hmac_authentication 0.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 6b70792ff95d35d009ad4508ad0a2f023ecad063
4
+ data.tar.gz: 72a5c827090f6b34193e06f27b8e220fa0df3c8b
5
+ SHA512:
6
+ metadata.gz: e979ffd7608fb388dff2512da040c43a3811cd28b948fa6bf9ce622e5740a18cea5b6ff490473553c6dc6356cb1f4db16cad8dfa6ac6beb8c30b570e75a57c1e
7
+ data.tar.gz: f93f9077f46ba1e8e22d89c6cbe286fd7a8d3eee40862565636189ec1cb084b454ea19853e8f10aba33d1c86d286530a962fd55545db2411d0ca3afb5d73c342
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,15 @@
1
+ ## Welcome!
2
+
3
+ We're so glad you're thinking about contributing to an 18F open source project! If you're unsure or afraid of anything, just ask or submit the issue or pull request anyways. The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contribution, and don't want a wall of rules to get in the way of that.
4
+
5
+ Before contributing, we encourage you to read our CONTRIBUTING policy (you are here), our LICENSE, and our README, all of which should be in this repository. If you have any questions, or want to read more about our underlying policies, you can consult the 18F Open Source Policy GitHub repository at https://github.com/18f/open-source-policy, or just shoot us an email/official government letterhead note to [18f@gsa.gov](mailto:18f@gsa.gov).
6
+
7
+ ## Public domain
8
+
9
+ This project is in the public domain within the United States, and
10
+ copyright and related rights in the work worldwide are waived through
11
+ the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
12
+
13
+ All contributions to this project will be released under the CC0
14
+ dedication. By submitting a pull request, you are agreeing to comply
15
+ with this waiver of copyright interest.
data/LICENSE.md ADDED
@@ -0,0 +1,31 @@
1
+ As a work of the United States Government, this project is in the
2
+ public domain within the United States.
3
+
4
+ Additionally, we waive copyright and related rights in the work
5
+ worldwide through the CC0 1.0 Universal public domain dedication.
6
+
7
+ ## CC0 1.0 Universal Summary
8
+
9
+ This is a human-readable summary of the [Legal Code (read the full text)](https://creativecommons.org/publicdomain/zero/1.0/legalcode).
10
+
11
+ ### No Copyright
12
+
13
+ The person who associated a work with this deed has dedicated the work to
14
+ the public domain by waiving all of his or her rights to the work worldwide
15
+ under copyright law, including all related and neighboring rights, to the
16
+ extent allowed by law.
17
+
18
+ You can copy, modify, distribute and perform the work, even for commercial
19
+ purposes, all without asking permission.
20
+
21
+ ### Other Information
22
+
23
+ In no way are the patent or trademark rights of any person affected by CC0,
24
+ nor are the rights that other persons may have in the work or in how the
25
+ work is used, such as publicity or privacy rights.
26
+
27
+ Unless expressly stated otherwise, the person who associated a work with
28
+ this deed makes no warranties about the work, and disclaims liability for
29
+ all uses of the work, to the fullest extent permitted by applicable law.
30
+ When using or citing the work, you should not imply endorsement by the
31
+ author or the affirmer.
data/README.md ADDED
@@ -0,0 +1,49 @@
1
+ # hmac_authentication RubyGem
2
+
3
+ Signs and validates HTTP requests based on a shared-secret HMAC signature.
4
+
5
+ ## Installation
6
+
7
+ If you're using [Bundler](http://bundler.io) in your project, add the
8
+ following to your `Gemfile`:
9
+
10
+ ```ruby
11
+ gem 'hmac_authentication'
12
+ ```
13
+
14
+ If you're not using Bundler, start.
15
+
16
+ ## Validating incoming requests
17
+
18
+ Inject something resembling the following code fragment into your request
19
+ handling logic as the first thing that happens before the request body is
20
+ parsed, where `headers` is a list of headers factored into the signature and
21
+ `secret_key` is the shared secret between your application and the service
22
+ making the request:
23
+
24
+ ```ruby
25
+ require 'hmac_authentication'
26
+
27
+ def my_handler(request, headers)
28
+ result, header_signature, computed_signature = (
29
+ HmacAuthentication.validate_request(request, headers, secret_key))
30
+ if result != HmacAuthentication::MATCH
31
+ # Cancel the request, optionally logging the values above.
