opentoken 0.2.1 → 1.0.0

data/Gemfile

@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+gem "activesupport", "~> 3.0.3"
+gem "i18n", ">= 0"
+
+group :development do
+  gem "shoulda", ">= 0"
+  gem "timecop", '>=0.3.4'
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+  gem "rcov", ">= 0"
+end

data/README.rdoc

@@ -4,6 +4,14 @@ Parse encrypted opentoken properties
 
 see http://www.pingidentity.com/opentoken
 
+== Usage
+
+  #configure decryption with shared key
+  OpenToken.password = 'shared_secret_to_decrypt'
+
+  #decrypt opentoken into hash of attributes
+  attributes = OpenToken.parse opentoken
+  
 == Note on Patches/Pull Requests
  
 * Fork the project.

data/Rakefile

@@ -1,23 +1,30 @@
 require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
 require 'rake'
 
-begin
-  require 'jeweler'
-  Jeweler::Tasks.new do |gem|
-    gem.name = "opentoken"
-    gem.summary = %Q{ruby implementation of the opentoken specification}
-    gem.description = %Q{parse opentoken properties passed for Single Signon requests}
-    gem.email = "ryan@socialcast.com"
-    gem.homepage = "http://github.com/wireframe/opentoken"
-    gem.authors = ["Ryan Sonnek"]
-    gem.add_development_dependency "shoulda", ">= 0"
-    gem.add_development_dependency "timecop", ">=0.3.4"
-    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
-  end
-  Jeweler::RubygemsDotOrgTasks.new
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "opentoken"
+  gem.homepage = "http://github.com/wireframe/opentoken"
+  gem.license = "MIT"
+  gem.summary = %Q{ruby implementation of the opentoken specification}
+  gem.description = %Q{parse opentoken properties passed for Single Signon requests}
+  gem.email = "ryan@codecrate.com"
+  gem.authors = ["Ryan Sonnek"]
+  # Include your dependencies below. Runtime dependencies are required when using your gem,
+  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
+  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
+  #  gem.add_development_dependency 'rspec', '> 1.2.3'
 end
+Jeweler::RubygemsDotOrgTasks.new
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
@@ -26,21 +33,13 @@ Rake::TestTask.new(:test) do |test|
   test.verbose = true
 end
 
-begin
-  require 'rcov/rcovtask'
-  Rcov::RcovTask.new do |test|
-    test.libs << 'test'
-    test.pattern = 'test/**/test_*.rb'
-    test.verbose = true
-  end
-rescue LoadError
-  task :rcov do
-    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
-  end
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
 end
 
-task :test => :check_dependencies
-
 task :default => :test
 
 require 'rake/rdoctask'

data/VERSION

@@ -1 +1 @@
-0.2.1
+1.0.0

data/lib/opentoken.rb

@@ -4,13 +4,13 @@ require 'digest/sha1'
 require 'zlib'
 require 'stringio'
 require 'cgi'
+require File.join(File.dirname(__FILE__), 'opentoken', 'token')
 require File.join(File.dirname(__FILE__), 'opentoken', 'key_value_serializer')
 require File.join(File.dirname(__FILE__), 'opentoken', 'password_key_generator')
 
-class OpenToken
-  class TokenExpiredError < StandardError;  end
+module OpenToken
+  class TokenInvalidError < StandardError;  end
 
-  DEBUG = false
   CIPHER_NULL = 0
   CIPHER_AES_256_CBC = 1
   CIPHER_AES_128_CBC = 2
@@ -37,123 +37,128 @@ class OpenToken
     }
   }
 
