Test implementation of ZAuth + CURVE authentication

Author: itpetey

.gitignore

@@ -0,0 +1,2 @@
+Cargo.lock
+target/

Cargo.toml

@@ -18,12 +18,16 @@ default = ["remote-run"]
 local-run = []
 
 # Run API endpoints against a remote agent
-remote-run = ["zmq", "zmq-sys"]
+remote-run = ["czmq", "zmq"]
 
 [build-dependencies]
 
 regex = "0.1.*"
 
+[dev-dependencies]
+
+tempdir = "0.3"
+
 [dependencies]
 
 lazy_static = "0.1.*"
@@ -32,8 +36,8 @@ rustc-serialize = "0.3.*"
 regex = "0.1.*"
 
 # Feature `remote-run`
-zmq = { git = "https://github.com/petehayes102/rust-zmq.git", branch = "feature/socket-raw", optional = true }
-zmq-sys = { version = "*", optional = true }
+czmq = { git = "https://github.com/petehayes102/rust-czmq.git", branch = "dev", optional = true }
+zmq = { git = "https://github.com/petehayes102/rust-zmq.git", branch = "tmp-master", optional = true }
 
 [lib]
 

src/error.rs

@@ -6,6 +6,7 @@
 // https://www.tldrlegal.com/l/mpl-2.0>. This file may not be copied,
 // modified, or distributed except according to those terms.
 
+use czmq;
 use rustc_serialize::json;
 use std::{convert, error, fmt, io, num, str, string};
 #[cfg(feature = "remote-run")]
@@ -15,6 +16,8 @@ use zmq;
 pub enum Error {
     /// An error string returned from the host's Intecture Agent
     Agent(String),
+    /// CZMQ error
+    Czmq(czmq::Error),
     /// JSON decoder error
     JsonDecoder(json::DecoderError),
     /// Message frames missing in the response from host's Intecture Agent
@@ -41,6 +44,7 @@ impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match *self {
             Error::Agent(ref e) => write!(f, "Agent error: {}", e),
+            Error::Czmq(ref e) => write!(f, "CZMQ error: {}", e),
             Error::JsonDecoder(ref e) => write!(f, "JSON decoder error: {}", e),
             #[cfg(feature = "remote-run")]
             Error::Frame(ref e) => write!(f, "Missing frame {} in message: {}", e.order, e.name),
@@ -60,6 +64,7 @@ impl error::Error for Error {
     fn description(&self) -> &str {
         match *self {
             Error::Agent(ref e) => e,
+            Error::Czmq(ref e) => e.description(),
             Error::JsonDecoder(ref e) => e.description(),
             #[cfg(feature = "remote-run")]
             Error::Frame(_) => "The Agent's reply was missing a part ('frame') of the expected message",
@@ -75,6 +80,12 @@ impl error::Error for Error {
     }
 }
 
+impl convert::From<czmq::Error> for Error {
+    fn from(err: czmq::Error) -> Error {
+        Error::Czmq(err)
+    }
+}
+
 impl convert::From<json::DecoderError> for Error {
     fn from(err: json::DecoderError) -> Error {
         Error::JsonDecoder(err)

src/host/ffi.rs

@@ -9,12 +9,14 @@
 //! FFI interface for Host
 
 #[cfg(feature = "remote-run")]
-use libc::{c_char, c_void, uint32_t};
+use libc::{c_char, uint32_t};
 use std::convert;
 #[cfg(feature = "remote-run")]
 use std::{ptr, str};
 #[cfg(feature = "remote-run")]
 use std::ffi::{CStr, CString};
+#[cfg(feature = "remote-run")]
+use std::os::raw::c_void;
 use super::*;
 #[cfg(feature = "remote-run")]
 use zmq;
@@ -152,15 +154,15 @@ mod tests {
     #[test]
     fn test_convert_host_connected() {
         let mut host = Host::new();
-        assert!(host.connect("127.0.0.1", 7101, 7102, 7103).is_ok());
+        assert!(host.connect("localhost", 7101, 7102, 7103).is_ok());
         Ffi__Host::from(host);
     }
 
     #[cfg(feature = "remote-run")]
     #[test]
     fn test_convert_ffi_host() {
         let mut ctx = zmq::Context::new();
-        let mut sock = ctx.socket(zmq::REQ).unwrap();
+        let sock = ctx.socket(zmq::REQ).unwrap();
 
         let ffi_host = Ffi__Host {
             hostname: CString::new("localhost").unwrap().into_raw(),

src/host/mod.rs

@@ -46,7 +46,7 @@ use zmq;
 pub struct Host;
 #[cfg(feature = "remote-run")]
 pub struct Host {
-    // Hostname or IP of managed host
+    /// Hostname or IP of managed host
     hostname: Option<String>,
     /// API socket
     api_sock: Option<zmq::Socket>,

src/host/remote.rs

@@ -8,9 +8,11 @@
 
 //! The host wrapper for communicating with a remote host.
 
