summaryrefslogtreecommitdiff
path: root/aws/cloudformation
diff options
context:
space:
mode:
authorDavid Thompson <dthompson2@worcester.edu>2018-11-28 12:44:54 -0500
committerDavid Thompson <dthompson2@worcester.edu>2018-11-30 04:27:29 -0500
commit68e13e0aec50a12b343aec8c2009162e4dbc08de (patch)
treef489c522db554bda099ea95df2c3db13cc2dc96c /aws/cloudformation
parent48d9c1bd38e33c3d24a1ff85a521609893a39fbe (diff)
First working version.
Diffstat (limited to 'aws/cloudformation')
-rw-r--r--aws/cloudformation/utils.scm277
-rw-r--r--aws/cloudformation/utils/base32.scm53
-rw-r--r--aws/cloudformation/utils/json.scm386
-rw-r--r--aws/cloudformation/utils/sha-1.scm300
4 files changed, 1016 insertions, 0 deletions
diff --git a/aws/cloudformation/utils.scm b/aws/cloudformation/utils.scm
new file mode 100644
index 0000000..e618cf8
--- /dev/null
+++ b/aws/cloudformation/utils.scm
@@ -0,0 +1,277 @@
+(define-module (aws cloudformation utils)
+ #:use-module (aws cloudformation utils base32)
+ #:use-module (aws cloudformation utils sha-1)
+ #:use-module (ice-9 match)
+ #:use-module (oop goops)
+ #:use-module (rnrs bytevectors)
+ #:use-module (srfi srfi-1)
+ #:export (<cloudformation-property>
+ <cloudformation-object>
+ <cloudformation-attribute>
+ <cloudformation-resource>
+ <cloudformation-stack>
+ attributes
+ aws-string->symbol
+ description
+ documentation-url
+ id
+ name
+ outputs
+ parameters
+ primitive-type
+ properties
+ required?
+ resource-name
+ resources
+ to-json
+ type-check
+ type-checker
+ update-type
+ valid?))
+
+(define (aws-string->symbol str)
+ ;; Drop the "AWS::" that's at the beginning of *almost* everything.
+ (let ((str (if (string-prefix? "AWS::" str)
+ (string-drop str 5)
+ str)))
+ (list->symbol
+ (let loop ((i 0)
+ (same-word? #t)
+ (slash-delimiter? #f))
+ (cond
+ ((= i (string-length str)) ; end of string
+ '())
+ ;; "IoT" violates all the rules. grrrr
+ ((and (< (+ i 3) (string-length str))
+ (eqv? (string-ref str i) #\I)
+ (eqv? (string-ref str (+ i 1)) #\o)
+ (eqv? (string-ref str (+ i 2)) #\T))
+ (cons* #\i #\o #\t (loop (+ i 3) #f #f)))
+ ;; Replace "." with "/"
+ ((eqv? (string-ref str i) #\.)
+ (cons #\/ (loop (1+ i) #f #t)))
+ ;; Get rid of "::"
+ ((and (eqv? (string-ref str i) #\:)
+ (eqv? (string-ref str (1+ i)) #\:))
+ (loop (+ i 2) #f #f))
+ ((char-upper-case? (string-ref str i)) ; detect camel casing
+ (cond
+ ;; If we've had a string of uppercase characters and the
+ ;; next character is lowercase, we're actually at the
+ ;; beginning of a new word. For example, when we reach the
+ ;; "I" in "DBInstance" we need to treat it as the beginning
+ ;; of a new word.
+ ((and same-word?
+ (< (1+ i) (string-length str))
+ (char-lower-case? (string-ref str (1+ i))))
+ (loop i #f #f))
+ ;; Consecutive uppercase characters are part of the same word.
+ (same-word?
+ (cons (char-downcase (string-ref str i)) (loop (1+ i) #t #f)))
+ ;; Encountering an uppercase character after a series of
+ ;; non-uppercase characters means that we are at the
+ ;; beginning of a new word.
+ (else
+ (if (or (zero? i) slash-delimiter?)
+ (cons (char-downcase (string-ref str i)) (loop (1+ i) #t #f))
+ (cons* #\- (char-downcase (string-ref str i))
+ (loop (1+ i) #t #f))))))
+ (else
+ (cons (string-ref str i) (loop (1+ i) #f #f))))))))
+
+(define-class <cloudformation-property> ()
+ (name #:getter name #:init-keyword #:name)
+ (type-checker #:getter type-checker #:init-keyword #:type-checker)
+ (required? #:getter required? #:init-keyword #:required?)
