ey-hmac 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 993156b2650af65ee323f3a1f5715c6fff44508d
-  data.tar.gz: 464d21118f68dc3513db89c2fcbaff3ddbf677d4
+  metadata.gz: '0238feeb2cc5fd246c384cc561dfe669927b90a2'
+  data.tar.gz: dac7a783530d2cc92a0364a91b32ac14d3023152
 SHA512:
-  metadata.gz: 16ded2fdf25966104d2dfe09ddfdf19a6a5a1ef6b1e140d9ea6aecb3b721826a288055b106266b56cb2594a31606eaeae49503fa4590b7e779212e5885956b80
-  data.tar.gz: 0a3b84006e99a02540e5e4a90f61015d2ad336652f63055f9c1c666e28ff86b11fce45ac86bad23ea7e4da4fffb526b18c0e7cf84eb6f22db78adccdde18c807
+  metadata.gz: 7353c7b1566e27ab95079204359fd5b1c72a455b8db7291f52674015fe7969741b0c9b8fbb4d0959b3c22c4559341289ed2ec4320f48a04d3b6a44a0b8a697e2
+  data.tar.gz: d101baf710250442ea05b29699e7d6f0922784b6fe83342a34f23b0df4defbc35e3ae4ae5c1a98378fbb343ab3b5926840881dbb431e887d0e13e03360923cbb

data/.travis.yml

@@ -1,7 +1,7 @@
 ---
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.0.0
+  - 2.2
+  - 2.3
 
 script: bundle exec rspec

data/CHANGELOG.md

@@ -0,0 +1,68 @@
+# Change Log
+
+## [v2.2.0](https://github.com/engineyard/hmac/tree/v2.2.0) (2017-01-09)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v2.1.0...v2.2.0)
+
+**Closed issues:**
+
+- :sha512 and :sha384 [\#4](https://github.com/engineyard/hmac/issues/4)
+
+**Merged pull requests:**
+
+- use Base64\#strict\_encode64 when signing requests [\#5](https://github.com/engineyard/hmac/pull/5) ([lanej](https://github.com/lanej))
+
+## [v2.1.0](https://github.com/engineyard/hmac/tree/v2.1.0) (2015-12-03)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v2.0.2...v2.1.0)
+
+**Merged pull requests:**
+
+- add optional server-side HMAC TTL to prevent replay attacks [\#3](https://github.com/engineyard/hmac/pull/3) ([hudon](https://github.com/hudon))
+
+## [v2.0.2](https://github.com/engineyard/hmac/tree/v2.0.2) (2015-09-17)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v2.0.1...v2.0.2)
+
+## [v2.0.1](https://github.com/engineyard/hmac/tree/v2.0.1) (2015-09-17)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v2.0.0...v2.0.1)
+
+**Merged pull requests:**
+
+- update faraday usage in the readme [\#2](https://github.com/engineyard/hmac/pull/2) ([svarks](https://github.com/svarks))
+
+## [v2.0.0](https://github.com/engineyard/hmac/tree/v2.0.0) (2014-08-09)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v1.0.0...v2.0.0)
+
+## [v1.0.0](https://github.com/engineyard/hmac/tree/v1.0.0) (2014-04-29)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.1.3...v1.0.0)
+
+## [v0.1.3](https://github.com/engineyard/hmac/tree/v0.1.3) (2014-04-29)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.1.2...v0.1.3)
+
+## [v0.1.2](https://github.com/engineyard/hmac/tree/v0.1.2) (2014-04-01)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.1.1...v0.1.2)
+
+**Merged pull requests:**
+
+- Fix deprecated usage of Digest::Digest. [\#1](https://github.com/engineyard/hmac/pull/1) ([ericlathrop](https://github.com/ericlathrop))
+
+## [v0.1.1](https://github.com/engineyard/hmac/tree/v0.1.1) (2014-02-19)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.1.0...v0.1.1)
+
+## [v0.1.0](https://github.com/engineyard/hmac/tree/v0.1.0) (2014-02-18)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.0.5...v0.1.0)
+
+## [v0.0.5](https://github.com/engineyard/hmac/tree/v0.0.5) (2013-10-18)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.0.4...v0.0.5)
+
+## [v0.0.4](https://github.com/engineyard/hmac/tree/v0.0.4) (2013-02-08)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.0.3...v0.0.4)
+
+## [v0.0.3](https://github.com/engineyard/hmac/tree/v0.0.3) (2013-02-06)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.0.2...v0.0.3)
+
+## [v0.0.2](https://github.com/engineyard/hmac/tree/v0.0.2) (2013-02-05)
+[Full Changelog](https://github.com/engineyard/hmac/compare/v0.0.1...v0.0.2)
+
+## [v0.0.1](https://github.com/engineyard/hmac/tree/v0.0.1) (2013-02-05)
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/lib/ey-hmac/adapter.rb

