RubyGems - mastercard_oauth1_signer - Versions diffs - 1.1.2 → 1.1.3 - Mend

mastercard_oauth1_signer 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc99c2f741d407afea8bfa4a173841c65c65388b01bbb188e0d91229bdbdbb1c
-  data.tar.gz: fde6a72486a7b34b7cc53829694099b68ff9827feb24952314346fe45f8c678a
+  metadata.gz: ab936cc604abe3d80ef8cc6fc7f78edf3b5f4fd37e32b3158916abc44b3db116
+  data.tar.gz: 6298fff5cd6c69f7c78957b8d30be579aebac69024a202b7e69761ad20db5527
 SHA512:
-  metadata.gz: 03edc59be830218437c63ba5027920e42bbcf7740a139067920076f48e1d88b67b622bd9bdf23da7b9606c61f3b3c9190ad8a373c8146d48a5be4ae65e7916aa
-  data.tar.gz: 97f9570af04be215ff34d00ce45f7a9934dc6d8b69ff617f820a3b2f2efab06523e468e88aa0310cda7d53ce961ef7e3f805c0b71a2582b94c3aab3c95f0d6a1
+  metadata.gz: 7dc43e36f4e3e02864bfb6b9dcff07aa916a086e6889718131a39b650eaa89cc51db69200224478efb461c9e045e6eb752bc9c752b8ec114e6389ceac4537caa
+  data.tar.gz: 5bd21dc6162927e859515133b6fc145f75e9cc16650454adc94ec1ec214a5dc778ea9d243a9f16fed9b6f2cc1ada5a8dafc91baf4a6acae036222687c97db5f1

data/lib/mastercard/oauth.rb ADDED Viewed

@@ -0,0 +1,255 @@
+# frozen_string_literal: true
+require 'base64'
+require 'openssl'
+require 'securerandom'
+require 'uri'
+module Mastercard
+  class Mastercard::OAuth
+    class << self
+      EMPTY_STRING = ''
+      SHA_BITS = '256'
+      # Creates a Mastercard API compliant Mastercard::OAuth Authorization header
+      #
+      # @param {String} uri Target URI for this request
+      # @param {String} method HTTP method of the request
+      # @param {Any} payload Payload (nullable)
+      # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
+      # @param {String} signingKey The private key that will be used for signing the request that corresponds to the consumerKey
+      # @return {String} Valid Mastercard::OAuth1.0a signature with a body hash when payload is present
+      #
+      def get_authorization_header(uri, method, payload, consumer_key, signing_key)
+        query_params = extract_query_params(uri)
+        oauth_params = get_oauth_params(consumer_key, payload)
+        # Combine query and oauth_ parameters into lexicographically sorted string
+        param_string = to_oauth_param_string(query_params, oauth_params)
+        # Normalized URI without query params and fragment
+        base_uri = get_base_uri_string(uri)
+        # Signature base string
+        sbs = get_signature_base_string(method, base_uri, param_string)
+        # Signature
+        signature = sign_signature_base_string(sbs, signing_key)
+        oauth_params['oauth_signature'] = encode_uri_component(signature)
+        # Return
+        get_authorization_string(oauth_params)
+      end
+      #
+      # Parse query parameters out of the URL.
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.3
+      #
+      # @param {String} uri URL containing all query parameters that need to be signed
+      # @return {Map<String, Set<String>} Sorted map of query parameter key/value pairs. Values for parameters with the same name are added into a list.
