cerner-oauth1a 2.3.0 → 2.5.3

data/lib/cerner/oauth1a/protocol.rb

@@ -6,6 +6,18 @@ module Cerner
   module OAuth1a
     # Public: OAuth 1.0a protocol utilities.
     module Protocol
+      # Public: Encodes the passed text using the percent encoding variant described in the OAuth
+      # 1.0a specification.
+      #
+      # Reference: https://tools.ietf.org/html/rfc5849#section-3.6
+      #
+      # text - A String containing the text to encode.
+      #
+      # Returns a String that has been encoded.
+      def self.percent_encode(text)
+        URI.encode_www_form_component(text).gsub('+', '%20')
+      end
+
       # Public: Parses a URL-encoded query string into a Hash with symbolized keys.
       #
       # query - String containing a URL-encoded query string to parse.
@@ -37,6 +49,10 @@ module Cerner
       #   Cerner::OAuth1a::Protocol.parse_www_authenticate_header(header)
       #   # => {:realm=>"https://test.host", :oauth_problem=>"token_expired"}
       #
+      #   header = 'OAuth realm="https://test.host", oauth_problem=token_expired'
+      #   Cerner::OAuth1a::Protocol.parse_www_authenticate_header(header)
+      #   # => {:realm=>"https://test.host", :oauth_problem=>"token_expired"}
+      #
       # Returns a Hash with symbolized keys of all of the parameters.
       def self.parse_authorization_header(value)
         params = {}
@@ -45,10 +61,18 @@ module Cerner
         value = value.strip
         return params unless value.size > 6 && value[0..5].casecmp?('OAuth ')
 
-        value.scan(/([^,\s=]*)=\"([^\"]*)\"/).each do |pair|
-          k = URI.decode_www_form_component(pair[0])
-          v = URI.decode_www_form_component(pair[1])
-          params[k.to_sym] = v
+        # trim off 'OAuth ' prefix
+        value = value[6..-1]
+
+        # split value on comma separators
+        value.split(/,\s*/).each do |kv_part|
+          # split each part on '=' separator
+          key, value = kv_part.split('=')
+          key = URI.decode_www_form_component(key)
+          # trim off surrounding double quotes, if they exist
+          value = value[1..-2] if value.start_with?('"') && value.end_with?('"')
+          value = URI.decode_www_form_component(value)
+          params[key.to_sym] = value
         end
 
         params
@@ -73,16 +97,12 @@ module Cerner
       #
       # Returns the String containing the generated value or nil if params is nil or empty.
       def self.generate_authorization_header(params)
-        return nil unless params && !params.empty?
+        return unless params && !params.empty?
 
         realm = "realm=\"#{params.delete(:realm)}\"" if params[:realm]
-        realm += ', ' if realm && !params.empty?
+        realm += ',' if realm && !params.empty?
 
-        encoded_params = params.map do |k, v|
-          k = URI.encode_www_form_component(k).gsub('+', '%20')
-          v = URI.encode_www_form_component(v).gsub('+', '%20')
-          "#{k}=\"#{v}\""
-        end
+        encoded_params = params.map { |k, v| "#{percent_encode(k)}=\"#{percent_encode(v)}\"" }
 
         "OAuth #{realm}#{encoded_params.join(',')}"
       end
@@ -100,8 +120,12 @@ module Cerner
       # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
       # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
       BAD_REQUEST_PROBLEMS = %w[
-        additional_authorization_required parameter_absent parameter_rejected
-        signature_method_rejected timestamp_refused verifier_invalid
+        additional_authorization_required
+        parameter_absent
+        parameter_rejected
+        signature_method_rejected
+        timestamp_refused
+        verifier_invalid
         version_rejected
       ].freeze
 
