linzer 0.6.1 → 0.6.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d2ec6a2a846f2bb066bdd658c2e50a869ceff52f65f3e5f8670cc5509af6069c
-  data.tar.gz: 5401df5ea61c39290b61a21cf19c4eaddc537abe908067a47688c1f209c982e3
+  metadata.gz: f2a241d8621efa2c0ed148bfcf9f4973296f1dd342d1ddddea7840a55f6f6385
+  data.tar.gz: 74b4b845ec51e87b1a616be0d2757a6e123ffb9d1ec2b5c4234edc7644522662
 SHA512:
-  metadata.gz: 53c504c5c0f886d3e73332d7d8bf7072137519a218ca6a005824f8ad073fb589dd91f2e7980aa02b232c17dd80a87923141e57b094087fb4f412dddbf5588a9f
-  data.tar.gz: 0a99fc9611e6b26ae820fecfe09e10a6c610be20bdf8f9c3fd7c6fab031f82f6f7fa109359470a2a65b7d7cd9817c21259e59fe6f99e50a1c6326d965b0df944
+  metadata.gz: '067900eddd392626dcc1a0bdec5f8c7b0b00fd67dbe938376231f4c9c1262245e6ed2dcb1b4ea8af37a10c50cd47747b553b315869104342c5b94e2b45810132'
+  data.tar.gz: 7f1293c1feff0c225bda479422d77dc3ac1489c6c8d2233cfdd6ef3bc7a689345f091987ce9f3600a34f74ffd9688eeebdbd048a5e54ec992df1fbc1a1e65355

data/CHANGELOG.md

@@ -1,12 +1,28 @@
 ## [Unreleased]
 
+## [0.6.3] - 2025-03-29
+
+- Parse signature structured fields values as ASCII string.
+
+## [0.6.2] - 2024-12-10
+
+- Remove dependency on ed25519 gem. Pull request
+  [#5](https://github.com/nomadium/linzer/pull/5) by
+  [oneiros](https://github.com/oneiros).
+
+- Run unit tests against Ruby 3.4.
+
 ## [0.6.1] - 2024-12-02
 
 - Add more validation checks on HTTP field component identifiers and parameters.
 
-- Relax rack version requirements.
+- Relax rack version requirements. Pull request
+  [#4](https://github.com/nomadium/linzer/pull/4) by
+  [oneiros](https://github.com/oneiros).
 
-- Update uri dependency to the latest version.
+- Update uri dependency to the latest version. Pull request
+  [#3](https://github.com/nomadium/linzer/pull/3) by
+  [oneiros](https://github.com/oneiros).
 
