heroic-sns 1.0.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ODJhMzlkZTE4ODA5ZWE2ODdmMGNmOTM0M2IxYTFkNWYwMzBlMjVjYw==
+  data.tar.gz: !binary |-
+    MzEyN2NhN2IyMDMzMjQ0NGZjZGJjNzRlOWZiYWNjNzIxMzI2OGRjNA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    OTNmZTE4MGI0YTVjZWM4MTYxNjdmNGFlM2I1OGI1YzZiMmUyM2FhNzdmNzk5
+    YmE4MThiMjNmYmMxZGFjMDBkZDg0N2VhNDVhYzlhMzBjMDU1MjUyOTg3ZGU5
+    NzI1MGIzNTExNzM2MjZiYjU1ZmI2YTYyODNiZjM2OGU3NzcwZmM=
+  data.tar.gz: !binary |-
+    YjJmNmJhZjg1YzFkZDhjODM2YmQ2ZDQ2MWNjZmM5MDRkYjk5ZjYyYmNiY2E2
+    NmQ5ZTczZmE5OTMwYWQyMzhmZWQwZTAwNTNhZGVmOTZlYjIxMjRkODdlMjlm
+    NTUxMmI5ODc0ZWY2YzE0MzEwMmQ5YTA0ODNmYTIzMThjM2IwMjY=

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2013 Heroic Software Inc. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,133 @@
+# Heroic SNS Endpoint
+
+This gem contains a lightweight Rack middleware for AWS Simple Notification
+Service (SNS) endpoints.
+
+SNS messages to your web application are intercepted, parsed, verified, and then
+passed along to your Rack application in the `sns.message` environment key.
+
+If something goes wrong, the error will be passed along in the `sns.error`
+environment key. `Endpoint` does not log any messages itself.
+
+This gem *does not* depend on [aws-sdk][]. In fact, the only dependency it has
+beyond the standard libraries is [rack][]. This is intentional, since AWS
+credentials are not required to receive SNS notifications.
+
+[aws-sdk]: https://github.com/aws/aws-sdk-ruby
+[rack]: http://rack.github.io/
+
+## Overview
+
+1. Install in your middleware stack
+2. Get SNS messages from `env['sns.message']`
+3. Get errors from `env['sns.error']`
+
+## How to use it
+
+Simply add the following to your `config.ru` file:
+
+    use Heroic::SNS::Endpoint, :topics => /:aws-ses-bounces$/
+
+For Rails, you could also install it in `/config/initializers/sns_endpoint.rb`:
+
+    Rails.application.config.middleware.use Heroic::SNS::Endpoint, :topic => ...
+
+The Endpoint class takes an options hash as an argument, and understands these
+options:
+
+`:topic` is required, and provides a filter that defines what SNS topics are
+handled by this endpoint. A message is considered either "on-topic" or
+"off-topic". You can supply any of the following:
+
+- a single topic ARN as a `String`
+- a list of topic ARNs as an `Array` of `String`
+- a `RegExp` which matches on-topic ARNs
+- a `Proc` which accepts an ARN as an argument and returns `true` or `false` for
+  on-topic and off-topic ARNs, respectively.
+
+The key `topics:` also works.
+
+`:auto_confirm` affects how on-topic subscription confirmations are handled.
+
+- If `true`, they are confirmed by retrieving the URL in the `SubscribeURL` field
+  of the SNS message, and your app is not notified.
+- If `false`, they are ignored; your app is also not notified.
+- If `nil`, there is no special handling and the message is passed along to your
+  app.
+  
+The default is `true`.
+
+`:auto_resubscribe` affects how on-topic unsubscribe confirmations are handled.
+
+- If `true`, they topic is automatically re-subscribed by retrieving the URL in
