linzer 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/linzer/message.rb +3 -1
- data/lib/linzer/signature.rb +8 -2
- data/lib/linzer/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 94cad96e720cc1235948c2a2ef20b1056f444b4a456364c8551cfda414c539fb
|
4
|
+
data.tar.gz: fbd2f500e2c64e010fa380ac525e2afeef1a1fc7de055655263138a1a6afab27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f187e852f367e8d6428eb8cb61919693c67f0650a6b723e20211b1eabc47d0834c0b1facaaf89790e0d2e7335fe65752c09b0b136734e9d3214578b54fac794c
|
7
|
+
data.tar.gz: a5fa3a4eb24c9362918197d0828347095a354ed2151f3f08e6582d42854a0fd19460163b16523148823f82ada8a1aa95a4d467553490b909b39cba52a0ae9166
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,15 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
+
## [0.4.0] - 2024-03-16
|
4
|
+
|
5
|
+
- Add support for capitalized HTTP header names.
|
6
|
+
|
7
|
+
## [0.3.2] - 2024-03-16
|
8
|
+
|
9
|
+
- Force signature component name strings to be encoded as ASCII.
|
10
|
+
Otherwise in some scenarios, this could to signature verification errors
|
11
|
+
for valid signatures.
|
12
|
+
|
3
13
|
## [0.3.1] - 2024-03-02
|
4
14
|
|
5
15
|
- Fix incorrect signing and verifying for ECDSA P-256 and P-384 curves.
|
data/lib/linzer/message.rb
CHANGED
@@ -3,8 +3,10 @@
|
|
3
3
|
module Linzer
|
4
4
|
class Message
|
5
5
|
def initialize(request_data)
|
6
|
-
@headers = Hash(request_data[:headers].clone).freeze
|
7
6
|
@http = Hash(request_data[:http].clone).freeze
|
7
|
+
@headers = Hash(request_data.fetch(:headers, {})
|
8
|
+
.transform_keys(&:downcase)
|
9
|
+
.clone).freeze
|
8
10
|
freeze
|
9
11
|
end
|
10
12
|
|
data/lib/linzer/signature.rb
CHANGED
@@ -27,6 +27,8 @@ module Linzer
|
|
27
27
|
private :new
|
28
28
|
|
29
29
|
def build(headers, options = {})
|
30
|
+
basic_validate headers
|
31
|
+
headers.transform_keys!(&:downcase)
|
30
32
|
validate headers
|
31
33
|
|
32
34
|
input = parse_field(headers, "signature-input")
|
@@ -42,7 +44,8 @@ module Linzer
|
|
42
44
|
|
43
45
|
fail_due_invalid_components unless input[label].value.respond_to?(:each)
|
44
46
|
|
45
|
-
|
47
|
+
ascii = Encoding::US_ASCII
|
48
|
+
components = input[label].value.map { |c| c.value.encode(ascii) }
|
46
49
|
parameters = input[label].parameters
|
47
50
|
|
48
51
|
new(components, raw_signature, label, parameters)
|
@@ -50,9 +53,12 @@ module Linzer
|
|
50
53
|
|
51
54
|
private
|
52
55
|
|
53
|
-
def
|
56
|
+
def basic_validate(headers)
|
54
57
|
raise Error.new "Cannot build signature: Request headers cannot be null" if headers.nil?
|
55
58
|
raise Error.new "Cannot build signature: No request headers found" if headers.empty?
|
59
|
+
end
|
60
|
+
|
61
|
+
def validate(headers)
|
56
62
|
raise Error.new "Cannot build signature: No \"signature-input\" header found" unless headers.key?("signature-input")
|
57
63
|
raise Error.new "Cannot build signature: No \"signature\" header found" unless headers.key?("signature")
|
58
64
|
end
|
data/lib/linzer/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: linzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Miguel Landaeta
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ed25519
|
@@ -94,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
94
94
|
- !ruby/object:Gem::Version
|
95
95
|
version: '0'
|
96
96
|
requirements: []
|
97
|
-
rubygems_version: 3.4.
|
97
|
+
rubygems_version: 3.4.3
|
98
98
|
signing_key:
|
99
99
|
specification_version: 4
|
100
100
|
summary: An implementation of HTTP Messages Signatures (RFC9421)
|