azure-signature 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a3e4bf37dea120788f3e4b8b1f1f4ba2cac0da67
+  data.tar.gz: 804102d0275a2c4a7bb01dfda9636a85e32529dc
+SHA512:
+  metadata.gz: 3593818f612766c12b61de678db9f4766866855e17f936dd88e2fa3367cf7ba33b49557dc4f6b9925e7607bb4ae04e565d3053f4828a6f7e2814b0e79d16688d
+  data.tar.gz: ad442a9a682c1d1a921a37bd5c1baf073b1555c00bcd6df310d0d44236e4b351e703b3d057c7a19361fe21d7e59398ba3f792fa374f9baf8363d2d7f5fa5dc67

data/CHANGES

@@ -0,0 +1,2 @@
+= 0.1.0 - 25-Sep-2015
+* Initial release

data/MANIFEST

@@ -0,0 +1,6 @@
+CHANGES
+MANIFEST
+Rakefile
+README
+lib/azure/signature.rb
+test/test_signature.rb

data/README

@@ -0,0 +1,46 @@
+= Description
+  A Ruby library for generating an authentication signature for Azure storage services.
+
+= Installation
+  gem install azure-signature
+
+= Synopis
+  require 'azure/signature'
+
+  key = "SGVsbG8gV29ybGQ="
+  url = "http://testsnapshots.blob.core.windows.net/Tables"
+
+  sig = Azure::Signature.new(url, key)
+
+  # Look at canonical URL
+  p sig.canonical_url # => "/testsnapshots/Tables"
+
+  # Get a signature with the defaults
+  p sig.signature(:table)
+
+  # Or pass some options
+  p sig.signature(:table, :auth_string => true, :date => some_date, :verb => 'PUT')
+
+= Caveats
+  For the first release only table signatures are supported (because that's
+  what I happened to need). I'll add blob, file and queue in the future.
+
+= Acknowledgements
+  I borrowed the code to canonicalize resources and headers from the
+  azure-sdk-for-ruby project.
+
+= Copyright
+   Copyright (c) 2015, Daniel J. Berger.
+   All rights reserved.
+
+= License
+  Apache 2.0
+  http://www.apache.org/licenses/LICENSE-2.0
+
+= Warranty
+  This package is provided "as is" and without any express or
+  implied warranties, including, without limitation, the implied
+  warranties of merchantability and fitness for a particular purpose.
+
+= Author
+  Daniel Berger

data/Rakefile

@@ -0,0 +1,27 @@
+require 'rake'
+require 'rake/clean'
+require 'rake/testtask'
+
+CLEAN.include("**/*.gem", "**/*.rbc")
+
+namespace :gem do
+  desc 'Create the azure-signature gem'
+  task :create => [:clean] do
+    require 'rubygems/package'
+    spec = eval(IO.read('azure-signature.gemspec'))
+    Gem::Package.build(spec)
+  end
+
+  desc "Install the azure-signature library as a gem"
+  task :install => [:create] do
+    file = Dir["*.gem"].first
+    sh "gem install -l #{file}"
+  end
+end
+
+Rake::TestTask.new do |t|
+   t.warning = true
+   t.verbose = true
+end
+
+task :default => :test

data/azure-signature.gemspec

@@ -0,0 +1,23 @@
+require 'rubygems'
+
+Gem::Specification.new do |gem|
+  gem.name      = 'azure-signature'
+  gem.version   = '0.1.0'
+  gem.author    = 'Daniel J. Berger'
+  gem.license   = 'Apache 2.0'
+  gem.email     = 'djberg96@gmail.com'
+  gem.homepage  = 'http://github.com/djberg96/azure-signature'
+  gem.summary   = 'Generate authentication signatures for Azure'
+  gem.test_file = 'test/test_signature.rb'
+  gem.files     = Dir['**/*'].reject{ |f| f.include?('git') }
+
+  gem.extra_rdoc_files = ['README', 'CHANGES', 'MANIFEST']
+   
+  gem.add_development_dependency('test-unit')
+
+  gem.description = <<-EOF
+    The azure-signature library generates storage signatures for
+    Microsoft Azure's cloud platform. You can use this to access
+    Azure storage services - tables, blobs, queues and files.
+  EOF
+end

