akami 1.0.0

data/.gitignore

@@ -0,0 +1,8 @@
+.DS_Store
+doc
+coverage
+pkg
+*~
+*.gem
+.bundle
+Gemfile.lock

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,8 @@
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - ruby-head
+  - ree
+  - rbx
+  - rbx-2.0
+  - jruby

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+## 1.0.0 (2011-07-03)
+
+* Initial version extracted from the [Savon](http://rubygems.org/gems/savon) library.

data/Gemfile

@@ -0,0 +1,2 @@
+source "http://rubygems.org"
+gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Daniel Harrington
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,58 @@
+Akami [![Build Status](http://travis-ci.org/rubiii/akami.png)](http://travis-ci.org/rubiii/akami)
+=====
+
+Building Web Service Security.
+
+
+Installation
+------------
+
+Akami is available through [Rubygems](http://rubygems.org/gems/akami) and can be installed via:
+
+```
+$ gem install akami
+```
+
+
+Getting started
+---------------
+
+``` ruby
+wsse = Akami.wsse
+```
+
+Set the credentials for wsse:UsernameToken basic auth:
+
+``` ruby
+wsse.credentials "username", "password"
+```
+
+Set the credentials for wsse:UsernameToken digest auth:
+
+``` ruby
+wsse.credentials "username", "password", :digest
+```
+
+Enable wsu:Timestamp headers. `wsu:Created` is automatically set to `Time.now`
+and `wsu:Expires` is set to `Time.now + 60`:
+
+``` ruby
+wsse.timestamp = true
+```
+
+Manually specify the values for `wsu:Created` and `wsu:Expires`:
+
+``` ruby
+wsse.created_at = Time.now
+wsse.expires_at = Time.now + 60
+``
+
+Akami is based on an autovivificating Hash. So if you need to add custom tags, you can add them.
+
+``` ruby
+wsse["wsse:Security"]["wsse:UsernameToken"] = { "Organization" => "ACME" }
+```
+
+When generating the XML for the request, this Hash will be merged with another Hash containing
+all the default tags and values. This way you might digg into some code, but then you can even
+overwrite the default values.

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new do |t|
+  t.rspec_opts = %w(-c)
+end
+
+task :default => :spec
+task :test => :spec

data/akami.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "akami/version"
+
+Gem::Specification.new do |s|
+  s.name        = "akami"
+  s.version     = Akami::VERSION
+  s.authors     = ["Daniel Harrington"]
+  s.email       = ["me@rubiii.com"]
+  s.homepage    = "https://github.com/rubiii/#{s.name}"
+  s.summary     = "Web Service Security"
+  s.description = "Building Web Service Security"
+
+  s.rubyforge_project = s.name
+
+  s.add_dependency "gyoku", ">= 0.4.0"
+
+  s.add_development_dependency "rake",    "~> 0.8.7"
+  s.add_development_dependency "rspec",   "~> 2.5.0"
+  s.add_development_dependency "mocha",   "~> 0.9.8"
+  s.add_development_dependency "timecop", "~> 0.3.5"
+  s.add_development_dependency "autotest"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/lib/akami.rb

@@ -0,0 +1,11 @@
+require "akami/version"
+require "akami/wsse"
+
+module Akami
+
+  # Returns a new <tt>Akami::WSSE</tt>.
+  def self.wsse
+    WSSE.new
+  end
+
+end

data/lib/akami/core_ext/time.rb

@@ -0,0 +1,22 @@
+module Akami
+  module CoreExt
+    module Time
+
+      # Returns an xs:dateTime formatted String.
+      def xs_datetime
+        zone = if utc_offset < 0
+          "-#{"%02d" % (- utc_offset / 3600)}:#{"%02d" % ((- utc_offset % 3600) / 60)}"
+        elsif utc_offset > 0
+          "+#{"%02d" % (utc_offset / 3600)}:#{"%02d" % ((utc_offset % 3600) / 60)}"
+        else
+          "Z"
+        end
+
+        strftime "%Y-%m-%dT%H:%M:%S#{zone}"
+      end
+
+    end
+  end
+end
+
+Time.send :include, Akami::CoreExt::Time

