hmac_authentication 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6b70792ff95d35d009ad4508ad0a2f023ecad063
+  data.tar.gz: 72a5c827090f6b34193e06f27b8e220fa0df3c8b
+SHA512:
+  metadata.gz: e979ffd7608fb388dff2512da040c43a3811cd28b948fa6bf9ce622e5740a18cea5b6ff490473553c6dc6356cb1f4db16cad8dfa6ac6beb8c30b570e75a57c1e
+  data.tar.gz: f93f9077f46ba1e8e22d89c6cbe286fd7a8d3eee40862565636189ec1cb084b454ea19853e8f10aba33d1c86d286530a962fd55545db2411d0ca3afb5d73c342

data/CONTRIBUTING.md

@@ -0,0 +1,15 @@
+## Welcome!
+
+We're so glad you're thinking about contributing to an 18F open source project! If you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contribution, and don't want a wall of rules to get in the way of that.
+
+Before contributing, we encourage you to read our CONTRIBUTING policy (you are here), our LICENSE, and our README, all of which should be in this repository. If you have any questions, or want to read more about our underlying policies, you can consult the 18F Open Source Policy GitHub repository at https://github.com/18f/open-source-policy, or just shoot us an email/official government letterhead note to [18f@gsa.gov](mailto:18f@gsa.gov).
+
+## Public domain
+
+This project is in the public domain within the United States, and
+copyright and related rights in the work worldwide are waived through
+the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+
+All contributions to this project will be released under the CC0
+dedication. By submitting a pull request, you are agreeing to comply
+with this waiver of copyright interest.

data/LICENSE.md

@@ -0,0 +1,31 @@
+As a work of the United States Government, this project is in the
+public domain within the United States.
+
+Additionally, we waive copyright and related rights in the work
+worldwide through the CC0 1.0 Universal public domain dedication.
+
+## CC0 1.0 Universal Summary
+
+This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
+
+### No Copyright
+
+The person who associated a work with this deed has dedicated the work to
+the public domain by waiving all of his or her rights to the work worldwide
+under copyright law, including all related and neighboring rights, to the
+extent allowed by law.
+
+You can copy, modify, distribute and perform the work, even for commercial
+purposes, all without asking permission.
+
+### Other Information
+
+In no way are the patent or trademark rights of any person affected by CC0,
+nor are the rights that other persons may have in the work or in how the
+work is used, such as publicity or privacy rights.
+
+Unless expressly stated otherwise, the person who associated a work with
+this deed makes no warranties about the work, and disclaims liability for
+all uses of the work, to the fullest extent permitted by applicable law.
+When using or citing the work, you should not imply endorsement by the
+author or the affirmer.

data/README.md

@@ -0,0 +1,49 @@
+# hmac_authentication RubyGem
+
+Signs and validates HTTP requests based on a shared-secret HMAC signature.
+
+## Installation
+
+If you're using [Bundler](http://bundler.io) in your project, add the
+following to your `Gemfile`:
+
+```ruby
+gem 'hmac_authentication'
+```
+
+If you're not using Bundler, start.
+
+## Validating incoming requests
+
+Inject something resembling the following code fragment into your request
+handling logic as the first thing that happens before the request body is
+parsed, where `headers` is a list of headers factored into the signature and
+`secret_key` is the shared secret between your application and the service
+making the request:
+
+```ruby
+require 'hmac_authentication'
+
+def my_handler(request, headers)
+  result, header_signature, computed_signature = (
+    HmacAuthentication.validate_request(request, headers, secret_key))
+  if result != HmacAuthentication::MATCH
+    # Cancel the request, optionally logging the values above.
+  end
+end
+```
+
+## Signing outgoing requests
+
+Call `request_signature(request, headers, secretKey)` to sign a request before
+sending.
+
+## Public domain
+
+This project is in the worldwide [public domain](LICENSE.md). As stated in [CONTRIBUTING](CONTRIBUTING.md):
+
+> This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
+>
+> All contributions to this project will be released under the CC0
+>dedication. By submitting a pull request, you are agreeing to comply
+>with this waiver of copyright interest.

data/lib/hmac_authentication.rb

@@ -0,0 +1,2 @@
+require_relative 'hmac_authentication/signature'
+require_relative 'hmac_authentication/version'

data/lib/hmac_authentication/signature.rb

@@ -0,0 +1,43 @@
+require 'base64'
+require 'openssl'
+
+module HmacAuthentication
+  NO_SIGNATURE = 1
+  INVALID_FORMAT = 2
+  UNSUPPORTED_ALGORITHM = 3
+  MATCH = 4
+  MISMATCH = 5
+
+  def self.signed_headers(request, headers)
+    headers.map { |name| request[name] || '' }
+  end
+
+  def self.string_to_sign(req, headers)
+    # TODO(mbland): Test for paths of the form 'http://foo.com/bar?baz'
+    [req.method, signed_headers(req, headers).join("\n"), req.uri.path]
+      .join("\n")
+  end
+
+  def self.request_signature(request, digest, headers, secret_key)
+    hmac = OpenSSL::HMAC.new secret_key, digest
+    hmac << string_to_sign(request, headers) << (request.body || '')
+    digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest)
+  end
+
+  def self.parse_digest(name)
+    OpenSSL::Digest.new name
+  rescue
+    nil
+  end
+
+  def self.validate_request(request, headers, secret_key)
+    header = request['Gap-Signature']
+    return NO_SIGNATURE unless header
+    components = header.split ' '
+    return INVALID_FORMAT, header unless components.size == 2
+    digest = parse_digest components.first
+    return UNSUPPORTED_ALGORITHM, header unless digest
+    computed = request_signature(request, digest, headers, secret_key)
+    [(header == computed) ? MATCH : MISMATCH, header, computed]
+  end
+end

data/lib/hmac_authentication/version.rb

@@ -0,0 +1,3 @@
+module HmacAuthentication
+  VERSION = '0.0.0'
+end

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: hmac_authentication
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Mike Bland
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-10-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: go_script
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.4'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: about_yml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Signs and validates HTTP requests based on a shared-secret HMAC signature
+email:
+- michael.bland@gsa.gov
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CONTRIBUTING.md
+- LICENSE.md
+- README.md
+- lib/hmac_authentication.rb
+- lib/hmac_authentication/signature.rb
+- lib/hmac_authentication/version.rb
+homepage: https://github.com/18F/hmac_authentication_gem
+licenses:
+- CC0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Signs and validates HTTP requests using HMAC signatures
+test_files: []