Add TLS support (#2)

* Add SSL support to Sip2::Client
* Move XXX_with_timeout methods from NonBlockingSocket to the Connection class
* Fix checksum validation regex (full match instead of line match)
* Fix bug in test server where optional locationCode was required
* Switch to named parameters for most methods

Author: abrom

.rubocop.yml

@@ -1,5 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.4
+  NewCops: enable
+
+Layout/DotPosition:
+  EnforcedStyle: trailing
 
 Layout/LineLength:
   Max: 100

.travis.yml

@@ -15,7 +15,7 @@ install:
   - gem install rubocop
 
 script:
-  - rubocop
+  - bundle exec rubocop
   # Blackhole 127.0.0.2 for testing connection timeouts
   - sudo iptables -I INPUT -s 127.0.0.2 -j DROP
   - bundle exec rake

bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'sip2'
+
+require 'irb'
+IRB.start

lib/sip2.rb

@@ -2,6 +2,8 @@
 
 require 'sip2/version'
 
+require 'openssl'
+
 require 'sip2/patron_information'
 
 require 'sip2/messages/login'

lib/sip2/client.rb

@@ -5,18 +5,33 @@ module Sip2
   # Sip2 Client
   #
   class Client
-    def initialize(host:, port:, ignore_error_detection: false, timeout: nil)
+    def initialize(host:, port:, ignore_error_detection: false, timeout: nil, ssl_context: nil)
       @host = host
       @port = port
       @ignore_error_detection = ignore_error_detection
       @timeout = timeout || NonBlockingSocket::DEFAULT_TIMEOUT
+      @ssl_context = ssl_context
     end
 
+    # rubocop:disable Metrics/MethodLength
     def connect
-      socket = NonBlockingSocket.connect @host, @port, @timeout
-      yield Connection.new(socket, @ignore_error_detection) if block_given?
+      socket = NonBlockingSocket.connect host: @host, port: @port, timeout: @timeout
+
+      # If we've been provided with an SSL context then use it to wrap out existing connection
+      if @ssl_context
+        socket = ::OpenSSL::SSL::SSLSocket.new socket, @ssl_context
+        socket.hostname = @host # Needed for SNI
+        socket.sync_close = true
+        socket.connect
+        socket.post_connection_check @host # Validate the peer certificate matches the host
+      end
+
+      if block_given?
+        yield Connection.new(socket: socket, ignore_error_detection: @ignore_error_detection)
+      end
     ensure
       socket&.close
     end
+    # rubocop:enable Metrics/MethodLength
   end
 end

lib/sip2/connection.rb

@@ -5,6 +5,8 @@ module Sip2
   # Sip2 Connection
   #
   class Connection
+    LINE_SEPARATOR = "\r"
+
     @connection_modules = []
 
     class << self
@@ -18,12 +20,17 @@ def add_connection_module(module_name)
     include Messages::Login
     include Messages::PatronInformation
 
-    def initialize(socket, ignore_error_detection)
+    def initialize(socket:, ignore_error_detection: false)
       @socket = socket
       @ignore_error_detection = ignore_error_detection
       @sequence = 1
     end
 
+    def send_message(message)
+      write_with_timeout message
+      read_with_timeout
+    end
+
     def method_missing(method_name, *args)
       if Connection.connection_modules.include?(method_name.to_sym)
         send_and_handle_message(method_name, *args)
@@ -47,13 +54,27 @@ def send_and_handle_message(message_type, *args)
       send "handle_#{message_type}_response", response
     end
 
-    def send_message(message)
-      @socket.send_with_timeout message
-      @socket.gets_with_timeout
+    def write_with_timeout(message, separator: LINE_SEPARATOR)
+      ::Timeout.timeout connection_timeout, WriteTimeout do
+        @socket.write message + separator
+      end
+    end
+
+    def read_with_timeout(separator: LINE_SEPARATOR)
+      ::Timeout.timeout connection_timeout, ReadTimeout do
+        @socket.gets(separator)&.chomp(separator)
+      end
+    end
+
+    def connection_timeout
+      # We want the underlying connection where the timeout is configured,
+      # so if we're dealing with an SSLSocket then we need to unwrap it
+      io = @socket.respond_to?(:io) ? @socket.io : @socket
+      io.connection_timeout || NonBlockingSocket::DEFAULT_TIMEOUT
     end
 
     def with_error_detection(message)
-      message + '|AY' + @sequence.to_s
+      "#{message}|AY#{@sequence}"
     end
 
     def with_checksum(message)
@@ -72,7 +93,7 @@ def checksum_for(message)
     def sequence_and_checksum_valid?(response)
       return true if @ignore_error_detection
 
-      sequence_regex = /^(?<message>.*?AY(?<sequence>[0-9]+)AZ)(?<checksum>[A-F0-9]{4})$/
+      sequence_regex = /\A(?<message>.*?AY(?<sequence>[0-9]+)AZ)(?<checksum>[A-F0-9]{4})\z/
       match = response.strip.match sequence_regex
       match &&
         match[:sequence] == @sequence.to_s &&

lib/sip2/messages/login.rb

@@ -12,11 +12,11 @@ def self.included(klass)
 
       private
 
-      def build_login_message(username, password, location_code = nil)
+      def build_login_message(username:, password:, location_code: nil)
         code = '93' # Login
         uid_algorithm = pw_algorithm = '0' # Plain text
-        username_field = 'CN' + username
-        password_field = 'CO' + password
+        username_field = "CN#{username}"
+        password_field = "CO#{password}"
         location_code = location_code.strip if location_code.is_a? String
         location_field = location_code ? "|CP#{location_code}" : ''
 
@@ -26,7 +26,7 @@ def build_login_message(username, password, location_code = nil)
       end
 
       def handle_login_response(response)
-        sequence_and_checksum_valid?(response) && response[/^94([01])AY/, 1] == '1'
+        sequence_and_checksum_valid?(response) && response[/\A94([01])AY/, 1] == '1'
       end
     end
   end

lib/sip2/messages/patron_information.rb

@@ -12,7 +12,7 @@ def self.included(klass)
 
       private
 
-      def build_patron_information_message(uid, password, terminal_password = nil)
+      def build_patron_information_message(uid:, password:, terminal_password: nil)
         code = '63' # Patron information
         language = '000' # Unknown
         timestamp = Time.now.strftime('%Y%m%d    %H%M%S')

lib/sip2/non_blocking_socket.rb

@@ -10,24 +10,11 @@ module Sip2
   #
   class NonBlockingSocket < Socket
     DEFAULT_TIMEOUT = 5
-    SEPARATOR = "\r"
 
     attr_accessor :connection_timeout
 
-    def send_with_timeout(message, separator = SEPARATOR)
-      ::Timeout.timeout (connection_timeout || DEFAULT_TIMEOUT), WriteTimeout do
-        send message + separator, 0
-      end
-    end
-
-    def gets_with_timeout(separator = SEPARATOR)
-      ::Timeout.timeout (connection_timeout || DEFAULT_TIMEOUT), ReadTimeout do
-        gets separator
-      end
-    end
-
     # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-    def self.connect(host, port, timeout = DEFAULT_TIMEOUT)
+    def self.connect(host:, port:, timeout: DEFAULT_TIMEOUT)
       # Convert the passed host into structures the non-blocking calls can deal with
       addr = Socket.getaddrinfo(host, nil)
       sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])

sip2.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/Studiosity/sip2-ruby'
   spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
+  spec.files         = `git ls-files lib`.split("\n") + ['LICENSE']
   spec.require_paths = ['lib']
 
   spec.required_ruby_version = '>= 2.4.0'