-  def initialize(token, options = {})
-    #ruby 1.9 has Base64.urlsafe_decode64 which can be used instead of gsubbing '_' and '-'
-    string = (token || '').gsub('*', '=').gsub('_', '/').gsub('-', '+')
-    data = Base64.decode64(string)
-    inspect_binary_string 'DATA', data
-
-    #header: should be OTK
-    header = data[0..2]
-    raise "Invalid token header: #{header}" unless header == 'OTK'
-
-    #version: should == 1
-    version = data[3]
-    raise "Unsupported token version: #{version}" unless version == 1
-
-    #cipher suite identifier
-    cipher_suite = data[4]
-    cipher = CIPHERS[cipher_suite]
-    raise "Unknown cipher suite: #{cipher_suite}" if cipher.nil?
-
-    #SHA-1 HMAC
-    payload_hmac = data[5..24]
-    inspect_binary_string "PAYLOAD HMAC [5..24]", payload_hmac
-
-    #Initialization Vector (iv)
-    iv_length = data[25]
-    iv_end = [26, 26 + iv_length - 1].max
-    iv = data[26..iv_end]
-    inspect_binary_string "IV [26..#{iv_end}]", iv
-    raise "Cipher expects iv length of #{cipher[:iv_length]} and was: #{iv_length}" unless iv_length == cipher[:iv_length]
-
-    #key (not currently used)
-    key_length = data[iv_end + 1]
-    key_end = iv_end + 1
-    raise "Token key embedding is not currently supported" unless key_length == 0
-
-    #payload
-    payload_length = data[(key_end + 1)..(key_end + 2)].unpack('n').first
-    payload_offset = key_end + 3
-    encrypted_payload = data[payload_offset..(data.length - 1)]
-    raise "Payload length is #{encrypted_payload.length} and was expected to be #{payload_length}" unless encrypted_payload.length == payload_length
-    inspect_binary_string "ENCRYPTED PAYLOAD [#{payload_offset}..#{data.length - 1}]", encrypted_payload
-
-    key = PasswordKeyGenerator.generate(options[:password], cipher)
-    inspect_binary_string 'KEY', key
-
-    compressed_payload = decrypt_payload(encrypted_payload, cipher, key, iv)
-    inspect_binary_string 'COMPRESSED PAYLOAD', compressed_payload
-
-    #decompress the payload
-    #see http://stackoverflow.com/questions/1361892/how-to-decompress-gzip-data-in-ruby
-    unparsed_payload = begin
-      Zlib::Inflate.inflate(compressed_payload)
-    rescue Zlib::BufError
-      Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(compressed_payload[2, compressed_payload.size])
+  class << self
+    @@debug = nil
+    def debug=(flag)
+      @@debug = flag
     end
-    puts 'EXPANDED PAYLOAD', unparsed_payload if DEBUG
-
-    #validate payload hmac
-    mac = "0x01".hex.chr
-    mac += cipher_suite.chr
-    mac += iv
-    mac += key if key_length > 0 #key embedding is not currently supported
-    mac += unparsed_payload
-    hash = OpenSSL::HMAC.digest(PasswordKeyGenerator::SHA1_DIGEST, key, mac)
-    if (hash <=> payload_hmac) != 0
-      raise "HMAC for payload was #{hash} and expected to be #{payload_hmac}" unless payload_hmac == hash
+    def debug?
+      @@debug
+    end
+    @@password = nil
+    def password=(password)
+      @@password = password
+    end
+    def parse(opentoken = nil)
+      verify opentoken.present?, 'Unable to parse empty token'
+      data = decode(opentoken)
+      inspect_binary_string 'DATA', data
+
+      verify_header data
+      verify_version data
+
+      #cipher suite identifier
+      cipher_suite = data[4]
+      cipher = CIPHERS[cipher_suite]
+      verify !cipher.nil?, "Unknown cipher suite: #{cipher_suite}"
+
+      #SHA-1 HMAC
+      payload_hmac = data[5..24]
+      inspect_binary_string "PAYLOAD HMAC [5..24]", payload_hmac
+
+      #Initialization Vector (iv)
+      iv_length = data[25]
+      iv_end = [26, 26 + iv_length - 1].max
+      iv = data[26..iv_end]
+      inspect_binary_string "IV [26..#{iv_end}]", iv
+      verify iv_length == cipher[:iv_length], "Cipher expects iv length of #{cipher[:iv_length]} and was: #{iv_length}"
+
+      #key (not currently used)
+      key_length = data[iv_end + 1]
+      key_end = iv_end + 1
+      verify key_length == 0, "Token key embedding is not currently supported"
+
+      #payload
+      payload_length = data[(key_end + 1)..(key_end + 2)].unpack('n').first
+      payload_offset = key_end + 3
+      encrypted_payload = data[payload_offset..(data.length - 1)]
+      verify encrypted_payload.length == payload_length, "Payload length is #{encrypted_payload.length} and was expected to be #{payload_length}"
+      inspect_binary_string "ENCRYPTED PAYLOAD [#{payload_offset}..#{data.length - 1}]", encrypted_payload
+
+      key = OpenToken::PasswordKeyGenerator.generate(@@password, cipher)
+      inspect_binary_string 'KEY', key
+
+      compressed_payload = decrypt_payload(encrypted_payload, cipher, key, iv)
+      inspect_binary_string 'COMPRESSED PAYLOAD', compressed_payload
+
+      unparsed_payload = unzip_payload compressed_payload
+      puts 'EXPANDED PAYLOAD', unparsed_payload if debug?
+
+      #validate payload hmac
+      mac = []
+      mac << "0x01".hex.chr
+      mac << cipher_suite.chr
+      mac << iv
+      mac << key if key_length > 0 #key embedding is not currently supported
+      mac << unparsed_payload
+      hash = OpenSSL::HMAC.digest(OpenToken::PasswordKeyGenerator::SHA1_DIGEST, key, mac.join)
+      if (hash <=> payload_hmac) != 0
+        verify payload_hmac == hash, "HMAC for payload was #{hash} and expected to be #{payload_hmac}"
+      end
+
+      unescaped_payload = CGI::unescapeHTML(unparsed_payload)
+      puts 'UNESCAPED PAYLOAD', unescaped_payload if debug?
+      token = OpenToken::KeyValueSerializer.deserialize unescaped_payload
+      puts token.inspect if debug?
+      token.validate!
+      token
     end
 
