linzer 0.5.0 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/README.md +12 -2
- data/lib/linzer/ecdsa.rb +21 -21
- data/lib/linzer/message.rb +31 -6
- data/lib/linzer/version.rb +1 -1
- data/lib/linzer.rb +1 -0
- data/linzer.gemspec +2 -0
- metadata +30 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0befd6a2ae7ba008f6b2a343a24845be1941b6645615d8a029e698c083cd4481
|
|
4
|
+
data.tar.gz: ebd92e2c6b0991067753079c8b1bac87a6dfe644caa6380dedc63f88e74877e4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c7c5b9d9568402b2b4894ef8180c321281b420a156e7386abf12f069780a6ba7e2bc79d58bd0b7c97372058f974a25a1a138e9306434c28025e39f3267562b81
|
|
7
|
+
data.tar.gz: 7b997d06b2764171d5375baf1b889f4d98231961b86f89bea321155766932ffcd6913462df080f7edf09731d6d78332b474cda381ea4d0d8bdafba3dee76e6b3
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
+
## [0.5.2] - 2024-04-02
|
|
4
|
+
|
|
5
|
+
- Make all unit tests pass on Ruby 3.0:
|
|
6
|
+
* Set minimum required version on openssl and uri gems.
|
|
7
|
+
- Small refactor on ECDSA module.
|
|
8
|
+
|
|
9
|
+
## [0.5.1] - 2024-04-01
|
|
10
|
+
|
|
11
|
+
- Add support for additional derived components:
|
|
12
|
+
@target-uri, @scheme, @request-target, @query and @query-param.
|
|
13
|
+
|
|
3
14
|
## [0.5.0] - 2024-03-30
|
|
4
15
|
|
|
5
16
|
- Build Linzer::Message instances from Rack request and response objects
|
data/README.md
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
|
-
# Linzer
|
|
1
|
+
# Linzer [![Latest Version][gem-badge]][gem-link] [![License: MIT][license-image]][license-link] [![CI Status][ci-image]][ci-link]
|
|
2
|
+
|
|
3
|
+
[gem-badge]: https://badge.fury.io/rb/linzer.svg
|
|
4
|
+
[gem-link]: https://rubygems.org/gems/linzer
|
|
5
|
+
[license-image]: https://img.shields.io/badge/license-MIT-blue.svg
|
|
6
|
+
[license-link]: https://github.com/nomadium/linzer/blob/master/LICENSE.txt
|
|
7
|
+
[ci-image]: https://github.com/nomadium/linzer/actions/workflows/main.yml/badge.svg?branch=master
|
|
8
|
+
[ci-link]: https://github.com/nomadium/linzer/actions/workflows/main.yml
|
|
2
9
|
|
|
3
10
|
Linzer is a Ruby library for [HTTP Message Signatures (RFC 9421)](https://www.rfc-editor.org/rfc/rfc9421.html).
|
|
4
11
|
|
|
@@ -93,7 +100,10 @@ response = http.post("/some_uri", "data", headers.merge(signature.to_h))
|
|
|
93
100
|
test_ed25519_key_pub = Base64.strict_encode64(key.material.verify_key.to_bytes)
|
|
94
101
|
# => "EUra7KsJ8B/lSZJVhDaopMycmZ6T7KtJqKVNJTHKIw0="
|
|
95
102
|
|
|
96
|
-
|
|
103
|
+
raw_pubkey = Base64.strict_decode64(test_ed25519_key_pub)
|
|
104
|
+
# => "\xB1rM\xFFR\x1F\xDDw\x00\x89\..."
|
|
105
|
+
|
|
106
|
+
pubkey = Linzer.new_ed25519_public_key(raw_pubkey, "some-key-ed25519")
|
|
97
107
|
# => #<Linzer::Ed25519::Key:0x00000fe19b9384b0
|
|
98
108
|
|
|
99
109
|
# if you have to, there is a helper method to build a request object on the server side
|
data/lib/linzer/ecdsa.rb
CHANGED
|
@@ -18,23 +18,25 @@ module Linzer
|
|
|
18
18
|
|
|
19
19
|
private
|
|
20
20
|
|
|
21
|
+
DIGEST_PARAMS = {
|
|
22
|
+
"SHA256" => {hex_format: "%.64x", hex_length: 64},
|
|
23
|
+
"SHA384" => {hex_format: "%.96x", hex_length: 96}
|
|
24
|
+
}
|
|
25
|
+
private_constant :DIGEST_PARAMS
|
|
26
|
+
|
|
21
27
|
def der_signature(sig)
|
|
22
28
|
digest = @params[:digest]
|
|
23
29
|
msg = "Cannot verify invalid signature."
