opentoken 1.0.0 → 1.1.0

data/.gitignore

@@ -0,0 +1,22 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+Gemfile.lock
+
+## PROJECT::SPECIFIC

data/CONTRIBUTORS.txt

@@ -0,0 +1,7 @@
+Ryan Sonnek - Original Author
+
+Dan Alvizu - contributed OpenToken encode functionality
+
+Complete list of contributors:
+https://github.com/socialcast/opentoken/contributors
+

data/Gemfile

@@ -1,12 +1,4 @@
 source "http://rubygems.org"
 
-gem "activesupport", "~> 3.0.3"
-gem "i18n", ">= 0"
-
-group :development do
-  gem "shoulda", ">= 0"
-  gem "timecop", '>=0.3.4'
-  gem "bundler", "~> 1.0.0"
-  gem "jeweler", "~> 1.5.2"
-  gem "rcov", ">= 0"
-end
+# Specify your gem's dependencies in opentoken.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+The MIT License
+
+Copyright (c) 2011 Socialcast, Inc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,33 @@
+# opentoken
+
+Parse encrypted opentoken properties
+
+see http://www.pingidentity.com/opentoken
+
+## Usage
+
+```ruby
+# configure decryption with shared key
+OpenToken.password = 'shared_secret_to_decrypt'
+
+# decrypt opentoken into hash of attributes
+attributes = OpenToken.decode 'opentoken-hashed-string'
+
+# encrypt opentoken from hash of attributes
+attributes = { 'subject' => 'foo', 'bar' => 'bak' }
+token = OpenToken.encode attributes, OpenToken::CIPHER_AES_128_CBC
+```
+  
+## Contributing
+ 
+* Fork the project
+* Fix the issue
+* Add tests
+* Send me a pull request. Bonus points for topic branches.
+
+see CONTRIBUTORS.txt for complete list of contributors.
+
+## Copyright
+
+Copyright (c) 2011 Socialcast Inc.
+See LICENSE.txt for details.

data/Rakefile

@@ -1,30 +1,5 @@
-require 'rubygems'
 require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "opentoken"
-  gem.homepage = "http://github.com/wireframe/opentoken"
-  gem.license = "MIT"
-  gem.summary = %Q{ruby implementation of the opentoken specification}
-  gem.description = %Q{parse opentoken properties passed for Single Signon requests}
-  gem.email = "ryan@codecrate.com"
-  gem.authors = ["Ryan Sonnek"]
-  # Include your dependencies below. Runtime dependencies are required when using your gem,
-  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
-  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
-  #  gem.add_development_dependency 'rspec', '> 1.2.3'
-end
-Jeweler::RubygemsDotOrgTasks.new
+Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
@@ -33,21 +8,4 @@ Rake::TestTask.new(:test) do |test|
   test.verbose = true
 end
 
-require 'rcov/rcovtask'
-Rcov::RcovTask.new do |test|
-  test.libs << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
-end
-
 task :default => :test
-
-require 'rake/rdoctask'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "opentoken #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end

data/lib/opentoken.rb

@@ -4,6 +4,7 @@ require 'digest/sha1'
 require 'zlib'
 require 'stringio'
 require 'cgi'
+require 'time'
 require File.join(File.dirname(__FILE__), 'opentoken', 'token')
 require File.join(File.dirname(__FILE__), 'opentoken', 'key_value_serializer')
 require File.join(File.dirname(__FILE__), 'opentoken', 'password_key_generator')
@@ -38,27 +39,68 @@ module OpenToken
   }
 
