mach 0.0.1

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
+.rbenv-version
+bin
+gems

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format doc

data/.rvmrc

@@ -0,0 +1 @@
+rvm --create ruby-1.9.3-p194@mach

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/README.md

@@ -0,0 +1,4 @@
+mach
+====
+
+HMAC authentication stuff

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/examples/Gemfile

@@ -0,0 +1,11 @@
+source :rubygems
+
+gem 'sinatra'
+gem 'multi_json'
+gem 'mach', :path => '../'
+
+gem 'redis'
+gem 'rack'
+
+gem 'credential_store', :git => 'git@github.com:playup/credential_store.git'
+gem 'rake'

data/examples/Gemfile.lock

@@ -0,0 +1,56 @@
+GIT
+  remote: git@github.com:playup/credential_store.git
+  revision: 715e80adadc12bf5290dde096eaf3159a2d4a779
+  specs:
+    credential_store (0.0.5)
+      em-redis
+      em-synchrony
+      faraday
+      faraday_middleware
+      redis
+
+PATH
+  remote: ../
+  specs:
+    mach (0.0.1)
+      faraday
+      multi_json
+      rack
+      redis
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    em-redis (0.3.0)
+      eventmachine
+    em-synchrony (1.0.2)
+      eventmachine (>= 1.0.0.beta.1)
+    eventmachine (1.0.0.rc.4)
+    faraday (0.8.4)
+      multipart-post (~> 1.1)
+    faraday_middleware (0.8.8)
+      faraday (>= 0.7.4, < 0.9)
+    multi_json (1.3.6)
+    multipart-post (1.1.5)
+    rack (1.4.1)
+    rack-protection (1.2.0)
+      rack
+    rake (0.9.2.2)
+    redis (3.0.1)
+    sinatra (1.3.3)
+      rack (~> 1.3, >= 1.3.6)
+      rack-protection (~> 1.2)
+      tilt (~> 1.3, >= 1.3.3)
+    tilt (1.3.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  credential_store!
+  mach!
+  multi_json
+  rack
+  rake
+  redis
+  sinatra

data/examples/Rakefile

@@ -0,0 +1,26 @@
+require 'rack'
+require 'rack/handler/webrick'
+
+Dir['*.ru'].each do |server_config|
+  server_path = Pathname.new(server_config)
+  server_name = server_path.basename(server_path.extname)
+  namespace server_name.to_s.to_sym  do
+    desc "Start the #{server_name}"
+    task :start do
+      Rack::Server.start(:config => server_config)
+    end
+  end
+end
+
+task :client do
+ puts `ruby ./client.rb`
+end
+
+task :help do
+  puts 'Start the credential server first like so: rake credential_server:start'
+  puts 'Then start the validating server like so: rake validating_server:start'
+  puts 'And run the clien like: rake client'
+end
+
+task :default => :help
+

data/examples/client.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+require 'bundler/setup'
+require 'mach'
+require 'base64'
+require 'multi_json'
+
+def get_credentials
+  connection = Faraday.new(:url => "http://localhost:9595") do |c|
+    c.adapter Faraday.default_adapter
+  end
+  credentials_response = connection.post { |req| req.url "/credentials" } # first request is to store the client delta
+  credentials = MultiJson.decode(credentials_response.body)
+end
+
+def make_request(id, secret)
+  #make a request using those credentials
+  connection = Faraday.new(:url => "http://localhost:9494") do |c|
+    c.request :hmac_authentication, id, secret
+    c.adapter Faraday.default_adapter
+  end
+  res = connection.get { |req| req.url '/' }
+  [res.status, res.body]
+end
+
+def make_valid_request
+  credentials = get_credentials
+  make_request(credentials["id"], credentials["secret"])
+end
+
+def make_invalid_request
+  credentials = get_credentials
+  make_request(credentials["id"], "XXX")
+end
+
+p make_valid_request
+p make_invalid_request