32
+ end
33
+ end
34
+ ```
35
+
36
+ ## Signing outgoing requests
37
+
38
+ Call `request_signature(request, headers, secretKey)` to sign a request before
39
+ sending.
40
+
41
+ ## Public domain
42
+
43
+ This project is in the worldwide [public domain](LICENSE.md). As stated in [CONTRIBUTING](CONTRIBUTING.md):
44
+
45
+ > This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/).
46
+ >
47
+ > All contributions to this project will be released under the CC0
48
+ >dedication. By submitting a pull request, you are agreeing to comply
49
+ >with this waiver of copyright interest.
@@ -0,0 +1,2 @@
1
+ require_relative 'hmac_authentication/signature'
2
+ require_relative 'hmac_authentication/version'
@@ -0,0 +1,43 @@
1
+ require 'base64'
2
+ require 'openssl'
3
+
4
+ module HmacAuthentication
5
+ NO_SIGNATURE = 1
6
+ INVALID_FORMAT = 2
7
+ UNSUPPORTED_ALGORITHM = 3
8
+ MATCH = 4
9
+ MISMATCH = 5
10
+
11
+ def self.signed_headers(request, headers)
12
+ headers.map { |name| request[name] || '' }
13
+ end
14
+
15
+ def self.string_to_sign(req, headers)
16
+ # TODO(mbland): Test for paths of the form 'http://foo.com/bar?baz'
17
+ [req.method, signed_headers(req, headers).join("\n"), req.uri.path]
18
+ .join("\n")
19
+ end
20
+
21
+ def self.request_signature(request, digest, headers, secret_key)
22
+ hmac = OpenSSL::HMAC.new secret_key, digest
23
+ hmac << string_to_sign(request, headers) << (request.body || '')
24
+ digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest)
25
+ end
26
+
27
+ def self.parse_digest(name)
28
+ OpenSSL::Digest.new name
29
+ rescue
30
+ nil
31
+ end
32
+
33
+ def self.validate_request(request, headers, secret_key)
34
+ header = request['Gap-Signature']
35
+ return NO_SIGNATURE unless header
36
+ components = header.split ' '
37
+ return INVALID_FORMAT, header unless components.size == 2
38
+ digest = parse_digest components.first
39
+ return UNSUPPORTED_ALGORITHM, header unless digest
40
+ computed = request_signature(request, digest, headers, secret_key)
41
+ [(header == computed) ? MATCH : MISMATCH, header, computed]
42
+ end
43
+ end
@@ -0,0 +1,3 @@
1
+ module HmacAuthentication
2
+ VERSION = '0.0.0'
3
+ end
metadata ADDED
@@ -0,0 +1,162 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hmac_authentication
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Mike Bland
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-10-02 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.10'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.10'
27
+ - !ruby/object:Gem::Dependency
28
+ name: go_script
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.1'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.1'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '10.4'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '10.4'
55
+ - !ruby/object:Gem::Dependency
56
+ name: minitest
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: codeclimate-test-reporter
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: coveralls
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rubocop
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: about_yml
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
125
+ description: Signs and validates HTTP requests based on a shared-secret HMAC signature
126
+ email:
127
+ - michael.bland@gsa.gov
128
+ executables: []
129
+ extensions: []
130
+ extra_rdoc_files: []
131
+ files:
132
+ - CONTRIBUTING.md
133
+ - LICENSE.md
134
+ - README.md
135
+ - lib/hmac_authentication.rb
136
+ - lib/hmac_authentication/signature.rb
137
+ - lib/hmac_authentication/version.rb
138
+ homepage: https://github.com/18F/hmac_authentication_gem
139
+ licenses:
140
+ - CC0
141
+ metadata: {}
142
+ post_install_message:
143
+ rdoc_options: []
144
+ require_paths:
145
+ - lib
146
+ required_ruby_version: !ruby/object:Gem::Requirement
147
+ requirements:
148
+ - - ">="
149
+ - !ruby/object:Gem::Version
150
+ version: '0'
151
+ required_rubygems_version: !ruby/object:Gem::Requirement
152
+ requirements:
153
+ - - ">="
154
+ - !ruby/object:Gem::Version
155
+ version: '0'
156
+ requirements: []
157
+ rubyforge_project:
158
+ rubygems_version: 2.4.5.1
159
+ signing_key:
160
+ specification_version: 4
161
+ summary: Signs and validates HTTP requests using HMAC signatures
162
+ test_files: []