+ (update-type #:getter update-type #:init-keyword #:update-type)
+ (documentation-url #:getter documentation-url
+ #:init-keyword #:documentation-url))
+
+(define-method (type-check (procedure <procedure>) x)
+ (procedure x))
+
+(define-method (type-check (property <cloudformation-property>) x)
+ ((type-checker property) x))
+
+(define-class <cloudformation-class> (<class>)
+ (properties #:getter properties)
+ (cfn-name #:getter cfn-name)
+ (documentation-url #:getter documentation-url))
+
+(define-method (initialize (cfn-class <cloudformation-class>) args)
+ (define* (slot-cfn-property slot-name #:key cfn-property #:allow-other-keys)
+ (and cfn-property (cons slot-name cfn-property)))
+ (define* (init #:key cfn-name documentation-url slots #:allow-other-keys)
+ (slot-set! cfn-class 'cfn-name cfn-name)
+ (slot-set! cfn-class 'documentation-url documentation-url)
+ (slot-set! cfn-class
+ 'properties
+ (filter-map (lambda (slot-args)
+ (apply slot-cfn-property slot-args))
+ slots)))
+ (apply init args)
+ (next-method))
+
+(define-class <cloudformation-object> ()
+ #:metaclass <cloudformation-class>)
+
+(define-method (initialize (obj <cloudformation-object>) args)
+ (next-method)
+ ;; Ensure that all required properties have been specified, and that
+ ;; all specified properties pass the type checker.
+ (for-each (match-lambda
+ ((slot-name . prop)
+ (cond
+ ((and (required? prop) (not (slot-bound? obj slot-name)))
+ (error "required property not specified:" slot-name))
+ ((slot-bound? obj slot-name)
+ (let ((value (slot-ref obj slot-name)))
+ (unless (type-check prop value)
+ (error "wrong type for property:" slot-name value)))))))
+ (slot-ref (class-of obj) 'properties)))
+
+(define-method (cfn-name (obj <cloudformation-object>))
+ (cfn-name (class-of obj)))
+
+(define-method (properties (obj <cloudformation-object>))
+ (slot-ref (class-of obj) 'properties))
+
+(define-method (to-json/refs obj)
+ (to-json obj))
+
+(define-method (to-json (s <string>)) s)
+(define-method (to-json (b <boolean>)) b)
+(define-method (to-json (n <number>)) n)
+(define-method (to-json (p <pair>))
+ (if (pair? (car p))
+ `(@ ,@(map (match-lambda
+ ((k . v)
+ (cons k (to-json/refs v))))
+ p))
+ (cons (to-json/refs (car p)) (to-json (cdr p)))))
+(define-method (to-json (null <null>))
+ '())
+
+(define-method (to-json (obj <cloudformation-object>))
+ (cons '@
+ (filter-map (match-lambda
+ ((slot-name . property)
+ (and (slot-bound? obj slot-name)
+ (cons (name property)
+ (to-json/refs (slot-ref obj slot-name))))))
+ (properties obj))))
+
+(define-method (valid? (obj <cloudformation-object>))
+ (every (match-lambda
+ ((slot-name . property)
+ (cond
+ ((and (required? property) (not (slot-bound? obj slot-name)))
+ #f)
+ ((not (or (required? property) (slot-bound? obj slot-name)))
+ #t)
+ (else
+ (type-check property (slot-ref obj slot-name))))))
+ (slot-ref (class-of obj) 'properties)))
+
+(define-class <cloudformation-attribute> ()
+ (name #:getter name #:init-keyword #:name)
+ (primitive-type #:getter primitive-type #:init-keyword #:primitive-type))
+
+(define-class <cloudformation-resource-class> (<cloudformation-class>)
+ (resource-name-prefix #:getter resource-name-prefix)
+ (attributes #:getter attributes))
+
+(define-method (initialize (resource-class <cloudformation-resource-class>) args)
+ (define* (init #:key attributes cfn-name #:allow-other-keys)
+ (when cfn-name
+ (slot-set! resource-class 'resource-name-prefix
+ (string-join (drop (delete "" (string-split cfn-name #\:)) 1)
+ "")))
+ (slot-set! resource-class 'attributes attributes))
+ (apply init args)
+ (next-method))
+
+(define-class <cloudformation-resource> (<cloudformation-object>)
+ (id #:getter id #:init-keyword #:id)
+ (cfn-id #:getter cfn-id)
+ #:metaclass <cloudformation-resource-class>)
+
+(define char-set:alphanumeric
+ (char-set-intersection char-set:ascii char-set:letter+digit))
+
+(define (alphanumize s)
+ (string-filter char-set:alphanumeric s))
+
+(define (id->cfn-id sym)
+ (string-append (let ((camelized
+ (string-concatenate
+ (map (lambda (s)
+ (string-capitalize (alphanumize s)))
+ (string-split (symbol->string sym) #\-)))))
+ (if (> (string-length camelized) 223)
+ (substring camelized 223)
+ camelized))
+ (base32-encode
+ (sha-1->bytevector
+ (sha-1
+ (string->utf8
+ (symbol->string sym)))))))
+
+(define-method (initialize (resource <cloudformation-resource>) args)
+ (next-method)
+ (unless (slot-bound? resource 'id)
+ (error "no id specified for resource:" resource))
+ (slot-set! resource 'cfn-id (id->cfn-id (id resource))))
+
+(define-method (type-check (proc <procedure>)
+ (resource <cloudformation-resource>))
+ (type-check proc "arn:dummy"))
+
+(define-method (to-json/refs (resource <cloudformation-resource>))
+ `(@ ("Ref" . ,(cfn-id resource))))
+
+(define-method (to-json (resource <cloudformation-resource>))
+ `(@ ("Type" . ,(cfn-name resource))
+ ("Properties" . ,(next-method))))
+
+(define-class <cloudformation-stack> ()
+ (description #:getter description #:init-keyword #:description #:init-form "")
+ (parameters #:getter parameters #:init-keyword #:parameters)
+ (resources #:getter resources #:init-keyword #:resources)
+ (outputs #:getter outputs #:init-keyword #:outputs))
+
+(define-method (transitive-resources (stack <cloudformation-stack>))
+ (define (scan-object obj)
+ (cond
+ ((is-a? obj <pair>)
+ (match obj
+ ((first rest ...)
