crashlog-auth-hmac 1.1.2

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--color --order rand

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in crashlog-faraday-auth-hmac.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Ivan Vanderbyl
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,72 @@
+# Crashlog::AuthHMAC
+
+auth-hmac is a Ruby implementation of HMAC based authentication of HTTP requests.
+
+HMAC authentication involves a client and server having a shared secret key. When sending the request the client, signs the request using the secret key. This involves building a canonical representation of the request and then generating a HMAC of the request using the secret. The generated HMAC is then sent as part of the request.
+
+When the server receives the request it builds the same canonical representation and generates a HMAC using it’s copy of the secret key, if the HMAC produced by the server matches the HMAC sent by the client, the server can be assured that the client also possesses the shared secret key.
+
+HMAC based authentication also provides message integrity checking because the HMAC is based on a combination of the shared secret and the content of the request. So if any part of the request that is used to build the canonical representation is modified by a malicious party or in transit the authentication will then fail.
+
+AuthHMAC was built to support authentication between various applications build by Peerworks.
+
+AuthHMAC is loosely based on the Amazon Web Services authentication scheme but without the Amazon specific components, i.e. it is HMAC for the rest of us.
+
+
+### Legacy note:
+
+This gem is based largely on the original `auth-hmac` gem by Sean Geoghegan, however
+we have removed the Rails support as we use it exclusively within our CrashLog Ruby Gem
+which must maintain compatibility with many versions of Rails.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'crashlog-auth-hmac'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install crashlog-auth-hmac
+
+## Usage
+
+The simplest way to use AuthHMAC is with the `CrashLog::AuthHMAC.sign!` and
+`CrashLog::AuthHMAC#authenticate?` methods.
+
+`CrashLog::AuthHMAC.sign!` takes a HTTP request object, an access id and a secret key and signs the request with the access_id and secret key.
+
+The HTTP request object can be a Net::HTTP::HTTPRequest object, a CGI::Request object or a Webrick HTTP request object. AuthHMAC will do its best to figure out which type it is an handle it accordingly.
+
+The access_id is used to identify the secret key that was used to sign the request. Think of it as like a user name, it allows you to hand out different keys to different clients and authenticate each of them individually. The access_id is sent in the clear so you should avoid making it an important string.
+
+The secret key is the shared secret between the client and the server. You should make this sufficiently random so that is can’t be guessed or exposed to dictionary attacks. The follow code will give you a pretty good secret key:
+
+random = File.read(‘/dev/random’, 512) secret_key = Base64.encode64(Digest::SHA2.new(512).digest(random)) On the server side you can then authenticate these requests using the AuthHMAC.authenticated? method. This takes the same arguments as the sign! method but returns true if the request has been signed with the access id and secret	or false if it hasn’t.
+
+If you have more than one set of credentials you might find it useful to create an instance of the AuthHMAC class, passing your credentials as a Hash of access id => secret keys, like so:
+
+@authhmac = AuthHMAC.new(‘access_id1’ => ‘secret1’, ‘access_id2’ => ‘secret2’) You can then use the instance methods of the @authhmac object to sign and authenticate requests, for example:
+
+@authhmac.sign!(request, “access_id1”) will sign request with “access_id1” and it’s corresponding secret key. Similarly authentication is done like so:
+
+@authhmac.authenticated?(request)
+which will return true if the request has been signed with one of the access id and secret key pairs provided in the constructor.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Contributors
+
+- This gem is based on the [original work by Sean Geoghegan](https://github.com/seangeo/auth-hmac)
+- Ivan Vanderbyl
+

data/Rakefile

@@ -0,0 +1,15 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+$: << 'lib'
+
+require "crash_log/auth_hmac"
+
+require 'rake'
+require "rspec/core/rake_task"
+
+desc "Run all examples"
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+

data/crashlog-auth-hmac.gemspec

@@ -0,0 +1,17 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/crash_log/auth_hmac/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Ivan Vanderbyl"]
+  gem.email         = ["ivan@crashlog.io"]
+  gem.description   = %q{A Ruby Gem for authenticating HTTP requests using a HMAC}
+  gem.summary       = %q{A Ruby Gem for authenticating HTTP requests using a HMAC}
+  gem.homepage      = "http://crashlog.io"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "crashlog-auth-hmac"
+  gem.require_paths = ["lib"]
+  gem.version       = CrashLog::AuthHMAC::VERSION
+end

data/lib/crash_log.rb

@@ -0,0 +1,3 @@
+module CrashLog
+  autoload :AuthHMAC, 'crash_log/auth_hmac'
+end