@@ -109,9 +133,18 @@ module Cerner
       # The values come from http://wiki.oauth.net/w/page/12238543/ProblemReporting
       # and are mapped based on https://oauth.net/core/1.0/#rfc.section.10.
       UNAUTHORIZED_PROBLEMS = %w[
-        consumer_key_refused consumer_key_rejected consumer_key_unknown
-        nonce_used permission_denied permission_unknown signature_invalid
-        token_expired token_rejected token_revoked token_used user_refused
+        consumer_key_refused
+        consumer_key_rejected
+        consumer_key_unknown
+        nonce_used
+        permission_denied
+        permission_unknown
+        signature_invalid
+        token_expired
+        token_rejected
+        token_revoked
+        token_used
+        user_refused
       ].freeze
 
       # Public: Converts a oauth_problem value to an HTTP Status using the

data/lib/cerner/oauth1a/signature.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'cerner/oauth1a/protocol'
+require 'openssl'
+require 'uri'
+
+module Cerner
+  module OAuth1a
+    # Public: OAuth 1.0a signature utilities.
+    module Signature
+      METHODS = ['PLAINTEXT', 'HMAC-SHA1'].freeze
+
+      # Public: Creates a PLAINTEXT signature.
+      #
+      # Reference: https://tools.ietf.org/html/rfc5849#section-3.4.4
+      #
+      # keywords - The keyword arguments:
+      #            :client_shared_secret - Either the Accessor Secret or the Consumer Secret.
+      #            :token_shared_secret  - The Token Secret.
+      #
+      # Returns a String containing the signature.
+      def self.sign_via_plaintext(client_shared_secret:, token_shared_secret:)
+        client_shared_secret = Protocol.percent_encode(client_shared_secret)
+        token_shared_secret = Protocol.percent_encode(token_shared_secret)
+        "#{client_shared_secret}&#{token_shared_secret}"
+      end
+
+      # Public: Creates a HMAC-SHA1 signature.
+      #
+      # Reference: https://tools.ietf.org/html/rfc5849#section-3.4.2
+      #
+      # keywords - The keyword arguments:
+      #            :client_shared_secret  - Either the Accessor Secret or the Consumer Secret.
+      #            :token_shared_secret   - The Token Secret.
+      #            :signature_base_string - The Signature Base String to sign. See
+      #                                     Signature.build_signature_base_string.
+      #
+      # Returns a String containing the signature.
+      def self.sign_via_hmacsha1(client_shared_secret:, token_shared_secret:, signature_base_string:)
+        client_shared_secret = Protocol.percent_encode(client_shared_secret)
+        token_shared_secret = Protocol.percent_encode(token_shared_secret)
+        signature_key = "#{client_shared_secret}&#{token_shared_secret}"
+        signature = OpenSSL::HMAC.digest('sha1', signature_key, signature_base_string)
+        encoded_signature = Base64.strict_encode64(signature)
+        encoded_signature
+      end
+
+      # Public: Normalizes a text value as an HTTP method name for use in constructing a Signature
+      # Base String.
+      #
+      # Reference https://tools.ietf.org/html/rfc5849#section-3.4.1.1
+      #
+      # http_method - A String or Symbol containing an HTTP method name.
+      #
+      # Returns the normalized value as a String.
+      #
+      # Raises ArgumentError if http_method is nil.
+      def self.normalize_http_method(http_method)
+        raise ArgumentError, 'http_method is nil' unless http_method
+
+        # accepts Symbol or String
+        Protocol.percent_encode(http_method.to_s.upcase)
+      end
+
+      # Public: Normalizes a fully qualified URL for use as the Base String URI in constructing a
+      # Signature Base String.
+      #
+      # Reference https://tools.ietf.org/html/rfc5849#section-3.4.1.2
+      #
+      # fully_qualified_url - A String or URI that contains the scheme, host, port (optional) and
+      #                       path of a URL.
+      #
+      # Returns the normalized value as a String.
+      #
+      # Raises ArgumentError if fully_qualified_url is nil.
+      def self.normalize_base_string_uri(fully_qualified_url)
+        raise ArgumentError, 'fully_qualified_url is nil' unless fully_qualified_url
+
+        u = fully_qualified_url.is_a?(URI) ? fully_qualified_url : URI(fully_qualified_url)
+
+        Protocol.percent_encode(URI("#{u.scheme}://#{u.host}:#{u.port}#{u.path}").to_s)
+      end
+
+      # Public: Normalizes the parameters (query string and OAuth parameters) for use as the
+      # request parameters in constructing a Signature Base String.
+      #
+      # Reference: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
+      #
+      # params - A Hash of name/value pairs representing the parameters. The keys and values of the
+      #          Hash will be assumed to be represented by the value returned from #to_s.
+      #
+      # Returns the normalized value as a String.
+      #
+      # Raises ArgumentError if params is nil.
+      def self.normalize_parameters(params)
+        raise ArgumentError, 'params is nil' unless params
+
+        encoded_params =
+          params.map do |name, value|
+            result = [Protocol.percent_encode(name.to_s), nil]
+            result[1] =
+              if value.is_a?(Array)
+                value = value.map { |e| Protocol.percent_encode(e.to_s) }
+                value.sort
+              else
+                Protocol.percent_encode(value.to_s)
+              end
+            result
+          end
+
+        sorted_params = encoded_params.sort_by { |name, _| name }
+
+        exploded_params =
+          sorted_params.map do |pair|
+            name = pair[0]
+            value = pair[1]
+            if value.is_a?(Array)
+              value.map { |e| "#{name}=#{e}" }
+            else
+              "#{name}=#{value}"
+            end
+          end
+        exploded_params.flatten!
+
+        joined_params = exploded_params.join('&')
+        Protocol.percent_encode(joined_params)
+      end
+
+      # Public: Builds a Signature Base String.
+      #
+      # keywords - The keyword arguments:
+      #            :http_method         - A String or Symbol containing an HTTP method name.
+      #            :fully_qualified_url - A String or URI that contains the scheme, host, port
+      #                                   (optional) and path of a URL.
+      #            :params              - A Hash of name/value pairs representing the parameters.
+      #                                   The keys and values of the Hash will be assumed to be
+      #                                   represented by the value returned from #to_s.
+      #
+      # Returns the Signature Base String as a String.
+      #
+      # Raises ArgumentError if http_method, fully_qualified_url or params is nil.
+      def self.build_signature_base_string(http_method:, fully_qualified_url:, params:)
+        raise ArgumentError, 'http_method is nil' unless http_method
+        raise ArgumentError, 'fully_qualified_url is nil' unless fully_qualified_url
+        raise ArgumentError, 'params is nil' unless params
+
+        parts = [
+          normalize_http_method(http_method),
+          normalize_base_string_uri(fully_qualified_url),
+          normalize_parameters(params)
+        ]
+        parts.join('&')
+      end
+    end
+  end
+end

data/lib/cerner/oauth1a/version.rb

@@ -2,6 +2,6 @@
 
 module Cerner
   module OAuth1a
-    VERSION = '2.3.0'
+    VERSION = '2.5.3'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerner-oauth1a
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.5.3
 platform: ruby
 authors:
 - Nathan Beyer
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-30 00:00:00.000000000 Z
+date: 2020-10-28 00:00:00.000000000 Z
 dependencies: []
 description: |
   A minimal dependency library for interacting with a Cerner OAuth 1.0a Access
@@ -30,15 +30,17 @@ files:
 - lib/cerner/oauth1a/access_token_agent.rb
 - lib/cerner/oauth1a/cache.rb
 - lib/cerner/oauth1a/cache_rails.rb
+- lib/cerner/oauth1a/internal.rb
 - lib/cerner/oauth1a/keys.rb
 - lib/cerner/oauth1a/oauth_error.rb
 - lib/cerner/oauth1a/protocol.rb
+- lib/cerner/oauth1a/signature.rb
 - lib/cerner/oauth1a/version.rb
 homepage: http://github.com/cerner/cerner-oauth1a
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -53,8 +55,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.0.8
+signing_key:
 specification_version: 4
 summary: Cerner OAuth 1.0a Consumer and Service Provider Library.
 test_files: []