+  the `SubscribeURL` field of the SNS message, and your app is not notified.
+- If `false`, they are ignored and your app is also not notified.
+- If `nil`, there is no special handling and the message is passed along to your
+  app.
+
+The default is `false`.
+
+If you are a control-freak and want no special handling whatsoever, use these
+options:
+
+    use Heroic::SNS::Endpoint, :topics => Proc.new { true }, :auto_confirm => nil, :auto_resubscribe => nil
+
+Then the object will simply parse and verify SNS messages it finds and pass them
+along to your app, taking no action.
+
+Once the middleware is set up, any notifications will be made available in your
+Rack environment under the `sns.message` key. If you are using Rails, your
+controller would have a method like this:
+
+    skip_before_filter :verify_authenticity_token, :only => [:handle_notification]
+
+    def handle_notification
+      if message = request.env['sns.message']
+        # message is an instance of Heroic::SNS::Message
+        payload = JSON.parse(message.body)
+        do_something_awesome(payload)
+      elsif error = request.env['sns.error']
+        raise error # let the warning be logged
+      end
+      head :ok
+    end
+
+You must skip the authenticity token verification to allow Amazon to POST to the
+controller action. Be careful not to disable it for more actions than you need.
+Be sure to disable any authentication checks for that action, too.
+
+## How off-topic notifications are handled
+
+As a security measure, `Endpoint` requires you to set up a topic filter. Any
+notifications that do not match this filter are not passed along to your
+application.
+
+All off-topic messages are ignored with one exception: if the message is a
+regular notification (meaning your app has an active subscription) *and* the
+message can be verified as authentic (by checking its signature), `Endpoint`
+will cancel the subscription by visiting the URL in the `UnsubscribeURL` field
+of the message.
+
+If you would rather make decision about on-topic and off-topic notifications in
+your own code, simply pass `Proc.new { true }` as the topic filter, and all
+messages will be treated as on topic. Be aware that it is dangerous to leave
+`:auto_confirm` enabled with a permissive topic filter, as this will allow
+anyone to subscribe your web app to any SNS notification.
+
+## Receiving multiple notification topics
+
+If you are receiving multiple notifications at multiple endpoint URLs, you should
+only include one instance of the Endpoint in your middleware stack, and ensure
+that its topic filter allows all the notifications you are interested in to pass
+through.
+
+`Endpoint` does not interact with the URL path at all; if you want your
+subscriptions to go to different URLs, simply set them up that way.
+
+## Questions?
+
+You can send me an email at <ben@benzado.com> or Twitter [@benzado][]
+
+[@benzado]: https://twitter.com/benzado
+
+[![Build Status](https://travis-ci.org/benzado/heroic-sns.png?branch=master)](https://travis-ci.org/benzado/heroic-sns)

