• Stars
    star
    687
  • Rank 61,871 (Top 2 %)
  • Language
    C++
  • License
    Apache License 2.0
  • Created over 9 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Message Security Layer

Build Status

Message Security Layer

MSL Logo

Message Security Layer (MSL) is an extensible and flexible secure messaging framework that can be used to transport data between two or more communicating entities. Data may also be associated with specific users, and treated as confidential or non-replayable if so desired.

Documentation

The MSL Framework provides a complete description of the framework and its implementation requirements. The Configuration Guide presents some common client and server MSL configurations. The framework documentation and configuration guide were reviewed by an external security firm. No issues were identified.

The set of public interfaces and classes an application must implement and use is documented in the Public Javadoc. Documentation on all of the code, including internal classes and private methods, can be found in the full Javadoc.

For questions and support please contact Wesley Miaw directly. Bugs and feature requests should be filed in the Issue Tracker.

Third-Party Libraries

The Java MSL code base requires the org.json and Bouncy Castle libraries. The unit tests require JUnit 4 and Hamcrest. The integration tests require TestNG.

The JavaScript MSL code base includes some third-party libraries within the lib/ directory, most notably the Clarinet parser and jsrsasign.

The C++ MSL code base requires OpenSSL and includes some third-party libraries within the lib/ directory: Chromium Numerics, RapidJSON, RSA Converter, and UTF-8 with CPP in a Portable Way. The unit tests also include some third-party libraries within the tests lib/ directory: Google Mock and Google Test.

All third-party libraries are subject to their respective license agreements.

Getting Started

To build an application that uses MSL for communication, you must read through and understand the MSL Framework. This is necessary because unlike other security protocols and libraries, you must make choices about how to secure your communication and authenticate your entities and users. The Configuration Guide can help you make those decisions.

The application interface to the MSL stack is MslControl. The application configuration for a single MSL network is an instance of MslContext. Your application may participate in multiple MSL networks and therefore have multiple instances of MslContext but only one MslControl should be used. Message-specific configuration, such as the user or security properties of that message, are specified in individual instances of MessageContext.

Java

IntelliJ IDEA users should import the Java MSL code as a Gradle project.

Eclipse users should use the Gradle IDE (available in the Eclipse Marketplace) and Web Tools Platform (included with the Eclipse IDE for Java EE developers) to import the Java MSL code as a Gradle project.

An example server is provided under examples/simple/src/main/java/server/. The Eclipse Gradle plugin will import this project as a web project that can be deployed onto a Tomcat server. IntelliJ users must manually configure a run configuration to deploy the project artifact into /msl-example-server. The example server is a J2EE servlet that will respond to requests from the example JavaScript client. The example server MSL configuration is specific to this server and should not be used to configure your application, but it can be used as the basis for doing so.

Integration tests are provided under integ-tests/src/main/java/. These tests can be run using the integ-tests Gradle target test. The Eclipse Gradle plugin will import this project as a web project that can be deployed onto a Tomcat server. IntelliJ users must manually configure a run configuration to deploy the project artifact into /msl-test-server.

A command line client and server is provided under examples/mslcli/src/main/java/. The command line client can be configured to work with any MSL server. The command line server is an example MSL server that must be run from the command line. See examples/mslcli/readme.txt for more details.

You may need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files to use cryptographic keys above a certain size.

JavaScript

The JavaScript MSL code base assumes a JavaScript execution environment that supports the latest Web Crypto API specification. If you are using a web browser you may need to enable experimental features or feature flags to enable Web Crypto.

  • Chrome Browser 37+
    For earlier versions: chrome://flags/#enable-experimental-web-platform-features
    On Linux libnss 3.16.2+ must be separately installed.
  • Edge
  • Firefox 34+
    For earlier versions: about:config dom.webcrypto.enabled
  • Internet Explorer 11+
  • Safari 8+

Your browser may not support all Web Crypto API algorithms, key sizes, and features. If you encounter a problem with a Web Crypto operation please check the release notes for your browser version to determine if it supports what you are trying to do.

To include the JavaScript MSL stack in your JavaScript application you must include all of the MSL JavaScript source files required by your MSL configuration. An example list of the required source files can be found in src/test/javascript/msltests.html.

An example client is provided under src/examples/simple/src/main/javascript/client/. The example client is a web page that will send requests to the example Java server. The example client MSL configuration is specific to this client and should not be used to configure your application, but it can be used as the basis for doing so.

C++

The C++ MSL code base requires C++11 and CMake.

The code base has been built and tested under the following environments:

  • Xcode 8 and Homebrew (gcc6, openssl) for Mac OS.
    Compiler flags: -std=c++0x -DGTEST_DONT_DEFINE_FAIL=1 -DRAPIDJSON_HAS_STDSTRING=1.
  • Xcode 8 for iOS.
    Compiler flags: -std=gnu++11 -DGTEST_DONT_DEFINE_FAIL=1 -DRAPIDJSON_HAS_STDSTRING=1.

LICENSE

Copyright 2014 Netflix, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

Hystrix

Hystrix is a latency and fault tolerance library designed to isolate points of access to remote systems, services and 3rd party libraries, stop cascading failure and enable resilience in complex distributed systems where failure is inevitable.
Java
23,594
star
2

chaosmonkey

Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.
Go
13,846
star
3

zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
Java
12,993
star
4

conductor

Conductor is a microservices orchestration engine.
Java
12,943
star
5

eureka

AWS Service registry for resilient mid-tier load balancing and failover.
Java
11,991
star
6

falcor

A JavaScript library for efficient data fetching
JavaScript
10,338
star
7

pollyjs

Record, Replay, and Stub HTTP Interactions.
JavaScript
9,992
star
8

SimianArmy

Tools for keeping your cloud operating in top form. Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.
Java
7,951
star
9

metaflow

๐Ÿš€ Build and manage real-life ML, AI, and data science projects with ease!
Python
7,382
star
10

fast_jsonapi

No Longer Maintained - A lightning fast JSON:API serializer for Ruby Objects.
Ruby
5,092
star
11

ribbon

Ribbon is a Inter Process Communication (remote procedure calls) library with built in software load balancers. The primary usage model involves REST calls with various serialization scheme support.
Java
4,468
star
12

security_monkey

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Python
4,343
star
13

dispatch

All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!
Python
4,168
star
14

dynomite

A generic dynamo implementation for different k-v storage engines
C
4,104
star
15

vmaf

Perceptual video quality assessment based on multi-method fusion.
Python
4,048
star
16

vizceral

WebGL visualization for displaying animated traffic graphs
JavaScript
4,018
star
17

vector

Vector is an on-host performance monitoring framework which exposes hand picked high resolution metrics to every engineerโ€™s browser.
JavaScript
3,588
star
18

atlas

In-memory dimensional time series database.
Scala
3,331
star
19

consoleme

A Central Control Plane for AWS Permissions and Access
Python
3,055
star
20

concurrency-limits

Java
3,036
star
21

flamescope

FlameScope is a visualization tool for exploring different time ranges as Flame Graphs.
Python
2,922
star
22

dgs-framework

GraphQL for Java with Spring Boot made easy.
Kotlin
2,842
star
23

bless

Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
Python
2,701
star
24

archaius

Library for configuration management API
Java
2,426
star
25

asgard

[Asgard is deprecated at Netflix. We use Spinnaker ( www.spinnaker.io ).] Web interface for application deployments and cloud management in Amazon Web Services (AWS). Binary download: http://github.com/Netflix/asgard/releases
Groovy
2,235
star
26

curator

ZooKeeper client wrapper and rich ZooKeeper framework
Java
2,138
star
27

titus

1,993
star
28

EVCache

A distributed in-memory data store for the cloud
Java
1,900
star
29

lemur

Repository for the Lemur Certificate Manager
Python
1,651
star
30

genie

Distributed Big Data Orchestration Service
Java
1,635
star
31

metacat

Java
1,487
star
32

netflix.github.com

HTML
1,419
star
33

servo

Netflix Application Monitoring Library
Java
1,400
star
34

mantis

A platform that makes it easy for developers to build realtime, cost-effective, operations-focused applications
Java
1,359
star
35

vectorflow

D
1,286
star
36

hubcommander

A Slack bot for GitHub organization management -- and other things too
Python
1,254
star
37

rend

A memcached proxy that manages data chunking and L1 / L2 caches
Go
1,175
star
38

hollow

Hollow is a java library and toolset for disseminating in-memory datasets from a single producer to many consumers for high performance read-only access.
Java
1,098
star
39

repokid

AWS Least Privilege for Distributed, High-Velocity Deployment
Python
1,082
star
40

astyanax

Cassandra Java Client
Java
1,034
star
41

Priam

Co-Process for backup/recovery, Token Management, and Centralized Configuration management for Cassandra.
Java
1,024
star
42

aminator

A tool for creating EBS AMIs. This tool currently works for CentOS/RedHat Linux images and is intended to run on an EC2 instance.
Python
938
star
43

Turbine

SSE Stream Aggregator
Java
831
star
44

governator

Governator is a library of extensions and utilities that enhance Google Guice to provide: classpath scanning and automatic binding, lifecycle management, configuration to field mapping, field validation and parallelized object warmup.
Java
821
star
45