@@ -37,7 +37,9 @@ class Ey::Hmac::Adapter
   # @param [String] signature digest hash function. Defaults to #sign_with
   # @return [String] HMAC signature of {#request}
   def signature(key_secret, digest = self.sign_with)
-    Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new(digest.to_s), key_secret, canonicalize)).strip
+    Base64.strict_encode64(
+      OpenSSL::HMAC.digest(
+        OpenSSL::Digest.new(digest.to_s), key_secret, canonicalize)).strip
   end
 
   # @param [String] key_id public HMAC key
@@ -112,34 +114,30 @@ class Ey::Hmac::Adapter
 
   # @see Ey::Hmac#authenticate!
   def authenticated!(&block)
-    unless authorization_match = AUTHORIZATION_REGEXP.match(authorization_signature)
-      raise(Ey::Hmac::MissingAuthorization, "Failed to parse authorization_signature #{authorization_signature}")
-    end
-
-    key_id          = authorization_match[1]
-    signature_value = authorization_match[2]
+    key_id, signature_value = check_signature!
+    key_secret = block.call(key_id)
 
-    unless key_secret = block.call(key_id)
-      raise(Ey::Hmac::MissingSecret, "Failed to find secret matching #{key_id.inspect}")
+    unless key_secret
+      raise Ey::Hmac::MissingSecret,
+        "Failed to find secret matching #{key_id.inspect}"
     end
 
-    unless @ttl.nil?
-      expiry = Time.parse(date).to_i + @ttl
-      current_time = Time.now.to_i
-      unless expiry > current_time
-        raise(Ey::Hmac::ExpiredHmac, "Signature has expired passed #{expiry}. Current time is #{current_time}")
-      end
-    end
+    check_ttl!
 
-    calculated_signatures = self.accept_digests.map { |ad| signature(key_secret, ad) }
+    calculated_signatures = accept_digests.map { |ad| signature(key_secret, ad) }
+    matching_signature = calculated_signatures.any? { |cs| secure_compare(signature_value, cs) }
 
-    unless calculated_signatures.any? { |cs| secure_compare(signature_value, cs) }
-      raise(Ey::Hmac::SignatureMismatch, "Calculated signature #{signature_value} does not match #{calculated_signatures.inspect} using #{canonicalize.inspect}")
+    unless matching_signature
+      raise Ey::Hmac::SignatureMismatch,
+        "Calculated signature #{signature_value} does not match #{calculated_signatures.inspect} using #{canonicalize.inspect}"
     end
+
     true
   end
   alias authenticate! authenticated!
 
+  protected
+
   # Constant time string comparison.
   # pulled from https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L399
   def secure_compare(a, b)
@@ -151,4 +149,27 @@ class Ey::Hmac::Adapter
     b.each_byte { |v| r |= v ^ l[i+=1] }
     r == 0
   end
+
+  def check_ttl!
+    if @ttl && date
+      expiry       = Time.parse(date).to_i + @ttl
+      current_time = Time.now.to_i
+
+      unless expiry > current_time
+        raise Ey::Hmac::ExpiredHmac,
+          "Signature has expired passed #{expiry}. Current time is #{current_time}"
+      end
+    end
+  end
+
+  def check_signature!
+    authorization_match = AUTHORIZATION_REGEXP.match(authorization_signature)
+
+    unless authorization_match
+      raise Ey::Hmac::MissingAuthorization,
+        "Failed to parse authorization_signature #{authorization_signature}"
+    end
+
+    [authorization_match[1], authorization_match[2]]
+  end
 end

data/lib/ey-hmac/adapter/faraday.rb

@@ -4,21 +4,29 @@ class Ey::Hmac::Adapter::Faraday < Ey::Hmac::Adapter
   end
 
   def content_type
-    %w[CONTENT-TYPE CONTENT_TYPE Content-Type Content_Type].inject(nil) { |r,h| r || request[:request_headers][h] }
+    @content_type ||= find_header(
+      *%w[CONTENT-TYPE CONTENT_TYPE Content-Type Content_Type]
+    )
   end
 