data/examples/credential_server.ru

@@ -0,0 +1,46 @@
+#\ -p 9595
+
+require 'bundler/setup'
+require 'sinatra/base'
+require 'mach'
+require 'securerandom'
+require 'openssl'
+require 'base64'
+require 'multi_json'
+
+@@credential_store = {}
+
+class App < Sinatra::Base
+  post '/credentials' do
+    content_type 'application/json'
+    credentials = CredentialsGenerator.generate_id_secret_pair
+    @@credential_store[credentials[:id]] = credentials[:secret]
+    MultiJson.encode(credentials)
+  end
+
+  get '/credentials/:id' do |id|
+    MultiJson.encode({:id => id, :secret => @@credential_store[id]})
+  end
+end
+
+
+class CredentialsGenerator
+  class << self
+    def generate_id
+      SecureRandom.base64(24).tr('+/=lIO0', 'pqrsxyz')
+    end
+
+    def generate_secret
+      Base64.strict_encode64(OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key)
+    end
+
+    def generate_id_secret_pair
+      id = generate_id
+      secret = generate_secret
+      {:id => id, :secret => secret}
+    end
+  end
+end
+
+
+run App.new

data/examples/validating_server.ru

@@ -0,0 +1,27 @@
+#\ -p 9494
+require 'bundler/setup'
+require 'sinatra/base'
+require 'mach'
+require 'base64'
+require 'mach/rack/request_validator'
+require 'credential_store'
+
+#MAC_ID = "abc"
+#MAC_KEY = Base64.strict_encode64("123")
+
+Mach.configuration do |config|
+  config.with_credential_store CredentialStore::Adapter::CredentialServer.new(:server => 'http://localhost:9595/')
+  config.with_stale_request_window 10
+  config.with_data_store :redis, :host => "localhost", :port => "6379"
+end
+
+class App < Sinatra::Base
+  use Mach::Rack::RequestValidator
+
+  get '/' do
+    p (Mach::RequestValidator.valid?(request)) ? "Request is valid" : "Request is not valid"
+    'OK'
+  end
+end
+
+run App.new

data/lib/mach.rb

@@ -0,0 +1,31 @@
+require 'mach/faraday/request/hmac_authentication'
+require 'mach/configuration'
+require 'mach/validation/request_validator'
+
+module Mach
+  if ::Faraday.respond_to? :register_middleware
+    ::Faraday.register_middleware :request, :hmac_authentication => lambda { Mach::Faraday::HmacAuthentication }
+  end
+  class << self
+    def configuration(&block)
+      @configuration ||= Mach::Configuration.new
+      if block_given?
+        block.call(@configuration)
+      else
+        @configuration
+      end
+    end
+    alias :config :configuration # can use either config or configuration
+
+    def respond_to?(method, include_private=false)
+      self.configuration.respond_to?(method, include_private) || super
+    end
+
+    private
+
+    def method_missing(method, *args, &block)
+      return super unless self.configuration.respond_to?(method)
+      self.configuration.send(method, *args, &block)
+    end
+  end
+end

data/lib/mach/authorization_header.rb

@@ -0,0 +1,46 @@
+require 'mach/timestamp'
+require 'mach/nonce'
+require 'mach/normalized_string'
+require 'mach/signature'
+
+module Mach
+  class AuthorizationHeader
+    def initialize(id, key, options = {})
+      @id = id
+      @key = key
+      @options = options
+    end
+
+    def to_s
+      "MAC #{build_auth_value}"
+    end
+
+    private
+
+    def build_auth_value
+      timestamp = create_timestamp
+      nonce = create_nonce_for(timestamp)
+      normalized_string = NormalizedString.new(:timestamp => timestamp,
+                                               :nonce => nonce,
+                                               :request_method => @options[:request_method],
+                                               :path => @options[:path],
+                                               :host => @options[:host],
+                                               :port => @options[:port]
+                                              )
+      mac = Mach::Signature.new(@key, normalized_string.to_s)  #sign_normalized_string(env, timestamp, nonce)
+      "id=\"#{@id}\",ts=\"#{timestamp}\",nonce=\"#{nonce_for_header(nonce)}\",mac=\"#{mac}\""
+    end
+
+    def create_timestamp
+      Mach::Timestamp.now
+    end
+
+    def create_nonce_for(timestamp)
+      Mach::Nonce.for(timestamp)
+    end
+
+    def nonce_for_header(actual_nonce)
+      actual_nonce
+    end
+  end
+end