+ (concatenate (cons (scan-object first)
+ (scan-object rest))))
+ ((key . value)
+ (scan-object value))))
+ ((is-a? obj <cloudformation-resource>)
+ (list obj))
+ ((is-a? obj <cloudformation-object>)
+ (scan-properties obj))
+ (else
+ '())))
+ (define (scan-properties obj)
+ (append-map (match-lambda
+ ((slot-name . prop)
+ (let ((value (and (slot-bound? obj slot-name)
+ (slot-ref obj slot-name))))
+ (scan-object value))))
+ (properties obj)))
+ (append-map (lambda (resource)
+ (cons resource (scan-properties resource)))
+ (resources stack)))
+
+(define-method (to-json (stack <cloudformation-stack>))
+ `(@ ("AWSTemplateFormatVersion" . "2010-09-09")
+ ("Description" . ,(description stack))
+ ("Resources" .
+ (@ ,@(map (lambda (resource)
+ (cons (cfn-id resource)
+ (to-json resource)))
+ (transitive-resources stack))))))
diff --git a/aws/cloudformation/utils/base32.scm b/aws/cloudformation/utils/base32.scm
new file mode 100644
index 0000000..4a01825
--- /dev/null
+++ b/aws/cloudformation/utils/base32.scm
@@ -0,0 +1,53 @@
+(define-module (aws cloudformation utils base32)
+ #:use-module (rnrs bytevectors)
+ #:use-module (srfi srfi-60)
+ #:export (base32-encode))
+
+;; Credit to Ludovic Courtes
+(define bytevector-quintet-ref
+ (let* ((ref bytevector-u8-ref)
+ (ref+ (lambda (bv offset)
+ (let ((o (+ 1 offset)))
+ (if (>= o (bytevector-length bv))
+ 0
+ (bytevector-u8-ref bv o)))))
+ (ref0 (lambda (bv offset)
+ (bit-field (ref bv offset) 3 8)))
+ (ref1 (lambda (bv offset)
+ (logior (ash (bit-field (ref bv offset) 0 3) 2)
+ (bit-field (ref+ bv offset) 6 8))))
+ (ref2 (lambda (bv offset)
+ (bit-field (ref bv offset) 1 6)))
+ (ref3 (lambda (bv offset)
+ (logior (ash (bit-field (ref bv offset) 0 1) 4)
+ (bit-field (ref+ bv offset) 4 8))))
+ (ref4 (lambda (bv offset)
+ (logior (ash (bit-field (ref bv offset) 0 4) 1)
+ (bit-field (ref+ bv offset) 7 8))))
+ (ref5 (lambda (bv offset)
+ (bit-field (ref bv offset) 2 7)))
+ (ref6 (lambda (bv offset)
+ (logior (ash (bit-field (ref bv offset) 0 2) 3)
+ (bit-field (ref+ bv offset) 5 8))))
+ (ref7 (lambda (bv offset)
+ (bit-field (ref bv offset) 0 5)))
+ (refs (vector ref0 ref1 ref2 ref3 ref4 ref5 ref6 ref7)))
+ (lambda (bv index)
+ "Return the INDEXth quintet of BV."
+ (let ((p (vector-ref refs (modulo index 8))))
+ (p bv (quotient (* index 5) 8))))))
+
+(define (base32-encode bv)
+ ;; We are assuming that the bytevector length is divisible by 5,
+ ;; because that is the case for SHA-1 hashes. A general-purpose
+ ;; base32 encoder would need to pad the bytevector when this is not
+ ;; the case.
