RubyGems - mastercard_oauth1_signer - Versions diffs - 1.1.2 → 1.1.3 - Mend

mastercard_oauth1_signer 1.1.2 → 1.1.3

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc99c2f741d407afea8bfa4a173841c65c65388b01bbb188e0d91229bdbdbb1c
-  data.tar.gz: fde6a72486a7b34b7cc53829694099b68ff9827feb24952314346fe45f8c678a
+  metadata.gz: ab936cc604abe3d80ef8cc6fc7f78edf3b5f4fd37e32b3158916abc44b3db116
+  data.tar.gz: 6298fff5cd6c69f7c78957b8d30be579aebac69024a202b7e69761ad20db5527
 SHA512:
-  metadata.gz: 03edc59be830218437c63ba5027920e42bbcf7740a139067920076f48e1d88b67b622bd9bdf23da7b9606c61f3b3c9190ad8a373c8146d48a5be4ae65e7916aa
-  data.tar.gz: 97f9570af04be215ff34d00ce45f7a9934dc6d8b69ff617f820a3b2f2efab06523e468e88aa0310cda7d53ce961ef7e3f805c0b71a2582b94c3aab3c95f0d6a1
+  metadata.gz: 7dc43e36f4e3e02864bfb6b9dcff07aa916a086e6889718131a39b650eaa89cc51db69200224478efb461c9e045e6eb752bc9c752b8ec114e6389ceac4537caa
+  data.tar.gz: 5bd21dc6162927e859515133b6fc145f75e9cc16650454adc94ec1ec214a5dc778ea9d243a9f16fed9b6f2cc1ada5a8dafc91baf4a6acae036222687c97db5f1