data/lib/mach/configuration.rb

@@ -0,0 +1,38 @@
+require 'mach/persistence/in_memory_store'
+require 'mach/persistence/redis_store'
+require 'base64'
+
+module Mach
+  class Configuration
+
+    attr_reader :credential_store, :data_store, :stale_request_window
+
+    def initialize
+      @stale_request_window = 10
+      @data_store = Mach::Persistence::InMemoryStore.configure({})
+      @credential_store = Hash.new
+    end
+
+    def with_credential_store(store, options = {})
+      @credential_store = store
+      #store_class = CredentialStore::Adapter.const_get(camelize(store_type.to_s))
+      #@credential_store = store_class.new(options)
+      # find out if we should use redis store first
+      #@credential_store = CredentialStore::Adapter::Redis.new() #todo pass options
+    end
+
+    def with_data_store(store_identifier, options = {})
+      store_class = Mach::Persistence.const_get(camelize("#{store_identifier.to_s}_store"))
+      @data_store = store_class.configure(options)
+    end
+
+    def with_stale_request_window(num_seconds)
+      @stale_request_window = num_seconds
+    end
+
+    private
+    def camelize(string)
+      string.split(/[^a-z0-9]/i).map{|w| w.capitalize}.join
+    end
+  end
+end

data/lib/mach/delta.rb

@@ -0,0 +1,15 @@
+module Mach
+  class Delta
+    class << self
+      def present_for(credential_id)
+        Mach.configuration.data_store.find_delta_by(credential_id)
+      end
+
+      def create(credential_id, server_timestamp, client_timestamp)
+        delta_value = server_timestamp - client_timestamp
+        expires_in = Mach.configuration.stale_request_window
+        Mach.configuration.data_store.add_delta(credential_id, delta_value, expires_in)
+      end
+    end
+  end
+end

data/lib/mach/error/error.rb

@@ -0,0 +1,10 @@
+module Mach
+  module Error
+    class RequestNotMacAuthenticatedError < StandardError
+    end
+    class CredentialFetchingError < StandardError
+    end
+    class MissingConfigurationOptionError < StandardError
+    end
+  end
+end

data/lib/mach/faraday/request/hmac_authentication.rb

@@ -0,0 +1,63 @@
+require 'faraday'
+require 'mach/hmac'
+require 'mach/authorization_header'
+
+module Mach
+  module Faraday
+    class HmacAuthentication < ::Faraday::Middleware
+      include Mach::HMAC
+      KEY = "Authorization".freeze
+
+      def initialize(app, id, key)
+        @mac_id = id
+        @mac_key = key
+        super(app)
+      end
+
+      def call(env)
+        unless env[:request_headers][KEY]
+          env[:request_headers][KEY] = self.header(env)
+        end
+        @app.call(env)
+      end
+
+      def header(env)
+        AuthorizationHeader.new(@mac_id, @mac_key,
+                                :request_method => mac_request_method(request_method(env)),
+                                :path => mac_path(path(env), query_string(env)),
+                                :host => mac_host(host(env)),
+                                :port => mac_port(port(env), scheme(env)),
+                                :ext => mac_ext(ext(env))).to_s
+      end
+
+      private
+      def request_method(env)
+        env[:method]
+      end
+
+      def host(env)
+        env[:url].host
+      end
+
+      def port(env)
+        env[:url].port
+      end
+
+      def path(env)
+        env[:url].path
+      end
+
+      def query_string(env)
+        env[:url].query
+      end
+
+      def ext(env)
+        nil
+      end
+
+      def scheme(env)
+        env[:url].scheme
+      end
+    end
+  end
+end

data/lib/mach/hmac.rb

@@ -0,0 +1,27 @@
+module Mach
+  module HMAC
+    def mac_request_method(request_method)
+      request_method.to_s.upcase
+    end
+
+    def mac_path(path, query_string)
+      query_string && !query_string.empty? ? "#{path}?#{query_string}" : "#{path}"
+    end
+
+    def mac_host(host)
+      host
+    end
+
+    def mac_port(port, scheme)
+      unless port
+        port = 80 if scheme == 'http'
+        port = 443 if scheme == 'https'
+      end
+      port
+    end
+
+    def mac_ext(ext)
+      ext
+    end
+  end
+end