-    unescaped_payload = CGI::unescapeHTML(unparsed_payload)
-    puts 'UNESCAPED PAYLOAD', unescaped_payload if DEBUG
-    @payload = KeyValueSerializer.deserialize unescaped_payload
-    puts @payload.inspect if DEBUG
-    raise TokenExpiredError.new("#{Time.now.utc} is not within token duration: #{self.start_at} - #{self.end_at}") if self.expired?
-  end
-
-  def [](key)
-    @payload[key.to_s]
-  end
-  #verify that the current time is between the not-before and not-on-or-after values
-  def expired?
-    now = Time.now.utc
-    now < start_at || now >= end_at
-  end
-  def start_at
-    payload_date('not-before')
-  end
-  def end_at
-    payload_date('not-on-or-after')
-  end
-  #"renew-until"=>"2010-03-05T07:19:15Z"
-  def valid_until
-    payload_date('renew-until')
-  end
-  def payload_date(key)
-    Time.iso8601(self[key]).utc
-  end
-
-  private
-  def decrypt_payload(encrypted_payload, cipher, key, iv)
-    return encrypted_payload unless cipher[:algorithm]
+    private
+    def verify_header(data)
+      header = data[0..2]
+      verify header == 'OTK', "Invalid token header: #{header}"
+    end
+    def verify_version(data)
+      version = data[3]
+      verify version == 1, "Unsupported token version: #{version}"
+    end
+    #ruby 1.9 has Base64.urlsafe_decode64 which can be used instead of gsubbing '_' and '-'
+    def decode(token)
+      string = token.gsub('*', '=').gsub('_', '/').gsub('-', '+')
+      data = Base64.decode64(string)
+    end
+    def verify(assertion, message = 'Invalid Token')
+      raise OpenToken::TokenInvalidError.new(message) unless assertion
+    end
     #see http://snippets.dzone.com/posts/show/4975
     #see http://jdwyah.blogspot.com/2009/12/decrypting-ruby-aes-encryption.html
     #see http://snippets.dzone.com/posts/show/576
-    crypt = OpenSSL::Cipher::Cipher.new(cipher[:algorithm])
-    crypt.decrypt
-    crypt.key = key 
-    crypt.iv = iv
-    crypt.update(encrypted_payload) + crypt.final
-  end
-
-  def inspect_binary_string(header, string)
-    return unless DEBUG
-    puts "#{header}:"
-    index = 0
-    string.each_byte do |b| 
-      puts "#{index}: #{b} => #{b.chr}" 
-      index += 1 
+    def decrypt_payload(encrypted_payload, cipher, key, iv)
+      return encrypted_payload unless cipher[:algorithm]
+      crypt = OpenSSL::Cipher::Cipher.new(cipher[:algorithm])
+      crypt.decrypt
+      crypt.key = key 
+      crypt.iv = iv
+      crypt.update(encrypted_payload) + crypt.final
+    end
+    #decompress the payload
+    #see http://stackoverflow.com/questions/1361892/how-to-decompress-gzip-data-in-ruby
+    def unzip_payload(compressed_payload)
+      unparsed_payload = begin
+        Zlib::Inflate.inflate(compressed_payload)
+      rescue Zlib::BufError
+        Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(compressed_payload[2, compressed_payload.size])
+      end
+    end
+    def inspect_binary_string(header, string)
+      return unless debug?
+      puts "#{header}:"
+      index = 0
+      string.each_byte do |b| 
+        puts "#{index}: #{b} => #{b.chr}" 
+        index += 1 
+      end
     end
   end
 end