   class << self
-    @@debug = nil
-    def debug=(flag)
-      @@debug = flag
-    end
+    attr_accessor :debug
     def debug?
-      @@debug
+      !!debug
     end
-    @@password = nil
-    def password=(password)
-      @@password = password
+
+    attr_accessor :password
+    attr_accessor :token_lifetime
+    attr_accessor :renew_until_lifetime
+
+    def encode(attributes, cipher_suite)
+      attributes['not-before'] = Time.now.utc.iso8601.to_s
+      attributes['not-on-or-after'] = Time.at(Time.now.to_i + token_lifetime).utc.iso8601.to_s
+      attributes['renew-until'] = Time.at(Time.now.to_i + renew_until_lifetime).utc.iso8601.to_s
+
+      cipher = CIPHERS[cipher_suite]
+      verify !cipher.nil?, "Unknown cipher suite: #{cipher_suite}"
+      key = OpenToken::PasswordKeyGenerator.generate(password, cipher)
+      c = OpenSSL::Cipher::Cipher::new(cipher[:algorithm])
+      c.encrypt
+      c.key = key
+      c.iv = iv = c.random_iv
+      serialized = OpenToken::KeyValueSerializer.serialize(attributes)
+      compressed = zip_payload serialized
+      ivlen = cipher[:iv_length]
+      if ((compressed.length % ivlen) == 0)
+        padlen = ivlen
+      else
+        padlen = ivlen - (compressed.length % ivlen)
+      end
+      compressed += padlen.chr * padlen
+      encrypted = c.update(compressed)
+      mac = []
+      mac << "0x01".hex.chr # OTK version
+      mac << cipher_suite.chr
+      mac << iv
+      mac << serialized
+      hash = OpenSSL::HMAC.digest(OpenToken::PasswordKeyGenerator::SHA1_DIGEST, key, mac.join)
+
+      token_string = ""
+      token_string = "OTK" + 1.chr + cipher_suite.chr
+      token_string += hash
+      token_string += ivlen.chr
+      token_string += iv
+      token_string += 0.chr # key info length
+      token_string += ((encrypted.length >> 8) &0xFF ).chr
+      token_string += (encrypted.length & 0xFF).chr
+      token_string += encrypted
+      inspect_binary_string "Unencoded", token_string
+      encoded = urlsafe_encode64 token_string
+      inspect_binary_string "Encoded", encoded
+      encoded
     end
-    def parse(opentoken = nil)
+    def decode(opentoken = nil)
       verify opentoken.present?, 'Unable to parse empty token'
-      data = decode(opentoken)
+      data = urlsafe_decode64(opentoken)
       inspect_binary_string 'DATA', data
 
       verify_header data
       verify_version data
 
       #cipher suite identifier
-      cipher_suite = data[4]
+      cipher_suite = char_value_of data[4]
       cipher = CIPHERS[cipher_suite]
       verify !cipher.nil?, "Unknown cipher suite: #{cipher_suite}"
 
@@ -67,16 +109,16 @@ module OpenToken
       inspect_binary_string "PAYLOAD HMAC [5..24]", payload_hmac
 
       #Initialization Vector (iv)
-      iv_length = data[25]
-      iv_end = [26, 26 + iv_length - 1].max
+      iv_length = char_value_of data[25]
+      iv_end = char_value_of [26, 26 + iv_length - 1].max
       iv = data[26..iv_end]
       inspect_binary_string "IV [26..#{iv_end}]", iv
       verify iv_length == cipher[:iv_length], "Cipher expects iv length of #{cipher[:iv_length]} and was: #{iv_length}"
 
       #key (not currently used)
-      key_length = data[iv_end + 1]
+      key_length = char_value_of data[iv_end + 1]
       key_end = iv_end + 1
-      verify key_length == 0, "Token key embedding is not currently supported"
+      verify key_length == 0, "Token key embedding is not currently supported. Key length is: #{key_length}"
 
       #payload
       payload_length = data[(key_end + 1)..(key_end + 2)].unpack('n').first
@@ -85,7 +127,7 @@ module OpenToken
       verify encrypted_payload.length == payload_length, "Payload length is #{encrypted_payload.length} and was expected to be #{payload_length}"
       inspect_binary_string "ENCRYPTED PAYLOAD [#{payload_offset}..#{data.length - 1}]", encrypted_payload
 
-      key = OpenToken::PasswordKeyGenerator.generate(@@password, cipher)
+      key = OpenToken::PasswordKeyGenerator.generate(password, cipher)
       inspect_binary_string 'KEY', key
 
       compressed_payload = decrypt_payload(encrypted_payload, cipher, key, iv)
@@ -115,19 +157,31 @@ module OpenToken
     end
 