 ## [0.6.0] - 2024-04-06
 

data/README.md

@@ -97,13 +97,10 @@ response = http.post("/some_uri", "data", headers.merge(signature.to_h))
 ### To verify a valid signature:
 
 ```ruby
-test_ed25519_key_pub = Base64.strict_encode64(key.material.verify_key.to_bytes)
-# => "EUra7KsJ8B/lSZJVhDaopMycmZ6T7KtJqKVNJTHKIw0="
+test_ed25519_key_pub = key.material.public_to_pem
+# => "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAK1ZrC4JqC356pRsUiLVJdFZ3dAjo909VfWs1li33MCQ=\n-----END PUBLIC KEY-----\n"
 
-raw_pubkey = Base64.strict_decode64(test_ed25519_key_pub)
-# => "\xB1rM\xFFR\x1F\xDDw\x00\x89\..."
-
-pubkey = Linzer.new_ed25519_public_key(raw_pubkey, "some-key-ed25519")
+pubkey = Linzer.new_ed25519_public_key(test_ed25519_key_pub, "some-key-ed25519")
 # => #<Linzer::Ed25519::Key:0x00000fe19b9384b0
 
 # if you have to, there is a helper method to build a request object on the server side

data/lib/linzer/ed25519.rb

@@ -1,19 +1,14 @@
 # frozen_string_literal: true
 
-require "ed25519"
-
 module Linzer
   module Ed25519
     class Key < Linzer::Key
       def sign(data)
-        material.sign(data)
+        material.sign(nil, data)
       end
 
       def verify(signature, data)
-        verify_key = material.is_a?(::Ed25519::SigningKey) ? material.verify_key : material
-        verify_key.verify(signature, data)
-      rescue ::Ed25519::VerifyError
-        false
+        material.verify(nil, signature, data)
       end
     end
   end

data/lib/linzer/key/helper.rb

@@ -33,18 +33,17 @@ module Linzer
       end
 
       def generate_ed25519_key(key_id = nil)
-        material = ::Ed25519::SigningKey.generate
+        material = OpenSSL::PKey.generate_key("ed25519")
         Linzer::Ed25519::Key.new(material, id: key_id)
       end
 
       def new_ed25519_key(material, key_id = nil)
-        key = ::Ed25519::SigningKey.new(material)
+        key = OpenSSL::PKey.read(material)
         Linzer::Ed25519::Key.new(key, id: key_id)
       end
 
       def new_ed25519_public_key(material, key_id = nil)
-        key = ::Ed25519::VerifyKey.new(material)
-        Linzer::Ed25519::Key.new(key, id: key_id)
+        new_ed25519_key(material, key_id)
       end
 
       # https://www.rfc-editor.org/rfc/rfc4492.html#appendix-A

data/lib/linzer/signature.rb

@@ -31,11 +31,11 @@ module Linzer
         headers.transform_keys!(&:downcase)
         validate headers
 
-        input = parse_field(headers, "signature-input")
+        input = parse_structured_field(headers, "signature-input")
         reject_multiple_signatures if input.size > 1 && options[:label].nil?
         label = options[:label] || input.keys.first
 
-        signature = parse_field(headers, "signature")
+        signature = parse_structured_field(headers, "signature")
         fail_with_signature_not_found label unless signature.key?(label)
 
         raw_signature =
@@ -44,8 +44,7 @@ module Linzer
 
         fail_due_invalid_components unless input[label].value.respond_to?(:each)
 
-        ascii = Encoding::US_ASCII
-        components = input[label].value.map { |c| c.value.encode(ascii) }
+        components = input[label].value.map(&:value)
         parameters = input[label].parameters
 
         new(components, raw_signature, label, parameters)
@@ -75,8 +74,11 @@ module Linzer
         raise Error.new "Unexpected value for covered components."
       end
 
-      def parse_field(hsh, field_name)
-        Message.parse_structured_dictionary(hsh[field_name], field_name)
+      def parse_structured_field(hsh, field_name)
+        # Serialized Structured Field values for HTTP are ASCII strings.
+        # See: RFC 8941 (https://datatracker.ietf.org/doc/html/rfc8941)
+        value = hsh[field_name].encode(Encoding::US_ASCII)
+        Message.parse_structured_dictionary(value, field_name)
       end
     end
   end

data/lib/linzer/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Linzer
-  VERSION = "0.6.1"
+  VERSION = "0.6.3"
 end

data/lib/linzer.rb

@@ -4,6 +4,7 @@ require "starry"
 require "openssl"
 require "rack"
 require "uri"
+require "stringio"
 
 require_relative "linzer/version"
 require_relative "linzer/common"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: linzer
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.3
 platform: ruby
 authors:
 - Miguel Landaeta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-12-02 00:00:00.000000000 Z
+date: 2025-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: openssl
@@ -30,26 +30,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
-- !ruby/object:Gem::Dependency
-  name: ed25519
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.3'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: starry
   requirement: !ruby/object:Gem::Requirement
@@ -104,6 +84,26 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.0.2
+- !ruby/object:Gem::Dependency
+  name: stringio
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.2
 description:
 email:
 - miguel@miguel.cc