+      #
+      def extract_query_params(uri)
+        query_params = URI.parse(uri).query
+        return {} if query_params.eql?(nil)
+        query_pairs = {}
+        pairs = query_params.split('&').sort_by(&:downcase)
+        pairs.each do |pair|
+          idx = pair.index('=')
+          key = idx.positive? ? pair[0..(idx - 1)] : pair
+          query_pairs[key] = [] unless query_pairs.include?(key)
+          value = if idx.positive? && pair.length > idx + 1
+                    pair[(idx + 1)..pair.length]
+                  else
+                    EMPTY_STRING
+                  end
+          query_pairs[key].push(value)
+        end
+        query_pairs
+      end
+      #
+      # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
+      # @param {Any} payload Payload (nullable)
+      # @return {Map}
+      #
+      def get_oauth_params(consumer_key, payload = nil)
+        oauth_params = {}
+        oauth_params['oauth_body_hash'] = get_body_hash(payload)
+        oauth_params['oauth_consumer_key'] = consumer_key
+        oauth_params['oauth_nonce'] = get_nonce
+        oauth_params['oauth_signature_method'] = "RSA-SHA#{SHA_BITS}"
+        oauth_params['oauth_timestamp'] = time_stamp
+        oauth_params['oauth_version'] = '1.0'
+        oauth_params
+      end
+      #
+      # Constructs a valid Authorization header as per
+      # https://tools.ietf.org/html/rfc5849#section-3.5.1
+      # @param {Map<String, String>} oauthParams Map of Mastercard::OAuth parameters to be included in the Authorization header
+      # @return {String} Correctly formatted header
+      #
+      def get_authorization_string(oauth_params)
+        header = 'OAuth '
+        oauth_params.each do |entry|
+          entry_key = entry[0]
+          entry_val = entry[1]
+          header = "#{header}#{entry_key}=\"#{entry_val}\","
+        end
+        # Remove trailing ,
+        header.slice(0, header.length - 1)
+      end
+      #
+      # Normalizes the URL as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.2
+      #
+      # @param {String} uri URL that will be called as part of this request
+      # @return {String} Normalized URL
+      #
+      def get_base_uri_string(uri)
+        url = URI.parse(uri)
+        # Lowercase scheme and authority
+        # Remove redundant port, query, and fragment
+        base_uri = "#{url.scheme.downcase}://#{url.host.downcase}"
+        base_uri += ":#{url.port}" if (url.scheme.downcase == 'https') && (url.port != 443)
+        base_uri += ":#{url.port}" if (url.scheme.downcase == 'http') && (url.port != 80)
+        base_uri += "/#{url.path[1..-1]}"
+      end
+      #
+      # Lexicographically sort all parameters and concatenate them into a string as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
+      #
+      # @param {Map<String, Set<String>>} queryParamsMap Map of all oauth parameters that need to be signed
+      # @param {Map<String, String>} oauthParamsMap Map of Mastercard::OAuth parameters to be included in Authorization header
+      # @return {String} Correctly encoded and sorted Mastercard::OAuth parameter string
+      #
+      def to_oauth_param_string(query_params_map, oauth_param_map)
+        consolidated_params = {}.merge(query_params_map)
+        # Add Mastercard::OAuth params to consolidated params map
+        oauth_param_map.each do |entry|
+          entry_key = entry[0]
+          entry_val = entry[1]
+          consolidated_params[entry_key] =
+            if consolidated_params.include?(entry_key)
+              entry_val
+            else
+              [].push(entry_val)
+            end
+        end
+        consolidated_params = consolidated_params.sort_by { |k, _| k }.to_h
+        oauth_params = ''
+        # Add all parameters to the parameter string for signing
+        consolidated_params.each do |entry|
+          entry_key = entry[0]
+          entry_value = entry[1]
+          # Keys with same name are sorted by their values
+          entry_value = entry_value.sort if entry_value.size > 1
+          entry_value.each do |value|
+            oauth_params += "#{entry_key}=#{value}&"
+          end
+        end
+        # Remove trailing ampersand
+        string_length = oauth_params.length - 1
+        oauth_params = oauth_params.slice(0, string_length) if oauth_params.end_with?('&')
+        oauth_params
+      end
+      #
+      # Generate a valid signature base string as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1
+      #
+      # @param {String} httpMethod HTTP method of the request
+      # @param {String} baseUri Base URI that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.2
+      # @param {String} paramString Mastercard::OAuth parameter string that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.3
+      # @return {String} A correctly constructed and escaped signature base string
+      #
+      def get_signature_base_string(http_method, base_uri, param_string)
+        sbs =
+          # Uppercase HTTP method
+          "#{http_method.upcase}&" +
+          # Base URI
+          "#{encode_uri_component(base_uri)}&" +
+          # Mastercard::OAuth parameter string
+          encode_uri_component(param_string).to_s
+        sbs.gsub(/!/, '%21')
+      end
+      #
+      # Signs the signature base string using an RSA private key. The methodology is described at
+      # https://tools.ietf.org/html/rfc5849#section-3.4.3 but Mastercard uses the stronger SHA-256 algorithm
+      # as a replacement for the described SHA1 which is no longer considered secure.