data/lib/akami/version.rb

@@ -0,0 +1,5 @@
+module Akami
+
+  VERSION = "1.0.0"
+
+end

data/lib/akami/wsse.rb

@@ -0,0 +1,155 @@
+require "base64"
+require "digest/sha1"
+require "akami/core_ext/time"
+require "gyoku"
+
+module Akami
+
+  # = Akami::WSSE
+  #
+  # Building Web Service Security.
+  class WSSE
+
+    # Namespace for WS Security Secext.
+    WSE_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+
+    # Namespace for WS Security Utility.
+    WSU_NAMESPACE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+
+    # PasswordText URI.
+    PASSWORD_TEXT_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
+
+    # PasswordDigest URI.
+    PASSWORD_DIGEST_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
+
+    # Returns a value from the WSSE Hash.
+    def [](key)
+      hash[key]
+    end
+
+    # Sets a value on the WSSE Hash.
+    def []=(key, value)
+      hash[key] = value
+    end
+
+    # Sets authentication credentials for a wsse:UsernameToken header.
+    # Also accepts whether to use WSSE digest authentication.
+    def credentials(username, password, digest = false)
+      self.username = username
+      self.password = password
+      self.digest = digest
+    end
+
+    attr_accessor :username, :password, :created_at, :expires_at
+
+    # Returns whether to use WSSE digest. Defaults to +false+.
+    def digest?
+      !!@digest
+    end
+
+    attr_writer :digest
+
+    # Returns whether to generate a wsse:UsernameToken header.
+    def username_token?
+      username && password
+    end
+
+    # Returns whether to generate a wsu:Timestamp header.
+    def timestamp?
+      created_at || expires_at || @wsu_timestamp
+    end
+
+    # Sets whether to generate a wsu:Timestamp header.
+    def timestamp=(timestamp)
+      @wsu_timestamp = timestamp
+    end
+
+    # Returns the XML for a WSSE header.
+    def to_xml
+      if username_token? && timestamp?
+        Gyoku.xml wsse_username_token.merge!(wsu_timestamp) {
+          |key, v1, v2| v1.merge!(v2) {
+            |key, v1, v2| v1.merge!(v2)
+          }
+        }
+      elsif username_token?
+        Gyoku.xml wsse_username_token.merge!(hash)
+      elsif timestamp?
+        Gyoku.xml wsu_timestamp.merge!(hash)
+      else
+        ""
+      end
+    end
+
+  private
+
+    # Returns a Hash containing wsse:UsernameToken details.
+    def wsse_username_token
+      if digest?
+        security_hash :wsse, "UsernameToken",
+          "wsse:Username" => username,
+          "wsse:Nonce" => nonce,
+          "wsu:Created" => timestamp,
+          "wsse:Password" => digest_password,
+          :attributes! => { "wsse:Password" => { "Type" => PASSWORD_DIGEST_URI } }
+      else
+        security_hash :wsse, "UsernameToken",
+          "wsse:Username" => username,
+          "wsse:Password" => password,
+          :attributes! => { "wsse:Password" => { "Type" => PASSWORD_TEXT_URI } }
+      end
+    end
+
+    # Returns a Hash containing wsu:Timestamp details.
+    def wsu_timestamp
+      security_hash :wsu, "Timestamp",
+        "wsu:Created" => (created_at || Time.now).xs_datetime,
+        "wsu:Expires" => (expires_at || (created_at || Time.now) + 60).xs_datetime
+    end
+
+    # Returns a Hash containing wsse/wsu Security details for a given
+    # +namespace+, +tag+ and +hash+.
+    def security_hash(namespace, tag, hash)
+      {
+        "wsse:Security" => {
+          "#{namespace}:#{tag}" => hash,
+          :attributes! => { "#{namespace}:#{tag}" => { "wsu:Id" => "#{tag}-#{count}", "xmlns:wsu" => WSU_NAMESPACE } }
+        },
+        :attributes! => { "wsse:Security" => { "xmlns:wsse" => WSE_NAMESPACE } }
+      }
+    end
+
+    # Returns the WSSE password, encrypted for digest authentication.
+    def digest_password
+      token = nonce + timestamp + password
+      Base64.encode64(Digest::SHA1.hexdigest(token)).chomp!
+    end
+
+    # Returns a WSSE nonce.
+    def nonce
+      @nonce ||= Digest::SHA1.hexdigest random_string + timestamp
+    end
+
+    # Returns a random String of 100 characters.
+    def random_string
+      (0...100).map { ("a".."z").to_a[rand(26)] }.join
+    end
+
+    # Returns a WSSE timestamp.
+    def timestamp
+      @timestamp ||= Time.now.xs_datetime
+    end
+
+    # Returns a new number with every call.
+    def count
+      @count ||= 0
+      @count += 1
+    end
+
+    # Returns a memoized and autovivificating Hash.
+    def hash
+      @hash ||= Hash.new { |h, k| h[k] = Hash.new(&h.default_proc) }
+    end
+
+  end
+end

data/spec/akami/core_ext/time_spec.rb

@@ -0,0 +1,12 @@
+require "spec_helper"
+
+describe Time do
+
+  describe "#xs_datetime" do
+    it "returns an xs:dateTime formatted String" do
+      time = Time.utc(2011, 01, 04, 13, 45, 55)
+      time.xs_datetime.should == "2011-01-04T13:45:55Z"
+    end
+  end
+
+end

data/spec/akami/wsse_spec.rb

@@ -0,0 +1,233 @@
+require "spec_helper"
+
+describe Akami do
+  let(:wsse) { Akami.wsse }
+
+  it "contains the namespace for WS Security Secext" do
+    Akami::WSSE::WSE_NAMESPACE.should ==
+      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+  end
+
+  it "contains the namespace for WS Security Utility" do
+    Akami::WSSE::WSU_NAMESPACE.should ==
+      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+  end
+
+  it "contains the namespace for the PasswordText type" do
+    Akami::WSSE::PASSWORD_TEXT_URI.should ==
+      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
+  end
+
+  it "contains the namespace for the PasswordDigest type" do
+    Akami::WSSE::PASSWORD_DIGEST_URI.should ==
+      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
+  end
+
+  describe "#credentials" do
+    it "sets the username" do
+      wsse.credentials "username", "password"
+      wsse.username.should == "username"
+    end
+
+    it "sets the password" do
+      wsse.credentials "username", "password"
+      wsse.password.should == "password"
+    end
+
+    it "defaults to set digest to false" do
+      wsse.credentials "username", "password"
+      wsse.should_not be_digest
+    end
+
+    it "sets digest to true if specified" do
+      wsse.credentials "username", "password", :digest
+      wsse.should be_digest
+    end
+  end
+
+  describe "#username" do
+    it "sets the username" do
+      wsse.username = "username"
+      wsse.username.should == "username"
+    end
+  end
+
+  describe "#password" do
+    it "sets the password" do
+      wsse.password = "password"
+      wsse.password.should == "password"
+    end
+  end
+
+  describe "#digest" do
+    it "defaults to false" do
+      wsse.should_not be_digest
+    end
+
+    it "specifies whether to use digest auth" do
+      wsse.digest = true
+      wsse.should be_digest
+    end
+  end
+
+  describe "#to_xml" do
+    context "with no credentials" do
+      it "returns an empty String" do
+        wsse.to_xml.should == ""
+      end
+    end
+
+    context "with only a username" do
+      before { wsse.username = "username" }
+
+      it "returns an empty String" do
+        wsse.to_xml.should == ""
+      end
+    end
+
+    context "with only a password" do
+      before { wsse.password = "password" }
+
+      it "returns an empty String" do
+        wsse.to_xml.should == ""
+      end
+    end
+
+    context "with credentials" do
+      before { wsse.credentials "username", "password" }
+
+      it "contains a wsse:Security tag" do
+        namespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+        wsse.to_xml.should include("<wsse:Security xmlns:wsse=\"#{namespace}\">")
+      end
+
+      it "contains a wsu:Id attribute" do
+        wsse.to_xml.should include('<wsse:UsernameToken wsu:Id="UsernameToken-1"')
+      end
+
+      it "increments the wsu:Id attribute count" do
+        wsse.to_xml.should include('<wsse:UsernameToken wsu:Id="UsernameToken-1"')
+        wsse.to_xml.should include('<wsse:UsernameToken wsu:Id="UsernameToken-2"')
+      end
+
+      it "contains the WSE and WSU namespaces" do
+        wsse.to_xml.should include(Akami::WSSE::WSE_NAMESPACE, Akami::WSSE::WSU_NAMESPACE)
+      end
+
+      it "contains the username and password" do
+        wsse.to_xml.should include("username", "password")
+      end
+
+      it "does not contain a wsse:Nonce tag" do
+        wsse.to_xml.should_not match(/<wsse:Nonce>.*<\/wsse:Nonce>/)
+      end
+
+      it "does not contain a wsu:Created tag" do
+        wsse.to_xml.should_not match(/<wsu:Created>.*<\/wsu:Created>/)
+      end
+
+      it "contains the PasswordText type attribute" do
+        wsse.to_xml.should include(Akami::WSSE::PASSWORD_TEXT_URI)
+      end
+    end
+
+    context "with credentials and digest auth" do
+      before { wsse.credentials "username", "password", :digest }
+
+      it "contains the WSE and WSU namespaces" do
+        wsse.to_xml.should include(Akami::WSSE::WSE_NAMESPACE, Akami::WSSE::WSU_NAMESPACE)
+      end
+
+      it "contains the username" do
+        wsse.to_xml.should include("username")
+      end
+
+      it "does not contain the (original) password" do
+        wsse.to_xml.should_not include("password")
+      end
+
+      it "contains a wsse:Nonce tag" do
