linzer 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a250923256b7bc421d1d0af152f360709b54a349c3ff9b50d15463e38f3e72e5
-  data.tar.gz: 2b3875de00e05baf2314495f9b889b028f71d334c237f3c183e602ac64a25668
+  metadata.gz: 94cad96e720cc1235948c2a2ef20b1056f444b4a456364c8551cfda414c539fb
+  data.tar.gz: fbd2f500e2c64e010fa380ac525e2afeef1a1fc7de055655263138a1a6afab27
 SHA512:
-  metadata.gz: c56717b6aa31d7f3ba2186e1865e7e1aa927f401df8931514f53de7969eb7a675d402a6519491d5446548cbabe57682d34fe6ace836278a36acf525b511a74c4
-  data.tar.gz: a5e3313e341c479b38f6975a06b430a509211acfc5e7d9d7fe71a802ca16d82ee548b8d19270dfd6c0a4e8c480ea81ae39a6353bd7745f795274c7d529639048
+  metadata.gz: f187e852f367e8d6428eb8cb61919693c67f0650a6b723e20211b1eabc47d0834c0b1facaaf89790e0d2e7335fe65752c09b0b136734e9d3214578b54fac794c
+  data.tar.gz: a5fa3a4eb24c9362918197d0828347095a354ed2151f3f08e6582d42854a0fd19460163b16523148823f82ada8a1aa95a4d467553490b909b39cba52a0ae9166

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 ## [Unreleased]
 
+## [0.4.0] - 2024-03-16
+
+- Add support for capitalized HTTP header names.
+
+## [0.3.2] - 2024-03-16
+
+- Force signature component name strings to be encoded as ASCII.
+  Otherwise in some scenarios, this could to signature verification errors
+  for valid signatures.
+
 ## [0.3.1] - 2024-03-02
 
 - Fix incorrect signing and verifying for ECDSA P-256 and P-384 curves.

data/lib/linzer/message.rb

@@ -3,8 +3,10 @@
 module Linzer
   class Message
     def initialize(request_data)
-      @headers = Hash(request_data[:headers].clone).freeze
       @http    = Hash(request_data[:http].clone).freeze
+      @headers = Hash(request_data.fetch(:headers, {})
+                        .transform_keys(&:downcase)
+                        .clone).freeze
       freeze
     end
 

data/lib/linzer/signature.rb

@@ -27,6 +27,8 @@ module Linzer
       private :new
 
       def build(headers, options = {})
+        basic_validate headers
+        headers.transform_keys!(&:downcase)
         validate headers
 
         input = parse_field(headers, "signature-input")
@@ -42,7 +44,8 @@ module Linzer
 
         fail_due_invalid_components unless input[label].value.respond_to?(:each)
 
-        components = input[label].value.map(&:value)
+        ascii = Encoding::US_ASCII
+        components = input[label].value.map { |c| c.value.encode(ascii) }
         parameters = input[label].parameters
 
         new(components, raw_signature, label, parameters)
@@ -50,9 +53,12 @@ module Linzer
 
       private
 
-      def validate(headers)
+      def basic_validate(headers)
         raise Error.new "Cannot build signature: Request headers cannot be null"      if headers.nil?
         raise Error.new "Cannot build signature: No request headers found"            if headers.empty?
+      end
+
+      def validate(headers)
         raise Error.new "Cannot build signature: No \"signature-input\" header found" unless headers.key?("signature-input")
         raise Error.new "Cannot build signature: No \"signature\" header found"       unless headers.key?("signature")
       end

data/lib/linzer/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Linzer
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: linzer
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Miguel Landaeta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-03-02 00:00:00.000000000 Z
+date: 2024-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ed25519
@@ -94,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
+rubygems_version: 3.4.3
 signing_key:
 specification_version: 4
 summary: An implementation of HTTP Messages Signatures (RFC9421)