data/lib/mastercard/oauth.rb ADDED Viewed

@@ -0,0 +1,255 @@
+# frozen_string_literal: true
+require 'base64'
+require 'openssl'
+require 'securerandom'
+require 'uri'
+module Mastercard
+  class Mastercard::OAuth
+    class << self
+      EMPTY_STRING = ''
+      SHA_BITS = '256'
+      # Creates a Mastercard API compliant Mastercard::OAuth Authorization header
+      #
+      # @param {String} uri Target URI for this request
+      # @param {String} method HTTP method of the request
+      # @param {Any} payload Payload (nullable)
+      # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
+      # @param {String} signingKey The private key that will be used for signing the request that corresponds to the consumerKey
+      # @return {String} Valid Mastercard::OAuth1.0a signature with a body hash when payload is present
+      #
+      def get_authorization_header(uri, method, payload, consumer_key, signing_key)
+        query_params = extract_query_params(uri)
+        oauth_params = get_oauth_params(consumer_key, payload)
+        # Combine query and oauth_ parameters into lexicographically sorted string
+        param_string = to_oauth_param_string(query_params, oauth_params)
+        # Normalized URI without query params and fragment
+        base_uri = get_base_uri_string(uri)
+        # Signature base string
+        sbs = get_signature_base_string(method, base_uri, param_string)
+        # Signature
+        signature = sign_signature_base_string(sbs, signing_key)
+        oauth_params['oauth_signature'] = encode_uri_component(signature)
+        # Return
+        get_authorization_string(oauth_params)
+      end
+      #
+      # Parse query parameters out of the URL.
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.3
+      #
+      # @param {String} uri URL containing all query parameters that need to be signed
+      # @return {Map<String, Set<String>} Sorted map of query parameter key/value pairs. Values for parameters with the same name are added into a list.
+      #
+      def extract_query_params(uri)
+        query_params = URI.parse(uri).query
+        return {} if query_params.eql?(nil)
+        query_pairs = {}
+        pairs = query_params.split('&').sort_by(&:downcase)
+        pairs.each do |pair|
+          idx = pair.index('=')
+          key = idx.positive? ? pair[0..(idx - 1)] : pair
+          query_pairs[key] = [] unless query_pairs.include?(key)
+          value = if idx.positive? && pair.length > idx + 1
+                    pair[(idx + 1)..pair.length]
+                  else
+                    EMPTY_STRING
+                  end
+          query_pairs[key].push(value)
+        end
+        query_pairs
+      end
+      #
+      # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
+      # @param {Any} payload Payload (nullable)
+      # @return {Map}
+      #
+      def get_oauth_params(consumer_key, payload = nil)
+        oauth_params = {}
+        oauth_params['oauth_body_hash'] = get_body_hash(payload)
+        oauth_params['oauth_consumer_key'] = consumer_key
+        oauth_params['oauth_nonce'] = get_nonce
+        oauth_params['oauth_signature_method'] = "RSA-SHA#{SHA_BITS}"
+        oauth_params['oauth_timestamp'] = time_stamp
+        oauth_params['oauth_version'] = '1.0'
+        oauth_params
+      end
+      #
+      # Constructs a valid Authorization header as per
+      # https://tools.ietf.org/html/rfc5849#section-3.5.1
+      # @param {Map<String, String>} oauthParams Map of Mastercard::OAuth parameters to be included in the Authorization header
+      # @return {String} Correctly formatted header
+      #
+      def get_authorization_string(oauth_params)
+        header = 'OAuth '
+        oauth_params.each do |entry|
+          entry_key = entry[0]
+          entry_val = entry[1]
+          header = "#{header}#{entry_key}=\"#{entry_val}\","
+        end
+        # Remove trailing ,
+        header.slice(0, header.length - 1)
+      end
+      #
+      # Normalizes the URL as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.2
+      #
+      # @param {String} uri URL that will be called as part of this request
+      # @return {String} Normalized URL
+      #
+      def get_base_uri_string(uri)
+        url = URI.parse(uri)
+        # Lowercase scheme and authority
+        # Remove redundant port, query, and fragment
+        base_uri = "#{url.scheme.downcase}://#{url.host.downcase}"
+        base_uri += ":#{url.port}" if (url.scheme.downcase == 'https') && (url.port != 443)
+        base_uri += ":#{url.port}" if (url.scheme.downcase == 'http') && (url.port != 80)
+        base_uri += "/#{url.path[1..-1]}"
+      end
+      #
+      # Lexicographically sort all parameters and concatenate them into a string as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
+      #