+      #
+      # @param {String} sbs Signature base string formatted as per https://tools.ietf.org/html/rfc5849#section-3.4.1
+      # @param {String} signingKey Private key of the RSA key pair that was established with the service provider
+      # @return {String} RSA signature matching the contents of signature base string
+      #
+      # noinspection RubyArgCount
+      def OAuth.sign_signature_base_string(sbs, signing_key)
+        digest = OpenSSL::Digest.new('SHA256')
+        rsa_key = OpenSSL::PKey::RSA.new signing_key
+        signature = ''
+        begin
+          signature = rsa_key.sign(digest, sbs)
+        rescue
+          raise Exception, 'Unable to sign the signature base string.'
+        end
+        Base64.strict_encode64(signature).chomp.gsub(/\n/, '')
+      end
+      #
+      # Generates a hash based on request payload as per
+      # https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html
+      #
+      # @param {Any} payload Request payload
+      # @return {String} Base64 encoded cryptographic hash of the given payload
+      #
+      def get_body_hash(payload)
+        # Base 64 encodes the SHA1 digest of payload
+        Base64.strict_encode64(OpenSSL::Digest.new('SHA256').digest(payload.nil? ? '' : payload))
+      end
+      #
+      # Encodes a text string as a valid component of a Uniform Resource Identifier (URI).
+      # @ param uri_component A value representing an encoded URI component.
+      #
+      def encode_uri_component(uri_component)
+        URI.encode_www_form_component(uri_component)
+      end
+      #
+      # Generates a random string for replay protection as per
+      # https://tools.ietf.org/html/rfc5849#section-3.3
+      # @return {String} UUID with dashes removed
+      #
+      def get_nonce(len = 32)
+        # Returns a random string of length=len
+        SecureRandom.alphanumeric(len)
+      end
+      # Returns UNIX Timestamp as required per
+      # https://tools.ietf.org/html/rfc5849#section-3.3
+      # @return {String} UNIX timestamp (UTC)
+      #
+      def time_stamp
+        Time.now.to_i
+      end
+    end
+  end
+end

data/oauth1_signer_ruby.gemspec CHANGED Viewed

@@ -3,7 +3,7 @@ Gem::Specification.new do |gem|
   gem.authors       = ["Mastercard"]
   gem.summary       = %q{Mastercard client authentication library}
   gem.description   = %q{Zero dependency library for generating a Mastercard API compliant OAuth signature}
-  gem.version       = "1.1.2"
+  gem.version       = "1.1.3"
   gem.license       = "MIT"
   gem.homepage      = "https://github.com/Mastercard/oauth1-signer-ruby"
   gem.files         = Dir["{bin,spec,lib}/**/*"]+ Dir["data/*"] + ["oauth1_signer_ruby.gemspec"]

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mastercard_oauth1_signer
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Mastercard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-04 00:00:00.000000000 Z
+date: 2023-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -73,7 +73,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/oauth.rb
+- lib/mastercard/oauth.rb
 - oauth1_signer_ruby.gemspec
 homepage: https://github.com/Mastercard/oauth1-signer-ruby
 licenses:

data/lib/oauth.rb DELETED Viewed

@@ -1,253 +0,0 @@
-# frozen_string_literal: true
-require 'base64'
-require 'openssl'
-require 'uri'
-class OAuth
-  class << self
-    EMPTY_STRING = ''
-    SHA_BITS = '256'
-    # Creates a Mastercard API compliant OAuth Authorization header
-    #
-    # @param {String} uri Target URI for this request
-    # @param {String} method HTTP method of the request
-    # @param {Any} payload Payload (nullable)
-    # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
-    # @param {String} signingKey The private key that will be used for signing the request that corresponds to the consumerKey
-    # @return {String} Valid OAuth1.0a signature with a body hash when payload is present
-    #
-    def get_authorization_header(uri, method, payload, consumer_key, signing_key)
-      query_params = extract_query_params(uri)
-      oauth_params = get_oauth_params(consumer_key, payload)
-      # Combine query and oauth_ parameters into lexicographically sorted string
-      param_string = to_oauth_param_string(query_params, oauth_params)
-      # Normalized URI without query params and fragment
-      base_uri = get_base_uri_string(uri)
-      # Signature base string
-      sbs = get_signature_base_string(method, base_uri, param_string)
-      # Signature
-      signature = sign_signature_base_string(sbs, signing_key)
-      oauth_params['oauth_signature'] = encode_uri_component(signature)
-      # Return
-      get_authorization_string(oauth_params)
-    end
-    #
-    # Parse query parameters out of the URL.