+ (let* ((alphabet "0123456789ABCDEFGHJKMNPQRSTVWXYZ")
+ (n (/ (* (bytevector-length bv) 8) 5))
+ (s (make-string n)))
+ (let loop ((i 0))
+ (when (< i n)
+ (let ((x (bytevector-quintet-ref bv i)))
+ (string-set! s i (string-ref alphabet x))
+ (loop (+ i 1)))))
+ s))
diff --git a/aws/cloudformation/utils/json.scm b/aws/cloudformation/utils/json.scm
new file mode 100644
index 0000000..11ca6bf
--- /dev/null
+++ b/aws/cloudformation/utils/json.scm
@@ -0,0 +1,386 @@
+;;;; json.scm --- JSON reader/writer
+;;;; Copyright © 2015, 2017 David Thompson <davet@gnu.org>
+;;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
+;;;;
+;;;; This library is free software; you can redistribute it and/or
+;;;; modify it under the terms of the GNU Lesser General Public
+;;;; License as published by the Free Software Foundation; either
+;;;; version 3 of the License, or (at your option) any later version.
+;;;;
+;;;; This library is distributed in the hope that it will be useful,
+;;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+;;;; Lesser General Public License for more details.
+;;;;
+;;;; You should have received a copy of the GNU Lesser General Public
+;;;; License along with this library; if not, write to the Free Software
+;;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+;;;; 02110-1301 USA
+
+(define-module (aws cloudformation utils json)
+ #:use-module (ice-9 match)
+ #:export (read-json json-assoc-ref write-json))
+
+(define (json-assoc-ref json key)
+ (match (assoc-ref json key)
+ (('@ . alist) alist)
+ (x x)))
+
+(define (json-error port)
+ (throw 'json-error port))
+
+(define (assert-char port char)
+ "Read a character from PORT and throw an invalid JSON error if the
+character is not CHAR."
+ (unless (eqv? (read-char port) char)
+ (json-error port)))
+
+(define (whitespace? char)
+ "Return #t if CHAR is a whitespace character."
+ (char-set-contains? char-set:whitespace char))
+
+(define (consume-whitespace port)
+ "Discard characters from PORT until a non-whitespace character is
+encountered.."
+ (match (peek-char port)
+ ((? eof-object?) *unspecified*)
+ ((? whitespace?)
+ (read-char port)
+ (consume-whitespace port))
+ (_ *unspecified*)))
+
+(define (make-keyword-reader keyword value)
+ "Parse the keyword symbol KEYWORD as VALUE."
+ (let ((str (symbol->string keyword)))
+ (lambda (port)
+ (let loop ((i 0))
+ (cond
+ ((= i (string-length str)) value)
+ ((eqv? (string-ref str i) (read-char port))
+ (loop (1+ i)))
+ (else (json-error port)))))))
+
+(define read-true (make-keyword-reader 'true #t))
+(define read-false (make-keyword-reader 'false #f))
+(define read-null (make-keyword-reader 'null 'null))
+
+(define (read-hex-digit port)
+ "Read a hexadecimal digit from PORT."
+ (match (read-char port)
+ (#\0 0)
+ (#\1 1)
+ (#\2 2)
+ (#\3 3)
+ (#\4 4)
+ (#\5 5)
+ (#\6 6)
+ (#\7 7)
+ (#\8 8)
+ (#\9 9)
+ ((or #\A #\a) 10)
+ ((or #\B #\b) 11)
+ ((or #\C #\c) 12)
+ ((or #\D #\d) 13)
+ ((or #\E #\e) 14)
+ ((or #\F #\f) 15)
+ (_ (json-error port))))
+
+(define (read-utf16-character port)
+ "Read a hexadecimal encoded UTF-16 character from PORT."
+ (integer->char
+ (+ (* (read-hex-digit port) (expt 16 3))
+ (* (read-hex-digit port) (expt 16 2))
+ (* (read-hex-digit port) 16)
+ (read-hex-digit port))))
+
+(define (read-escape-character port)
+ "Read escape character from PORT."
+ (match (read-char port)
+ (#\" #\")
+ (#\\ #\\)
+ (#\/ #\/)
+ (#\b #\backspace)
+ (#\f #\page)
+ (#\n #\newline)
+ (#\r #\return)
+ (#\t #\tab)
+ (#\u (read-utf16-character port))
+ (_ (json-error port))))
+
+(define (read-string port)
+ "Read a JSON encoded string from PORT."
+ (assert-char port #\")
+ (let loop ((result '()))
+ (match (read-char port)
+ ((? eof-object?) (json-error port))
+ (#\" (list->string (reverse result)))
+ (#\\ (loop (cons (read-escape-character port) result)))
+ (char (loop (cons char result))))))
+
+(define char-set:json-digit
+ (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7 #\8 #\9))
+
+(define (digit? char)
+ (char-set-contains? char-set:json-digit char))
+
+(define (read-digit port)
+ "Read a digit 0-9 from PORT."