data/lib/mach/nonce.rb

@@ -0,0 +1,22 @@
+require 'securerandom'
+require 'base64'
+
+module Mach
+  class Nonce
+    class << self
+      def for(timestamp)
+        #17 byte string to make sure we don't get any padding after base64
+        Base64.urlsafe_encode64("#{SecureRandom.random_bytes(17)}#{timestamp}")
+      end
+
+      def exists?(credential_id, nonce_value)
+        Mach.configuration.data_store.find_nonce_by(credential_id, nonce_value)
+      end
+
+      def persist(credential_id, nonce_value, timestamp)
+        expires_in = Mach.configuration.stale_request_window
+        Mach.configuration.data_store.add_nonce(credential_id, nonce_value, expires_in)
+      end
+    end
+  end
+end

data/lib/mach/normalized_string.rb

@@ -0,0 +1,17 @@
+module Mach
+  class NormalizedString
+    def initialize(options = {})
+      @timestamp = options[:timestamp]
+      @nonce = options[:nonce]
+      @request_method = options[:request_method]
+      @path = options[:path]
+      @host = options[:host]
+      @port = options[:port]
+      @ext = options[:ext] || "\n"
+    end
+
+    def to_s
+      [@timestamp, @nonce, @request_method, @path, @host, @port, @ext].join("\n")
+    end
+  end
+end

data/lib/mach/persistence/delta_and_nonce_store.rb

@@ -0,0 +1,27 @@
+module Mach
+  module Persistence
+    class DeltaAndNonceStore
+      class << self
+        def configure(options = {})
+          self.new(options)
+        end
+      end
+
+      def find_delta_by(credential_id)
+        raise "Implement me"
+      end
+
+      def add_delta(credential_id, delta_value, expires_in)
+        raise "Implement me"
+      end
+
+      def find_nonce_by(credential_id, nonce_value)
+        raise "Implement me"
+      end
+
+      def add_nonce(credential_id, nonce_value, timestamp)
+        raise "Implement me"
+      end
+    end
+  end
+end

data/lib/mach/persistence/in_memory_store.rb

@@ -0,0 +1,48 @@
+require 'mach/persistence/delta_and_nonce_store'
+require 'mach/timestamp'
+
+module Mach
+  module Persistence
+    class InMemoryStore < Mach::Persistence::DeltaAndNonceStore
+      def initialize(options = {})
+        @deltas = {}
+        @nonces = {}
+      end
+
+      def find_delta_by(credential_id)
+        delta_hash = @deltas[credential_id] || {}
+        now = Timestamp.now
+        if delta_hash[:expires_at] && delta_hash[:expires_at] > now
+          delta_hash[:delta_value]
+        else
+          @deltas[credential_id] = nil
+          nil
+        end
+      end
+
+      def add_delta(credential_id, delta_value, expires_in)
+        expires_at = Timestamp.now + expires_in
+        @deltas[credential_id] = {:delta_value => delta_value, :expires_at => expires_at}
+        @deltas[credential_id][:delta_value]
+      end
+
+      def find_nonce_by(credential_id, nonce_value)
+        nonces_for_credential_id = @nonces[credential_id] || {}
+        expires_at = nonces_for_credential_id[nonce_value]
+        now = Timestamp.now
+        if expires_at && expires_at > now
+          nonce_value
+        else
+          nonces_for_credential_id[nonce_value] = nil
+          nil
+        end
+      end
+
+      def add_nonce(credential_id, nonce_value, expires_in)
+        expires_at = Timestamp.now + expires_in
+        @nonces[credential_id] ||= {}
+        @nonces[credential_id][nonce_value] = expires_at
+      end
+    end
+  end
+end

data/lib/mach/persistence/redis_store.rb

@@ -0,0 +1,40 @@
+require 'mach/persistence/delta_and_nonce_store'
+require 'mach/timestamp'
+require 'redis'
+
+module Mach
+  module Persistence
+    class RedisStore < Mach::Persistence::DeltaAndNonceStore
+      def initialize(options = {})
+        raise MissingConfigurationOptionError unless options[:host] && options[:port]
+        @redis = Redis.new(:host => options[:host], :port => options[:port])
+      end
+
+      def find_delta_by(credential_id)
+        @redis.get(delta_key_for(credential_id))
+      end
+
+      def add_delta(credential_id, delta_value, expires_in)
+        @redis.setex(delta_key_for(credential_id), expires_in, delta_value)
+        delta_value
+      end
+
+      def find_nonce_by(credential_id, nonce_value)
+        @redis.get(nonce_key_for(credential_id, nonce_value))
+      end
+
+      def add_nonce(credential_id, nonce_value, expires_in)
+        @redis.setex(nonce_key_for(credential_id, nonce_value), expires_in, 1)
+      end
+
+      private
+      def delta_key_for(credential_id)
+        "delta_key_for_#{credential_id}"
+      end
+
+      def nonce_key_for(credential_id, nonce)
+        "nonce_key_for_#{credential_id}_#{nonce}"
+      end
+    end
+  end
+end