+use czmq::ZCert;
 use error::{Error, MissingFrame};
 use file::FileOpts;
 use Result;
+use runtime_helpers::RUNTIME_ARGS;
 use std::sync::Mutex;
 use std::thread::sleep;
 use std::time::Duration;
@@ -47,11 +49,17 @@ impl Host {
     pub fn connect(&mut self, hostname: &str, api_port: u32, upload_port: u32, download_port: u32) -> Result<()> {
         self.hostname = Some(hostname.to_string());
 
+        let server_cert = try!(ZCert::load(&format!("{}/{}.crt", RUNTIME_ARGS.server_cert_path, hostname)));
+
         self.api_sock = Some(ZMQCTX.lock().unwrap().socket(zmq::REQ).unwrap());
+        RUNTIME_ARGS.user_cert.apply(self.api_sock.as_mut().unwrap());
+        try!(self.api_sock.as_mut().unwrap().set_curve_serverkey(server_cert.public_txt()));
         try!(self.api_sock.as_mut().unwrap().set_linger(5000));
         try!(self.api_sock.as_mut().unwrap().connect(&format!("tcp://{}:{}", hostname, api_port)));
 
         self.upload_sock = Some(ZMQCTX.lock().unwrap().socket(zmq::PUB).unwrap());
+        RUNTIME_ARGS.user_cert.apply(self.api_sock.as_mut().unwrap());
+        try!(self.upload_sock.as_mut().unwrap().set_curve_serverkey(server_cert.public_txt()));
         try!(self.upload_sock.as_mut().unwrap().connect(&format!("tcp://{}:{}", hostname, upload_port)));
 
         self.download_port = Some(download_port);
@@ -86,6 +94,9 @@ impl Host {
     #[doc(hidden)]
     pub fn send_file(&mut self, endpoint: &str, path: &str, hash: u64, size: u64, total_chunks: u64, options: Option<&[FileOpts]>) -> Result<zmq::Socket> {
         let mut download_sock = ZMQCTX.lock().unwrap().socket(zmq::SUB).unwrap();
+        RUNTIME_ARGS.user_cert.apply(&mut download_sock);
+        let server_cert = try!(ZCert::load(&format!("{}/{}.crt", RUNTIME_ARGS.server_cert_path, self.hostname.as_mut().unwrap())));
+        try!(download_sock.set_curve_serverkey(server_cert.public_txt()));
         try!(download_sock.connect(&format!("tcp://{}:{}", self.hostname.as_mut().unwrap(), self.download_port.unwrap())));
         try!(download_sock.set_subscribe(path.as_bytes()));
 
@@ -174,7 +185,7 @@ mod tests {
     #[test]
     fn test_host_connect() {
         let mut host = Host::new();
-        assert!(host.connect("127.0.0.1", 7101, 7102, 7103).is_ok());
+        assert!(host.connect("localhost", 7101, 7102, 7103).is_ok());
     }
 
     #[test]

src/lib.rs

@@ -24,15 +24,17 @@
 //! Intecture API primitives, or the program will hang while it
 //! attempts to connect to a non-existent socket.
 
+#[cfg(feature = "remote-run")]
+extern crate czmq;
 #[macro_use]
 extern crate lazy_static;
 extern crate libc;
 extern crate regex;
 extern crate rustc_serialize;
+#[cfg(test)]
+extern crate tempdir;
 #[cfg(feature = "remote-run")]
 extern crate zmq;
-#[cfg(all(test, feature = "remote-run"))]
-extern crate zmq_sys;
 
 pub mod command;
 pub mod directory;
@@ -41,6 +43,8 @@ mod ffi_helpers;
 pub mod file;
 pub mod host;
 pub mod package;
+#[cfg(feature = "remote-run")]
+mod runtime_helpers;
 pub mod service;
 mod target;
 pub mod telemetry;
@@ -52,6 +56,8 @@ pub use file::{File, FileOpts, FileOwner};
 pub use host::Host;
 pub use package::{Package, PackageResult};
 pub use package::providers::{Provider, ProviderFactory, Providers};
+#[cfg(feature = "remote-run")]
+pub use runtime_helpers::RuntimeArgs;
 pub use service::{Service, ServiceRunnable};
 pub use telemetry::{Cpu, FsMount, Netif, NetifStatus, NetifIPv4, NetifIPv6, Os, Telemetry};
 

