js

@@ -0,0 +1,188 @@
+(function (root, factory) {
+    if (typeof exports === 'object') {
+        // CommonJS
+        factory(exports, module, require('crypto'));
+    } else if (typeof define === 'function' && define.amd) {
+        // AMD
+        define(['exports', 'module', 'crypto'], factory);
+    }
+}(this, function (exports, module, crypto) {
+
+    /**
+     * DIGEST `Mechanism` constructor.
+     *
+     * This class implements the DIGEST-* SASL mechanism.
+     *
+     * References:
+     *  - [RFC 2831](http://tools.ietf.org/html/rfc2831)
+     *
+     * @api public
+     */
+    function Mechanism(options) {
+        options = options || {};
+        this._genNonce = options.genNonce || genNonce(32);
+    }
+
+    Mechanism.prototype.name = 'DIGEST';
+    Mechanism.prototype.clientFirst = false;
+
+    /**
+     * Encode a response using given credential.
+     *
+     * Options:
+     *  - `username`
+     *  - `password`
+     *  - `host`
+     *  - `serviceType`
+     *  - `authzid`   authorization identity (optional)
+     *
+     * @param {Object} cred
+     * @api public
+     */
+    Mechanism.prototype.response = function (cred) {
+        // TODO: Implement support for subsequent authentication.  This requires
+        //       that the client be able to store username, realm, nonce,
+        //       nonce-count, cnonce, and qop values from prior authentication.
+        //       The impact of this requirement needs to be investigated.
+        //
+        //       See RFC 2831 (Section 2.2) for further details.
+
+        // TODO: Implement support for auth-int and auth-conf, as defined in RFC
+        //       2831 sections 2.3 Integrity Protection and 2.4 Confidentiality
+        //       Protection, respectively.
+        //
+        //       Note that supporting this functionality has implications
+        //       regarding the negotiation of security layers via SASL.  Due to
+        //       the fact that TLS has largely superseded this functionality,
+        //       implementing it is a low priority.
+
+        var uri = cred.serviceType + '/' + cred.host;
+        if (cred.serviceName && cred.host !== cred.serviceName) {
+            uri += '/' + serviceName;
+        }
+        var realm = cred.realm || this._realm || ''
+            , cnonce = this._genNonce()
+            , nc = '00000001'
+            , qop = 'auth'
+            , ha1
+            , ha2
+            , digest;
+        var str = '';
+        str += 'username="' + cred.username + '"';
+        if (realm) { str += ',realm="' + realm + '"'; };
+        str += ',nonce="' + this._nonce + '"';
+        str += ',cnonce="' + cnonce + '"';
+        str += ',nc=' + nc;
+        str += ',qop=' + qop;
+        str += ',digest-uri="' + uri + '"';
+        var base = crypto.createHash('md5')
+            .update(cred.username)
+            .update(':')
+            .update(realm)
+            .update(':')
+            .update(cred.password)
+            .digest();
+        ha1 = crypto.createHash('md5')
+            .update(base)
+            .update(':')
+            .update(this._nonce)
+            .update(':')
+            .update(cnonce);
+        if (cred.authzid) {
+            ha1.update(':').update(cred.authzid);
+        }
+        ha1 = ha1.digest('hex');
+        ha2 = crypto.createHash('md5')
+            .update('AUTHENTICATE:')
+            .update(uri);
+        if (qop === 'auth-int' || qop === 'auth-conf') {
+            ha2.update(':00000000000000000000000000000000');
+        }
+        ha2 = ha2.digest('hex');
+        digest = crypto.createHash('md5')
+            .update(ha1)
+            .update(':')
+            .update(this._nonce)
+            .update(':')
+            .update(nc)
+            .update(':')
+            .update(cnonce)
+            .update(':')
+            .update(qop)
+            .update(':')
+            .update(ha2)
+            .digest('hex');
+        str += ',response=' + digest;
+        if (this._charset == 'utf-8') { str += ',charset=utf-8'; }
+        if (cred.authzid) { str += 'authzid="' + cred.authzid + '"'; }
+        return str;
+    };
+
+    /**
+     * Decode a challenge issued by the server.
+     *
+     * @param {String} chal
+     * @return {Mechanism} for chaining
+     * @api public
+     */
+    Mechanism.prototype.challenge = function (chal) {
+        var dtives = parse(chal);
+
+        // TODO: Implement support for multiple realm directives, as allowed by the
+        //       DIGEST-MD5 specification.
+        this._realm = dtives['realm'];
+        this._nonce = dtives['nonce'];
+        this._qop = (dtives['qop'] || 'auth').split(',');
+        this._stale = dtives['stale'];
+        this._maxbuf = parseInt(dtives['maxbuf']) || 65536;
+        this._charset = dtives['charset'];
+        this._algo = dtives['algorithm'];
+        this._cipher = dtives['cipher'];
+        if (this._cipher) { this._cipher.split(','); }
+        return this;
+    };
+
+
+    /**
+     * Parse challenge.
+     *
+     * @api private
+     */
+    function parse(chal) {
+        var dtives = {};
+        var tokens = chal.split(/,(?=(?:[^"]|"[^"]*")*$)/);
+        for (var i = 0, len = tokens.length; i < len; i++) {
+            var dtiv = /(\w+)=["]?([^"]+)["]?$/.exec(tokens[i]);
+            if (dtiv) {
+                dtives[dtiv[1]] = dtiv[2];
+            }
+        }
+        return dtives;
+    }
+
+    /**
+     * Return a unique nonce with the given `len`.
+     *
+     *     genNonce(10)();
+     *     // => "FDaS435D2z"
+     *
+     * @param {Number} len
+     * @return {Function}
+     * @api private
+     */
+    function genNonce(len) {
+        var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+            , charlen = chars.length;
+
+        return function () {
+            var buf = [];
+            for (var i = 0; i < len; ++i) {
+                buf.push(chars[Math.random() * charlen | 0]);
+            }
+            return buf.join('');
+        }
+    }
+
+    exports = module.exports = Mechanism;
+
+}));