data/lib/mach/rack/request_validator.rb

@@ -0,0 +1,29 @@
+module Mach
+  module Rack
+    class RequestValidator
+      def initialize app
+        @app = app
+      end
+
+      def call env
+        request = Mach::Request.new(env)
+        if request.mac_authorization? && !Mach::RequestValidator.valid?(request)
+          failure
+        else
+          success(env)
+        end
+      end
+
+      private
+
+      def success(env)
+        @app.call(env)
+      end
+
+      def failure
+        [401, { 'Content-Type' => 'application/json' }, ['Unauthorized'] ]
+      end
+    end
+  end
+end
+

data/lib/mach/request.rb

@@ -0,0 +1,51 @@
+require 'rack'
+require 'mach/normalized_string'
+
+module Mach
+  class Request < ::Rack::Request
+    include Mach::HMAC
+
+    def authorization
+      @env['HTTP_AUTHORIZATION']
+    end
+
+    def mac_authorization?
+      !!(self.authorization =~ /^\s*MAC .*$/)
+    end
+
+    def mac_id
+      self.authorization.scan(/^\s*MAC\s*.*id="(.*?)".*/).flatten[0]
+    end
+
+    def mac_timestamp
+      self.authorization.scan(/^\s*MAC\s*.*ts="(.*?)".*/).flatten[0]
+    end
+
+    def mac_nonce
+      self.authorization.scan(/^\s*MAC\s*.*nonce="(.*?)".*/).flatten[0]
+    end
+
+    def mac_ext
+      self.authorization.scan(/^\s*MAC\s*.*ext="(.*?)".*/).flatten[0]
+    end
+
+    def mac_signature
+      self.authorization.scan(/^\s*MAC\s*.*mac="(.*?)".*/).flatten[0]
+    end
+
+    def mac_normalized_request_string
+      if mac_authorization?
+        NormalizedString.new(:timestamp => mac_timestamp,
+                             :nonce => mac_nonce,
+                             :request_method => request_method,
+                             :path => mac_path(path, query_string),
+                             :host => host,
+                             :port => mac_port(self.port, self.scheme),
+                             :ext => mac_ext
+                            ).to_s
+      else
+        ""
+      end
+    end
+  end
+end

data/lib/mach/signature.rb

@@ -0,0 +1,30 @@
+require 'openssl'
+require 'base64'
+
+module Mach
+  class Signature
+    ALGORITHMS = {'hmac-sha-256' => 'sha256', 'hmac-sha-1' => 'sha1'}
+    DEFAULT_ALGORITHM = 'hmac-sha-256'
+
+    def initialize(key, data, algorithm = DEFAULT_ALGORITHM)
+      @algorithm = algorithm
+      @data = data
+      @key = key
+    end
+
+    def to_s
+      Base64.strict_encode64(OpenSSL::HMAC.digest(digest, @key, @data))
+    end
+
+    def matches?(base64_expected_signature)
+      to_s == base64_expected_signature
+    end
+
+    private
+
+    def digest
+      digest_algorithm = @algorithm ? ALGORITHMS[@algorithm] : ALGORITHMS[DEFAULT_ALGORITHM]
+      OpenSSL::Digest::Digest.new(digest_algorithm)
+    end
+  end
+end

data/lib/mach/timestamp.rb

@@ -0,0 +1,9 @@
+module Mach
+  class Timestamp
+    class << self
+      def now
+        Time.now.utc.to_i
+      end
+    end
+  end
+end

data/lib/mach/validation/nonce_validator.rb

@@ -0,0 +1,11 @@
+module Mach
+  module Validation
+    class NonceValidator
+      class << self
+        def valid?(hmac_request)
+          !Nonce.exists?(hmac_request.mac_id, hmac_request.mac_nonce)
+        end
+      end
+    end
+  end
+end

