Version 1.6 - Updated on 03/23/2017
Constants used in the SDK are:
API_SERVER
API_CONTENT_SERVER
API_NOTIFY_SERVER
WEB_SERVER
The values of these constants are provided by the user and are defined in connection.yml
.
.clean_params(params) ⇒ Object
def self.clean_params(params)
r = {}
params.each do |k, v|
r[k] = v.to_s if not v.nil?
end
r
end
.do_http(uri, request) ⇒ Object
def self.do_http(uri, request) # :nodoc:
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.read_timeout = 3600
# Important security note!
# Some Ruby versions (e.g. the one that ships with OS X) do not raise
# an exception if certificate validation fails. We therefore have to
# add a custom callback to ensure that invalid certs are not accepted.
# Some specific error codes are let through, so we change the error
# code to make sure that Ruby throws an exception if certificate
# validation fails.
#
# See the man page for 'verify' for more information on error codes.
#
# You can comment out this code if your Ruby version is not vulnerable.
http.verify_callback = proc do |preverify_ok, ssl_context|
# 0 is the error code for success
if preverify_ok && ssl_context.error == 0
true
else
# 7 is the error code for certification signature failure
ssl_context.error = 7
false
end
end
#We use this to better understand how developers are using our SDKs.
request['User-Agent'] = "OfficialSdkRubySDK/#{Sdk::SDK_VERSION}"
begin
http.request(request)
rescue OpenSSL::SSL::SSLError => e
raise SdkError.new("SSL error connecting to Server.")
end
end
.make_query_string(params) ⇒ Object
def self.make_query_string(params)
clean_params(params).collect {|k, v|
CGI.escape(k) + "=" + CGI.escape(v)
}.join("&")
end
.parse_response(response, raw = false) ⇒ Object
Parse response. Do not call this method directly. This method takes responses from the server and parses them. It also checks for errors and raises exceptions with the appropriate messages.
def self.parse_response(response, raw=false) # :nodoc:
if response.is_a?(Net::HTTPServerError)
raise SdkError.new("Sdk Server Error: #{response} - #{response.body}", response)
elsif response.is_a?(Net::HTTPUnauthorized)
raise SdkAuthError.new("User is not authenticated.", response)
elsif !response.is_a?(Net::HTTPSuccess)
begin
d = JSON.parse(response.body)
rescue
raise SdkError.new("Sdk Server Error: body=#{response.body}", response)
end
if d['user_error'] and d['error']
raise SdkError.new(d['error'], response, d['user_error']) #user_error is translated
elsif d['error']
raise SdkError.new(d['error'], response)
else
raise SdkError.new(response.body, response)
end
end
return response.body if raw
begin
return JSON.parse(response.body)
rescue JSON::ParserError
raise SdkError.new("Unable to parse JSON response: #{response.body}", response)
end
end
.safe_string_equals(a, b) ⇒ Object
A string comparison function that is resistant to timing attacks. The time it takes to run will leak the length of the secret string, but not any of the character values.
def self.safe_string_equals(a, b)
if a.length != b.length
false
else
a.chars.zip(b.chars).map {|ac,bc| ac == bc}.reduce(true, :&)
end
end
Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.