package/lib/sasl/external.js

@@ -0,0 +1,54 @@
+(function (root, factory) {
+  if (typeof exports === 'object') {
+    // CommonJS
+    factory(exports, module);
+  } else if (typeof define === 'function' && define.amd) {
+    // AMD
+    define(['exports', 'module'], factory);
+  }
+}(this, function (exports, module) {
+
+  /**
+   * EXTERNAL `Mechanism` constructor.
+   *
+   * This class implements the EXTERNAL SASL mechanism.
+   *
+   * The EXTERNAL SASL mechanism provides support for authentication using
+   * credentials established by external means. 
+   *
+   * References:
+   *  - [RFC 4422](http://tools.ietf.org/html/rfc4422)
+   *
+   * @api public
+   */
+  function Mechanism() {
+  }
+
+  Mechanism.prototype.name = 'EXTERNAL';
+  Mechanism.prototype.clientFirst = true;
+
+  /**
+   * Encode a response using given credential.
+   *
+   * Options:
+   *  - `authzid`   authorization identity (optional)
+   *
+   * @param {Object} cred
+   * @api public
+   */
+  Mechanism.prototype.response = function (cred) {
+    return cred.authzid || '';
+  };
+
+  /**
+   * Decode a challenge issued by the server.
+   *
+   * @param {String} chal
+   * @api public
+   */
+  Mechanism.prototype.challenge = function (chal) {
+  };
+
+  exports = module.exports = Mechanism;
+
+}));

package/lib/sasl/factory.js

@@ -0,0 +1,71 @@
+(function(root, factory) {
+    if (typeof exports === 'object') {
+      // CommonJS
+      factory(exports, module);
+    } else if (typeof define === 'function' && define.amd) {
+      // AMD
+      define(['exports', 'module'], factory);
+    }
+  }(this, function(exports, module) {
+    
+    /**
+     * `Factory` constructor.
+     *
+     * @api public
+     */
+    function Factory() {
+      this._mechs = [];
+    }
+    
+    /**
+     * Utilize the given `mech` with optional `name`, overridding the mechanism's
+     * default name.
+     *
+     * Examples:
+     *
+     *     factory.use(FooMechanism);
+     *
+     *     factory.use('XFOO', FooMechanism);
+     *
+     * @param {String|Mechanism} name
+     * @param {Mechanism} mech
+     * @return {Factory} for chaining
+     * @api public
+     */
+    Factory.prototype.use = function(name, mech) {
+      if (!mech) {
+        mech = name;
+        name = mech.prototype.name;
+      }
+      this._mechs.push({ name: name, mech: mech });
+      return this;
+    };
+    
+    /**
+     * Create a new mechanism from supported list of `mechs`.
+     *
+     * If no mechanisms are supported, returns `null`.
+     *
+     * Examples:
+     *
+     *     var mech = factory.create(['FOO', 'BAR']);
+     *
+     * @param {Array} mechs
+     * @return {Mechanism}
+     * @api public
+     */
+    Factory.prototype.create = function(mechs) {
+      for (var i = 0, len = this._mechs.length; i < len; i++) {
+        for (var j = 0, jlen = mechs.length; j < jlen; j++) {
+          var entry = this._mechs[i];
+          if (entry.name == mechs[j]) {
+            return new entry.mech();
+          }
+        }
+      }
+      return null;
+    };
+  
+    exports = module.exports = Factory;
+    
+  }));