data/lib/mach/validation/request_validator.rb

@@ -0,0 +1,23 @@
+require 'mach/error/error'
+require 'mach/request'
+require 'mach/validation/timestamp_validator'
+require 'mach/validation/nonce_validator'
+require 'mach/validation/signature_validator'
+
+module Mach
+  class RequestValidator
+    class << self
+      def valid?(rack_request)
+        hmac_request = Mach::Request.new(rack_request.env)
+        raise Mach::Error::RequestNotMacAuthenticatedError unless hmac_request.mac_authorization?
+        valid = hmac_request.mac_id &&
+          Mach::Validation::TimestampValidator.valid?(hmac_request) &&
+          Mach::Validation::NonceValidator.valid?(hmac_request) &&
+          Mach::Validation::SignatureValidator.valid?(hmac_request)
+        #need to make sure we store the nonce
+        Nonce.persist(hmac_request.mac_id, hmac_request.mac_nonce, hmac_request.mac_timestamp.to_i) if valid
+        valid
+      end
+    end
+  end
+end

data/lib/mach/validation/signature_validator.rb

@@ -0,0 +1,24 @@
+require 'mach/signature'
+
+module Mach
+  module Validation
+    
+    class SignatureValidator
+      class << self
+        def valid?(hmac_request)
+          if secret = credential_store[hmac_request.mac_id]
+            data = hmac_request.mac_normalized_request_string
+            Mach::Signature.new(secret, data).matches?(hmac_request.mac_signature)
+          else
+            false
+          end  
+        end
+
+        private
+        def credential_store
+          Mach::configuration.credential_store
+        end
+      end
+    end
+  end
+end

data/lib/mach/validation/timestamp_validator.rb

@@ -0,0 +1,21 @@
+require 'mach/timestamp'
+require 'mach/delta'
+
+module Mach
+  module Validation
+    class TimestampValidator
+      class << self
+        def valid?(hmac_request)
+          server_timestamp = Mach::Timestamp.now.to_i
+          client_timestamp = hmac_request.mac_timestamp.to_i
+          delta = Mach::Delta.present_for(hmac_request.mac_id) #do we have a delta for this client
+          unless delta
+            delta = Mach::Delta.create(hmac_request.mac_id, server_timestamp, client_timestamp)
+          end
+          #make sure the client timestamp is not older than what we're willing to accept
+          server_timestamp - (client_timestamp + delta.to_i) < Mach.configuration.stale_request_window
+        end
+      end
+    end
+  end
+end

data/lib/mach/version.rb

@@ -0,0 +1,3 @@
+module Mach
+  VERSION = "0.0.1"
+end

data/mach.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "mach/version"
+
+Gem::Specification.new do |s|
+  s.name        = "mach"
+  s.version     = Mach::VERSION
+  s.authors     = ["Alan Skorkin"]
+  s.email       = ["alan@skorks.com"]
+  s.homepage    = "https://github.com/skorks/mach"
+  s.summary     = %q{HMAC authentication stuff}
+  s.description = %q{HMAC authentication stuff}
+
+  s.rubyforge_project = "mach"
+
+  s.add_dependency 'faraday'
+  s.add_dependency 'rack'
+  s.add_dependency 'multi_json'
+  s.add_dependency 'redis'
+
+  s.add_development_dependency  'rake'
+  s.add_development_dependency  'rspec'
+  s.add_development_dependency  'json'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/spec/normalized_string_spec.rb

@@ -0,0 +1,34 @@
+require File.expand_path('../spec_helper', __FILE__)
+require 'mach/normalized_string'
+
+describe Mach::NormalizedString do
+  let(:timestamp) {1344824119}
+  let(:nonce) {"abc123"}
+  let(:request_method) {"GET"}
+  let(:path) {"/blah?yadda=5&foo=bar"}
+  let(:host) {"blah.com"}
+  let(:port) {80}
+  let(:ext) {"hello"}
+
+  let(:normalized_string) do
+    Mach::NormalizedString.new(:timestamp => timestamp,
+                               :nonce => nonce,
+                               :request_method => request_method,
+                               :path => path,
+                               :host => host,
+                               :port => port,
+                               :ext => ext
+                              )
+  end
+
+  describe "#to_s" do
+    subject { normalized_string.to_s }
+    context "when all compenents present" do
+      it { subject.should == "#{timestamp}\n#{nonce}\n#{request_method}\n#{path}\n#{host}\n#{port}\n#{ext}" }
+    end
+    context "when no ext" do
+      let(:ext) {nil}
+      it { subject.should == "#{timestamp}\n#{nonce}\n#{request_method}\n#{path}\n#{host}\n#{port}\n\n" }
+    end
+  end
+end