+ (match (read-char port)
+ (#\0 0)
+ (#\1 1)
+ (#\2 2)
+ (#\3 3)
+ (#\4 4)
+ (#\5 5)
+ (#\6 6)
+ (#\7 7)
+ (#\8 8)
+ (#\9 9)
+ (else (json-error port))))
+
+(define (read-digits port)
+ "Read a sequence of digits from PORT."
+ (let loop ((result '()))
+ (match (peek-char port)
+ ((? eof-object?)
+ (reverse result))
+ ((? digit?)
+ (loop (cons (read-digit port) result)))
+ (else (reverse result)))))
+
+(define (list->integer digits)
+ "Convert the list DIGITS to an integer."
+ (let loop ((i (1- (length digits)))
+ (result 0)
+ (digits digits))
+ (match digits
+ (() result)
+ ((n . tail)
+ (loop (1- i)
+ (+ result (* n (expt 10 i)))
+ tail)))))
+
+(define (read-positive-integer port)
+ "Read a positive integer with no leading zeroes from PORT."
+ (match (read-digits port)
+ ((0 . _)
+ (json-error port)) ; no leading zeroes allowed
+ ((digits ...)
+ (list->integer digits))))
+
+(define (read-exponent port)
+ "Read exponent from PORT."
+ (define (read-expt)
+ (list->integer (read-digits port)))
+
+ (unless (memv (read-char port) '(#\e #\E))
+ (json-error port))
+
+ (match (peek-char port)
+ ((? eof-object?)
+ (json-error port))
+ (#\-
+ (read-char port)
+ (- (read-expt)))
+ (#\+
+ (read-char port)
+ (read-expt))
+ ((? digit?)
+ (read-expt))
+ (_ (json-error port))))
+
+(define (read-fraction port)
+ "Read fractional number part from PORT as an inexact number."
+ (let* ((digits (read-digits port))
+ (numerator (list->integer digits))
+ (denomenator (expt 10 (length digits))))
+ (/ numerator denomenator)))
+
+(define (read-positive-number port)
+ "Read a positive number from PORT."
+ (let* ((integer (match (peek-char port)
+ ((? eof-object?)
+ (json-error port))
+ (#\0
+ (read-char port)
+ 0)
+ ((? digit?)
+ (read-positive-integer port))
+ (_ (json-error port))))
+ (fraction (match (peek-char port)
+ (#\.
+ (read-char port)
+ (read-fraction port))
+ (_ 0)))
+ (exponent (match (peek-char port)
+ ((or #\e #\E)
+ (read-exponent port))
+ (_ 0)))
+ (n (* (+ integer fraction) (expt 10 exponent))))
+
+ ;; Keep integers as exact numbers, but convert numbers encoded as
+ ;; floating point numbers to an inexact representation.
+ (if (zero? fraction)
+ n
+ (exact->inexact n))))
+
+(define (read-number port)
+ "Read a number from PORT"
+ (match (peek-char port)
+ ((? eof-object?)
+ (json-error port))
+ (#\-
+ (read-char port)
+ (- (read-positive-number port)))
+ ((? digit?)
+ (read-positive-number port))
+ (_ (json-error port))))
+
+(define (read-object port)
+ "Read key/value map from PORT."
+ (define (read-key+value-pair)
+ (let ((key (read-string port)))
+ (consume-whitespace port)
+ (assert-char port #\:)
+ (consume-whitespace port)
+ (let ((value (read-value port)))
+ (cons key value))))
+
+ (assert-char port #\{)
+ (consume-whitespace port)
+
+ (if (eqv? #\} (peek-char port))
+ (begin
+ (read-char port)
+ '()) ; empty object
+ (cons (read-key+value-pair)
+ (let loop ()
+ (consume-whitespace port)
+ (match (peek-char port)
+ (#\, ; read another value
+ (read-char port)
+ (consume-whitespace port)
+ (cons (read-key+value-pair) (loop)))
+ (#\} ; end of object
+ (read-char port)
+ '())
+ (_ (json-error port)))))))
+
+(define (read-array port)
+ "Read array from PORT."
+ (assert-char port #\[)
+ (consume-whitespace port)
+
+ (list->vector
+ (if (eqv? #\] (peek-char port))
+ (begin
+ (read-char port)
+ '() ); empty array
+ (cons (read-value port)
+ (let loop ()
+ (consume-whitespace port)
+ (match (peek-char port)
+ (#\, ; read another value
+ (read-char port)
+ (consume-whitespace port)
+ (cons (read-value port) (loop)))
+ (#\] ; end of array
+ (read-char port)
+ '())
+ (_ (json-error port))))))))
+
+(define (read-value port)
+ "Read a JSON value from PORT."
+ (consume-whitespace port)
+ (match (peek-char port)
+ ((? eof-object?) (json-error port))
+ (#\" (read-string port))
+ (#\{ (read-object port))
+ (#\[ (read-array port))
+ (#\t (read-true port))
+ (#\f (read-false port))
+ (#\n (read-null port))
+ ((or #\- (? digit?))
