net-http-message_signatures 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 64f8815cbd95fadf8a82cb6ac9393e0e392a6a41151dd823fa80b5bf286c6113
+  data.tar.gz: af25488fb64fcb1e4093b7b0d6a4c6ada4c5dc911f1a28a2d767b61bad41ae3e
+SHA512:
+  metadata.gz: 6382ae374a287d538133c13dffedde52bfdecfb8cbe9522b56517364c0f1968f293b8d6263efc6b4598f98682c3a036efd014f126e82fa4ef28af1b4e0bafd4a
+  data.tar.gz: e21f3d71b8255ada68c63f13d6762490d79c0274d555705af38900f03d5b6570524ae55b52c10bd3e2504bbafc73e45e92d0170507dc8d681ec40fcf961ed846

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,36 @@
+require:
+  - rubocop-performance
+  - rubocop-rake
+  - rubocop-rspec
+
+AllCops:
+  NewCops: enable
+
+RSpec/ExampleLength:
+  Enabled: false
+
+RSpec/FilePath:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Enabled: false
+
+RSpec/SpecFilePathFormat:
+  Enabled: true
+  CustomTransform:
+    RSAPSSSHA512: rsa_pss_sha512
+
+RSpec/SpecFilePathSuffix:
+  Enabled: true
+
+Style/NumericLiterals:
+  Enabled: false
+
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: consistent_comma
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: consistent_comma
+
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: consistent_comma

data/.ruby-version

@@ -0,0 +1 @@
+3.2.2

data/Gemfile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in net-http-message_signatures.gemspec
+gemspec
+
+gem 'rake', '~> 13.0'
+gem 'rspec', '~> 3.0'
+gem 'rubocop', '~> 1.56'
+gem 'rubocop-performance', '~> 1.19'
+gem 'rubocop-rake', '~> 0.4'
+gem 'rubocop-rspec', '~> 2.1'
+gem 'simplecov', '~> 0.22'
+gem 'simplecov-cobertura', '~> 2.1'

data/Gemfile.lock

@@ -0,0 +1,93 @@
+PATH
+  remote: .
+  specs:
+    net-http-message_signatures (0.0.1)
+      net-http-structured_field_values (~> 0.3.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    base64 (0.1.1)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    json (2.6.3)
+    language_server-protocol (3.17.0.3)
+    net-http-structured_field_values (0.3.0)
+    parallel (1.23.0)
+    parser (3.2.2.4)
+      ast (~> 2.4.1)
+      racc
+    racc (1.7.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.8.2)
+    rexml (3.2.6)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.6)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.1)
+    rubocop (1.57.1)
+      base64 (~> 0.1.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.2.2.4)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.28.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    rubocop-capybara (2.19.0)
+      rubocop (~> 1.41)
+    rubocop-factory_bot (2.24.0)
+      rubocop (~> 1.33)
+    rubocop-performance (1.19.1)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.24.1)
+      rubocop (~> 1.33)
+      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-cobertura (2.1.0)
+      rexml
+      simplecov (~> 0.19)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    unicode-display_width (2.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  net-http-message_signatures!
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.56)
+  rubocop-performance (~> 1.19)
+  rubocop-rake (~> 0.4)
+  rubocop-rspec (~> 2.1)
+  simplecov (~> 0.22)
+  simplecov-cobertura (~> 2.1)
+
+BUNDLED WITH
+   2.4.10

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 kyori19
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Net::HTTP::MessageSignatures
+
+A Ruby implementation of [HTTP Message Signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html).
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+    $ bundle add net-http-message_signatures
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+    $ gem install net-http-message_signatures
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/kyori19/net-http-message_signatures.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/lib/net/http/message_signatures/rsa_pss_sha512.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'openssl'
+
+require 'net/http/message_signatures/signature_algorithm'
+
+module Net
+  class HTTP
+    module MessageSignatures
+      # Implementation of the signature algorithm, RSASSA-PSS using SHA-512.
+      #
+      # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-3.3.1}
+      class RSAPSSSHA512 < SignatureAlgorithm
+        # @return [OpenSSL::PKey::RSA] key material
+        attr_writer :key
+
+        # @param [OpenSSL::PKey::RSA] key key material
+        def initialize(key: nil)
+          super()
+          @key = key
+        end
+
+        def sign(message)
+          ensure_key!
+          key.sign_pss('SHA512', message, salt_length: 64, mgf1_hash: 'SHA512')
+        end
+
+        def verify(message, signature)
+          ensure_key!
+          key.verify_pss('SHA512', signature, message, salt_length: 64, mgf1_hash: 'SHA512')
+        end
+
+        private
+
+        # @return [OpenSSL::PKey::RSA, nil] key material
+        attr_reader :key
+
+        def ensure_key!
+          return if key.is_a? OpenSSL::PKey::RSA
+
+          raise InvalidAlgorithm, 'signature algorithm and key does not match'
+        end
+      end
+    end
+  end
+end