|
|
30
|
+
raise Linzer::Error.new(msg) unless DIGEST_PARAMS.key?(digest)
|
|
31
|
+
digest_params = DIGEST_PARAMS[digest]
|
|
32
|
+
|
|
33
|
+
l = digest_params[:hex_length]
|
|
34
|
+
raise Linzer::Error.new(msg) if sig.length != l
|
|
35
|
+
h = l / 2
|
|
36
|
+
fmt = "H#{l}"
|
|
24
37
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
raise Linzer::Error.new(msg) if sig.length != 64
|
|
28
|
-
r_bn = OpenSSL::BN.new(sig[0..31].unpack1("H64").to_i(16))
|
|
29
|
-
s_bn = OpenSSL::BN.new(sig[32..63].unpack1("H64").to_i(16))
|
|
30
|
-
when "SHA384"
|
|
31
|
-
raise Linzer::Error.new(msg) if sig.length != 96
|
|
32
|
-
r_bn = OpenSSL::BN.new(sig[0..47].unpack1("H96").to_i(16))
|
|
33
|
-
s_bn = OpenSSL::BN.new(sig[48..95].unpack1("H96").to_i(16))
|
|
34
|
-
else
|
|
35
|
-
msg = "Cannot verify signature, unsupported digest algorithm: '%s'" % digest
|
|
36
|
-
raise Linzer::Error.new(msg)
|
|
37
|
-
end
|
|
38
|
+
r_bn = OpenSSL::BN.new(sig[0..(h - 1)].unpack1(fmt).to_i(16))
|
|
39
|
+
s_bn = OpenSSL::BN.new(sig[h..(l - 1)].unpack1(fmt).to_i(16))
|
|
38
40
|
|
|
39
41
|
r = OpenSSL::ASN1::Integer(r_bn)
|
|
40
42
|
s = OpenSSL::ASN1::Integer(s_bn)
|
|
@@ -46,17 +48,15 @@ module Linzer
|
|
|
46
48
|
def decode_der_signature(der_sig)
|
|
47
49
|
digest = @params[:digest]
|
|
48
50
|
msg = "Unsupported digest algorithm: '%s'" % digest
|
|
51
|
+
raise Linzer::Error.new(msg) unless DIGEST_PARAMS.key?(digest)
|
|
52
|
+
digest_params = DIGEST_PARAMS[digest]
|
|
53
|
+
fmt = "H#{digest_params[:hex_length]}"
|
|
54
|
+
|
|
49
55
|
OpenSSL::ASN1
|
|
50
56
|
.decode(der_sig)
|
|
51
57
|
.value
|
|
52
|
-
.map
|
|
53
|
-
|
|
54
|
-
when "SHA256" then "%.64x" % n.value
|
|
55
|
-
when "SHA384" then "%.96x" % n.value
|
|
56
|
-
else raise Linzer::Error.new(msg)
|
|
57
|
-
end
|
|
58
|
-
end
|
|
59
|
-
.map { |s| [s].pack("H#{s.length}") }
|
|
58
|
+
.map { |bn| digest_params[:hex_format] % bn.value }
|
|
59
|
+
.map { |hex| [hex].pack(fmt) }
|
|
60
60
|
.reduce(:<<)
|
|
61
61
|
.encode(Encoding::ASCII_8BIT)
|
|
62
62
|
end
|
data/lib/linzer/message.rb
CHANGED
|
@@ -25,20 +25,33 @@ module Linzer
|
|
|
25
25
|
!!self[f]
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
+
DERIVED_COMPONENT = {
|
|
29
|
+
"@method" => :request_method,
|
|
30
|
+
"@authority" => :authority,
|
|
31
|
+
"@path" => :path_info,
|
|
32
|
+
"@status" => :status,
|
|
33
|
+
"@target-uri" => :url,
|
|
34
|
+
"@scheme" => :scheme,
|
|
35
|
+
"@request-target" => :fullpath,
|
|
36
|
+
"@query" => :query_string
|
|
37
|
+
}.freeze
|
|
38
|
+
|
|
28
39
|
def [](field_name)
|
|
29
40
|
if !field_name.start_with?("@")
|
|
30
41
|
return @operation.env[Request.rack_header_name(field_name)] if request?