data/lib/heroic/sns.rb

@@ -0,0 +1,20 @@
+require 'heroic/sns/message'
+require 'heroic/sns/endpoint'
+
+module Heroic
+  module SNS
+
+    class Error < ::StandardError
+
+      # The message that triggered this error, if available.
+      attr_reader :sns_message
+
+      def initialize(error_message, sns_message = nil)
+        super(error_message)
+        @sns_message = sns_message
+      end
+
+    end
+
+  end
+end

data/lib/heroic/sns/endpoint.rb

@@ -0,0 +1,136 @@
+require 'openssl'
+require 'open-uri'
+
+# Heroic::SNS::Endpoint is Rack middleware which intercepts messages from
+# Amazon's Simple Notification Service (SNS). It makes the parsed and verified
+# message available to your application in the Rack environment under the
+# 'sns.message' key. If an error occurred during message handling, the error
+# is available in the Rack environment in the 'sns.error' key.
+
+# Endpoint is to be initialized with a hash of options. It understands three
+# different options:
+# - :topic (or :topics) specifies a filter that defines what SNS topics are
+#   handled by this endpoint ("on-topic"). You can supply any of the following:
+#   - a topic ARN as a String
+#   - a list of topic ARNs as an Array of Strings
+#   - a regular expression matching on-topic ARNs
+#   - a Proc which takes a topic ARN as a String and returns true or false.
+#   You must specify a topic filter. Use Proc.new { true } if you insist on
+#   indiscriminately accepting all notifications.
+# - :auto_confirm determines how SubscriptionConfirmation messages are handled.
+#   If true, the subscription is confirmed and your app is not notified.
+#   If false, the subscription is ignored and your app is not notified.
+#   If nil, the message is passed along to your app.
+
+# You can install this in your config.ru:
+#   use Heroic::SNS::Endpoint, :topics => /whatever/
+
+# For Rails, you can also install it in /config/initializers/sns_endpoint.rb:
+#   Rails.application.config.middleware.use Heroic::SNS::Endpoint, :topic => ...
+
+module Heroic
+  module SNS
+
+    SUBSCRIPTION_ARN_HTTP_HEADER = 'HTTP_X_AMZ_SNS_SUBSCRIPTION_ARN'
+
+    class Endpoint
+
+      DEFAULT_OPTIONS = { :auto_confirm => true, :auto_resubscribe => false }
+
+      def initialize(app, opt = {})
+        @app = app
+        options = DEFAULT_OPTIONS.merge(opt)
+        @auto_confirm = options[:auto_confirm]
+        @auto_resubscribe = options[:auto_resubscribe]
+        if 1 < [:topic, :topics].count { |k| options.has_key?(k) }
+          raise ArgumentError.new("supply zero or one of :topic, :topics")
+        end
+        @topic_filter = begin
+          case a = options[:topic] || options[:topics]
+          when String then Proc.new { |t| a == t }
+          when Regexp then Proc.new { |t| a.match(t) }
+          when Proc then a
+          when Array
+            unless a.all? { |e| e.is_a? String }
+              raise ArgumentError.new("topic array must be strings")
+            end
+            Proc.new { |t| a.include?(t) }
+          when nil
+            raise ArgumentError.new("must specify a topic filter!")
+          else
+            raise ArgumentError.new("can't use topic filter of type #{a.class}")
+          end
+        end
+      end
+
+      def call(env)
+        if topic_arn = env['HTTP_X_AMZ_SNS_TOPIC_ARN']
+          if @topic_filter.call(topic_arn)
+            call_on_topic(env)
+          else
+            call_off_topic(env)
+          end
+        else
+          @app.call(env)
+        end
+      end
+
+      private
+
+      OK_RESPONSE = [200, {'Content-Type' => 'text/plain'}, []]
+
+      # Confirms that values specified in HTTP headers match those in the message
+      # itself.
+      def check_headers!(message, env)
+        h = env.values_at 'HTTP_X_AMZ_SNS_MESSAGE_TYPE', 'HTTP_X_AMZ_SNS_MESSAGE_ID', 'HTTP_X_AMZ_SNS_TOPIC_ARN'
+        m = message.type, message.id, message.topic_arn
+        raise Error.new("message does not match HTTP headers", message) unless h == m
+      end
+
+      # Behavior for "on-topic" messages. Notifications are always passed along
+      # to the app. Confirmations are passed along only if their respective
+      # option is nil. If true, the subscription is confirmed; if false, it is
+      # simply ignored.
+      def call_on_topic(env)
+        begin
+          message = Message.new(env['rack.input'].read)
+          check_headers!(message, env)
+          message.verify!
+          case message.type
+          when 'SubscriptionConfirmation'
+            open(message.subscribe_url) if @auto_confirm
+            return OK_RESPONSE unless @auto_confirm.nil?
+          when 'UnsubscribeConfirmation'
+            open(message.subscribe_url) if @auto_resubscribe
+            return OK_RESPONSE unless @auto_resubscribe.nil?
+          end
+          env['sns.message'] = message
+        rescue OpenURI::HTTPError => e
+          env['sns.error'] = Error.new("unable to subscribe: #{e.message}; URL: #{message.subscribe_url}", message)
+        rescue Error => e
+          env['sns.error'] = e
+        end
+        @app.call(env)
+      end
+
+      # Default behavior for "off-topic" messages. Subscription and unsubscribe
+      # confirmations are simply ignored. Notifications, however, indicate that
+      # we are subscribed to a topic we don't know how to deal with. In this
+      # case, we automatically unsubscribe (if the message is authentic).
+      def call_off_topic(env)
+        if env['HTTP_X_AMZ_SNS_MESSAGE_TYPE'] == 'Notification'
+          begin
+            message = Message.new(env['rack.input'].read)
+            message.verify!
+            open(message.unsubscribe_url)
+          rescue => e
+            raise Error.new("error handling off-topic notification: #{e.message}", message)
+          end
+        end
+        OK_RESPONSE
+      end
+
+    end
+
+  end
+end

