cyclid-core 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8ae5e120afdbe2e4dc79c0106ab71fb478018cda
+  data.tar.gz: 703042beb35a28c7b69912f152c6c82c77690af1
+SHA512:
+  metadata.gz: 3e8dcb8faabca9d3398d15dd307c1772beebceb1a906d46001cc7b2d711c0b52f71557b6d4eb7f1f55ba0dc5d5d6caa319c109c1c8ba577066a875cc372c4ce1
+  data.tar.gz: f7baace3ced717be03739b144aec4fffdb3fa0b36abbf988c3e4d662588a00e8c08c484fb77bc71d74f7773efddfd13799621e74abe43419a7cdfdea64e2be11

data/LICENSE

@@ -0,0 +1,199 @@
+                            Apache License
+                       Version 2.0, January 2004
+                    http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+  "License" shall mean the terms and conditions for use, reproduction,
+  and distribution as defined by Sections 1 through 9 of this document.
+
+  "Licensor" shall mean the copyright owner or entity authorized by
+  the copyright owner that is granting the License.
+
+  "Legal Entity" shall mean the union of the acting entity and all
+  other entities that control, are controlled by, or are under common
+  control with that entity. For the purposes of this definition,
+  "control" means (i) the power, direct or indirect, to cause the
+  direction or management of such entity, whether by contract or
+  otherwise, or (ii) ownership of fifty percent (50%) or more of the
+  outstanding shares, or (iii) beneficial ownership of such entity.
+
+  "You" (or "Your") shall mean an individual or Legal Entity
+  exercising permissions granted by this License.
+
+  "Source" form shall mean the preferred form for making modifications,
+  including but not limited to software source code, documentation
+  source, and configuration files.
+
+  "Object" form shall mean any form resulting from mechanical
+  transformation or translation of a Source form, including but
+  not limited to compiled object code, generated documentation,
+  and conversions to other media types.
+
+  "Work" shall mean the work of authorship, whether in Source or
+  Object form, made available under the License, as indicated by a
+  copyright notice that is included in or attached to the work
+  (an example is provided in the Appendix below).
+
+  "Derivative Works" shall mean any work, whether in Source or Object
+  form, that is based on (or derived from) the Work and for which the
+  editorial revisions, annotations, elaborations, or other modifications
+  represent, as a whole, an original work of authorship. For the purposes
+  of this License, Derivative Works shall not include works that remain
+  separable from, or merely link (or bind by name) to the interfaces of,
+  the Work and Derivative Works thereof.
+
+  "Contribution" shall mean any work of authorship, including
+  the original version of the Work and any modifications or additions
+  to that Work or Derivative Works thereof, that is intentionally
+  submitted to Licensor for inclusion in the Work by the copyright owner
+  or by an individual or Legal Entity authorized to submit on behalf of
+  the copyright owner. For the purposes of this definition, "submitted"
+  means any form of electronic, verbal, or written communication sent
+  to the Licensor or its representatives, including but not limited to
+  communication on electronic mailing lists, source code control systems,
+  and issue tracking systems that are managed by, or on behalf of, the
+  Licensor for the purpose of discussing and improving the Work, but
+  excluding communication that is conspicuously marked or otherwise
+  designated in writing by the copyright owner as "Not a Contribution."
+
+  "Contributor" shall mean Licensor and any individual or Legal Entity
+  on behalf of whom a Contribution has been received by Licensor and
+  subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+  this License, each Contributor hereby grants to You a perpetual,
+  worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+  copyright license to reproduce, prepare Derivative Works of,
+  publicly display, publicly perform, sublicense, and distribute the
+  Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+  this License, each Contributor hereby grants to You a perpetual,
+  worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+  (except as stated in this section) patent license to make, have made,
+  use, offer to sell, sell, import, and otherwise transfer the Work,
+  where such license applies only to those patent claims licensable
+  by such Contributor that are necessarily infringed by their
+  Contribution(s) alone or by combination of their Contribution(s)
+  with the Work to which such Contribution(s) was submitted. If You
+  institute patent litigation against any entity (including a
+  cross-claim or counterclaim in a lawsuit) alleging that the Work
+  or a Contribution incorporated within the Work constitutes direct
+  or contributory patent infringement, then any patent licenses
+  granted to You under this License for that Work shall terminate
+  as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+  Work or Derivative Works thereof in any medium, with or without
+  modifications, and in Source or Object form, provided that You
+  meet the following conditions:
+
+  (a) You must give any other recipients of the Work or
+      Derivative Works a copy of this License; and
+
+  (b) You must cause any modified files to carry prominent notices
+      stating that You changed the files; and
+
+  (c) You must retain, in the Source form of any Derivative Works
+      that You distribute, all copyright, patent, trademark, and
+      attribution notices from the Source form of the Work,
+      excluding those notices that do not pertain to any part of
+      the Derivative Works; and
+
+  (d) If the Work includes a "NOTICE" text file as part of its
+      distribution, then any Derivative Works that You distribute must
+      include a readable copy of the attribution notices contained
+      within such NOTICE file, excluding those notices that do not
+      pertain to any part of the Derivative Works, in at least one
+      of the following places: within a NOTICE text file distributed
+      as part of the Derivative Works; within the Source form or
+      documentation, if provided along with the Derivative Works; or,
+      within a display generated by the Derivative Works, if and
+      wherever such third-party notices normally appear. The contents
+      of the NOTICE file are for informational purposes only and
+      do not modify the License. You may add Your own attribution
+      notices within Derivative Works that You distribute, alongside
+      or as an addendum to the NOTICE text from the Work, provided
+      that such additional attribution notices cannot be construed
+      as modifying the License.
