Sdk

Module: Sdk

Version 1.6 - Updated on 03/23/2017

Contents

Constant Summary

Constants used in the SDK are:

  • API_SERVER
  • API_CONTENT_SERVER
  • API_NOTIFY_SERVER
  • WEB_SERVER

The values of these constants are provided by the user and are defined in connection.yml.

Class Method Details

.clean_params(params) ⇒ Object

def self.clean_params(params)
  r = {}
  params.each do |k, v|
    r[k] = v.to_s if not v.nil?
  end
  r
end

.do_http(uri, request) ⇒ Object

def self.do_http(uri, request) # :nodoc:

  http = Net::HTTP.new(uri.host, uri.port)

  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.read_timeout = 3600

  # Important security note!
  # Some Ruby versions (e.g. the one that ships with OS X) do not raise
  # an exception if certificate validation fails. We therefore have to
  # add a custom callback to ensure that invalid certs are not accepted.
  # Some specific error codes are let through, so we change the error
  # code to make sure that Ruby throws an exception if certificate
  # validation fails.
  #
  # See the man page for 'verify' for more information on error codes.
  #
  # You can comment out this code if your Ruby version is not vulnerable.
  http.verify_callback = proc do |preverify_ok, ssl_context|
    # 0 is the error code for success
    if preverify_ok && ssl_context.error == 0
      true
    else
      # 7 is the error code for certification signature failure
      ssl_context.error = 7
      false
    end
  end

  #We use this to better understand how developers are using our SDKs.
  request['User-Agent'] =  "OfficialSdkRubySDK/#{Sdk::SDK_VERSION}"

  begin
    http.request(request)
  rescue OpenSSL::SSL::SSLError => e
    raise SdkError.new("SSL error connecting to Server.")
  end
end

.make_query_string(params) ⇒ Object

def self.make_query_string(params)	
  clean_params(params).collect {|k, v|
    CGI.escape(k) + "=" + CGI.escape(v)
  }.join("&")
end

.parse_response(response, raw = false) ⇒ Object

Parse response. Do not call this method directly. This method takes responses from the server and parses them. It also checks for errors and raises exceptions with the appropriate messages.

def self.parse_response(response, raw=false) # :nodoc:
  if response.is_a?(Net::HTTPServerError)
    raise SdkError.new("Sdk Server Error: #{response} - #{response.body}", response)
  elsif response.is_a?(Net::HTTPUnauthorized)
    raise SdkAuthError.new("User is not authenticated.", response)
  elsif !response.is_a?(Net::HTTPSuccess)
    begin
      d = JSON.parse(response.body)
    rescue
      raise SdkError.new("Sdk Server Error: body=#{response.body}", response)
    end
    if d['user_error'] and d['error']
      raise SdkError.new(d['error'], response, d['user_error'])  #user_error is translated
    elsif d['error']
      raise SdkError.new(d['error'], response)
    else
      raise SdkError.new(response.body, response)
    end
  end

  return response.body if raw

  begin
    return JSON.parse(response.body)
  rescue JSON::ParserError
    raise SdkError.new("Unable to parse JSON response: #{response.body}", response)
  end
end

.safe_string_equals(a, b) ⇒ Object

A string comparison function that is resistant to timing attacks. The time it takes to run will leak the length of the secret string, but not any of the character values.

def self.safe_string_equals(a, b)
  if a.length != b.length
    false
  else
    a.chars.zip(b.chars).map {|ac,bc| ac == bc}.reduce(true, :&)
  end
end

Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.