data/lib/heroic/sns/message.rb

@@ -0,0 +1,149 @@
+require 'json'
+require 'base64'
+
+module Heroic
+  module SNS
+
+    MAXIMUM_ALLOWED_AGE = 3600 # reject messages older than one hour
+
+    CERTIFICATE_CACHE = Hash.new do |cache, cert_url|
+      begin
+        cert_data = open(cert_url)
+        cache[cert_url] = OpenSSL::X509::Certificate.new(cert_data.read)
+      rescue OpenURI::HTTPError => e
+        raise Error.new("unable to retrieve signing certificate: #{e.message}; URL: #{cert_url}")
+      rescue OpenSSL::X509::CertificateError => e
+        raise Error.new("unable to parse signing certificate: #{e.message}; URL: #{cert_url}")
+      end
+    end
+
+    # Encapsulates an SNS message.
+    # See: http://docs.aws.amazon.com/sns/latest/gsg/json-formats.html
+    class Message
+
+      def initialize(json)
+        @msg = ::JSON.parse(json)
+      rescue JSON::ParserError => e
+        raise Error.new("failed to parse message as JSON: #{e.message}")
+      end
+
+      def type
+        @msg['Type']
+      end
+
+      def topic_arn
+        @msg['TopicArn']
+      end
+
+      def id
+        @msg['MessageId']
+      end
+
+      # The timestamp as a Time object.
+      def timestamp
+        Time.xmlschema(@msg['Timestamp'])
+      end
+
+      def signature_version
+        @msg['SignatureVersion']
+      end
+
+      def signing_cert_url
+        @msg['SigningCertURL']
+      end
+
+      # The message signature data, Base-64 decoded.
+      def signature
+        Base64::decode64(@msg['Signature'])
+      end
+
+      # The message may not have a subject.
+      def subject
+        @msg['Subject']
+      end
+
+      def body
+        @msg['Message']
+      end
+
+      def subscribe_url
+        @msg['SubscribeURL']
+      end
+
+      def unsubscribe_url
+        @msg['UnsubscribeURL']
+      end
+
+      # The token is used to confirm subscriptions via the SNS API. If you visit
+      # the :subscribe_url, you can ignore this field.
+      def token
+        @msg['Token']
+      end
+
+      def ==(other_message)
+        @msg == other_message.instance_variable_get(:@msg)
+      end
+
+      def hash
+        @msg.hash
+      end
+
+      def to_s
+        string = "<SNSMessage:\n"
+        @msg.each do |k,v|
+          string << sprintf("  %s: %s\n", k, v.inspect)
+        end
+        string << ">"
+      end
+
+      def to_json
+        @msg.to_json
+      end
+
+      # Verifies the message signature. Raises an exception if it is not valid.
+      # See: http://docs.aws.amazon.com/sns/latest/gsg/SendMessageToHttp.verify.signature.html
+      def verify!
+        age = Time.now - timestamp
+        raise Errow.new("timestamp is in the future", self) if age < 0
+        raise Error.new("timestamp is too old", self) if age > MAXIMUM_ALLOWED_AGE
+        if signature_version != '1'
+          raise Error.new("unknown signature version: #{signature_version}", self)
+        end
+        if signing_cert_url !~ %r[^https://.*amazonaws\.com/]
+          raise Error.new("signing certificate is not from amazonaws.com", self)
+        end
+        text = string_to_sign # will warn of invalid Type
+        cert = CERTIFICATE_CACHE[signing_cert_url]
+        digest = OpenSSL::Digest::SHA1.new
+        unless cert.public_key.verify(digest, signature, text)
+          raise Error.new("message signature is invalid", self)
+        end
+      end
+
+      private
+
+      CANONICAL_NOTIFICATION_KEYS = %w[Message MessageId Subject Timestamp TopicArn Type].freeze
+
+      CANONICAL_SUBSCRIPTION_KEYS = %w[Message MessageId SubscribeURL Timestamp Token TopicArn Type].freeze
+
+      CANONICAL_KEYS_FOR_TYPE = {
+        'Notification' => CANONICAL_NOTIFICATION_KEYS,
+        'SubscriptionConfirmation' => CANONICAL_SUBSCRIPTION_KEYS,
+        'UnsubscribeConfirmation' => CANONICAL_SUBSCRIPTION_KEYS
+      }.freeze
+
+      def string_to_sign
+        keys = CANONICAL_KEYS_FOR_TYPE[self.type]
+        raise Error.new("unrecognized message type: #{self.type}", self) unless keys
+        string = String.new
+        keys.each do |key|
+          if @msg.has_key?(key) # in case message has no Subject
+            string << key << "\n" << @msg[key] << "\n"
+          end
+        end
+        return string
+      end
+
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,34 @@
+# Generate a self-signed certificate
+# 1. openssl genrsa -out sns.key 1024
+# 2. openssl req -new -key sns.key -out sns.csr
+# 3. openssl x509 -req -days 3652 -in sns.csr -signkey sns.key -out sns.crt
+
+module Heroic
+  module SNS
+
+    TEST_CERT_URL = 'https://sns.test.amazonaws.com/self-signed.pem'
+    TEST_CERT_KEY = OpenSSL::PKey::RSA.new(File.read('test/fixtures/sns.key'))
+
+    CERTIFICATE_CACHE[TEST_CERT_URL] = begin
+      # Insert the certificate in the cache so that these tests aren't dependent
+      # on network access (or the fact that the certificate is fake).
+      cert_data = File.read('test/fixtures/sns.crt')
+      OpenSSL::X509::Certificate.new(cert_data)
+    end
+
+    class Message
+
+      def update_timestamp!(t = Time.now)
+        @msg['Timestamp'] = t.utc.xmlschema(3)
+      end
+
+      def sign!
+        @msg['SigningCertURL'] = TEST_CERT_URL
+        signature = TEST_CERT_KEY.sign(OpenSSL::Digest::SHA1.new, string_to_sign)
+        @msg['Signature'] = Base64::encode64(signature)
+      end
+
+    end
+
+  end
+end