     private
+    def char_value_of(character)
+      if RUBY_VERSION < "1.9"
+        return character
+      else
+        return character.chr.ord
+      end
+    end
     def verify_header(data)
       header = data[0..2]
       verify header == 'OTK', "Invalid token header: #{header}"
     end
     def verify_version(data)
-      version = data[3]
-      verify version == 1, "Unsupported token version: #{version}"
+      version = char_value_of data[3]
+      verify version == 1, "Unsupported token version: '#{version}'"
     end
     #ruby 1.9 has Base64.urlsafe_decode64 which can be used instead of gsubbing '_' and '-'
-    def decode(token)
+    def urlsafe_decode64(token)
       string = token.gsub('*', '=').gsub('_', '/').gsub('-', '+')
       data = Base64.decode64(string)
     end
+    def urlsafe_encode64(token)
+      string = Base64.encode64(token);
+      string = string.gsub('=', '*').gsub('/', '_').gsub('+', '-').gsub(10.chr, '').gsub(11.chr, '')
+      string
+    end
     def verify(assertion, message = 'Invalid Token')
       raise OpenToken::TokenInvalidError.new(message) unless assertion
     end
@@ -151,6 +205,10 @@ module OpenToken
         Zlib::Inflate.new(-Zlib::MAX_WBITS).inflate(compressed_payload[2, compressed_payload.size])
       end
     end
+    def zip_payload(uncompressed)
+      compressed = Zlib::Deflate.deflate(uncompressed, 9)
+      compressed
+    end
     def inspect_binary_string(header, string)
       return unless debug?
       puts "#{header}:"
@@ -162,3 +220,7 @@ module OpenToken
     end
   end
 end
+
+# intialize defaults
+OpenToken.token_lifetime = 300
+OpenToken.renew_until_lifetime = 43200

data/lib/opentoken/key_value_serializer.rb

@@ -8,110 +8,135 @@ module OpenToken
     IN_VALUE = 5
     IN_QUOTED_VALUE = 6
 
-    def self.unescape_value(value)
-      value.gsub("\\\"", "\"").gsub("\\\'", "'")
-    end
-
-    def self.deserialize(string)
-      result = OpenToken::Token.new
-      state = LINE_START
-      open_quote_char = 0.chr
-      currkey = ""
-      token = ""
-      nextval = ""
-    
-      string.split(//).each do |c|
-        nextval = c
-
-        case c
-        when "\t"
-          if state == IN_KEY
-            # key ends
-            currkey = token
-            token = ""
-            state = EMPTY_SPACE
-          elsif state == IN_VALUE
-            # non-quoted value ends
-            result[currkey] = self.deserialize(token)
-            token = ""
-            state = LINE_END
-          elsif state == IN_QUOTED_VALUE
-            token += c
-          end
-        when " "
-          if state == IN_KEY
-            # key ends
-            currkey = token
-            token = ""
-            state = EMPTY_SPACE
-          elsif state == IN_VALUE
-            # non-quoted value ends
-            result[currkey] = self.deserialize(token)
-            token = ""
-            state = LINE_END
-          elsif state == IN_QUOTED_VALUE
-            token += c
-          end
-        when "\n"
-          # newline
-          if (state == IN_VALUE) || (state == VALUE_START)
-            result[currkey] = self.unescape_value(token)
-            token = ""
-            state = LINE_START
-          elsif state == LINE_END
-            token = ""
-            state = LINE_START
-          elsif state == IN_QUOTED_VALUE
-            token += c
+    class << self
+      def serialize(hashmap)
+        result = String.new
+        count = 0;
+        hashmap.each_pair do |key,value|
+          if (count != 0)
+            result = result + "\n"
           end
-        when "="
-          if state == IN_KEY
-            currkey = token
-            token = ""
-            state = VALUE_START
-          elsif (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
-            token += c
-          end
-        when "\""
-          if state == IN_QUOTED_VALUE
-            if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
-              result[currkey] = self.unescape_value(token)
+          count +=1
+          result += key + "="
+          result += escape_value(value)
+        end
+        result
+      end
+      def deserialize(string)
+        result = OpenToken::Token.new
+        state = LINE_START
+        open_quote_char = 0.chr
+        currkey = ""
+        token = ""
+        nextval = ""
+      
+        string.split(//).each do |c|
+          nextval = c
+
+          case c
+          when "\t"
+            if state == IN_KEY
+              # key ends
+              currkey = token
+              token = ""
+              state = EMPTY_SPACE
+            elsif state == IN_VALUE
+              # non-quoted value ends
+              result[currkey] = self.deserialize(token)
               token = ""
               state = LINE_END
-            else
+            elsif state == IN_QUOTED_VALUE
               token += c
             end
-          elsif state == VALUE_START
-            state = IN_QUOTED_VALUE
-            open_quote_char = c
-          end
-        when "'"
-          if state == IN_QUOTED_VALUE
-            if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
-              result[currkey] = self.unescape_value(token)
+          when " "
+            if state == IN_KEY
+              # key ends
+              currkey = token
+              token = ""
+              state = EMPTY_SPACE
+            elsif state == IN_VALUE
+              # non-quoted value ends
+              result[currkey] = self.deserialize(token)
               token = ""
               state = LINE_END
-            else
+            elsif state == IN_QUOTED_VALUE
+              token += c
+            end
+          when "\n"
+            # newline
+            if (state == IN_VALUE) || (state == VALUE_START)
+              result[currkey] = unescape_value(token)
+              token = ""
+              state = LINE_START
+            elsif state == LINE_END
+              token = ""
+              state = LINE_START
+            elsif state == IN_QUOTED_VALUE
+              token += c
+            end
+          when "="
+            if state == IN_KEY
+              currkey = token
+              token = ""
+              state = VALUE_START
+            elsif (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
               token += c
             end
-          else state == VALUE_START
-            state = IN_QUOTED_VALUE
-            open_quote_char = c
+          when "\""
+            if state == IN_QUOTED_VALUE
+              if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
+                result[currkey] = unescape_value(token)
+                token = ""
+                state = LINE_END
+              else
+                token += c
+              end
+            elsif state == VALUE_START
+              state = IN_QUOTED_VALUE
+              open_quote_char = c
+            end
+          when "'"
+            if state == IN_QUOTED_VALUE
+              if (c == open_quote_char) && (token[token.size-1] != "\\"[0])
+                result[currkey] = unescape_value(token)
+                token = ""
+                state = LINE_END
+              else
+                token += c
+              end
+            else state == VALUE_START
+              state = IN_QUOTED_VALUE
+              open_quote_char = c
+            end
+          else
+            if state == LINE_START
+              state = IN_KEY
+            elsif state == VALUE_START
+              state = IN_VALUE
+            end
+            token += c
           end
-        else
-          if state == LINE_START
-            state = IN_KEY
-          elsif state == VALUE_START
-            state = IN_VALUE
+        
+          if (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
+            result[currkey] = unescape_value(token)
           end
-          token += c
         end
-      
-        if (state == IN_QUOTED_VALUE) || (state == IN_VALUE)
-          result[currkey] = unescape_value(token)
+        result
+      end
+      private
+      def unescape_value(value)
+        value.gsub("\\\"", "\"").gsub("\\\'", "'")
+      end
+      def escape_value(value)
+        value.each_byte do |b|
+          c = b.chr
+          if c == "\n" or c == "\t" or c == " " or c == "'" or c == "\""
+            value = "'" + value.gsub("'", "\'").gsub("\"", "\\\"") + "'"
+            break
+          end
         end
+        value
       end
-      result
     end
   end
-end
+end