data/lib/crash_log/auth_hmac.rb

@@ -0,0 +1,237 @@
+module CrashLog
+  class AuthHMAC
+    require 'openssl'
+    require 'base64'
+
+    # This module provides a HMAC Authentication method for HTTP requests. It should work with
+    # net/http request classes and CGIRequest classes and hence Rails.
+    #
+    # It is loosely based on the Amazon Web Services Authentication mechanism but
+    # generalized to be useful to any application that requires HMAC based authentication.
+    # As a result of the generalization, it won't work with AWS because it doesn't support
+    # the Amazon extension headers.
+    #
+    # === References
+    # Cryptographic Hash functions:: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+    # SHA-1 Hash function::          http://en.wikipedia.org/wiki/SHA-1
+    # HMAC algorithm::               http://en.wikipedia.org/wiki/HMAC
+    # RFC 2104::                     http://tools.ietf.org/html/rfc2104
+    #
+    module Headers
+      # Gets the headers for a request.
+      #
+      # Attempts to deal with known HTTP header representations in Ruby.
+      # Currently handles net/http and Rails.
+      #
+      def headers(request)
+        if request.respond_to?(:headers)
+          request.headers
+        elsif request.respond_to?(:[])
+          request
+        else
+          raise ArgumentError, "Don't know how to get the headers from #{request.inspect}"
+        end
+      end
+
+      def find_header(keys, headers)
+        keys.map do |key|
+          headers[key]
+        end.compact.first
+      end
+    end
+
+    include Headers
+
+    # Build a Canonical String for a HTTP request.
+    #
+    # A Canonical String has the following format:
+    #
+    # CanonicalString = HTTP-Verb    + "\n" +
+    #                   Content-Type + "\n" +
+    #                   Content-MD5  + "\n" +
+    #                   Date         + "\n" +
+    #                   request-uri;
+    #
+    #
+    # If the Date header doesn't exist, one will be generated since
+    # Net/HTTP will generate one if it doesn't exist and it will be
+    # used on the server side to do authentication.
+    #
+    class CanonicalString < String # :nodoc:
+      include Headers
+
+      def initialize(request)
+        self << request_method(request) + "\n"
+        self << header_values(headers(request)) + "\n"
+        self << request_path(request)
+      end
+
+    private
+
+      def request_method(request)
+        if request.respond_to?(:request_method) && request.request_method.is_a?(String)
+          request.request_method
+        elsif request.respond_to?(:method) && request.method.is_a?(String)
+          request.method
+        elsif request.respond_to?(:env) && request.env
+          request.env['REQUEST_METHOD']
+        else
+          raise ArgumentError, "Don't know how to get the request method from #{request.inspect}"
+        end
+      end
+
+      def header_values(headers)
+        [ content_type(headers),
+          content_md5(headers),
+          (date(headers) or headers['Date'] = Time.now.utc.httpdate)
+        ].join("\n")
+      end
+
+      def content_type(headers)
+        find_header(%w(CONTENT-TYPE CONTENT_TYPE HTTP_CONTENT_TYPE), headers)
+      end
+
+      def date(headers)
+        find_header(%w(DATE HTTP_DATE), headers)
+      end
+
+      def content_md5(headers)
+        find_header(%w(CONTENT-MD5 CONTENT_MD5), headers)
+      end
+
+      def request_path(request)
+        # Try unparsed_uri in case it is a Webrick request
+        path = if request.respond_to?(:unparsed_uri)
+          request.unparsed_uri
+        else
+          request.path
+        end
+
+        path[/^[^?]*/]
+      end
+    end
+
+    @@default_signature_class = CanonicalString
+
+    # Create an AuthHMAC instance using the given credential store
+    #
+    # Credential Store:
+    # * Credential store must respond to the [] method and return a secret for access key id
+    #
+    # Options:
+    # Override default options
+    # *  <tt>:service_id</tt> - Service ID used in the AUTHORIZATION header string. Default is AuthHMAC.