data/lib/azure/signature.rb

@@ -0,0 +1,131 @@
+require 'uri'
+require 'openssl'
+require 'base64'
+require 'cgi'
+require 'time'
+
+# The Azure module serves as a namespace.
+module Azure
+  # The Signature class encapsulates an canonicalized resource string.
+  class Signature
+    # The version of the azure-signature library.
+    VERSION = '0.1.0'
+
+    # The resource (URL) passed to the constructor.
+    attr_reader :resource
+
+    # The canonical version of the resource.
+    attr_reader :canonical_resource
+
+    # The base64-decoded account key passed to the constructor.
+    attr_reader :key
+
+    # The name of the storage account, based on the resource.
+    attr_reader :account_name
+
+    # A URI object that encapsulates the resource.
+    attr_reader :uri
+
+    alias url resource
+    alias canonical_url canonical_resource
+
+    # Creates and returns an Azure::Signature object taking a +resource+ (URL)
+    # as an argument and a storage account key. The +resource+ will typically
+    # be an Azure storage account endpoint.
+    #
+    def initialize(resource, key)
+      @resource = resource
+      @uri = URI.parse(resource)
+      @account_name = @uri.host.split(".").first.split("-").first
+      @key = Base64.strict_decode64(key)
+      @canonical_resource = canonicalize_resource(resource)
+    end
+
+    # Generate a signature for use with the table service. Use the +options+
+    # hash to pass optional information. The following keys are supported:
+    #
+    # - :auth_type. Either 'SharedKey' (the default) or 'SharedKeyLight'.
+    # - :verb. The http verb used for SharedKey auth. The default is 'GET'.
+    # - :date. The date (or x-ms-date) used. The default is Time.now.httpdate.
+    # - :content_md5. The Content-MD5 if desired. The default is nil.
+    # - :content_type. The Content-Type if desired. The default is nil.
+    # - :auth_string. If true, prepends the auth_type + account name to the
+    #    result and returns a string. The default is false.
+    #
+    # The result is a digest string that you can use as an authorization header
+    # for future http requests to (presumably) Azure storage endpoints.
+    #
+    def table_signature(options = {})
+      auth_type = options[:auth_type] || 'SharedKey'
+      verb = options[:verb] || 'GET'
+      date = options[:date] || Time.now.httpdate
+      auth_string = options[:auth_string] || false
+      content_md5 = options[:content_md5]
+      content_type = options[:content_type]
+
+      unless ['SharedKey', 'SharedKeyLight'].include?(auth_type)
+        raise ArgumentError, "auth type must be SharedKey or SharedKeyLight"
+      end
+
+      if auth_type == 'SharedKey'
+        body = [verb, content_md5, content_type, date, canonical_resource].join("\n")
+      else
+        body = [date, canonical_resource].join("\n")
+      end
+
+      if auth_string
+        "Authorization: #{auth_type} #{account_name}:" + sign(body)
+      else
+        sign(body)
+      end
+    end
+
+    # Generic wrapper method for getting a signature, where +type+ can be
+    # :table, :blob, :queue, or :file.
+    #
+    # At the moment only :table is supported.
+    #--
+    # TODO: Add support for other types.
+    #
+    def signature(type, args = {})
+      case type.to_s.downcase
+        when 'table'
+          table_signature(args)
+      end
+    end
+
+    private
+
+    # Generate a canonical URL from an endpoint.
+    #--
+    # Borrowed from azure-sdk-for-ruby. I had my own, but this was nicer.
+    #
+    def canonicalize_resource(url)
+      resource = '/' + account_name + (uri.path.empty? ? '/' : uri.path)
+      params = CGI.parse(uri.query.to_s).map { |k,v| [k.downcase, v] }
+      params.sort_by! { |k,v| k }
+      params.map! { |k,v| '%s:%s' % [k, v.map(&:strip).sort.join(',')] }
+      [resource, *params].join("\n")
+    end
+
+    # Generate canonical headers.
+    #--
+    # Borrowed from azure-sdk-for-ruby.
+    #
+    def canonicalized_headers(headers)
+      headers = headers.map { |k,v| [k.to_s.downcase, v] }
+      headers.select! { |k,v| k =~ /^x-ms-/ }
+      headers.sort_by! { |k,v| k }
+      headers.map! { |k,v| '%s:%s' % [k, v] }
+      headers.map! { |h| h.gsub(/\s+/, ' ') }.join("\n")
+    end
+
+    # Generate a digest based on the +data+ argument, using the key
+    # passed to constructor.
+    #
+    def sign(body)
+      signed = OpenSSL::HMAC.digest('sha256', key, body)
+      Base64.strict_encode64(signed)
+    end
+  end
+end