+      # @param {Map<String, Set<String>>} queryParamsMap Map of all oauth parameters that need to be signed
+      # @param {Map<String, String>} oauthParamsMap Map of Mastercard::OAuth parameters to be included in Authorization header
+      # @return {String} Correctly encoded and sorted Mastercard::OAuth parameter string
+      #
+      def to_oauth_param_string(query_params_map, oauth_param_map)
+        consolidated_params = {}.merge(query_params_map)
+        # Add Mastercard::OAuth params to consolidated params map
+        oauth_param_map.each do |entry|
+          entry_key = entry[0]
+          entry_val = entry[1]
+          consolidated_params[entry_key] =
+            if consolidated_params.include?(entry_key)
+              entry_val
+            else
+              [].push(entry_val)
+            end
+        end
+        consolidated_params = consolidated_params.sort_by { |k, _| k }.to_h
+        oauth_params = ''
+        # Add all parameters to the parameter string for signing
+        consolidated_params.each do |entry|
+          entry_key = entry[0]
+          entry_value = entry[1]
+          # Keys with same name are sorted by their values
+          entry_value = entry_value.sort if entry_value.size > 1
+          entry_value.each do |value|
+            oauth_params += "#{entry_key}=#{value}&"
+          end
+        end
+        # Remove trailing ampersand
+        string_length = oauth_params.length - 1
+        oauth_params = oauth_params.slice(0, string_length) if oauth_params.end_with?('&')
+        oauth_params
+      end
+      #
+      # Generate a valid signature base string as per
+      # https://tools.ietf.org/html/rfc5849#section-3.4.1
+      #
+      # @param {String} httpMethod HTTP method of the request
+      # @param {String} baseUri Base URI that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.2
+      # @param {String} paramString Mastercard::OAuth parameter string that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.3
+      # @return {String} A correctly constructed and escaped signature base string
+      #
+      def get_signature_base_string(http_method, base_uri, param_string)
+        sbs =
+          # Uppercase HTTP method
+          "#{http_method.upcase}&" +
+          # Base URI
+          "#{encode_uri_component(base_uri)}&" +
+          # Mastercard::OAuth parameter string
+          encode_uri_component(param_string).to_s
+        sbs.gsub(/!/, '%21')
+      end
+      #
+      # Signs the signature base string using an RSA private key. The methodology is described at
+      # https://tools.ietf.org/html/rfc5849#section-3.4.3 but Mastercard uses the stronger SHA-256 algorithm
+      # as a replacement for the described SHA1 which is no longer considered secure.
+      #
+      # @param {String} sbs Signature base string formatted as per https://tools.ietf.org/html/rfc5849#section-3.4.1
+      # @param {String} signingKey Private key of the RSA key pair that was established with the service provider
+      # @return {String} RSA signature matching the contents of signature base string
+      #
+      # noinspection RubyArgCount
+      def OAuth.sign_signature_base_string(sbs, signing_key)
+        digest = OpenSSL::Digest.new('SHA256')
+        rsa_key = OpenSSL::PKey::RSA.new signing_key
+        signature = ''
+        begin
+          signature = rsa_key.sign(digest, sbs)
+        rescue
+          raise Exception, 'Unable to sign the signature base string.'
+        end
+        Base64.strict_encode64(signature).chomp.gsub(/\n/, '')
+      end
+      #
+      # Generates a hash based on request payload as per
+      # https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html
+      #
+      # @param {Any} payload Request payload
+      # @return {String} Base64 encoded cryptographic hash of the given payload
+      #
+      def get_body_hash(payload)
+        # Base 64 encodes the SHA1 digest of payload
+        Base64.strict_encode64(OpenSSL::Digest.new('SHA256').digest(payload.nil? ? '' : payload))
+      end
+      #
+      # Encodes a text string as a valid component of a Uniform Resource Identifier (URI).
+      # @ param uri_component A value representing an encoded URI component.
+      #
+      def encode_uri_component(uri_component)
+        URI.encode_www_form_component(uri_component)
+      end
+      #
+      # Generates a random string for replay protection as per
+      # https://tools.ietf.org/html/rfc5849#section-3.3
+      # @return {String} UUID with dashes removed
+      #
+      def get_nonce(len = 32)
+        # Returns a random string of length=len
+        SecureRandom.alphanumeric(len)
+      end
+      # Returns UNIX Timestamp as required per
+      # https://tools.ietf.org/html/rfc5849#section-3.3
+      # @return {String} UNIX timestamp (UTC)
+      #
+      def time_stamp
+        Time.now.to_i
+      end
+    end
+  end
+end