data/lib/opentoken/password_key_generator.rb

@@ -2,56 +2,64 @@ module OpenToken
   class PasswordKeyGenerator
     SHA1_DIGEST = OpenSSL::Digest::Digest.new('sha1')
 
-    def self.generate(password, cipher_suite)
-      salt = 0.chr * 8
-      self.generate_impl(password, cipher_suite, salt, 1000)
-    end
+    class << self
+      def generate(password, cipher_suite)
+        salt = 0.chr * 8
+        generate_impl(password, cipher_suite, salt, 1000)
+      end
 
-    def self.generate_block(password, salt, count, index)
-      mac = salt
-      mac += [index].pack("N")
-    
-      result = OpenSSL::HMAC.digest(SHA1_DIGEST, password, mac)
-      cur = result
-    
-      i_count = 1
-      while i_count < count
-        i_count +=1
+      private
+      def generate_block(password, salt, count, index)
+        mac = salt
+        mac += [index].pack("N")
       
-        cur = OpenSSL::HMAC.digest(SHA1_DIGEST, password, cur)
+        result = OpenSSL::HMAC.digest(SHA1_DIGEST, password, mac)
+        cur = result
       
-        20.times do |i|
-          result[i] = result[i] ^ cur[i]
+        i_count = 1
+        while i_count < count
+          i_count +=1
+        
+          cur = OpenSSL::HMAC.digest(SHA1_DIGEST, password, cur)
+        
+          20.times do |i|
+            if RUBY_VERSION < "1.9"
+              result[i] = result[i] ^ cur[i]
+            else
+              result[i] = (result[i].chr.ord ^ cur[i].chr.ord).chr
+            end
+          end
         end
+
+        return result
       end
+    
+      def generate_impl(password, cipher, salt, iterations)
+        return unless cipher[:algorithm]
 
-      return result
+        key_size = cipher[:key_length] / 8
+        numblocks = key_size / 20
+        numblocks += 1 if (key_size % 20) > 0
+      
+        # Generate the appropriate number of blocks and write their output to
+        # the key bytes; note that it's important to start from 1 (vs. 0) as the
+        # initial block number affects the hash. It's not clear that this fact
+        # is stated explicitly anywhere, but without this approach, the generated
+        # keys will not match up with test cases defined in RFC 3962.
+        key_buffer_index = 0
+        key = ""
+      
+        numblocks.times do |i|
+          i+=1 # Previously zero based, needs to be 1 based
+          block = generate_block(password, salt, iterations, i)
+          len = [20, (key_size - key_buffer_index)].min
+          key += block[0, len]
+          key_buffer_index += len
+        end
+      
+        return key
+      end
     end
-  
-    def self.generate_impl(password, cipher, salt, iterations)
-      return unless cipher[:algorithm]
 