data/spec/signature_spec.rb

@@ -0,0 +1,55 @@
+require File.expand_path('../spec_helper', __FILE__)
+require "base64"
+require 'mach/signature'
+
+describe Mach::Signature do
+  let(:key) { "some_key" }
+  let(:data) {"hello world"}
+
+  describe "#to_s" do
+    subject { Mach::Signature.new(key, data).to_s }
+
+    context "produces a signature" do
+      it { ->{subject}.should_not raise_error }
+    end
+    #this was to test ios integration and it seemed to work
+    #context "testing123" do
+      #let(:timestamp) {1344843814}
+      #let(:nonce) {"PYVV2cPkVvVsB0Gi"}
+      #let(:request_method) {"GET"}
+      #let(:path) {"/contests/contest-20120191956?subject_path=%2Fcontests%2F20120191956"}
+      #let(:host) {"staging.api.playupdev.com"}
+      #let(:port) {80}
+
+      #let(:data) do
+        #Mach::NormalizedString.new(:timestamp => timestamp,
+                                   #:nonce => nonce,
+                                   #:request_method => request_method,
+                                   #:path => path,
+                                   #:host => host,
+                                   #:port => port
+                                  #).to_s
+      #end
+
+      #let(:key) { "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" }
+      #it {subject.should == "YnHx40PpfjMaxtO+sxJvg2XtOF70L1zGlNad92dg8i4="}
+    #end
+  end
+
+  describe "#matches?" do
+    let(:signature) { Mach::Signature.new(key, data) }
+    subject { signature.matches?(expected_signature) }
+
+
+    context "when expected signature is invalid" do
+      let(:expected_signature) { "abc123" }
+      it {subject.should_not be_true}
+    end
+    context "when expected signature is valid" do
+      let(:expected_signature) { '/wfbnU08rHnneh2Q4wSopDyULH43ePyuSyHMBc9nbnw=' }
+
+      it {subject.should be_true}
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+# encoding: utf-8
+$:.unshift(File.expand_path('../', __FILE__))
+$:.unshift(File.expand_path('../../lib', __FILE__))
+
+require 'mach'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[File.join(File.expand_path('../support', __FILE__), '**/*.rb')].each {|f| require f}
+
+# Use Mocha to mock with RSpec
+RSpec.configure do |config|
+  config.mock_with :rspec
+end

metadata

@@ -0,0 +1,200 @@
+--- !ruby/object:Gem::Specification
+name: mach
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Alan Skorkin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-08-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: HMAC authentication stuff
+email:
+- alan@skorks.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rvmrc
+- Gemfile
+- README.md
+- Rakefile
+- examples/Gemfile
+- examples/Gemfile.lock
+- examples/Rakefile
+- examples/client.rb
+- examples/credential_server.ru
+- examples/validating_server.ru
+- lib/mach.rb
+- lib/mach/authorization_header.rb
+- lib/mach/configuration.rb
+- lib/mach/delta.rb
+- lib/mach/error/error.rb
+- lib/mach/faraday/request/hmac_authentication.rb
+- lib/mach/hmac.rb
+- lib/mach/nonce.rb
+- lib/mach/normalized_string.rb
+- lib/mach/persistence/delta_and_nonce_store.rb
+- lib/mach/persistence/in_memory_store.rb
+- lib/mach/persistence/redis_store.rb
+- lib/mach/rack/request_validator.rb
+- lib/mach/request.rb
+- lib/mach/signature.rb
+- lib/mach/timestamp.rb
+- lib/mach/validation/nonce_validator.rb
+- lib/mach/validation/request_validator.rb
+- lib/mach/validation/signature_validator.rb
+- lib/mach/validation/timestamp_validator.rb
+- lib/mach/version.rb
+- mach.gemspec
+- spec/normalized_string_spec.rb
+- spec/signature_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/skorks/mach
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1737604513296395942
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1737604513296395942
+requirements: []
+rubyforge_project: mach
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: HMAC authentication stuff
+test_files: []