data/lib/opentoken/key_value_serializer.rb

@@ -1,115 +1,117 @@
-class KeyValueSerializer
-  LINE_START = 0
-  EMPTY_SPACE = 1
-  VALUE_START = 2
-  LINE_END = 3
-  IN_KEY = 4
-  IN_VALUE = 5
-  IN_QUOTED_VALUE = 6
+module OpenToken
+  class KeyValueSerializer
+    LINE_START = 0
+    EMPTY_SPACE = 1
+    VALUE_START = 2
+    LINE_END = 3
+    IN_KEY = 4
+    IN_VALUE = 5
+    IN_QUOTED_VALUE = 6
 
-  def self.unescape_value(value)
-    value.gsub("\\\"", "\"").gsub("\\\'", "'")
-  end
+    def self.unescape_value(value)
+      value.gsub("\\\"", "\"").gsub("\\\'", "'")
+    end
 
-  def self.deserialize(string)
-    result = {}
-    state = LINE_START
-    open_quote_char = 0.chr
-    currkey = ""
-    token = ""
-    nextval = ""
+    def self.deserialize(string)
+      result = OpenToken::Token.new
+      state = LINE_START
+      open_quote_char = 0.chr
+      currkey = ""
+      token = ""
+      nextval = ""
     
-    string.split(//).each do |c|
-      nextval = c
+      string.split(//).each do |c|
+        nextval = c
 