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.3
-    #
-    # @param {String} uri URL containing all query parameters that need to be signed
-    # @return {Map<String, Set<String>} Sorted map of query parameter key/value pairs. Values for parameters with the same name are added into a list.
-    #
-    def extract_query_params(uri)
-      query_params = URI.parse(uri).query
-      return {} if query_params.eql?(nil)
-      query_pairs = {}
-      pairs = query_params.split('&').sort_by(&:downcase)
-      pairs.each do |pair|
-        idx = pair.index('=')
-        key = idx.positive? ? pair[0..(idx - 1)] : pair
-        query_pairs[key] = [] unless query_pairs.include?(key)
-        value = if idx.positive? && pair.length > idx + 1
-                  pair[(idx + 1)..pair.length]
-                else
-                  EMPTY_STRING
-                end
-        query_pairs[key].push(value)
-      end
-      query_pairs
-    end
-    #
-    # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
-    # @param {Any} payload Payload (nullable)
-    # @return {Map}
-    #
-    def get_oauth_params(consumer_key, payload = nil)
-      oauth_params = {}
-      oauth_params['oauth_body_hash'] = get_body_hash(payload)
-      oauth_params['oauth_consumer_key'] = consumer_key
-      oauth_params['oauth_nonce'] = get_nonce
-      oauth_params['oauth_signature_method'] = "RSA-SHA#{SHA_BITS}"
-      oauth_params['oauth_timestamp'] = time_stamp
-      oauth_params['oauth_version'] = '1.0'
-      oauth_params
-    end
-    #
-    # Constructs a valid Authorization header as per
-    # https://tools.ietf.org/html/rfc5849#section-3.5.1
-    # @param {Map<String, String>} oauthParams Map of OAuth parameters to be included in the Authorization header
-    # @return {String} Correctly formatted header
-    #
-    def get_authorization_string(oauth_params)
-      header = 'OAuth '
-      oauth_params.each do |entry|
-        entry_key = entry[0]
-        entry_val = entry[1]
-        header = "#{header}#{entry_key}=\"#{entry_val}\","
-      end
-      # Remove trailing ,
-      header.slice(0, header.length - 1)
-    end
-    #
-    # Normalizes the URL as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.2
-    #
-    # @param {String} uri URL that will be called as part of this request
-    # @return {String} Normalized URL
-    #
-    def get_base_uri_string(uri)
-      url = URI.parse(uri)
-      # Lowercase scheme and authority
-      # Remove redundant port, query, and fragment
-      base_uri = "#{url.scheme.downcase}://#{url.host.downcase}"
-      base_uri += ":#{url.port}" if (url.scheme.downcase == 'https') && (url.port != 443)
-      base_uri += ":#{url.port}" if (url.scheme.downcase == 'http') && (url.port != 80)
-      base_uri += "/#{url.path[1..-1]}"
-    end
-    #
-    # Lexicographically sort all parameters and concatenate them into a string as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
-    #
-    # @param {Map<String, Set<String>>} queryParamsMap Map of all oauth parameters that need to be signed
-    # @param {Map<String, String>} oauthParamsMap Map of OAuth parameters to be included in Authorization header
-    # @return {String} Correctly encoded and sorted OAuth parameter string
-    #
-    def to_oauth_param_string(query_params_map, oauth_param_map)
-      consolidated_params = {}.merge(query_params_map)
-      # Add OAuth params to consolidated params map
-      oauth_param_map.each do |entry|
-        entry_key = entry[0]
-        entry_val = entry[1]
-        consolidated_params[entry_key] =
-          if consolidated_params.include?(entry_key)
-            entry_val
-          else
-            [].push(entry_val)
-          end
-      end
-      consolidated_params = consolidated_params.sort_by { |k, _| k }.to_h
-      oauth_params = ''