+ (read-number port))
+ (_ (json-error port))))
+
+(define (read-json port)
+ "Read JSON text from port and return an s-expression representation."
+ (let ((result (read-value port)))
+ (consume-whitespace port)
+ (unless (eof-object? (peek-char port))
+ (json-error port))
+ result))
+
+
+;;;
+;;; Writer
+;;;
+
+(define (write-string str port)
+ "Write STR to PORT in JSON string format."
+ (define (escape-char char)
+ (display (match char
+ (#\" "\\\"")
+ (#\\ "\\\\")
+ (#\/ "\\/")
+ (#\backspace "\\b")
+ (#\page "\\f")
+ (#\newline "\\n")
+ (#\return "\\r")
+ (#\tab "\\t")
+ (_ char))
+ port))
+
+ (display "\"" port)
+ (string-for-each escape-char str)
+ (display "\"" port))
+
+(define (write-object object port)
+ "Write ALIST to PORT in JSON object format."
+ ;; Keys may be strings or symbols.
+ (define key->string
+ (match-lambda
+ ((? string? key) key)
+ ((? symbol? key) (symbol->string key))))
+
+ (define (write-kv-pair key value)
+ (write-string (key->string key) port)
+ (display ":" port)
+ (write-json value port))
+
+ (display "{" port)
+ (match object
+ (() #f)
+ ((front ... (end-key . end-val))
+ (for-each (match-lambda
+ ((key . value)
+ (write-kv-pair key value)
+ (display "," port)))
+ front)
+ (write-kv-pair end-key end-val)))
+ (display "}" port))
+
+(define (write-array lst port)
+ "Write LST to PORT in JSON array format."
+ (display "[" port)
+ (match lst
+ (() #f)
+ ((front ... end)
+ (for-each (lambda (val)
+ (write-json val port)
+ (display "," port))
+ front)
+ (write-json end port)))
+ (display "]" port))
+
+(define (write-json exp port)
+ "Write EXP to PORT in JSON format."
+ (match exp
+ (#t (display "true" port))
+ (#f (display "false" port))
+ ('null (display "null" port))
+ ((? string? s) (write-string s port))
+ ((? real? n) (display n port))
+ (('@ . alist) (write-object alist port))
+ ((vals ...) (write-array vals port))))
diff --git a/aws/cloudformation/utils/sha-1.scm b/aws/cloudformation/utils/sha-1.scm
new file mode 100644
index 0000000..a34f09e
--- /dev/null
+++ b/aws/cloudformation/utils/sha-1.scm
@@ -0,0 +1,300 @@
+;; -*- mode: scheme; coding: utf-8 -*-
+;; Copyright © 2009, 2010, 2012 Göran Weinholt <goran@weinholt.se>
+
+;; Permission is hereby granted, free of charge, to any person obtaining a
+;; copy of this software and associated documentation files (the "Software"),
+;; to deal in the Software without restriction, including without limitation
+;; the rights to use, copy, modify, merge, publish, distribute, sublicense,
+;; and/or sell copies of the Software, and to permit persons to whom the
+;; Software is furnished to do so, subject to the following conditions:
+
+;; The above copyright notice and this permission notice shall be included in
+;; all copies or substantial portions of the Software.
+
+;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+;; DEALINGS IN THE SOFTWARE.
+#!r6rs
+
+;; Byte-oriented SHA-1 from FIPS 180-3 and RFC 3174.
+
+;; The data being hashed will never be modified here.
+
+;; TODO: give an error if more than 2^64 bits are processed?
+;; TODO: Optimize. Should be simple enough with the help of a profiler.
+
+(library (aws cloudformation utils sha-1)
+ (export make-sha-1 sha-1-update! sha-1-finish! sha-1-clear!
+ sha-1 sha-1-copy sha-1-finish
+ sha-1-transform! ;for interested parties only
+ sha-1-length
+ sha-1-copy-hash! sha-1-96-copy-hash!
+ sha-1->bytevector sha-1->string
+ sha-1-hash=? sha-1-96-hash=?