-      case c
-      when "\t"
-        if state == IN_KEY
-          # key ends
-          currkey = token
-          token = ""
-          state = EMPTY_SPACE
-        elsif state == IN_VALUE
-          # non-quoted value ends
-          result[currkey] = self.deserialize(token)
-          token = ""
-          state = LINE_END
-        elsif state == IN_QUOTED_VALUE
-          token += c
-        end
-      when " "
-        if state == IN_KEY
-          # key ends
-          currkey = token
-          token = ""
-          state = EMPTY_SPACE
-        elsif state == IN_VALUE
-          # non-quoted value ends
-          result[currkey] = self.deserialize(token)
-          token = ""
-          state = LINE_END
-        elsif state == IN_QUOTED_VALUE
-          token += c
-        end
-      when "\n"
-        # newline
-        if (state == IN_VALUE) || (state == VALUE_START)
-          result[currkey] = self.unescape_value(token)
-          token = ""
-          state = LINE_START
-        elsif state == LINE_END
-          token = ""
-          state = LINE_START
-        elsif state == IN_QUOTED_VALUE
-          token += c
-        end
-      when "="
-        if state == IN_KEY
-          currkey = token
-          token = ""
-          state = VALUE_START
-        elsif (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
-          token += c
-        end
-      when "\""
-        if state == IN_QUOTED_VALUE
-          if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
-            result[currkey] = self.unescape_value(token)
+        case c
+        when "\t"
+          if state == IN_KEY
+            # key ends
+            currkey = token
+            token = ""
+            state = EMPTY_SPACE
+          elsif state == IN_VALUE
+            # non-quoted value ends
+            result[currkey] = self.deserialize(token)
             token = ""
             state = LINE_END
-          else
+          elsif state == IN_QUOTED_VALUE
             token += c
           end
-        elsif state == VALUE_START
-          state = IN_QUOTED_VALUE
-          open_quote_char = c
-        end
-      when "'"
-        if state == IN_QUOTED_VALUE
-          if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
-            result[currkey] = self.unescape_value(token)
+        when " "
+          if state == IN_KEY
+            # key ends
+            currkey = token
+            token = ""
+            state = EMPTY_SPACE
+          elsif state == IN_VALUE
+            # non-quoted value ends
+            result[currkey] = self.deserialize(token)
             token = ""
             state = LINE_END
-          else
+          elsif state == IN_QUOTED_VALUE
             token += c
           end
-        else state == VALUE_START
-          state = IN_QUOTED_VALUE
-          open_quote_char = c
-        end
-      else
-        if state == LINE_START
-          state = IN_KEY
-        elsif state == VALUE_START
-          state = IN_VALUE
+        when "\n"
+          # newline
+          if (state == IN_VALUE) || (state == VALUE_START)
+            result[currkey] = self.unescape_value(token)
+            token = ""
+            state = LINE_START
+          elsif state == LINE_END
+            token = ""
+            state = LINE_START
+          elsif state == IN_QUOTED_VALUE
+            token += c
+          end
+        when "="
+          if state == IN_KEY
+            currkey = token
+            token = ""
+            state = VALUE_START
+          elsif (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
+            token += c
+          end
+        when "\""
+          if state == IN_QUOTED_VALUE
+            if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
+              result[currkey] = self.unescape_value(token)
+              token = ""
+              state = LINE_END
+            else
+              token += c
+            end
+          elsif state == VALUE_START
+            state = IN_QUOTED_VALUE
+            open_quote_char = c
+          end
+        when "'"
+          if state == IN_QUOTED_VALUE
+            if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
+              result[currkey] = self.unescape_value(token)
+              token = ""
+              state = LINE_END
+            else
+              token += c
+            end
+          else state == VALUE_START
+            state = IN_QUOTED_VALUE
+            open_quote_char = c
+          end
+        else
+          if state == LINE_START
+            state = IN_KEY
+          elsif state == VALUE_START
+            state = IN_VALUE
+          end
+          token += c
         end
-        token += c
-      end
       
-      if (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
-        result[currkey] = unescape_value(token)
+        if (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
+          result[currkey] = unescape_value(token)
+        end
       end
+      result
     end
-    result
   end
-end
+end

data/lib/opentoken/password_key_generator.rb

@@ -1,55 +1,57 @@
-class PasswordKeyGenerator
-  SHA1_DIGEST = OpenSSL::Digest::Digest.new('sha1')
+module OpenToken
+  class PasswordKeyGenerator
+    SHA1_DIGEST = OpenSSL::Digest::Digest.new('sha1')
 
-  def self.generate(password, cipher_suite)
-    salt = 0.chr * 8
-    self.generate_impl(password, cipher_suite, salt, 1000)
-  end
+    def self.generate(password, cipher_suite)
+      salt = 0.chr * 8
+      self.generate_impl(password, cipher_suite, salt, 1000)
+    end
 
-  def self.generate_block(password, salt, count, index)
-    mac = salt
-    mac += [index].pack("N")
+    def self.generate_block(password, salt, count, index)
+      mac = salt
+      mac += [index].pack("N")
     