|
|
31
42
|
return @operation.headers[field_name] # if response?
|
|
32
43
|
end
|
|
33
44
|
|
|
45
|
+
method = DERIVED_COMPONENT[field_name]
|
|
46
|
+
|
|
34
47
|
case field_name
|
|
35
|
-
when "@
|
|
36
|
-
|
|
37
|
-
when
|
|
38
|
-
|
|
39
|
-
else # XXX: improve this and add support for all fields in the RFC
|
|
40
|
-
raise Error.new "Unknown/unsupported field: \"#{field_name}\""
|
|
48
|
+
when "@query"
|
|
49
|
+
return "?#{@operation.public_send(method)}"
|
|
50
|
+
when /\A(?<field>(?<prefix>@query-param)(?<rest>;name=.+)\Z)/
|
|
51
|
+
return parse_query_param Regexp.last_match
|
|
41
52
|
end
|
|
53
|
+
|
|
54
|
+
method ? @operation.public_send(method) : nil
|
|
42
55
|
end
|
|
43
56
|
|
|
44
57
|
class << self
|
|
@@ -48,5 +61,17 @@ module Linzer
|
|
|
48
61
|
raise Error.new "Cannot parse \"#{field_name}\" field. Bailing out!"
|
|
49
62
|
end
|
|
50
63
|
end
|
|
64
|
+
|
|
65
|
+
private
|
|
66
|
+
|
|
67
|
+
def parse_query_param(match_data)
|
|
68
|
+
raw_item = '"%s"%s' % [match_data[:prefix], match_data[:rest]]
|
|
69
|
+
parsed_item = Starry.parse_item(raw_item)
|
|
70
|
+
fail unless parsed_item.value == "@query-param"
|
|
71
|
+
param_name = URI.decode_uri_component(parsed_item.parameters["name"])
|
|
72
|
+
URI.encode_uri_component(@operation.params.fetch(param_name))
|
|
73
|
+
rescue => _
|
|
74
|
+
nil
|
|
75
|
+
end
|
|
51
76
|
end
|
|
52
77
|
end
|
data/lib/linzer/version.rb
CHANGED
data/lib/linzer.rb
CHANGED
data/linzer.gemspec
CHANGED
|
@@ -29,7 +29,9 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
|
30
30
|
spec.require_paths = ["lib"]
|
|
31
31
|
|
|
32
|
+
spec.add_runtime_dependency "openssl", ">= 3.0.0"
|
|
32
33
|
spec.add_runtime_dependency "ed25519", "~> 1.3", ">= 1.3.0"
|
|
33
34
|
spec.add_runtime_dependency "starry", "~> 0.1"
|
|
34
35
|
spec.add_runtime_dependency "rack", "~> 3.0"
|
|
36
|
+
spec.add_runtime_dependency "uri", ">= 0.12.0"
|
|
35
37
|
end
|
metadata
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: linzer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Miguel Landaeta
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-04-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: openssl
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 3.0.0
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 3.0.0
|
|
13
27
|
- !ruby/object:Gem::Dependency
|
|
14
28
|
name: ed25519
|
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -58,6 +72,20 @@ dependencies:
|
|
|
58
72
|
- - "~>"
|
|
59
73
|
- !ruby/object:Gem::Version
|
|
60
74
|
version: '3.0'
|
|
75
|
+
- !ruby/object:Gem::Dependency
|
|
76
|
+
name: uri
|
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - ">="
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: 0.12.0
|
|
82
|
+
type: :runtime
|
|
83
|
+
prerelease: false
|
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
85
|
+
requirements:
|
|
86
|
+
- - ">="
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
version: 0.12.0
|
|
61
89
|
description:
|
|
62
90
|
email:
|
|
63
91
|
- miguel@miguel.cc
|