package/lib/sasl/oauthbearer.js

@@ -0,0 +1,63 @@
+(function (root, factory) {
+  if (typeof exports === 'object') {
+    // CommonJS
+    factory(exports, module);
+  } else if (typeof define === 'function' && define.amd) {
+    // AMD
+    define(['exports', 'module'], factory);
+  }
+}(this, function (exports, module) {
+
+  /**
+   * OAUTHBEARER `Mechanism` constructor.
+   *
+   * This class implements the OAUTHBEARER SASL mechanism.
+   *
+   * The OAUTHBEARER SASL mechanism provides support for exchanging a token obtained via OAuth with the server.
+   *
+   * References:
+   *  - [RFC 4616](http://tools.ietf.org/html/rfc4616)
+   *
+   * @api public
+   */
+  function Mechanism() {
+  }
+
+  Mechanism.prototype.name = 'OAUTHBEARER';
+  Mechanism.prototype.clientFirst = true;
+
+  /**
+   * Encode a response using given credential.
+   *
+   * Options:
+   *  - `token`     an OAuth token
+   *  - `authzid`   authorization identity (optional)
+   *
+   * @param {Object} cred
+   * @api public
+   */
+  Mechanism.prototype.response = function (cred) {
+    var str = 'n,';
+    if (cred.authzid) {
+      str += 'a=' + cred.authzid;
+    }
+    str += ',%x01,auth=Bearer ';
+    str += cred.token;
+    str += '%x01';
+    return str;
+  };
+
+  /**
+   * Decode a challenge issued by the server.
+   *
+   * @param {String} chal
+   * @return {Mechanism} for chaining
+   * @api public
+   */
+  Mechanism.prototype.challenge = function (chal) {
+    return this;
+  };
+
+  exports = module.exports = Mechanism;
+
+}));

package/lib/sasl/plain.js

@@ -0,0 +1,65 @@
+(function (root, factory) {
+  if (typeof exports === 'object') {
+    // CommonJS
+    factory(exports, module);
+  } else if (typeof define === 'function' && define.amd) {
+    // AMD
+    define(['exports', 'module'], factory);
+  }
+}(this, function (exports, module) {
+
+  /**
+   * PLAIN `Mechanism` constructor.
+   *
+   * This class implements the PLAIN SASL mechanism.
+   *
+   * The PLAIN SASL mechanism provides support for exchanging a clear-text
+   * username and password.  This mechanism should not be used without adequate
+   * security provided by an underlying transport layer. 
+   *
+   * References:
+   *  - [RFC 4616](http://tools.ietf.org/html/rfc4616)
+   *
+   * @api public
+   */
+  function Mechanism() {
+  }
+
+  Mechanism.prototype.name = 'PLAIN';
+  Mechanism.prototype.clientFirst = true;
+
+  /**
+   * Encode a response using given credential.
+   *
+   * Options:
+   *  - `username`
+   *  - `password`
+   *  - `authzid`   authorization identity (optional)
+   *
+   * @param {Object} cred
+   * @api public
+   */
+  Mechanism.prototype.response = function (cred) {
+    var str = '';
+    str += cred.authzid || '';
+    str += '\0';
+    str += cred.username;
+    str += '\0';
+    str += cred.password;
+    return str;
+  };
+
+  /**
+   * Decode a challenge issued by the server.
+   *
+   * @param {String} chal
+   * @return {Mechanism} for chaining
+   * @api public
+   */
+  Mechanism.prototype.challenge = function (chal) {
+    return this;
+  };
+
+  exports = module.exports = Mechanism;
+
+}));