data/test/test_endpoint.rb

@@ -0,0 +1,47 @@
+require 'test/unit'
+require 'heroic/sns'
+require 'helper'
+
+NULL_APP = Proc.new { |env| [0, {}, []] }
+
+class EndpointTest < Test::Unit::TestCase
+
+  def sns(name)
+    json = File.read("test/fixtures/#{name}.json")
+    @msg = Heroic::SNS::Message.new(json)
+    @msg.update_timestamp!
+    @msg.sign!
+    @env = {
+      'HTTP_X_AMZ_SNS_MESSAGE_TYPE' => @msg.type,
+      'HTTP_X_AMZ_SNS_MESSAGE_ID' => @msg.id,
+      'HTTP_X_AMZ_SNS_TOPIC_ARN' => @msg.topic_arn,
+      'HTTP_X_AMZ_SNS_SUBSCRIPTION_ARN' => "#{@msg.topic_arn}:af0d2f29-f4c3-4df2-b7e2-5a096fc772f6",
+      'rack.input' => StringIO.new(@msg.to_json)
+    }
+  end
+
+  def test_no_topic
+    assert_raises ArgumentError do
+      Heroic::SNS::Endpoint.new
+    end
+  end
+
+  def test_receive_message
+    result = [0, {}, []]
+    test = Proc.new do |env|
+      assert_equal env['sns.message'], @msg
+      result
+    end
+    sns('notification')
+    app = Heroic::SNS::Endpoint.new test, :topic => @msg.topic_arn
+    assert_equal result, app.call(@env)
+  end
+
+  def test_ignore_message
+    test = Proc.new { |env| raise "should be unreachable!" }
+    sns('notification')
+    app = Heroic::SNS::Endpoint.new test, :topic => "different-topic"
+    assert_nothing_raised { app.call(@env) }
+  end
+
+end