+        wsse.to_xml.should match(/<wsse:Nonce>\w+<\/wsse:Nonce>/)
+      end
+
+      it "contains a wsu:Created tag" do
+        datetime_regexp = /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/
+        wsse.to_xml.should match(/<wsu:Created>#{datetime_regexp}.+<\/wsu:Created>/)
+      end
+
+      it "contains the PasswordDigest type attribute" do
+        wsse.to_xml.should include(Akami::WSSE::PASSWORD_DIGEST_URI)
+      end
+    end
+
+    context "with #timestamp set to true" do
+      before { wsse.timestamp = true }
+
+      it "contains a wsse:Timestamp node" do
+        wsse.to_xml.should include('<wsu:Timestamp wsu:Id="Timestamp-1" ' +
+          'xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">')
+      end
+
+      it "contains a wsu:Created node defaulting to Time.now" do
+        created_at = Time.now
+        Timecop.freeze created_at do
+          wsse.to_xml.should include("<wsu:Created>#{created_at.xs_datetime}</wsu:Created>")
+        end
+      end
+
+      it "contains a wsu:Expires node defaulting to Time.now + 60 seconds" do
+        created_at = Time.now
+        Timecop.freeze created_at do
+          wsse.to_xml.should include("<wsu:Expires>#{(created_at + 60).xs_datetime}</wsu:Expires>")
+        end
+      end
+    end
+
+    context "with #created_at" do
+      before { wsse.created_at = Time.now + 86400 }
+
+      it "contains a wsu:Created node with the given time" do
+        wsse.to_xml.should include("<wsu:Created>#{wsse.created_at.xs_datetime}</wsu:Created>")
+      end
+
+      it "contains a wsu:Expires node set to #created_at + 60 seconds" do
+        wsse.to_xml.should include("<wsu:Expires>#{(wsse.created_at + 60).xs_datetime}</wsu:Expires>")
+      end
+    end
+
+    context "with #expires_at" do
+      before { wsse.expires_at = Time.now + 86400 }
+
+      it "contains a wsu:Created node defaulting to Time.now" do
+        created_at = Time.now
+        Timecop.freeze created_at do
+          wsse.to_xml.should include("<wsu:Created>#{created_at.xs_datetime}</wsu:Created>")
+        end
+      end
+
+      it "contains a wsu:Expires node set to the given time" do
+        wsse.to_xml.should include("<wsu:Expires>#{wsse.expires_at.xs_datetime}</wsu:Expires>")
+      end
+    end
+
+    context "whith credentials and timestamp" do
+      before do
+        wsse.credentials "username", "password"
+        wsse.timestamp = true
+      end
+
+      it "contains a wsu:Created node" do
+        wsse.to_xml.should include("<wsu:Created>")
+      end
+
+      it "contains a wsu:Expires node" do
+        wsse.to_xml.should include("<wsu:Expires>")
+      end
+
+      it "contains the username and password" do
+        wsse.to_xml.should include("username", "password")
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require "bundler"
+Bundler.require :default, :development

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification 
+name: akami
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 0
+  version: 1.0.0
+platform: ruby
+authors: 
+- Daniel Harrington
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-07-03 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: gyoku
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 0
+        - 4
+        - 0
+        version: 0.4.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 49
+        segments: 
+        - 0
+        - 8
+        - 7
+        version: 0.8.7
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 2
+        - 5
+        - 0
+        version: 2.5.0
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: mocha
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 43
+        segments: 
+        - 0
+        - 9
+        - 8
+        version: 0.9.8
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: timecop
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 0
+        - 3
+        - 5
+        version: 0.3.5
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: autotest
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id006
+description: Building Web Service Security
+email: 
+- me@rubiii.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- .rspec
+- .travis.yml
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- akami.gemspec
+- lib/akami.rb
+- lib/akami/core_ext/time.rb
+- lib/akami/version.rb
+- lib/akami/wsse.rb
+- spec/akami/core_ext/time_spec.rb
+- spec/akami/wsse_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/rubiii/akami
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: akami
+rubygems_version: 1.8.5
+signing_key: 
+specification_version: 3
+summary: Web Service Security
+test_files: 
+- spec/akami/core_ext/time_spec.rb
+- spec/akami/wsse_spec.rb
+- spec/spec_helper.rb