package/lib/sasl/scram.js

@@ -0,0 +1,135 @@
+(function (root, factory) {
+    if (typeof exports === 'object') {
+        // CommonJS
+        factory(exports, module, require('./bitops'), require('../utils'));
+    } else if (typeof define === 'function' && define.amd) {
+        // AMD
+        define(['exports', 'module', 'bitops', 'utils'], factory);
+    }
+}(this, function (exports, module, bitops, utils) {
+    var RESP = {};
+    var CLIENT_KEY = 'Client Key';
+    var SERVER_KEY = 'Server Key';
+
+    function Mechanism(options) {
+        options = options || {};
+        this._genNonce = options.genNonce || utils.genNonce;
+        this._stage = 'one';
+    }
+
+    // Conform to the SASL lib's expectations
+    Mechanism.Mechanism = Mechanism;
+    Mechanism.prototype.name = 'SCRAM';
+    Mechanism.prototype.clientFirst = true;
+
+    Mechanism.prototype.response = function (cred) {
+        return RESP[this._stage](this, cred);
+    };
+
+    Mechanism.prototype.challenge = function (chal) {
+        var values = parse(chal);
+        this._salt = Buffer.from(values.s, 'base64');
+        this._iterationCount = parseInt(values.i, 10);
+        this._nonce = values.r;
+        this._verifier = values.v;
+        this._error = values.e;
+        this._challenge = chal;
+        return this;
+    };
+
+    /**
+     * Parse challenge.
+     *
+     * @api private
+     */
+    function parse(chal) {
+        var dtives = {};
+        var tokens = chal.split(/,(?=(?:[^"]|"[^"]*")*$)/);
+        for (var i = 0, len = tokens.length; i < len; i++) {
+            var dtiv = /(\w+)=["]?(.+)["]?$/.exec(tokens[i]);
+            if (dtiv) {
+                dtives[dtiv[1]] = dtiv[2];
+            }
+        }
+        return dtives;
+    }
+
+
+    RESP.one = function (mech, cred) {
+        mech._cnonce = mech._genNonce();
+
+        var authzid = '';
+        if (cred.authzid) {
+            authzid = 'a=' + utils.saslname(cred.authzid);
+        }
+
+        mech._gs2Header = 'n,' + authzid + ',';
+
+        var nonce = 'r=' + mech._cnonce;
+        var username = 'n=' + utils.saslname(cred.username || '');
+
+        mech._clientFirstMessageBare = username + ',' + nonce;
+        var result = mech._gs2Header + mech._clientFirstMessageBare;
+
+        mech._stage = 'two';
+
+        return result;
+    };
+
+
+    RESP.two = function (mech, cred) {
+        var gs2Header = Buffer.from(mech._gs2Header).toString('base64');
+        mech._clientFinalMessageWithoutProof = 'c=' + gs2Header + ',r=' + mech._nonce;
+
+        var saltedPassword, clientKey, serverKey;
+
+        var algorithm = cred.mechanism.substring(6).toLowerCase().replace("-", "");
+
+        // If our cached salt is the same, we can reuse cached credentials to speed
+        // up the hashing process.
+        if (cred.salt && Buffer.compare(cred.salt, mech._salt) === 0) {
+            if (cred.clientKey && cred.serverKey) {
+                clientKey = cred.clientKey;
+                serverKey = cred.serverKey;
+            } else if (cred.saltedPassword) {
+                saltedPassword = cred.saltedPassword;
+                clientKey = bitops.HMAC(algorithm, saltedPassword, CLIENT_KEY);
+                serverKey = bitops.HMAC(algorithm, saltedPassword, SERVER_KEY);
+            }
+        } else {
+            saltedPassword = bitops.Hi(algorithm, cred.password || '', mech._salt, mech._iterationCount);
+            clientKey = bitops.HMAC(algorithm, saltedPassword, CLIENT_KEY);
+            serverKey = bitops.HMAC(algorithm, saltedPassword, SERVER_KEY);
+        }
+
+        var storedKey = bitops.H(algorithm, clientKey);
+        var authMessage = mech._clientFirstMessageBare + ',' +
+            mech._challenge + ',' +
+            mech._clientFinalMessageWithoutProof;
+        var clientSignature = bitops.HMAC(algorithm, storedKey, authMessage);
+
+        var clientProof = bitops.XOR(clientKey, clientSignature).toString('base64');
+
+        mech._serverSignature = bitops.HMAC(algorithm, serverKey, authMessage);
+
+        var result = mech._clientFinalMessageWithoutProof + ',p=' + clientProof;
+
+        mech._stage = 'final';
+
+        mech.cache = {
+            salt: mech._salt,
+            saltedPassword: saltedPassword,
+            clientKey: clientKey,
+            serverKey: serverKey
+        };
+        return result;
+    };
+
+    RESP.final = function () {
+        return '';
+    };
+
+
+    exports = module.exports = Mechanism;
+
+}));