Fido

C#
816
star
46

suro

Netflix's distributed Data Pipeline
Java
783
star
47

security-bulletins

Security Bulletins that relate to Netflix Open Source
734
star
48

spectator

Client library for collecting metrics.
Java
713
star
49

Fenzo

Extensible Scheduler for Mesos Frameworks
Java
703
star
50

unleash

Professionally publish your JavaScript modules in one keystroke
JavaScript
589
star
51

denominator

Portably control DNS clouds using java or bash
Java
573
star
52

blitz4j

Logging framework for fast asynchronous logging
Java
559
star
53

edda

AWS API Read Cache
Scala
554
star
54

PigPen

Map-Reduce for Clojure
Clojure
551
star
55

netflix-graph

Compact in-memory representation of directed graph data
Java
548
star
56

karyon

The nucleus or the base container for Applications and Services built using the NetflixOSS ecosystem
Java
495
star
57

go-env

a golang library to manage environment variables
Go
494
star
58

Prana

A sidecar for your NetflixOSS based services.
Java
492
star
59

Lipstick

Pig Visualization framework
JavaScript
464
star
60

iceberg

Iceberg is a table format for large, slow-moving tabular data
Java
455
star
61

Surus

Java
453
star
62

aws-autoscaling

Tools and Documentation about using Auto Scaling
Shell
429
star
63

nf-data-explorer

The Data Explorer gives you fast, safe access to data stored in Cassandra, Dynomite, and Redis.
TypeScript
409
star
64

go-expect

an expect-like golang library to automate control of terminal or console based programs.
Go
397
star
65

Workflowable

Ruby
370
star
66

vizceral-example

Example Vizceral app
JavaScript
361
star
67

osstracker

Github organization OSS metrics collector and metrics dashboard
Scala
359
star
68

ndbench

Netflix Data Store Benchmark
HTML
358
star
69

Raigad

Co-Process for backup/recovery, Auto Deployments and Centralized Configuration management for ElasticSearch
Java
346
star
70

recipes-rss

RSS Reader Recipes that uses several of the Netflix OSS components
Java
339
star
71

aegisthus

A Bulk Data Pipeline out of Cassandra
Java
323
star
72

titus-control-plane

Titus is the Netflix Container Management Platform that manages containers and provides integrations to the infrastructure ecosystem.
Java
320
star
73

weep

The ConsoleMe CLI utility
Go
307
star
74

metaflow-ui

๐ŸŽจ UI for monitoring your Metaflow executions!
TypeScript
297
star
75

dyno-queues

Dyno Queues is a recipe that provides task queues utilizing Dynomite.
Java
261
star
76

image_compression_comparison

Image Compression Comparison Framework
Python
251
star
77

falcor-express-demo

Demonstration Falcor end point for a Netflix-style Application using express
HTML
246
star
78

gradle-template

Java
244
star
79

ember-nf-graph

Composable graphing component library for EmberJS.
JavaScript
241
star
80

falcor-router-demo

A demonstration of how to build a Router for a Netflix-like application
JavaScript
236
star
81

titus-executor

Titus Executor is the container runtime/executor implementation for Titus
Go
233
star
82

photon

Photon is a Java implementation of the Interoperable Master Format (IMF) standard. IMF is a SMPTE standard whose core constraints are defined in the specification st2067-2:2013
Java
227
star
83

dial-reference

C
220
star
84

s3mper

s3mper - Consistent Listing for S3
Java
218
star
85

ReactiveLab

Experiments and prototypes with reactive application design.
Java
207
star
86

inviso

JavaScript
205
star
87

NfWebCrypto

Web Cryptography API Polyfill
C++
205
star
88

staash

A language-agnostic as well as storage-agnostic web interface for storing data into persistent storage systems, the metadata layer abstracts a lot of storage details and the pattern automation APIs take care of automating common data access patterns.
Java
204
star
89

zeno

Netflix's In-Memory Data Propagation Framework
Java
200
star
90

brutal

A multi-network asynchronous chat bot framework using twisted
Python
200
star
91

vizceral-react

JavaScript
198
star
92

pytheas

Web Resources and UI Framework
JavaScript
187
star
93

dispatch-docker

Shell
187
star
94

dyno

Java client for Dynomite
Java
184
star
95

hal-9001

Hal-9001 is a Go library that offers a number of facilities for creating a bot and its plugins.
Go
176
star
96

Nicobar

Java
171
star
97

yetch

Yet-another-fetch polyfill library. Supports AbortController/AbortSignal
JavaScript
168
star
98

lemur-docker

Docker files for the Lemur certificate orchestration tool
Python
168
star
99

metaflow-service

๐Ÿš€ Metadata tracking and UI service for Metaflow!
Python
168
star
100

Cloud-Prize

Description and terms for the Netflix Cloud Prize, which runs from March-September 2013. Read the rules, fork to your GitHub account to create a Submission, then send us your email address.
165
star