-      # Add all parameters to the parameter string for signing
-      consolidated_params.each do |entry|
-        entry_key = entry[0]
-        entry_value = entry[1]
-        # Keys with same name are sorted by their values
-        entry_value = entry_value.sort if entry_value.size > 1
-        entry_value.each do |value|
-          oauth_params += "#{entry_key}=#{value}&"
-        end
-      end
-      # Remove trailing ampersand
-      string_length = oauth_params.length - 1
-      oauth_params = oauth_params.slice(0, string_length) if oauth_params.end_with?('&')
-      oauth_params
-    end
-    #
-    # Generate a valid signature base string as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1
-    #
-    # @param {String} httpMethod HTTP method of the request
-    # @param {String} baseUri Base URI that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.2
-    # @param {String} paramString OAuth parameter string that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.3
-    # @return {String} A correctly constructed and escaped signature base string
-    #
-    def get_signature_base_string(http_method, base_uri, param_string)
-      sbs =
-        # Uppercase HTTP method
-        "#{http_method.upcase}&" +
-        # Base URI
-        "#{encode_uri_component(base_uri)}&" +
-        # OAuth parameter string
-        encode_uri_component(param_string).to_s
-      sbs.gsub(/!/, '%21')
-    end
-    #
-    # Signs the signature base string using an RSA private key. The methodology is described at
-    # https://tools.ietf.org/html/rfc5849#section-3.4.3 but Mastercard uses the stronger SHA-256 algorithm
-    # as a replacement for the described SHA1 which is no longer considered secure.
-    #
-    # @param {String} sbs Signature base string formatted as per https://tools.ietf.org/html/rfc5849#section-3.4.1
-    # @param {String} signingKey Private key of the RSA key pair that was established with the service provider
-    # @return {String} RSA signature matching the contents of signature base string
-    #
-    # noinspection RubyArgCount
-    def OAuth.sign_signature_base_string(sbs, signing_key)
-      digest = OpenSSL::Digest.new('SHA256')
-      rsa_key = OpenSSL::PKey::RSA.new signing_key
-      signature = ''
-      begin
-        signature = rsa_key.sign(digest, sbs)
-      rescue
-        raise Exception, 'Unable to sign the signature base string.'
-      end
-      Base64.strict_encode64(signature).chomp.gsub(/\n/, '')
-    end
-    #
-    # Generates a hash based on request payload as per
-    # https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html
-    #
-    # @param {Any} payload Request payload
-    # @return {String} Base64 encoded cryptographic hash of the given payload
-    #
-    def get_body_hash(payload)
-      # Base 64 encodes the SHA1 digest of payload
-      Base64.strict_encode64(Digest::SHA256.digest(payload.nil? ? '' : payload))
-    end
-    #
-    # Encodes a text string as a valid component of a Uniform Resource Identifier (URI).
-    # @ param uri_component A value representing an encoded URI component.
-    #
-    def encode_uri_component(uri_component)
-      URI.encode_www_form_component(uri_component)
-    end
-    #
-    # Generates a random string for replay protection as per
-    # https://tools.ietf.org/html/rfc5849#section-3.3
-    # @return {String} UUID with dashes removed
-    #
-    def get_nonce(len = 32)
-      # Returns a random string of length=len
-      o = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
-      (0...len).map { o[rand(o.length)] }.join
-    end
-    # Returns UNIX Timestamp as required per
-    # https://tools.ietf.org/html/rfc5849#section-3.3
-    # @return {String} UNIX timestamp (UTC)
-    #
-    def time_stamp
-      Time.now.getutc.to_i
-    end
-  end
-end