package/lib/utils.js

@@ -2,7 +2,7 @@
 
   var _ = require('underscore');
   var log4js = require('log4js');
-  var randomBytes = require('randombytes');
+  var randomBytes = require('crypto').randomBytes;
 
   var f = require('./functional');
 

package/memory-profiling/helper.js

@@ -0,0 +1,9 @@
+const fs = require('fs');
+const v8 = require('v8');
+
+exports.createHeapSnapshot = function() {
+  const snapshotStream = v8.getHeapSnapshot();
+  const fileName = `${Date.now()}.heapsnapshot`;
+  const fileStream = fs.createWriteStream('/tmp/' + fileName);
+  snapshotStream.pipe(fileStream);
+}

package/memory-profiling/infinispan_memory_many_get.js

@@ -1,7 +1,6 @@
 var _ = require('underscore');
 var infinispan = require('../lib/infinispan');
-
-var heapdump = require('heapdump');
+var helper = require('./helper');
 
 var connected = infinispan.client({port: 11222, host: '127.0.0.1'},{cacheName: 'namedCache'});
 console.log("Connected to JDG server");
@@ -12,7 +11,6 @@ connected.then(function (client) {
 
   return put.then(function() {
     var heapUseAfterPut = process.memoryUsage().heapUsed;
-    //heapdump.writeSnapshot('/tmp/' + Date.now() + '.heapsnapshot');
 
     var temp = [];
     var numOps = 10000; // 500000

package/memory-profiling/infinispan_memory_one_get.js

@@ -1,7 +1,9 @@
 var _ = require('underscore');
 var infinispan = require('../lib/infinispan');
+var helper = require('./helper');
 
-var heapdump = require('heapdump');
+const fs = require('fs');
+const v8 = require('v8');
 
 var connected = infinispan.client({port: 11222, host: '127.0.0.1'},{cacheName: 'namedCache'});
 console.log("Connected to JDG server");
@@ -12,7 +14,7 @@ connected.then(function (client) {
   var afterPut = put.then(function() {
     //console.log("After put, heapUsed: "+process.memoryUsage().heapUsed);
 
-    heapdump.writeSnapshot('/tmp/' + Date.now() + '.heapsnapshot');
+    helper.createHeapSnapshot();
   });
 
   var get1 = afterPut.then(function test_get1() {
@@ -27,7 +29,7 @@ connected.then(function (client) {
     global.gc();
     //console.log("After get1, heapUsed: "+process.memoryUsage().heapUsed);
 
-    heapdump.writeSnapshot('/tmp/' + Date.now() + '.heapsnapshot');
+    helper.createHeapSnapshot();
   });
 
   var get2 = dumpAfterGet1.then(function test_get2() {
@@ -42,7 +44,7 @@ connected.then(function (client) {
     global.gc();
     //console.log("After get2, heapUsed: "+process.memoryUsage().heapUsed);
 
-    heapdump.writeSnapshot('/tmp/' + Date.now() + '.heapsnapshot');
+    helper.createHeapSnapshot();
   });
 
   return dumpAfterGet2.then(function test_disconnect() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "infinispan",
-  "version": "0.8.0",
+  "version": "0.10.0",
   "description": "Infinispan Javascript client",
   "main": "index",
   "directories": {
@@ -25,21 +25,15 @@
     "url": "https://github.com/infinispan/js-client"
   },
   "dependencies": {
-    "bitwise-xor": "0.0.0",
-    "create-hash": "^1.1.0",
-    "create-hmac": "^1.1.3",
-    "log4js": "^3.0.5",
-    "promise.prototype.finally": "^3.1.0",
-    "randombytes": "^2.0.1",
-    "sasl-digest-md5": "^0.1.0",
-    "saslmechanisms": "^0.1.1",
-    "underscore": "^1.9.1"
+    "buffer-xor": "^2.0.2",
+    "log4js": "^6.4.6",
+    "protobufjs": "^7.0.0",
+    "underscore": "^1.13.3"
   },
   "devDependencies": {
     "growl": "^1.10.5",
-    "heapdump": "^0.3.9",
-    "jasmine-node": "^1.16.2",
-    "jsdoc": "^3.6.6",
+    "jasmine-node": "^3.0.0",
+    "jsdoc": "^3.6.10",
     "request": "^2.88.0"
   }
 }