+
+  You may add Your own copyright statement to Your modifications and
+  may provide additional or different license terms and conditions
+  for use, reproduction, or distribution of Your modifications, or
+  for any such Derivative Works as a whole, provided Your use,
+  reproduction, and distribution of the Work otherwise complies with
+  the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+  any Contribution intentionally submitted for inclusion in the Work
+  by You to the Licensor shall be under the terms and conditions of
+  this License, without any additional terms or conditions.
+  Notwithstanding the above, nothing herein shall supersede or modify
+  the terms of any separate license agreement you may have executed
+  with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+  names, trademarks, service marks, or product names of the Licensor,
+  except as required for reasonable and customary use in describing the
+  origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+  agreed to in writing, Licensor provides the Work (and each
+  Contributor provides its Contributions) on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+  implied, including, without limitation, any warranties or conditions
+  of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+  PARTICULAR PURPOSE. You are solely responsible for determining the
+  appropriateness of using or redistributing the Work and assume any
+  risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+  whether in tort (including negligence), contract, or otherwise,
+  unless required by applicable law (such as deliberate and grossly
+  negligent acts) or agreed to in writing, shall any Contributor be
+  liable to You for damages, including any direct, indirect, special,
+  incidental, or consequential damages of any character arising as a
+  result of this License or out of the use or inability to use the
+  Work (including but not limited to damages for loss of goodwill,
+  work stoppage, computer failure or malfunction, or any and all
+  other commercial damages or losses), even if such Contributor
+  has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+  the Work or Derivative Works thereof, You may choose to offer,
+  and charge a fee for, acceptance of support, warranty, indemnity,
+  or other liability obligations and/or rights consistent with this
+  License. However, in accepting such obligations, You may act only
+  on Your own behalf and on Your sole responsibility, not on behalf
+  of any other Contributor, and only if You agree to indemnify,
+  defend, and hold each Contributor harmless for any liability
+  incurred by, or claims asserted against, such Contributor by reason
+  of your accepting any such warranty or additional liability.
+
+Cyclid-core includes code from warden-hmac-authentication, which is
+licensed under the MIT license:
+
+Copyright (c) 2011 Florian Gilcher <florian.gilcher@asquera.de>,
+                   Felix Gilcher <felix.gilcher@asquera.de>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,12 @@
+# Cyclid Core
+
+This Gem contains files which are shared between the Cyclid API & Cyclid client.
+
+## hmac.rb
+
+HMAC method signing class, which originated from the warden-hmac-authentication Gem.
+
+## constants.rb and errors.rb
+
+Constant definitions for error codes and job statuses, along with human readable string mappings for converting codes to human readable text.
+

data/lib/cyclid/constants.rb

@@ -0,0 +1,53 @@
+#  Copyright 2016 Liqwyd Ltd.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Constant values
+    module Constants
+      # Identifiers for job statuses
+      module JobStatus
+        # Submitted
+        NEW = 0
+        # Runner has started, waiting for build host
+        WAITING = 1
+        # Runner has started
+        STARTED = 2
+        # Job has had a failed stage
+        FAILING = 3
+
+        # Job succeeded
+        SUCCEEDED = 10
+        # Job failed
+        FAILED = 11
+      end
+
+      # Human readable job status strings
+      JOB_STATUSES = {
+        JobStatus::NEW => 'New',
+        JobStatus::WAITING => 'Waiting',
+        JobStatus::STARTED => 'Started',
+        JobStatus::FAILING => 'Failing',
+        JobStatus::SUCCEEDED => 'Succeeded',
+        JobStatus::FAILED => 'Failed'
+      }.freeze
+
+      # Other one-off constants
+      #
+      # Default size for generating RSA key pairs
+      RSA_KEY_LENGTH = 2048
+    end
+  end
+end

data/lib/cyclid/errors.rb

@@ -0,0 +1,77 @@
+#  Copyright 2016 Liqwyd Ltd.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Error codes, for REST etc. statuses
+    module Errors
+      # Identifiers for HTTP JSON error bodies
+      module HTTPErrors
+        # Success
+        NO_ERROR = 0
+        # Something caught an exception
+        INTERNAL_ERROR = 1
+        # The JSON in the request body could not be parsed
+        INVALID_JSON = 2
+        # Invalid username or password, or not an admin
+        AUTH_FAILURE = 3
+        # A unique entry already exists
+        DUPLICATE = 4
+
+        # User does not exist
+        INVALID_USER = 10
+        # Organization does not exist
+        INVALID_ORG = 11
+        # Stage does not exist
+        INVALID_STAGE = 12
+        # No plugin found for the given action
+        INVALID_ACTION = 13
+        # Job definition is incorrect or does not exist
+        INVALID_JOB = 14
+        # Requested plugin does not exist
+        INVALID_PLUGIN = 15
+        # Could not get a configuration for the given plugin
+        INVALID_PLUGIN_CONFIG = 16
+
+        # API plugin request failed
+        PLUGIN_ERROR = 20
+      end
+
+      # Human readable error strings
+      ERROR_MESSAGES = {
+        HTTPErrors::NO_ERROR => 'Success',
+        HTTPErrors::INTERNAL_ERROR => 'Internal error',
+        HTTPErrors::INVALID_JSON => 'The JSON in the request body could not be parsed',
+        HTTPErrors::AUTH_FAILURE => 'Invalid username or password, or not an admin',
+        HTTPErrors::DUPLICATE => 'Entry already exists',
+        HTTPErrors::INVALID_USER => 'User does not exist',
+        HTTPErrors::INVALID_ORG => 'Organization does not exist',
+        HTTPErrors::INVALID_STAGE => 'Stage does not exist',
+        HTTPErrors::INVALID_ACTION => 'No plugin found for the given action',
+        HTTPErrors::INVALID_JOB => 'Job definition is incorrect or does not exist',
+        HTTPErrors::INVALID_PLUGIN => 'Requested plugin does not exist',
+        HTTPErrors::INVALID_PLUGIN_CONFIG => 'Could not get a configuration for the given plugin',
+        HTTPErrors::PLUGIN_ERROR => 'API plugin request failed'
+      }.freeze
+    end
+
+    # Internal exceptions
+    module Exceptions
+      # Base class for all internal Cyclid exceptions
+      class CyclidError < StandardError
+      end
+    end
+  end
+end

data/lib/cyclid/hmac.rb

@@ -0,0 +1,268 @@
+# rubocop:disable Metrics/LineLength, Style/FormatString
+#
+# Copyright (c) 2011 Florian Gilcher <florian.gilcher@asquera.de>, Felix Gilcher <felix.gilcher@asquera.de>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'openssl'
+require 'rack/utils'
+
+module Cyclid
+  # Container for the HMAC authentication code
+  module HMAC
+    # Helper class that provides signing capabilites for the hmac strategies.
+    #
+    # @author Felix Gilcher <felix.gilcher@asquera.de>
+    class Signer
+      attr_accessor :secret, :algorithm, :default_opts
+
+      # HMAC defaults
+      DEFAULT_OPTS = {
+        auth_scheme: 'HMAC',
+        auth_param: 'auth',
+        auth_header: 'Authorization',
+        auth_header_format: '%{auth_scheme} %{signature}',
+        query_based: false,
+        use_alternate_date_header: false,
+        extra_auth_params: {},
+        ignore_params: []
+      }.freeze
+
+      # create a new HMAC instance
+      #
+      # @param [String] algorithm   The hashing-algorithm to use. See the openssl documentation for valid values.
+      # @param [Hash] default_opts  The default options for all calls that take opts
+      #
+      # @option default_opts [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
+      # @option default_opts [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
+      # @option default_opts [String]             :auth_header ('Authorization') The name of the authorization header to use
+      # @option default_opts [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
+      # @option default_opts [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
+      # @option default_opts [String]             :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
+      # @option default_opts [Bool]               :query_based (false) Whether to use query based authentication
+      # @option default_opts [Bool]               :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+      # @option default_opts [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+      # @option default_opts [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
+      #
+      def initialize(algorithm = 'sha256', default_opts = {})
+        self.algorithm = algorithm
+        default_opts[:nonce_header] ||= 'X-%{scheme}-Nonce' % { scheme: (default_opts[:auth_scheme] || 'HMAC') }
+        default_opts[:alternate_date_header] ||= 'X-%{scheme}-Date' % { scheme: (default_opts[:auth_scheme] || 'HMAC') }
+        self.default_opts = DEFAULT_OPTS.merge(default_opts)
+      end
+
+      # Generate the signature from a hash representation
+      #
+      # returns nil if no secret or an empty secret was given
+      #
+      # @param [Hash] params the parameters to create the representation with
+      # @option params [String] :secret The secret to generate the signature with
+      # @option params [String] :method The HTTP Verb of the request
+      # @option params [String] :date The date of the request as it was formatted in the request
+      # @option params [String] :nonce ('') The nonce given in the request
+      # @option params [String] :path The path portion of the request
+      # @option params [Hash]   :query ({}) The query parameters given in the request. Must not contain the auth param.
+      # @option params [Hash]   :headers ({}) All headers given in the request (optional and required)
+      # @option params [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
+      # @option params [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
+      # @option params [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+      # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
+      # @option params [String]             :auth_header ('Authorization') The name of the authorization header to use
+      # @option params [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
+      # @option params [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
+      # @option params [String]             :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
+      # @option params [Bool]               :query_based (false) Whether to use query based authentication
+      # @option params [Bool]               :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+      #
+      # @return [String] the signature
+      def generate_signature(params)
+        secret = params.delete(:secret)
+
+        # jruby stumbles over empty secrets, we regard them as invalid anyways, so we return an empty digest if no scret was given
+        if '' == secret.to_s
+          nil
+        else
+          OpenSSL::HMAC.hexdigest(algorithm, secret, canonical_representation(params))
+        end
+      end
+
+      # compares the given signature with the signature created from a hash representation
+      #
+      # @param [String] signature the signature to compare with
+      # @param [Hash] params the parameters to create the representation with
+      # @option params [String] :secret The secret to generate the signature with
+      # @option params [String] :method The HTTP Verb of the request
+      # @option params [String] :date The date of the request as it was formatted in the request
+      # @option params [String] :nonce ('') The nonce given in the request
+      # @option params [String] :path The path portion of the request
+      # @option params [Hash]   :query ({}) The query parameters given in the request. Must not contain the auth param.
+      # @option params [Hash]   :headers ({}) All headers given in the request (optional and required)
+      # @option params [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
+      # @option params [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
+      # @option params [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+      # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
+      # @option params [String]             :auth_header ('Authorization') The name of the authorization header to use
+      # @option params [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
+      # @option params [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
+      # @option params [String]             :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
+      # @option params [Bool]               :query_based (false) Whether to use query based authentication
+      # @option params [Bool]               :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+      #
+      # @return [Bool] true if the signature matches
+      def validate_signature(signature, params)
+        compare_hashes(signature, generate_signature(params))
+      end
+
+      # generates the canonical representation for a given request
+      #
+      # @param [Hash] params the parameters to create the representation with
+      # @option params [String] :method The HTTP Verb of the request
+      # @option params [String] :date The date of the request as it was formatted in the request
+      # @option params [String] :nonce ('') The nonce given in the request
+      # @option params [String] :path The path portion of the request
+      # @option params [Hash]   :query ({}) The query parameters given in the request. Must not contain the auth param.
+      # @option params [Hash]   :headers ({}) All headers given in the request (optional and required)
+      # @option params [String] :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
+      # @option params [String] :auth_param ('auth')   The name of the authentication param to use for query based authentication
+      # @option params [Hash]   :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+      # @option params [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
+      # @option params [String] :auth_header ('Authorization') The name of the authorization header to use
+      # @option params [String] :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
+      # @option params [String] :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
+      # @option params [String] :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
+      # @option params [Bool]   :query_based (false) Whether to use query based authentication
+      # @option params [Bool]   :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+      #
+      # @return [String] the canonical representation
+      def canonical_representation(params)
+        rep = ''
+
+        rep << "#{params[:method].upcase}\n"
+        rep << "date:#{params[:date]}\n"
+        rep << "nonce:#{params[:nonce]}\n"
+
+        (params[:headers] || {}).sort.each do |pair|
+          name, value = *pair
+          rep << "#{name.downcase}:#{value}\n"
+        end
+
+        rep << params[:path]
+
+        p = (params[:query] || {}).dup
+
+        unless p.empty?
+          query = p.sort.map do |key, value|
+            '%{key}=%{value}' % {
+              key: Rack::Utils.unescape(key.to_s),
+              value: Rack::Utils.unescape(value.to_s)
+            }
+          end.join('&')
+          rep << "?#{query}"
+        end
+
+        rep
+      end
+
+      # sign the given request
+      #
+      # @param [String] url     The url of the request
+      # @param [String] secret  The shared secret for the signature
+      # @param [Hash]   opts    Options for the signature generation
+      #
+      # @option opts [String]             :nonce ('')           The nonce to use in the signature
+      # @option opts [String, #strftime]  :date (Time.now)      The date to use in the signature
+      # @option opts [Hash]               :headers ({})         A list of optional headers to include in the signature
+      # @option opts [String,Symbol]      :method ('GET')       The HTTP method to use in the signature
+      #
+      # @option opts [String]             :auth_scheme ('HMAC')   The name of the authorization scheme used in the Authorization header and to construct various header-names
+      # @option opts [String]             :auth_param ('auth')   The name of the authentication param to use for query based authentication
+      # @option opts [Hash]               :extra_auth_params ({}) Additional parameters to inject in the auth parameter
+      # @option opts [Array<Symbol>]      :ignore_params ([]) Params to ignore for signing
+      # @option opts [String]             :auth_header ('Authorization') The name of the authorization header to use
+      # @option opts [String]             :auth_header_format ('%{auth_scheme} %{signature}') The format of the authorization header. Will be interpolated with the given options and the signature.
+      # @option opts [String]             :nonce_header ('X-#{auth_scheme}-Nonce') The header name for the request nonce
+      # @option opts [String]             :alternate_date_header ('X-#{auth_scheme}-Date') The header name for the alternate date header
+      # @option opts [Bool]               :query_based (false) Whether to use query based authentication
+      # @option opts [Bool]               :use_alternate_date_header (false) Use the alternate date header instead of `Date`
+      #
+      def sign_request(url, secret, opts = {})
+        opts = default_opts.merge(opts)
+
+        uri = parse_url(url)
+        headers = opts[:headers] || {}
+
+        date = opts[:date] || Time.now.gmtime
+        date = date.gmtime.strftime('%a, %d %b %Y %T GMT') if date.respond_to? :strftime
+
+        method = opts[:method] ? opts[:method].to_s.upcase : 'GET'
+
+        query_values = Rack::Utils.parse_nested_query(uri.query)
+
+        if query_values
+          query_values.delete_if do |k, _v|
+            opts[:ignore_params].one? { |param| (k == param) || (k == param.to_s) }
+          end
+        end
+
+        signature = generate_signature(secret: secret, method: method, path: uri.path, date: date, nonce: opts[:nonce], query: query_values, headers: opts[:headers], ignore_params: opts[:ignore_params])
+
+        if opts[:query_based]
+          auth_params = opts[:extra_auth_params].merge('date' => date,
+                                                       'signature' => signature)
+          auth_params[:nonce] = opts[:nonce] unless opts[:nonce].nil?
+
+          query_values ||= {}
+          query_values[opts[:auth_param]] = auth_params
+          uri.query = Rack::Utils.build_nested_query(query_values)
+        else
+          headers[opts[:auth_header]]   = opts[:auth_header_format] % opts.merge(signature: signature)
+          headers[opts[:nonce_header]]  = opts[:nonce] unless opts[:nonce].nil?
+
+          if opts[:use_alternate_date_header]
+            headers[opts[:alternate_date_header]] = date
+          else
+            headers['Date'] = date
+          end
+        end
+
+        [headers, uri.to_s]
+      end
+
+      private
+
+      # compares two hashes in a manner that's invulnerable to timing sidechannel attacks (see issue #16)
+      # by comparing them characterwise up to the end in all cases, no matter where the mismatch happens
+      # short circuits if the length does not match since this does not allow timing sidechannel attacks.
+      def compare_hashes(presented, computed)
+        if computed.length == presented.length
+          computed.chars.zip(presented.chars).map { |x, y| x == y }.all?
+        else
+          false
+        end
+      end
+
+      # parse url if url parameter is string do nothing if parameter is URI
+      def parse_url(url)
+        return url if url.is_a?(URI)
+        URI.parse(url)
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,63 @@
+--- !ruby/object:Gem::Specification
+name: cyclid-core
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Kristian Van Der Vliet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+description: Core files (shared between the Client & Server) for Cyclid
+email: vanders@liqwyd.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/cyclid/constants.rb
+- lib/cyclid/errors.rb
+- lib/cyclid/hmac.rb
+homepage: 
+licenses:
+- MIT
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Core files for Cyclid
+test_files: []