data/oauth1_signer_ruby.gemspec CHANGED Viewed

@@ -3,7 +3,7 @@ Gem::Specification.new do |gem|
   gem.authors       = ["Mastercard"]
   gem.summary       = %q{Mastercard client authentication library}
   gem.description   = %q{Zero dependency library for generating a Mastercard API compliant OAuth signature}
-  gem.version       = "1.1.2"
+  gem.version       = "1.1.3"
   gem.license       = "MIT"
   gem.homepage      = "https://github.com/Mastercard/oauth1-signer-ruby"
   gem.files         = Dir["{bin,spec,lib}/**/*"]+ Dir["data/*"] + ["oauth1_signer_ruby.gemspec"]

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mastercard_oauth1_signer
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Mastercard
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-04 00:00:00.000000000 Z
+date: 2023-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -73,7 +73,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/oauth.rb
+- lib/mastercard/oauth.rb
 - oauth1_signer_ruby.gemspec
 homepage: https://github.com/Mastercard/oauth1-signer-ruby
 licenses:

data/lib/oauth.rb DELETED Viewed

@@ -1,253 +0,0 @@
-# frozen_string_literal: true
-require 'base64'
-require 'openssl'
-require 'uri'
-class OAuth
-  class << self
-    EMPTY_STRING = ''
-    SHA_BITS = '256'
-    # Creates a Mastercard API compliant OAuth Authorization header
-    #
-    # @param {String} uri Target URI for this request
-    # @param {String} method HTTP method of the request
-    # @param {Any} payload Payload (nullable)
-    # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
-    # @param {String} signingKey The private key that will be used for signing the request that corresponds to the consumerKey
-    # @return {String} Valid OAuth1.0a signature with a body hash when payload is present
-    #
-    def get_authorization_header(uri, method, payload, consumer_key, signing_key)
-      query_params = extract_query_params(uri)
-      oauth_params = get_oauth_params(consumer_key, payload)
-      # Combine query and oauth_ parameters into lexicographically sorted string
-      param_string = to_oauth_param_string(query_params, oauth_params)
-      # Normalized URI without query params and fragment
-      base_uri = get_base_uri_string(uri)
-      # Signature base string
-      sbs = get_signature_base_string(method, base_uri, param_string)
-      # Signature
-      signature = sign_signature_base_string(sbs, signing_key)
-      oauth_params['oauth_signature'] = encode_uri_component(signature)
-      # Return
-      get_authorization_string(oauth_params)
-    end
-    #
-    # Parse query parameters out of the URL.
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.3
-    #
-    # @param {String} uri URL containing all query parameters that need to be signed
-    # @return {Map<String, Set<String>} Sorted map of query parameter key/value pairs. Values for parameters with the same name are added into a list.
-    #
-    def extract_query_params(uri)
-      query_params = URI.parse(uri).query
-      return {} if query_params.eql?(nil)
-      query_pairs = {}
-      pairs = query_params.split('&').sort_by(&:downcase)
-      pairs.each do |pair|
-        idx = pair.index('=')
-        key = idx.positive? ? pair[0..(idx - 1)] : pair
-        query_pairs[key] = [] unless query_pairs.include?(key)
-        value = if idx.positive? && pair.length > idx + 1
-                  pair[(idx + 1)..pair.length]
-                else
-                  EMPTY_STRING
-                end
-        query_pairs[key].push(value)
-      end
-      query_pairs
-    end
-    #
-    # @param {String} consumerKey Consumer key set up in a Mastercard Developer Portal project
-    # @param {Any} payload Payload (nullable)
-    # @return {Map}
-    #
-    def get_oauth_params(consumer_key, payload = nil)
-      oauth_params = {}
-      oauth_params['oauth_body_hash'] = get_body_hash(payload)
-      oauth_params['oauth_consumer_key'] = consumer_key
-      oauth_params['oauth_nonce'] = get_nonce
-      oauth_params['oauth_signature_method'] = "RSA-SHA#{SHA_BITS}"
-      oauth_params['oauth_timestamp'] = time_stamp
-      oauth_params['oauth_version'] = '1.0'
-      oauth_params
-    end
-    #
-    # Constructs a valid Authorization header as per
-    # https://tools.ietf.org/html/rfc5849#section-3.5.1
-    # @param {Map<String, String>} oauthParams Map of OAuth parameters to be included in the Authorization header
-    # @return {String} Correctly formatted header
-    #
-    def get_authorization_string(oauth_params)
-      header = 'OAuth '
-      oauth_params.each do |entry|
-        entry_key = entry[0]
-        entry_val = entry[1]
-        header = "#{header}#{entry_key}=\"#{entry_val}\","
-      end
-      # Remove trailing ,
-      header.slice(0, header.length - 1)
-    end
-    #
-    # Normalizes the URL as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.2
-    #
-    # @param {String} uri URL that will be called as part of this request
-    # @return {String} Normalized URL
-    #
-    def get_base_uri_string(uri)
-      url = URI.parse(uri)
-      # Lowercase scheme and authority
-      # Remove redundant port, query, and fragment