data/test/test_signature.rb

@@ -0,0 +1,90 @@
+require 'test-unit'
+require 'azure/signature'
+
+class TC_Azure_Signature < Test::Unit::TestCase
+  def setup
+    @key = "SGVsbG8gV29ybGQ="
+    @url = 'http://testsnapshots.blob.core.windows.net/?comp=list'
+    @sig = Azure::Signature.new(@url, @key)
+  end
+
+  test "version constant is set to expected value" do
+    assert_equal("0.1.0", Azure::Signature::VERSION)
+  end
+
+  test "key method basic functionality" do
+    assert_respond_to(@sig, :key)
+    assert_kind_of(String, @sig.key)
+  end
+
+  test "account_name basic functionality" do
+    assert_respond_to(@sig, :account_name)
+    assert_equal('testsnapshots', @sig.account_name)
+  end
+
+  test "resource method basic functionality" do
+    assert_respond_to(@sig, :resource)
+    assert_equal(@url, @sig.resource)
+  end
+
+  test "url is an alias for the resource method" do
+    assert_respond_to(@sig, :url)
+    assert_alias_method(@sig, :url, :resource)
+  end
+
+  test "uri method basic functionality" do
+    assert_respond_to(@sig, :uri)
+    assert_kind_of(URI, @sig.uri)
+  end
+
+  test "canonical_resource method basic functionality" do
+    assert_respond_to(@sig, :canonical_resource)
+    assert_kind_of(String, @sig.canonical_resource)
+  end
+
+  test "canonical_url is an alias for the canonical_resource method" do
+    assert_respond_to(@sig, :canonical_url)
+    assert_alias_method(@sig, :canonical_url, :canonical_resource)
+  end
+
+  test "canonical_resource returns the expected value for basic url" do
+    @url = "http://myaccount.blob.core.windows.net/Tables"
+    @sig = Azure::Signature.new(@url, @key)
+    expected = "/myaccount/Tables"
+    assert_equal(expected, @sig.canonical_resource)
+  end
+
+  test "canonical_resource returns the expected value for url with query" do
+    @url = "http://myaccount.blob.core.windows.net/mycontainer?restype=container&comp=metadata"
+    @sig = Azure::Signature.new(@url, @key)
+    expected = "/myaccount/mycontainer\ncomp:metadata\nrestype:container"
+    assert_equal(expected, @sig.canonical_resource)
+  end
+
+  test "canonical_resource returns the expected value for url with multiple, identical query params" do
+    @url = "http://myaccount.blob.core.windows.net/mycontainer?restype=container"
+    @url << "&comp=list&include=snapshots&include=metadata&include=uncommittedblobs"
+    @sig = Azure::Signature.new(@url, @key)
+    expected = "/myaccount/mycontainer\ncomp:list\ninclude:metadata,snapshots,"
+    expected << "uncommittedblobs\nrestype:container"
+    assert_equal(expected, @sig.canonical_resource)
+  end
+
+  test "canonical_resource returns the expected value for secondary account" do
+    @url = "https://myaccount-secondary.blob.core.windows.net/mycontainer/myblob"
+    @sig = Azure::Signature.new(@url, @key)
+    expected = "/myaccount/mycontainer/myblob"
+    assert_equal(expected, @sig.canonical_resource)
+  end
+
+  test "constructor requires two arguments" do
+    assert_raise(ArgumentError){ Azure::Signature.new }
+    assert_raise(ArgumentError){ Azure::Signature.new('http://foo/bar') }
+  end
+
+  def teardown
+    @key = nil
+    @url = nil
+    @sig = nil
+  end
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: azure-signature
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Daniel J. Berger
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+      The azure-signature library generates storage signatures for
+      Microsoft Azure's cloud platform. You can use this to access
+      Azure storage services - tables, blobs, queues and files.
+email: djberg96@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README
+- CHANGES
+- MANIFEST
+files:
+- CHANGES
+- MANIFEST
+- README
+- Rakefile
+- azure-signature.gemspec
+- lib/azure/signature.rb
+- test/test_signature.rb
+homepage: http://github.com/djberg96/azure-signature
+licenses:
+- Apache 2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Generate authentication signatures for Azure
+test_files:
+- test/test_signature.rb