+    # *  <tt>:signature_method</tt> - Proc object that takes request and produces the signature string
+    #                                 used for authentication. Default is CanonicalString.
+    # Examples:
+    #   my_hmac = AuthHMAC.new('access_id1' => 'secret1', 'access_id2' => 'secret2')
+    #
+    #   cred_store = { 'access_id1' => 'secret1', 'access_id2' => 'secret2' }
+    #   options = { :service_id => 'MyApp', :signature_method => lambda { |r| MyRequestString.new(r) } }
+    #   my_hmac = AuthHMAC.new(cred_store, options)
+    #
+    def initialize(credential_store, options = nil)
+      @credential_store = credential_store
+
+      # Defaults
+      @service_id = self.class.name.split(/::/).last
+      @signature_class = @@default_signature_class
+
+      unless options.nil?
+        @service_id = options[:service_id] if options.key?(:service_id)
+        @signature_class = options[:signature] if options.key?(:signature) && options[:signature].is_a?(Class)
+      end
+
+      @signature_method = lambda { |r| @signature_class.send(:new, r) }
+    end
+
+    # Generates canonical signing string for given request
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def AuthHMAC.canonical_string(request, options = nil)
+      self.new(nil, options).canonical_string(request)
+    end
+
+    # Generates signature string for a given secret
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def AuthHMAC.signature(request, secret, options = nil)
+      self.new(nil, options).signature(request, secret)
+    end
+
+    # Signs a request using a given access key id and secret.
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def AuthHMAC.sign!(request, access_key_id, secret, options = nil)
+      credentials = { access_key_id => secret }
+      self.new(credentials, options).sign!(request, access_key_id)
+    end
+
+    # Authenticates a request using HMAC
+    #
+    # Supports same options as AuthHMAC.initialize for overriding service_id and
+    # signature method.
+    #
+    def AuthHMAC.authenticated?(request, access_key_id, secret, options)
+      credentials = { access_key_id => secret }
+      self.new(credentials, options).authenticated?(request)
+    end
+
+    # Signs a request using the access_key_id and the secret associated with that id
+    # in the credential store.
+    #
+    # Signing a requests adds an Authorization header to the request in the format:
+    #
+    #  <service_id> <access_key_id>:<signature>
+    #
+    # where <signature> is the Base64 encoded HMAC-SHA1 of the CanonicalString and the secret.
+    #
+    def sign!(request, access_key_id)
+      secret = @credential_store[access_key_id]
+      raise ArgumentError, "No secret found for key id '#{access_key_id}'" if secret.nil?
+      request['Authorization'] = authorization(request, access_key_id, secret)
+    end
+
+    # Authenticates a request using HMAC
+    #
+    # Returns true if the request has an AuthHMAC Authorization header and
+    # the access id and HMAC match an id and HMAC produced for the secret
+    # in the credential store. Otherwise returns false.
+    #
+    def authenticated?(request)
+      rx = Regexp.new("#{@service_id} ([^:]+):(.+)$")
+      if md = rx.match(authorization_header(request))
+        access_key_id = md[1]
+        hmac = md[2]
+        secret = @credential_store[access_key_id]
+        !secret.nil? && hmac == signature(request, secret)
+      else
+        false
+      end
+    end
+
+    def signature(request, secret)
+      digest = OpenSSL::Digest::Digest.new('sha1')
+      Base64.encode64(OpenSSL::HMAC.digest(digest, secret, canonical_string(request))).strip
+    end
+
+    def canonical_string(request)
+      @signature_method.call(request)
+    end
+
+    def authorization_header(request)
+      find_header(%w(Authorization HTTP_AUTHORIZATION), headers(request))
+    end
+
+    def authorization(request, access_key_id, secret)
+      "#{@service_id} #{access_key_id}:#{signature(request, secret)}"
+    end
+
+  end
+end