-      base_uri = "#{url.scheme.downcase}://#{url.host.downcase}"
-      base_uri += ":#{url.port}" if (url.scheme.downcase == 'https') && (url.port != 443)
-      base_uri += ":#{url.port}" if (url.scheme.downcase == 'http') && (url.port != 80)
-      base_uri += "/#{url.path[1..-1]}"
-    end
-    #
-    # Lexicographically sort all parameters and concatenate them into a string as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
-    #
-    # @param {Map<String, Set<String>>} queryParamsMap Map of all oauth parameters that need to be signed
-    # @param {Map<String, String>} oauthParamsMap Map of OAuth parameters to be included in Authorization header
-    # @return {String} Correctly encoded and sorted OAuth parameter string
-    #
-    def to_oauth_param_string(query_params_map, oauth_param_map)
-      consolidated_params = {}.merge(query_params_map)
-      # Add OAuth params to consolidated params map
-      oauth_param_map.each do |entry|
-        entry_key = entry[0]
-        entry_val = entry[1]
-        consolidated_params[entry_key] =
-          if consolidated_params.include?(entry_key)
-            entry_val
-          else
-            [].push(entry_val)
-          end
-      end
-      consolidated_params = consolidated_params.sort_by { |k, _| k }.to_h
-      oauth_params = ''
-      # Add all parameters to the parameter string for signing
-      consolidated_params.each do |entry|
-        entry_key = entry[0]
-        entry_value = entry[1]
-        # Keys with same name are sorted by their values
-        entry_value = entry_value.sort if entry_value.size > 1
-        entry_value.each do |value|
-          oauth_params += "#{entry_key}=#{value}&"
-        end
-      end
-      # Remove trailing ampersand
-      string_length = oauth_params.length - 1
-      oauth_params = oauth_params.slice(0, string_length) if oauth_params.end_with?('&')
-      oauth_params
-    end
-    #
-    # Generate a valid signature base string as per
-    # https://tools.ietf.org/html/rfc5849#section-3.4.1
-    #
-    # @param {String} httpMethod HTTP method of the request
-    # @param {String} baseUri Base URI that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.2
-    # @param {String} paramString OAuth parameter string that conforms with https://tools.ietf.org/html/rfc5849#section-3.4.1.3
-    # @return {String} A correctly constructed and escaped signature base string
-    #
-    def get_signature_base_string(http_method, base_uri, param_string)
-      sbs =
-        # Uppercase HTTP method
-        "#{http_method.upcase}&" +
-        # Base URI
-        "#{encode_uri_component(base_uri)}&" +
-        # OAuth parameter string
-        encode_uri_component(param_string).to_s
-      sbs.gsub(/!/, '%21')
-    end
-    #
-    # Signs the signature base string using an RSA private key. The methodology is described at
-    # https://tools.ietf.org/html/rfc5849#section-3.4.3 but Mastercard uses the stronger SHA-256 algorithm
-    # as a replacement for the described SHA1 which is no longer considered secure.
-    #
-    # @param {String} sbs Signature base string formatted as per https://tools.ietf.org/html/rfc5849#section-3.4.1
-    # @param {String} signingKey Private key of the RSA key pair that was established with the service provider
-    # @return {String} RSA signature matching the contents of signature base string
-    #
-    # noinspection RubyArgCount
-    def OAuth.sign_signature_base_string(sbs, signing_key)
-      digest = OpenSSL::Digest.new('SHA256')
-      rsa_key = OpenSSL::PKey::RSA.new signing_key
-      signature = ''
-      begin
-        signature = rsa_key.sign(digest, sbs)
-      rescue
-        raise Exception, 'Unable to sign the signature base string.'
-      end
-      Base64.strict_encode64(signature).chomp.gsub(/\n/, '')
-    end
-    #
-    # Generates a hash based on request payload as per
-    # https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html
-    #
-    # @param {Any} payload Request payload
-    # @return {String} Base64 encoded cryptographic hash of the given payload
-    #
-    def get_body_hash(payload)
-      # Base 64 encodes the SHA1 digest of payload
-      Base64.strict_encode64(Digest::SHA256.digest(payload.nil? ? '' : payload))
-    end
-    #
-    # Encodes a text string as a valid component of a Uniform Resource Identifier (URI).
-    # @ param uri_component A value representing an encoded URI component.
-    #
-    def encode_uri_component(uri_component)
-      URI.encode_www_form_component(uri_component)
-    end
-    #
-    # Generates a random string for replay protection as per
-    # https://tools.ietf.org/html/rfc5849#section-3.3
-    # @return {String} UUID with dashes removed
-    #
-    def get_nonce(len = 32)
-      # Returns a random string of length=len
-      o = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
-      (0...len).map { o[rand(o.length)] }.join
-    end
-    # Returns UNIX Timestamp as required per
-    # https://tools.ietf.org/html/rfc5849#section-3.3
-    # @return {String} UNIX timestamp (UTC)
-    #
-    def time_stamp
-      Time.now.getutc.to_i
-    end
-  end
-end