data/test/test_message.rb

@@ -0,0 +1,63 @@
+require 'test/unit'
+require 'heroic/sns'
+require 'helper'
+
+class MessageTest < Test::Unit::TestCase
+
+  def sns(name, timestamp = Time.now)
+    json = File.read("test/fixtures/#{name}.json")
+    msg = Heroic::SNS::Message.new(json)
+    msg.update_timestamp!(timestamp)
+    msg.sign!
+    return msg
+  end
+
+  def test_invalid_json
+    assert_raises Heroic::SNS::Error do
+      Heroic::SNS::Message.new("INV4L!D JS0N")
+    end
+  end
+
+  def test_notification
+    msg = sns("notification")
+    assert_equal 'Notification', msg.type
+    assert_equal 'arn:aws:sns:us-east-1:777594007835:racktest', msg.topic_arn
+    assert_equal 128, msg.signature.length
+    assert_nothing_raised { msg.verify! }
+  end
+
+  def test_subscription
+    msg = sns("subscription")
+    assert_equal 'SubscriptionConfirmation', msg.type
+    assert_equal 'arn:aws:sns:us-east-1:777594007835:racktest', msg.topic_arn
+    assert_equal 128, msg.signature.length
+    assert_nothing_raised { msg.verify! }
+  end
+
+  def test_unsubscribe
+    msg = sns("unsubscribe")
+    assert_equal 'UnsubscribeConfirmation', msg.type
+    assert_equal 'arn:aws:sns:us-east-1:777594007835:racktest', msg.topic_arn
+    assert_equal 128, msg.signature.length
+    assert_nothing_raised { msg.verify! }
+  end
+
+  def test_tampered
+    json = sns("notification").to_json
+    msg = Heroic::SNS::Message.new(json.gsub(/booyakasha/, 'cowabunga'))
+    assert_equal 'cowabunga!', msg.body
+    assert_raises Heroic::SNS::Error do
+      msg.verify!
+    end
+  end
+
+  def test_expired
+    t = Time.utc(1984, 5)
+    msg = sns("notification", t)
+    assert_equal t, msg.timestamp
+    assert_raises Heroic::SNS::Error do
+      msg.verify!
+    end
+  end
+
+end

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification
+name: heroic-sns
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Benjamin Ragheb
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.4'
+description: ! 'Lightweight Rack middleware for AWS Simple Notification Service (SNS)
+  endpoints.
+
+  SNS messages are intercepted, parsed, verified, and passed along to the Rack
+
+  application in the ''sns.message'' environment key. The gem is designed to be
+
+  lightweight and does not depend on any other gem besides ''rack'' (specifically,
+
+  the ''aws-sdk'' gem is not required).
+
+'
+email: ben@benzado.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- LICENSE
+- lib/heroic/sns/endpoint.rb
+- lib/heroic/sns/message.rb
+- lib/heroic/sns.rb
+- test/helper.rb
+- test/test_endpoint.rb
+- test/test_message.rb
+homepage: https://github.com/benzado/heroic-sns
+licenses:
+- Apache
+metadata: {}
+post_install_message: Thanks for installing!
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.8.7
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Lightweight Rack middleware for AWS SNS endpoints
+test_files: []
+has_rdoc: