client_authentication 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9e377e440730e53379c3df60aaf402a3cad748fc9f18ea7f6abc8a1dd6205f53
+  data.tar.gz: d2ddee2acbdd4c7bc8fd502cab96948a4e97301177ff37e587b99623231ce2c6
+SHA512:
+  metadata.gz: e5542bf84a315e6541f491aaf97c2dee180154c7223f18a57b8603c46d5b8709851b413a62371339a2b48901f53e15face1f94c12ec728f10b803eed8f11538c
+  data.tar.gz: e7dbd086a8a838141326414f2748c386463947573fb0b92cbd435d1476897cae1ba2ae61f38518367515aeddf7ec366677e78da9b3ad369cd4bf9bc555d9ad62

data/lib/client_authentication.rb

@@ -0,0 +1,57 @@
+require 'base64'
+require 'openssl'
+
+class ClientAuthentication
+  attr_accessor :header_keys
+
+  # model must respond to :key and :secret
+  def initialize(headers, max_seconds = 5, model = Application)
+    @headers = headers
+    @max_seconds = max_seconds
+    @model = model
+
+    @header_keys = {
+      time:   "X-Level3-Digest-Time",
+      key:    "X-Level3-Application-Key",
+      digest: "X-Level3-Digest",
+    }
+  end
+
+  def authenticate_client!
+    key =    @headers[ header_keys[:key] ]
+    time =   @headers[ header_keys[:time] ]
+    digest = @headers[ header_keys[:digest] ]
+
+    authenticate_header_values!(key, digest, time)
+    key
+  end
+
+  def authenticate_header_values!(key, digest, time)
+    diff = (time.to_i - salt.to_i).abs
+    raise ClientAuthenticationException.new if diff > @max_seconds
+
+    application = @model.find_by_key(key)
+    raise ClientAuthenticationException.new unless application
+
+    secret = application.secret
+    raise ClientAuthenticationException.new unless secret
+
+    raise ClientAuthenticationException.new unless digest.eql? generate_digest(time, secret)
+    true
+  end
+
+  def generate_digest(salt, secret)
+    Base64.encode64(
+      OpenSSL::HMAC.digest(
+        'sha256',secret, salt) ).
+      strip
+  end
+
+  def salt
+    Time.now.to_i.to_s
+  end
+
+  class ClientAuthenticationException < Exception
+  end
+
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification
+name: client_authentication
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Oz DiGennaro
+- Vithya Renganathan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-05-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Use three header fields and a shared secret
+email: oz.digennaro@centurylink.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/client_authentication.rb
+homepage: http://rubygems.org/gems/client_authentication
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Authenticate client at server
+test_files: []