data/lib/crash_log/auth_hmac/version.rb

@@ -0,0 +1,5 @@
+module CrashLog
+  class AuthHMAC
+    VERSION = "1.1.2"
+  end
+end

data/lib/crashlog-auth-hmac.rb

@@ -0,0 +1 @@
+require "crash_log/auth_hmac"

data/spec/crash_log/auth_hmac_spec.rb

@@ -0,0 +1,288 @@
+require 'spec_helper'
+require "net/http"
+require 'time'
+require 'active_support'
+
+describe CrashLog::AuthHMAC do
+  # Class for doing a custom signature
+  class CustomSignature < String
+    def initialize(request)
+      self << "Custom signature string: #{request.method}"
+    end
+  end
+
+  def signature(value, secret)
+    digest = OpenSSL::Digest::Digest.new('sha1')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, value)).strip
+  end
+
+  let(:request) {
+    Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+      'content-type' => 'text/plain',
+      'content-md5' => 'blahblah',
+      'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+  }
+
+  describe ".canonical_string" do
+    it "should generate a canonical string using default method" do
+      CrashLog::AuthHMAC.canonical_string(request).should == "PUT\ntext/plain\nblahblah\nThu, 10 Jul 2008 03:29:56 GMT\n/path/to/put"
+    end
+  end
+
+  describe ".signature" do
+    it "should generate a valid signature string for a secret" do
+      CrashLog::AuthHMAC.signature(request, 'secret').should == "71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+  end
+
+  describe ".sign!" do
+    it "should sign using the key passed in as a parameter" do
+     CrashLog::AuthHMAC.sign!(request, "my-key-id", "secret")
+     request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom service id" do
+      CrashLog::AuthHMAC.sign!(request, "my-key-id", "secret", { :service_id => 'MyService' })
+      request['Authorization'].should == "MyService my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+    end
+
+    it "should sign using custom signature method" do
+      options = {
+        :service_id => 'MyService',
+        :signature => CustomSignature
+      }
+      CrashLog::AuthHMAC.sign!(request, "my-key-id", "secret", options)
+      request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+    end
+  end
+
+  describe "#sign!" do
+    before(:each) do
+      @get_request = Net::HTTP::Get.new("/")
+      @put_request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+        'content-type' => 'text/plain',
+        'content-md5' => 'blahblah',
+        'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+       @store = mock('store')
+      @store.stub!(:[]).and_return("")
+      @authhmac = CrashLog::AuthHMAC.new(@store)
+    end
+
+    describe "default AuthHMAC with CanonicalString signature" do
+      it "should add an Authorization header" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request.key?("Authorization").should be_true
+      end
+
+      it "should fetch the secret from the store" do
+        @store.should_receive(:[]).with('key-id').and_return('secret')
+        @authhmac.sign!(@get_request, 'key-id')
+      end
+
+      it "should prefix the Authorization Header with AuthHMAC" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC /)
+      end
+
+      it "should include the key id as the first part of the Authorization header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^AuthHMAC key-id:/)
+      end
+
+      it "should include the base64 encoded HMAC signature as the last part of the header value" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/:[A-Za-z0-9+\/]{26,28}[=]{0,2}$/)
+      end
+
+      it "should create a complete signature" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "AuthHMAC my-key-id:71wAJM4IIu/3o6lcqx/tw7XnAJs="
+      end
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+         @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+        @authhmac = CrashLog::AuthHMAC.new(@store, @options)
+      end
+
+      it "should prefix the Authorization header with custom service id" do
+        @authhmac.sign!(@get_request, 'key-id')
+        @get_request['Authorization'].should match(/^MyService /)
+      end
+
+      it "should create a complete signature using options" do
+        @store.should_receive(:[]).with('my-key-id').and_return('secret')
+        @authhmac.sign!(@put_request, "my-key-id")
+        @put_request['Authorization'].should == "MyService my-key-id:/L4N1v1BZSHfAYkQjsvZn696D9c="
+      end
+    end
+  end
+
+  describe "authenticated?" do
+    before(:each) do
+      @credentials = {
+        "access key 1" => 'secret1',
+        "access key 2" => 'secret2'
+      }
+      @authhmac = CrashLog::AuthHMAC.new(@credentials)
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
+    it "should return false when there is no Authorization Header" do
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the Authorization value isn't prefixed with HMAC" do
+      @request['Authorization'] = "id:secret"
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the access key id can't be found" do
+      @request['Authorization'] = 'AuthHMAC missing-key:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when there is no hmac" do
+      @request['Authorization'] = 'AuthHMAC missing-key:'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false when the hmac doesn't match" do
+      @request['Authorization'] = 'AuthHMAC access key 1:blah'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return false if the request was modified after signing" do
+      @authhmac.sign!(@request, 'access key 1')
+      @request.content_type = 'text/plain'
+      @authhmac.authenticated?(@request).should be_false
+    end
+
+    it "should return true when the hmac does match" do
+      @authhmac.sign!(@request, 'access key 1')
+      @authhmac.authenticated?(@request).should be_true
+    end
+
+    describe "custom signatures" do
+      before(:each) do
+        @options = {
+          :service_id => 'MyService',
+          :signature => CustomSignature
+        }
+      end
+
+      it "should return false for invalid service id" do
+        @authhmac.sign!(@request, 'access key 1')
+        @options.delete(:signature)
+        CrashLog::AuthHMAC.new(@credentials, @options).authenticated?(@request).should be_false
+      end
+
+      it "should return false for request using default CanonicalString signature" do
+        @authhmac.sign!(@request, 'access key 1')
+        @options.delete(:service_id)
+        CrashLog::AuthHMAC.new(@credentials, @options).authenticated?(@request).should be_false
+      end
+
+      it "should return true when valid" do
+        @authhmac = CrashLog::AuthHMAC.new(@credentials, @options)
+        @authhmac.sign!(@request, 'access key 1')
+        @authhmac.authenticated?(@request).should be_true
+      end
+    end
+  end
+
+  describe "#sign! with YAML credentials" do
+    before(:each) do
+      credentials = {
+        "access key 1" => 'secret1',
+        "access key 2" => 'secret2'
+      }
+      @authhmac = CrashLog::AuthHMAC.new(credentials)
+      @request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo", 'date' => "Thu, 10 Jul 2008 03:29:56 GMT")
+    end
+
+    it "should raise an argument error if credentials are missing" do
+      lambda { @authhmac.sign!(@request, 'missing') }.should raise_error(ArgumentError)
+    end
+
+    it "should sign with the secret" do
+      @authhmac.sign!(@request, "access key 1")
+      @request['Authorization'].should == "AuthHMAC access key 1:ovwO0OBERuF3/uR3aowaUCkFMiE="
+    end
+
+    it "should sign with the other secret" do
+      @authhmac.sign!(@request, "access key 2")
+      @request['Authorization'].should == "AuthHMAC access key 2:vT010RQm4IZ6+UCVpK2/N0FLpLw="
+    end
+  end
+
+  describe CrashLog::AuthHMAC::CanonicalString do
+    it "should include the http verb when it is GET" do
+      request = Net::HTTP::Get.new("/")
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/GET/)
+    end
+
+    it "should include the http verb when it is POST" do
+      request = Net::HTTP::Post.new("/")
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/POST/)
+    end
+
+    it "should include the content-type" do
+      request = Net::HTTP::Put.new("/", {'Content-Type' => 'application/xml'})
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/application\/xml/)
+    end
+
+    it "should include the content-type even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'cOntent-type' => 'text/html'})
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/text\/html/)
+    end
+
+    it "should include the content-md5" do
+      request = Net::HTTP::Put.new("/", {'Content-MD5' => 'skwkend'})
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/skwkend/)
+    end
+
+    it "should include the content-md5 even if the case is messed up" do
+      request = Net::HTTP::Put.new("/", {'content-md5' => 'adsada'})
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/adsada/)
+    end
+
+    it "should include the date" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/", {'Date' => date})
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/#{date}/)
+    end
+
+    it "should include the request path" do
+      request = Net::HTTP::Get.new("/path/to/file")
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/\/path\/to\/file[^?]?/)
+    end
+
+    it "should ignore the query string of the request path" do
+      request = Net::HTTP::Get.new("/other/path/to/file?query=foo")
+      CrashLog::AuthHMAC::CanonicalString.new(request).should match(/\/other\/path\/to\/file[^?]?/)
+    end
+
+    it "should build the correct string" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Put.new("/path/to/put?foo=bar&bar=foo",
+                                    'content-type' => 'text/plain',
+                                    'content-md5' => 'blahblah',
+                                    'date' => date)
+      CrashLog::AuthHMAC::CanonicalString.new(request).should == "PUT\ntext/plain\nblahblah\n#{date}\n/path/to/put"
+    end
+
+    it "should build the correct string when some elements are missing" do
+      date = Time.now.httpdate
+      request = Net::HTTP::Get.new("/path/to/get?foo=bar&bar=foo",
+                                    'date' => date)
+      CrashLog::AuthHMAC::CanonicalString.new(request).should == "GET\n\n\n#{date}\n/path/to/get"
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require "crash_log"
+
+Dir[File.expand_path("../support/*.rb", __FILE__)].each { |file| require file }
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+end
+

metadata

@@ -0,0 +1,60 @@
+--- !ruby/object:Gem::Specification
+name: crashlog-auth-hmac
+version: !ruby/object:Gem::Version
+  version: 1.1.2
+  prerelease: 
+platform: ruby
+authors:
+- Ivan Vanderbyl
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-08-05 00:00:00.000000000 Z
+dependencies: []
+description: A Ruby Gem for authenticating HTTP requests using a HMAC
+email:
+- ivan@crashlog.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- crashlog-auth-hmac.gemspec
+- lib/crash_log.rb
+- lib/crash_log/auth_hmac.rb
+- lib/crash_log/auth_hmac/version.rb
+- lib/crashlog-auth-hmac.rb
+- spec/crash_log/auth_hmac_spec.rb
+- spec/spec_helper.rb
+homepage: http://crashlog.io
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: A Ruby Gem for authenticating HTTP requests using a HMAC
+test_files:
+- spec/crash_log/auth_hmac_spec.rb
+- spec/spec_helper.rb