+ hmac-sha-1)
+ (import (except (rnrs) bitwise-rotate-bit-field))
+
+ (define (sha-1-length) 20)
+
+ (define (vector-copy x) (vector-map (lambda (i) i) x))
+
+ (define (rol32 n count)
+ (let ((field1 (bitwise-and #xffffffff (bitwise-arithmetic-shift-left n count)))
+ (field2 (bitwise-arithmetic-shift-right n (- 32 count))))
+ (bitwise-ior field1 field2)))
+
+ (define-record-type sha1state
+ (fields (immutable H) ;Hash
+ (immutable W) ;temporary data
+ (immutable m) ;unprocessed data
+ (mutable pending) ;length of unprocessed data
+ (mutable processed))) ;length of processed data
+
+ (define (make-sha-1)
+ (let ((H (list->vector initial-hash))
+ (W (make-bytevector (* 4 80)))
+ (m (make-bytevector (* 4 16))))
+ (make-sha1state H W m 0 0)))
+
+ (define (sha-1-copy state)
+ (let ((H (vector-copy (sha1state-H state)))
+ (W (make-bytevector (* 4 80)))
+ (m (bytevector-copy (sha1state-m state))))
+ (make-sha1state H W m
+ (sha1state-pending state)
+ (sha1state-processed state))))
+
+ (define (sha-1-clear! state)
+ (for-each (lambda (i v)
+ (vector-set! (sha1state-H state) i v))
+ '(0 1 2 3 4)
+ initial-hash)
+ (bytevector-fill! (sha1state-W state) 0)
+ (bytevector-fill! (sha1state-m state) 0)
+ (sha1state-pending-set! state 0)
+ (sha1state-processed-set! state 0))
+
+ (define initial-hash '(#x67452301 #xefcdab89 #x98badcfe #x10325476 #xc3d2e1f0))
+
+ (define (Ch x y z)
+ (bitwise-xor (bitwise-and x y)
+ (bitwise-and (bitwise-not x) z)))
+
+ (define Parity bitwise-xor)
+
+ (define (Maj x y z)
+ (bitwise-xor (bitwise-and x y)
+ (bitwise-and x z)
+ (bitwise-and y z)))
+
+ (define k1 #x5a827999)
+ (define k2 #x6ed9eba1)
+ (define k3 #x8f1bbcdc)
+ (define k4 #xca62c1d6)
+
+ (define (f t B C D)
+ ((cond ((<= 0 t 19) Ch)
+ ((<= 20 t 39) Parity)
+ ((<= 40 t 59) Maj)
+ (else Parity))
+ B C D))
+
+ (define (K t)
+ (cond ((<= 0 t 19) k1)
+ ((<= 20 t 39) k2)
+ ((<= 40 t 59) k3)
+ (else k4)))
+
+ ;; This function transforms a whole 512 bit block.
+ (define (sha-1-transform! H W m offset)
+ ;; Copy the message block
+ (do ((t 0 (+ t 4)))
+ ((= t (* 4 16)))
+ (bytevector-u32-native-set! W t (bytevector-u32-ref m (+ t offset) (endianness big))))
+ ;; Initialize W[16..79]
+ (do ((t (* 4 16) (+ t 4)))
+ ((= t (* 4 80)))
+ (bytevector-u32-native-set! W t (rol32
+ (bitwise-xor (bytevector-u32-native-ref W (- t (* 4 3)))
+ (bytevector-u32-native-ref W (- t (* 4 8)))
+ (bytevector-u32-native-ref W (- t (* 4 14)))
+ (bytevector-u32-native-ref W (- t (* 4 16))))
+ 1)))
+ ;; Do the hokey pokey
+ (let lp ((A (vector-ref H 0))
+ (B (vector-ref H 1))
+ (C (vector-ref H 2))
+ (D (vector-ref H 3))
+ (E (vector-ref H 4))
+ (t 0))
+ (cond ((= t 80)
+ (vector-set! H 0 (bitwise-and #xffffffff (+ A (vector-ref H 0))))
+ (vector-set! H 1 (bitwise-and #xffffffff (+ B (vector-ref H 1))))
+ (vector-set! H 2 (bitwise-and #xffffffff (+ C (vector-ref H 2))))
+ (vector-set! H 3 (bitwise-and #xffffffff (+ D (vector-ref H 3))))
+ (vector-set! H 4 (bitwise-and #xffffffff (+ E (vector-ref H 4)))))
+ (else
+ (lp (bitwise-and #xffffffff
+ (+ (rol32 A 5)
+ (f t B C D)
+ E
+ (bytevector-u32-native-ref W (* 4 t))
+ (K t)))
+ A
+ (rol32 B 30)
+ C
+ D
+ (+ t 1))))))
+
+ ;; Add a bytevector to the state. Align your data to whole blocks if
+ ;; you want this to go a little faster.
+ (define sha-1-update!
+ (case-lambda
+ ((state data start end)
+ (let ((m (sha1state-m state)) ;unprocessed data
+ (H (sha1state-H state))
+ (W (sha1state-W state)))
+ (let lp ((offset start))
+ (cond ((= (sha1state-pending state) 64)
+ ;; A whole block is pending
+ (sha-1-transform! H W m 0)
+ (sha1state-pending-set! state 0)
+ (sha1state-processed-set! state (+ 64 (sha1state-processed state)))
+ (lp offset))
+ ((= offset end)
+ (values))
+ ((or (> (sha1state-pending state) 0)
+ (> (+ offset 64) end))
+ ;; Pending data exists or less than a block remains.
+ ;; Add more pending data.