-    result = OpenSSL::HMAC.digest(SHA1_DIGEST, password, mac)
-    cur = result
+      result = OpenSSL::HMAC.digest(SHA1_DIGEST, password, mac)
+      cur = result
     
-    i_count = 1
-    while i_count < count
-      i_count +=1
+      i_count = 1
+      while i_count < count
+        i_count +=1
       
-      cur = OpenSSL::HMAC.digest(SHA1_DIGEST, password, cur)
+        cur = OpenSSL::HMAC.digest(SHA1_DIGEST, password, cur)
       
-      20.times do |i|
-        result[i] = result[i] ^ cur[i]
+        20.times do |i|
+          result[i] = result[i] ^ cur[i]
+        end
       end
-    end
 
-    return result
-  end
+      return result
+    end
   
-  def self.generate_impl(password, cipher, salt, iterations)
-    return unless cipher[:algorithm]
+    def self.generate_impl(password, cipher, salt, iterations)
+      return unless cipher[:algorithm]
 
-    key_size = cipher[:key_length] / 8
-    numblocks = key_size / 20
-    numblocks += 1 if (key_size % 20) > 0
+      key_size = cipher[:key_length] / 8
+      numblocks = key_size / 20
+      numblocks += 1 if (key_size % 20) > 0
     
-    # Generate the appropriate number of blocks and write their output to
-    # the key bytes; note that it's important to start from 1 (vs. 0) as the
-    # initial block number affects the hash. It's not clear that this fact
-    # is stated explicitly anywhere, but without this approach, the generated
-    # keys will not match up with test cases defined in RFC 3962.
-    key_buffer_index = 0
-    key = ""
+      # Generate the appropriate number of blocks and write their output to
+      # the key bytes; note that it's important to start from 1 (vs. 0) as the
+      # initial block number affects the hash. It's not clear that this fact
+      # is stated explicitly anywhere, but without this approach, the generated
+      # keys will not match up with test cases defined in RFC 3962.
+      key_buffer_index = 0
+      key = ""
     
-    numblocks.times do |i|
-      i+=1 # Previously zero based, needs to be 1 based
-      block = self.generate_block(password, salt, iterations, i)
-      len = [20, (key_size - key_buffer_index)].min
-      key += block[0, len]
-      key_buffer_index += len
-    end
+      numblocks.times do |i|
+        i+=1 # Previously zero based, needs to be 1 based
+        block = self.generate_block(password, salt, iterations, i)
+        len = [20, (key_size - key_buffer_index)].min
+        key += block[0, len]
+        key_buffer_index += len
+      end
     
-    return key
+      return key
+    end
   end
-end
+end

data/lib/opentoken/token.rb

@@ -0,0 +1,34 @@
+require 'time'
+require 'active_support/hash_with_indifferent_access'
+require 'active_support/core_ext/time/calculations'
+
+module OpenToken
+  class TokenExpiredError < StandardError;  end
+
+  class Token < ActiveSupport::HashWithIndifferentAccess
+    def validate!
+      raise OpenToken::TokenExpiredError.new("#{Time.now.utc} is not within token duration: #{self.start_at} - #{self.end_at}") if self.expired?
+    end
+    #verify that the current time is between the not-before and not-on-or-after values
+    def valid?
+      start_at.past? && end_at.future?
+    end
+    def expired?
+      !valid?
+    end
+    def start_at
+      payload_date('not-before')
+    end
+    def end_at
+      payload_date('not-on-or-after')
+    end
+    def valid_until
+      payload_date('renew-until')
+    end
+
+    private
+    def payload_date(key)
+      Time.iso8601(self[key])
+    end
+  end
+end