src/runtime_helpers.rs

@@ -0,0 +1,152 @@
+// Copyright 2015-2016 Intecture Developers. See the COPYRIGHT file at the
+// top-level directory of this distribution and at
+// https://intecture.io/COPYRIGHT.
+//
+// Licensed under the Mozilla Public License 2.0 <LICENSE or
+// https://www.tldrlegal.com/l/mpl-2.0>. This file may not be copied,
+// modified, or distributed except according to those terms.
+
+use czmq::ZCert;
+use {Error, Result};
+#[cfg(not(test))]
+use std::env::{self, Args};
+use std::process::exit;
+#[cfg(test)]
+use tempdir::TempDir;
+
+#[cfg(test)]
+lazy_static! {
+    static ref TMP_DIR: TempDir = TempDir::new("test_runtime_args").unwrap();
+    pub static ref RUNTIME_ARGS: RuntimeArgs = RuntimeArgs::new_test();
+}
+#[cfg(not(test))]
+lazy_static! {
+    pub static ref RUNTIME_ARGS: RuntimeArgs = RuntimeArgs::new_usage(env::args());
+}
+
+pub struct RuntimeArgs {
+    pub user_cert: ZCert,
+    pub server_cert_path: String,
+    pub user_args: Vec<String>,
+}
+
+unsafe impl Sync for RuntimeArgs {}
+
+impl RuntimeArgs {
+    #[cfg(test)]
+    fn new_test() -> RuntimeArgs {
+        let server_cert = ZCert::new().unwrap();
+        server_cert.save(&format!("{}/localhost.crt", TMP_DIR.path().to_str().unwrap())).unwrap();
+
+        let user_cert = ZCert::new().unwrap();
+        let user_path = format!("{}/user.crt", TMP_DIR.path().to_str().unwrap());
+        user_cert.save(&user_path).unwrap();
+
+         RuntimeArgs::new(vec![
+             "/fake/runnable".to_string(),
+             user_path,
+             TMP_DIR.path().to_str().unwrap().to_string(),
+         ]).unwrap()
+    }
+
+    #[cfg(not(test))]
+    fn new_usage(args: Args) -> RuntimeArgs {
+        let args: Vec<String> = args.collect();
+        let ra = Self::new(args);
+
+        if ra.is_err() {
+            println!("You should not invoke this project manually!");
+            println!("Usage: incli run [<script_args>]");
+            exit(1);
+        }
+
+        ra.unwrap()
+    }
+
+    fn new(args: Vec<String>) -> Result<RuntimeArgs> {
+        let mut args = args;
+
+        if args.len() < 3 {
+            return Err(Error::Generic("Missing args".to_string()));
+        }
+
+        // Remove filename
+        args.remove(0);
+
+        Ok(RuntimeArgs {
+            user_cert: try!(ZCert::load(&args.remove(0))),
+            server_cert_path: args.remove(0),
+            user_args: args,
+        })
+    }
+
+    pub fn expect_user_args<'a>(&'a mut self, required_args: &[&str]) -> &'a [String] {
+        if self.user_args.len() != required_args.len() {
+            // Generate usage string
+            let mut usage = String::from("Usage: incli run");
+            for arg in required_args {
+                usage.push_str(" <");
+                usage.push_str(arg);
+                usage.push_str(">");
+            }
+
+            println!("{}", usage);
+            exit(1);
+        }
+
+        &self.user_args
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use czmq::ZCert;
+    use super::*;
+    use tempdir::TempDir;
+
+    #[test]
+    fn test_new_ok() {
+        let dir = TempDir::new("test_new_ok").unwrap();
+
+        let user_path = format!("{}/user.crt", dir.path().to_str().unwrap());
+        let server_path = format!("{}/localhost.crt", dir.path().to_str().unwrap());
+
+        let user_cert = ZCert::new().unwrap();
+        user_cert.save(&user_path).unwrap();
+
+        let runtime_args = RuntimeArgs::new(vec![
+            "/path/to/project/runnable".to_string(),
+            user_path,
+            server_path
+        ]);
+        assert!(runtime_args.is_ok());
+        assert_eq!(runtime_args.unwrap().user_args.len(), 0);
+    }
+
+    #[test]
+    fn test_new_noargs() {
+        let runtime_args = RuntimeArgs::new(vec!["/path/to/project/runnable".to_string()]);
+        assert!(runtime_args.is_err());
+    }
+
+    #[test]
+    fn test_new_usrargs() {
+        let dir = TempDir::new("test_new_usrargs").unwrap();
+
+        let user_path = format!("{}/user.crt", dir.path().to_str().unwrap());
+        let server_path = format!("{}/localhost.crt", dir.path().to_str().unwrap());
+
+        let user_cert = ZCert::new().unwrap();
+        user_cert.save(&user_path).unwrap();
+
+         let runtime_args = RuntimeArgs::new(vec![
+             "/path/to/project/runnable".to_string(),
+             user_path,
+             server_path,
+             "user1".to_string(),
+             "user2".to_string(),
+         ]).unwrap();
+        assert_eq!(runtime_args.user_args.get(0).unwrap(), "user1");
+        assert_eq!(runtime_args.user_args.get(1).unwrap(), "user2");
+    }
+}