data/lib/net/http/message_signatures/signature.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+require 'net/http/structured_field_values'
+
+module Net
+  class HTTP
+    module MessageSignatures
+      # An HTTP Message Signature with its covered components and parameters.
+      #
+      # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-3}
+      class Signature
+        include StructuredFieldValues
+
+        # @return [String, nil] signature value in binary
+        attr_accessor :signature
+        # @return [Hash{String, ParameterizedValue => String}] map of covered components' name (and optional params) and
+        #                                                      value
+        attr_reader :covered_components
+        # @return [Hash{String => Object}] map of signature parameters' name and value
+        attr_reader :params
+        # @return [SignatureAlgorithm] signature algorithm which can be used without key material
+        attr_writer :algorithm
+
+        # @param [String] signature signature value in binary
+        # @param [Hash{String, ParameterizedValue => String}] covered_components map of covered components' name (and
+        #                                                                        optional params) and value
+        # @param [Hash{String => Object}] params map of signature parameters' name and value
+        # @param [SignatureAlgorithm] algorithm signature algorithm which can be used without key material
+        def initialize(signature: nil, covered_components: {}, params: {}, algorithm: nil)
+          @signature = signature
+          @covered_components = covered_components
+          @params = params
+          @algorithm = algorithm
+        end
+
+        # Verifies the signature.
+        # Will raise error if it is invalid.
+        #
+        # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-3.2}
+        def verify!
+          return if algorithm.verify(signature_base, signature)
+
+          raise VerificationError, 'signature verification failed'
+        end
+
+        private
+
+        # @return [SignatureAlgorithm, nil] signature algorithm which can be used without key material
+        attr_reader :algorithm
+
+        # Creates the signature parameters component value.
+        #
+        # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-2.3}
+        #
+        # @return [ParameterizedValue] the signature parameters component value
+        def signature_params
+          ParameterizedValue.new(covered_components.keys, params)
+        end
+
+        # Creates the signature base from HTTP message components covered by the signature.
+        #
+        # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-2.5}
+        #
+        # @return [String] the signature base
+        def signature_base
+          components = covered_components
+                       .merge({ '@signature-params' => Serializer.serialize_as_inner_list(signature_params) })
+          components.map do |name, value|
+            serialized_name = Serializer.serialize(name)
+            "#{serialized_name}: #{value}"
+          end.join("\n").encode(Encoding::ASCII)
+        end
+
+        class VerificationError < StandardError; end
+      end
+    end
+  end
+end

data/lib/net/http/message_signatures/signature_algorithm.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module Net
+  class HTTP
+    module MessageSignatures
+      # Abstract representation of HTTP Signature Algorithms.
+      #
+      # To instantiate this class, you must pass the key material.
+      # With that instance, both of HTTP_SIGN and HTTP_VERIFY method can be used without passing key material.
+      #
+      # @see {https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-19#section-3.3}
+      class SignatureAlgorithm
+        # HTTP_SIGN method which can be used without signing key material
+        #
+        # @param [String] message the signature base in binary
+        # @return [String] the signature in binary
+        def sign(message)
+          # :nocov:
+          raise NotImplementedError, 'signature algorithm must implement #sign'
+          # :nocov:
+        end
+
+        # HTTP_VERIFY method which can be used without verification key material
+        #
+        # @param [String] message the signature base in binary
+        # @param [String] signature the signature in binary
+        # @return [Boolean] whether signature is valid or not
+        def verify(message, signature)
+          # :nocov:
+          raise NotImplementedError, 'signature algorithm must implement #verify'
+          # :nocov:
+        end
+
+        class InvalidAlgorithm < StandardError; end
+      end
+    end
+  end
+end

data/lib/net/http/message_signatures/version.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module Net
+  class HTTP
+    module MessageSignatures
+      VERSION = '0.0.1'
+    end
+  end
+end

data/lib/net/http/message_signatures.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+require_relative 'message_signatures/version'
+
+module Net
+  class HTTP
+    # A Ruby implementation of HTTP Message Signatures.
+    #
+    # @see {https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html}
+    module MessageSignatures
+    end
+  end
+end

data/renovate.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ]
+}

metadata

@@ -0,0 +1,75 @@
+--- !ruby/object:Gem::Specification
+name: net-http-message_signatures
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- kyori19
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-10-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-http-structured_field_values
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+description:
+email:
+- kyori@accelf.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-version"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/net/http/message_signatures.rb
+- lib/net/http/message_signatures/rsa_pss_sha512.rb
+- lib/net/http/message_signatures/signature.rb
+- lib/net/http/message_signatures/signature_algorithm.rb
+- lib/net/http/message_signatures/version.rb
+- renovate.json
+homepage: https://github.com/kyori19/net-http-message_signatures
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  rubygems_mfa_required: 'true'
+  homepage_uri: https://github.com/kyori19/net-http-message_signatures
+  source_code_uri: https://github.com/kyori19/net-http-message_signatures
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: A Ruby implementation of HTTP Message Signatures
+test_files: []