data/opentoken.gemspec

@@ -5,19 +5,20 @@
 
 Gem::Specification.new do |s|
   s.name = %q{opentoken}
-  s.version = "0.2.1"
+  s.version = "1.0.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Ryan Sonnek"]
-  s.date = %q{2011-01-13}
+  s.date = %q{2011-01-18}
   s.description = %q{parse opentoken properties passed for Single Signon requests}
-  s.email = %q{ryan@socialcast.com}
+  s.email = %q{ryan@codecrate.com}
   s.extra_rdoc_files = [
     "LICENSE",
     "README.rdoc"
   ]
   s.files = [
     ".document",
+    "Gemfile",
     "LICENSE",
     "README.rdoc",
     "Rakefile",
@@ -25,11 +26,13 @@ Gem::Specification.new do |s|
     "lib/opentoken.rb",
     "lib/opentoken/key_value_serializer.rb",
     "lib/opentoken/password_key_generator.rb",
+    "lib/opentoken/token.rb",
     "opentoken.gemspec",
     "test/helper.rb",
     "test/test_opentoken.rb"
   ]
   s.homepage = %q{http://github.com/wireframe/opentoken}
+  s.licenses = ["MIT"]
   s.require_paths = ["lib"]
   s.rubygems_version = %q{1.4.2}
   s.summary = %q{ruby implementation of the opentoken specification}
@@ -42,15 +45,30 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activesupport>, ["~> 3.0.3"])
+      s.add_runtime_dependency(%q<i18n>, [">= 0"])
       s.add_development_dependency(%q<shoulda>, [">= 0"])
       s.add_development_dependency(%q<timecop>, [">= 0.3.4"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
     else
+      s.add_dependency(%q<activesupport>, ["~> 3.0.3"])
+      s.add_dependency(%q<i18n>, [">= 0"])
       s.add_dependency(%q<shoulda>, [">= 0"])
       s.add_dependency(%q<timecop>, [">= 0.3.4"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
     end
   else
+    s.add_dependency(%q<activesupport>, ["~> 3.0.3"])
+    s.add_dependency(%q<i18n>, [">= 0"])
     s.add_dependency(%q<shoulda>, [">= 0"])
     s.add_dependency(%q<timecop>, [">= 0.3.4"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
   end
 end
 

data/test/helper.rb

@@ -1,8 +1,15 @@
 require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
 require 'test/unit'
 require 'shoulda'
 require 'timecop'
-require 'activesupport'
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))

