http_signature 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d4b1e73dff1838a018f5e0d5bef1c6a6a14c2b8ef552dbbfd0481ac85cb03b7
-  data.tar.gz: 1a087ded86d8f84213984d9bd56fb55462f65feb9abc876514249f12fc5166ef
+  metadata.gz: a052e0252607d934ef7221c6aa3ea32fb21644af4f1af77985677db0cb2e2bb3
+  data.tar.gz: 843effaf6aac8b647b29d2d19f5414513be7efb76a0a1eb837b9cc2872fe3727
 SHA512:
-  metadata.gz: 7796499163d70782ea0fd809316c39a4d2a933cf01cc88f6daaa88d673607e9a138643d666fc5080063ea0bdb1068d32c48642fb487c59d6edcb7626fba7ad8e
-  data.tar.gz: 1603d71ad33fc087e456949de3e1534f3cf08c894a3fe10a3f456f6751409ddbbda247a53511d201866cf10f629e2c676fbe2eaa7cb0e0535dae81a2cad6e2a2
+  metadata.gz: 5aedcedf0056a4f98414a599a51ec89484500c3447f124c4f070b11d7567ec2c8b5f682aa17e8f1e6c1dcf09f0c1e796530ada79bca633e228e3cfe98154f575
+  data.tar.gz: 61e44809bd68c3d072b94faee4f1ba7915aa49e2acfde2131b55c2442982a14cd199e288eff6cf34533440bebfb3b788997a395f618830da4a4c7d96407e7e01

data/.github/workflows/push_gem.yml

@@ -0,0 +1,25 @@
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  push:
+    name: Push gem to RubyGems.org
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+      contents: write # IMPORTANT: this permission is required for `rake release` to push the release tag
+
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: '3.4'
+
+      - uses: rubygems/release-gem@v1

data/AGENTS.md

@@ -0,0 +1,4 @@
+## Tests
+- Run all tests: `bundle exec rake test`
+- Run single test file: `bundle exec rake test TEST=test/http_signature_test.rb`
+- Run single test: `bundle exec rake test TEST=test/http_signature_test.rb TESTOPTS="--name=/test_rsa_pss_sha512/"`

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    http_signature (1.0.0)
+    http_signature (1.0.1)
       base64
 
 GEM

data/README.md

@@ -2,18 +2,19 @@
 
 Create and validate HTTP Message Signatures per [RFC 9421](https://www.rfc-editor.org/rfc/rfc9421) using the `Signature-Input` and `Signature` headers.
 
-Aims to only implement the creation and validation of signatures without any external dependencies. Adapters are provided for common HTTP libraries.
+TL;DR: You specify what should be signed in `Signature-Input` with [components](https://www.rfc-editor.org/rfc/rfc9421#name-derived-components) and lowercase headers. And then the signature is in the `Signature` header
+
+Example:
 
-__NOTE__: RFC 9421 signs components via two headers:
 ```
-Signature-Input: sig1=("@method" "@authority" "@target-uri" "date");created=...
-Signature: sig1=:BASE64_SIGNATURE_BYTES:
+Signature-Input: sig1=("@method" "@target-uri" "date");created=1767816111;keyid="Test";alg="hmac-sha256"
+Signature: sig1=:7a1ajkE2rOu+gnW3WLZ4ZEcgCm3TfExmypM/giIgdM0=:
 ```
 
 ## Installation
 
 ```shell
-gem install http_signature
+bundle add http_signature
 ```
 
 ## Usage

data/lib/http_signature/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTPSignature
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

data/lib/http_signature.rb

@@ -11,7 +11,8 @@ module HTTPSignature
   Config = Struct.new(:keys)
   DEFAULT_LABEL = "sig1"
   DEFAULT_ALGORITHM = "hmac-sha256"
-  DEFAULT_COMPONENTS = %w[@method @authority @target-uri].freeze
+  DEFAULT_COMPONENTS = %w[@method @target-uri].freeze
+  DEFAULT_HEADERS = %w[content-digest content-type].freeze
 
   class SignatureError < StandardError; end
   class MissingComponent < SignatureError; end
@@ -65,10 +66,15 @@ module HTTPSignature
     normalized_headers = normalize_headers(headers)
     uri = apply_query_params(URI(url), query_string_params)
 
-    normalized_headers = ensure_content_digest(normalized_headers, body)
-
     components =
-      covered_components || default_components(normalized_headers)
+      covered_components || default_components(normalized_headers, body:)
+
+    normalized_headers =
+      if components.include?("content-digest")
+        ensure_content_digest(normalized_headers, body)
+      else
+        normalized_headers
+      end
 
     canonical_components = build_components(
       uri: uri,
@@ -124,7 +130,9 @@ module HTTPSignature
     raise SignatureError, "Key is required for verification" unless resolved_key
 
     uri = apply_query_params(URI(url), query_string_params)
-    normalized_headers = ensure_content_digest(normalized_headers, body)
+    if parsed_input[:components].include?("content-digest")
+      normalized_headers = ensure_content_digest(normalized_headers, body)
+    end
 
     canonical_components = build_components(
       uri: uri,
@@ -162,10 +170,19 @@ module HTTPSignature
     new_uri
   end
 
-  def self.default_components(headers)
+  def self.default_components(headers, body: nil)
     components = DEFAULT_COMPONENTS.dup
-    components << "date" if headers["date"]
-    components << "content-digest" if headers["content-digest"]
+    DEFAULT_HEADERS.each do |header|
+      include_header =
+        if header == "content-digest"
+          !body.to_s.empty? || headers[header]
+        else
+          headers[header]
+        end
+
+      components << header if include_header
+    end
+
     components
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http_signature
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Joel Larsson
@@ -143,9 +143,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/ci.yml"
+- ".github/workflows/push_gem.yml"
 - ".github/workflows/standardrb.yml"
 - ".gitignore"
 - ".ruby-version"
+- AGENTS.md
 - Gemfile
 - Gemfile.lock
 - README.md