   def content_digest
-    if existing = %w[CONTENT-DIGEST CONTENT_DIGEST Content-Digest Content_Digest].inject(nil) { |r,h| r || request[:request_headers][h] }
-      existing
-    elsif body
-      digestable = if body.respond_to?(:rewind)
-                     body.rewind
-                     body.read.tap { |_| body.rewind }
-                   else
-                     body.to_s
-                   end
-
-      request[:request_headers]['Content-Digest'] = Digest::MD5.hexdigest(digestable)
+    @content_digest ||= find_header(
+      *%w[CONTENT-DIGEST CONTENT_DIGEST Content-Digest Content_Digest]
+    )
+  end
+
+  def set_content_digest
+    return if content_digest
+
+    digestable = if body.respond_to?(:rewind)
+                   body.rewind
+                   body.read.tap { |_| body.rewind }
+                 else
+                   body.to_s
+                 end
+
+    if digestable && digestable != ""
+      @content_digest = request[:request_headers]['Content-Digest'] = Digest::MD5.hexdigest(digestable)
     end
   end
 
@@ -29,8 +37,13 @@ class Ey::Hmac::Adapter::Faraday < Ey::Hmac::Adapter
   end
 
   def date
-    existing = %w[DATE Date].inject(nil) { |r,h| r || request[h] }
-    existing || (request[:request_headers]['Date'] = Time.now.httpdate)
+    find_header(*%w[DATE Date])
+  end
+
+  def set_date
+    unless date
+      request[:request_headers]['Date'] = Time.now.httpdate
+    end
   end
 
   def path
@@ -38,7 +51,8 @@ class Ey::Hmac::Adapter::Faraday < Ey::Hmac::Adapter
   end
 
   def sign!(key_id, key_secret)
-    %w[CONTENT-TYPE CONTENT_TYPE Content-Type Content_Type].inject(nil) { |r,h| request[:request_headers][h] }
+    set_content_digest
+    set_date
 
     if options[:version]
       request[:request_headers]['X-Signature-Version'] = options[:version]
@@ -48,6 +62,14 @@ class Ey::Hmac::Adapter::Faraday < Ey::Hmac::Adapter
   end
 
   def authorization_signature
-    %w[Authorization AUTHORIZATION].inject(nil){|r, h| r || request[:request_headers][h]}
+    find_header(*%w[Authorization AUTHORIZATION])
+  end
+
+  private
+
+  def find_header(*keys)
+    value = nil
+    keys.find { |k| value = request[:request_headers][k] }
+    value
   end
 end

data/lib/ey-hmac/adapter/rack.rb

@@ -3,10 +3,7 @@ require 'rack'
 class Ey::Hmac::Adapter::Rack < Ey::Hmac::Adapter
   def initialize(request, options)
     super
-    @request = if request.is_a?(Hash)
-                 ::Rack::Request.new(request)
-               else request
-               end
+    @request = request.is_a?(Hash) ? ::Rack::Request.new(request) : request
   end
 
   def method
@@ -18,10 +15,12 @@ class Ey::Hmac::Adapter::Rack < Ey::Hmac::Adapter
   end
 
   def content_digest
-    if existing = request.env['HTTP_CONTENT_DIGEST']
-      existing
-    elsif digest = body && Digest::MD5.hexdigest(body)
-      request.env['HTTP_CONTENT_DIGEST'] = digest
+    request.env['HTTP_CONTENT_DIGEST']
+  end
+
+  def set_content_digest
+    if body
+      request.env['HTTP_CONTENT_DIGEST'] = Digest::MD5.hexdigest(body)
     end
   end
 
@@ -36,7 +35,11 @@ class Ey::Hmac::Adapter::Rack < Ey::Hmac::Adapter
   end
 
   def date
-    request.env['HTTP_DATE'] ||= Time.now.httpdate
+    request.env['HTTP_DATE']
+  end
+
+  def set_date
+    request.env['HTTP_DATE'] = Time.now.httpdate
   end
 
   def path
@@ -44,6 +47,9 @@ class Ey::Hmac::Adapter::Rack < Ey::Hmac::Adapter
   end
 
   def sign!(key_id, key_secret)
+    set_date
+    set_content_digest
+
     if options[:version]
       request.env['HTTP_X_SIGNATURE_VERSION'] = options[:version]
     end

data/lib/ey-hmac/version.rb

@@ -1,5 +1,5 @@
 module Ey
   module Hmac
-    VERSION = "2.1.0"
+    VERSION = "2.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ey-hmac
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Josh Lane & Jason Hansen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-03 00:00:00.000000000 Z
+date: 2017-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -47,6 +47,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -83,7 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: Lightweight HMAC signing libraries and middleware for Farday and Rack