data/test/test_opentoken.rb

@@ -8,18 +8,22 @@ class TestOpentoken < Test::Unit::TestCase
     setup do
       @opentoken = "T1RLAQJ0Ca97sl6MLJAZDa_hdFzMlicMQBDjqUzrXl0EOXKmpj5oo7L5AACgaWoW8fZizrsLbtxb_F00aTdFmhw8flGy4iGqPWPtqYpdIzQZzg5WvrvYH8Rnq7ckJpYk2YPZw6yNyA4ohG-BgFdTHc0U7CwZTFmodg1MuO0cTh7T98s2RXiTcaZa21MNO0yuXKm2Q10cbrWhnB5yHJUhSHx6JLxlgMTZ0oE0DoUOB6JmoLMYHcyL9hKRiPTh62ky_QmXRaifDNOdl4sH2w**"
       @password = 'Test123'
+      OpenToken.password = @password
     end
     context "parsing token between expiration dates" do
       setup do
         Timecop.travel(Time.iso8601('2010-03-04T19:20:10Z')) do
           assert_nothing_raised do
-            @token = OpenToken.new @opentoken, :password => @password
+            @token = OpenToken.parse @opentoken
           end
         end
       end
       should "decrypt subject from token payload" do
         assert_equal 'john@example.com', @token[:subject]
       end
+      should "decrypt subject using string or symbol" do
+        assert_equal 'john@example.com', @token['subject']
+      end
       should "parse 'renew-until' date" do
         assert_equal Time.iso8601('2010-03-05T07:19:15Z'), @token.valid_until
       end
@@ -29,7 +33,7 @@ class TestOpentoken < Test::Unit::TestCase
       should "raise TokenExpiredError" do
         Timecop.travel(Time.iso8601('2010-03-04T19:19:10Z')) do
           assert_raises OpenToken::TokenExpiredError do
-            @token = OpenToken.new @opentoken, :password => @password
+            @token = OpenToken.parse @opentoken
           end
         end
       end
@@ -39,7 +43,7 @@ class TestOpentoken < Test::Unit::TestCase
       should "raise TokenExpiredError" do
         Timecop.travel(Time.iso8601('2010-03-04T19:24:15Z')) do
           assert_raises OpenToken::TokenExpiredError do
-            @token = OpenToken.new @opentoken, :password => @password
+            @token = OpenToken.parse @opentoken
           end
         end
       end
@@ -49,12 +53,18 @@ class TestOpentoken < Test::Unit::TestCase
       setup do
         Timecop.travel(Time.iso8601('2011-01-13T11:08:01Z')) do
           @opentoken = "T1RLAQLIjiqgexqi1PQcEKCetvGoSYR2jhDFSIfE5ctlSBxEnq3S1ydjAADQUNRIKJx6_14aE3MQZnDABupGJrKNfoJHFS5VOnKexjMtboeOgst31Hf-D9CZBrpB7Jv0KBwnQ7DN3HizecPT76oX3UGtq_Vi5j5bKYCeObYm9W6h7NY-VzcZY5TTqIuulc2Jit381usAWZ2Sv1c_CWwhrH4hw-x7vUQMSjErvXK1qvsrFCpfNr7XlArx0HjI6kT5XEaHgQNdC0zrLw9cZ4rewoEisR3H5oM7B6gMaP82wTSFVBXvpn5r0KT-Iuc3JuG2en1zVh3GNf110oQCKQ**"
-          @token = OpenToken.new @opentoken, :password => @password
+          @token = OpenToken.parse @opentoken
         end
       end
       should 'preserve apostrophe in attribute payload' do
         assert_equal "D'angelo", @token[:last_name]
       end
     end
+
+    should 'raise invalid token error parsing nil token' do
+      assert_raises OpenToken::TokenInvalidError do
+        OpenToken.parse nil
+      end
+    end
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: opentoken
 version: !ruby/object:Gem::Version 
-  hash: 21
+  hash: 23
   prerelease: 
   segments: 
-  - 0
-  - 2
   - 1
-  version: 0.2.1
+  - 0
+  - 0
+  version: 1.0.0
 platform: ruby
 authors: 
 - Ryan Sonnek
@@ -15,13 +15,28 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-01-13 00:00:00 -06:00
+date: 2011-01-18 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: shoulda
+  type: :runtime
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 3
+        - 0
+        - 3
+        version: 3.0.3
+  requirement: *id001
   prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  name: activesupport
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -30,12 +45,26 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  type: :development
-  version_requirements: *id001
+  requirement: *id002
+  prerelease: false
+  name: i18n
 - !ruby/object:Gem::Dependency 
-  name: timecop
+  type: :development
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id003
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  name: shoulda
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -46,10 +75,57 @@ dependencies:
         - 3
         - 4
         version: 0.3.4
+  requirement: *id004
+  prerelease: false
+  name: timecop
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  requirement: *id005
+  prerelease: false
+  name: bundler
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 5
+        - 2
+        version: 1.5.2
+  requirement: *id006
+  prerelease: false
+  name: jeweler
+- !ruby/object:Gem::Dependency 
   type: :development
-  version_requirements: *id002
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id007
+  prerelease: false
+  name: rcov
 description: parse opentoken properties passed for Single Signon requests
-email: ryan@socialcast.com
+email: ryan@codecrate.com
 executables: []
 
 extensions: []
@@ -59,6 +135,7 @@ extra_rdoc_files:
 - README.rdoc
 files: 
 - .document
+- Gemfile
 - LICENSE
 - README.rdoc
 - Rakefile
@@ -66,13 +143,14 @@ files:
 - lib/opentoken.rb
 - lib/opentoken/key_value_serializer.rb
 - lib/opentoken/password_key_generator.rb
+- lib/opentoken/token.rb
 - opentoken.gemspec
 - test/helper.rb
 - test/test_opentoken.rb
 has_rdoc: true
 homepage: http://github.com/wireframe/opentoken
-licenses: []
-
+licenses: 
+- MIT
 post_install_message: 
 rdoc_options: []