+ (let ((added (min (- 64 (sha1state-pending state))
+ (- end offset))))
+ (bytevector-copy! data offset
+ m (sha1state-pending state)
+ added)
+ (sha1state-pending-set! state (+ added (sha1state-pending state)))
+ (lp (+ offset added))))
+ (else
+ ;; Consume a whole block
+ (sha-1-transform! H W data offset)
+ (sha1state-processed-set! state (+ 64 (sha1state-processed state)))
+ (lp (+ offset 64)))))))
+ ((state data)
+ (sha-1-update! state data 0 (bytevector-length data)))))
+
+ (define zero-block (make-bytevector 64 0))
+
+ ;; Finish the state by adding a 1, zeros and the counter.
+ (define (sha-1-finish! state)
+ (let ((m (sha1state-m state))
+ (pending (+ (sha1state-pending state) 1)))
+ (bytevector-u8-set! m (sha1state-pending state) #x80)
+ (cond ((> pending 56)
+ (bytevector-copy! zero-block 0
+ m pending
+ (- 64 pending))
+ (sha-1-transform! (sha1state-H state)
+ (sha1state-W state)
+ m
+ 0)
+ (bytevector-fill! m 0))
+ (else
+ (bytevector-copy! zero-block 0
+ m pending
+ (- 64 pending))))
+ ;; Number of bits in the data
+ (bytevector-u64-set! m 56
+ (* (+ (sha1state-processed state)
+ (- pending 1))
+ 8)
+ (endianness big))
+ (sha-1-transform! (sha1state-H state)
+ (sha1state-W state)
+ m
+ 0)))
+
+ (define (sha-1-finish state)
+ (let ((copy (sha-1-copy state)))
+ (sha-1-finish! copy)
+ copy))
+
+ ;; Find the SHA-1 of the concatenation of the given bytevectors.
+ (define (sha-1 . data)
+ (let ((state (make-sha-1)))
+ (for-each (lambda (d) (sha-1-update! state d))
+ data)
+ (sha-1-finish! state)
+ state))
+
+ (define (copy-hash! state bv off len)
+ (do ((i 0 (+ i 1)))
+ ((= i len))
+ (bytevector-u32-set! bv (+ off (* 4 i))
+ (vector-ref (sha1state-H state) i)
+ (endianness big))))
+
+ (define (sha-1-copy-hash! state bv off)
+ (copy-hash! state bv off 5))
+
+ (define (sha-1-96-copy-hash! state bv off)
+ (copy-hash! state bv off 3))
+
+ (define (sha-1->bytevector state)
+ (let ((ret (make-bytevector (* 4 5))))
+ (sha-1-copy-hash! state ret 0)
+ ret))
+
+ (define (sha-1->string state)
+ (apply string-append
+ (map (lambda (x)
+ (if (< x #x10)
+ (string-append "0" (number->string x 16))
+ (number->string x 16)))
+ (bytevector->u8-list (sha-1->bytevector state)))))
+
+ ;; Compare an SHA-1 state with a bytevector. It is supposed to not
+ ;; terminate early in order to not leak timing information. Assumes
+ ;; that the bytevector's length is ok.
+ (define (cmp state bv len)
+ (do ((i 0 (fx+ i 1))
+ (diff 0 (+ diff
+ (bitwise-xor
+ (bytevector-u32-ref bv (* 4 i) (endianness big))
+ (vector-ref (sha1state-H state) i)))))
+ ((fx=? i len)
+ (zero? diff))))
+
+ (define (sha-1-hash=? state bv) (cmp state bv 5))
+
+ (define (sha-1-96-hash=? state bv) (cmp state bv 3))
+
+;;; HMAC-SHA-1. RFC 2104.
+
+ ;; TODO: an API with make, update!, finish!, finish, clear!, copy, etc
+
+ (define (hmac-sha-1 secret . data)
+ ;; RFC 2104.
+ (if (> (bytevector-length secret) 64)
+ (apply hmac-sha-1 (sha-1->bytevector (sha-1 secret)) data)
+ (let ((k-ipad (make-bytevector 64 0))
+ (k-opad (make-bytevector 64 0)))
+ (bytevector-copy! secret 0 k-ipad 0 (bytevector-length secret))
+ (bytevector-copy! secret 0 k-opad 0 (bytevector-length secret))
+ (do ((i 0 (fx+ i 1)))
+ ((fx=? i 64))
+ (bytevector-u8-set! k-ipad i (fxxor #x36 (bytevector-u8-ref k-ipad i)))
+ (bytevector-u8-set! k-opad i (fxxor #x5c (bytevector-u8-ref k-opad i))))
+ (let ((state (make-sha-1)))
+ (sha-1-update! state k-ipad)
+ (for-each (lambda (d) (sha-1-update! state d)) data)
+ (sha-1-finish! state)
+ (let ((digest (sha-1->bytevector state)))
+ (sha-1-clear! state)
+ (sha-1-update! state k-opad)
+ (sha-1-update! state digest)
+ (sha-1-finish! state)
+ state))))))