-      key_size = cipher[:key_length] / 8
-      numblocks = key_size / 20
-      numblocks += 1 if (key_size % 20) > 0
-    
-      # Generate the appropriate number of blocks and write their output to
-      # the key bytes; note that it's important to start from 1 (vs. 0) as the
-      # initial block number affects the hash. It's not clear that this fact
-      # is stated explicitly anywhere, but without this approach, the generated
-      # keys will not match up with test cases defined in RFC 3962.
-      key_buffer_index = 0
-      key = ""
-    
-      numblocks.times do |i|
-        i+=1 # Previously zero based, needs to be 1 based
-        block = self.generate_block(password, salt, iterations, i)
-        len = [20, (key_size - key_buffer_index)].min
-        key += block[0, len]
-        key_buffer_index += len
-      end
-    
-      return key
     end
-  end
-end
+end

data/lib/opentoken/version.rb

@@ -0,0 +1,3 @@
+module OpenToken
+  VERSION = '1.1.0'
+end

data/opentoken.gemspec

@@ -1,74 +1,26 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "opentoken/version"
 
 Gem::Specification.new do |s|
-  s.name = %q{opentoken}
-  s.version = "1.0.0"
-
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Ryan Sonnek"]
-  s.date = %q{2011-01-18}
+  s.name        = "opentoken"
+  s.version     = OpenToken::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ryan Sonnek"]
+  s.email       = ["ryan@socialcast.com"]
+  s.homepage    = "http://github.com/socialcast/opentoken"
+  s.summary     = %q{ruby implementation of the opentoken specification}
   s.description = %q{parse opentoken properties passed for Single Signon requests}
-  s.email = %q{ryan@codecrate.com}
-  s.extra_rdoc_files = [
-    "LICENSE",
-    "README.rdoc"
-  ]
-  s.files = [
-    ".document",
-    "Gemfile",
-    "LICENSE",
-    "README.rdoc",
-    "Rakefile",
-    "VERSION",
-    "lib/opentoken.rb",
-    "lib/opentoken/key_value_serializer.rb",
-    "lib/opentoken/password_key_generator.rb",
-    "lib/opentoken/token.rb",
-    "opentoken.gemspec",
-    "test/helper.rb",
-    "test/test_opentoken.rb"
-  ]
-  s.homepage = %q{http://github.com/wireframe/opentoken}
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.4.2}
-  s.summary = %q{ruby implementation of the opentoken specification}
-  s.test_files = [
-    "test/helper.rb",
-    "test/test_opentoken.rb"
-  ]
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  s.rubyforge_project = "opentoken"
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<activesupport>, ["~> 3.0.3"])
-      s.add_runtime_dependency(%q<i18n>, [">= 0"])
-      s.add_development_dependency(%q<shoulda>, [">= 0"])
-      s.add_development_dependency(%q<timecop>, [">= 0.3.4"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
-      s.add_development_dependency(%q<rcov>, [">= 0"])
-    else
-      s.add_dependency(%q<activesupport>, ["~> 3.0.3"])
-      s.add_dependency(%q<i18n>, [">= 0"])
-      s.add_dependency(%q<shoulda>, [">= 0"])
-      s.add_dependency(%q<timecop>, [">= 0.3.4"])
-      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
-      s.add_dependency(%q<rcov>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<activesupport>, ["~> 3.0.3"])
-    s.add_dependency(%q<i18n>, [">= 0"])
-    s.add_dependency(%q<shoulda>, [">= 0"])
-    s.add_dependency(%q<timecop>, [">= 0.3.4"])
-    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
-    s.add_dependency(%q<rcov>, [">= 0"])
-  end
-end
+  s.add_runtime_dependency(%q<activesupport>, ["~> 3.0.3"])
+  s.add_runtime_dependency(%q<i18n>, [">= 0"])
+  s.add_development_dependency(%q<shoulda>, [">= 0"])
+  s.add_development_dependency(%q<timecop>, [">= 0.3.4"])
 
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/test/test_opentoken.rb

@@ -10,11 +10,11 @@ class TestOpentoken < Test::Unit::TestCase
       @password = 'Test123'
       OpenToken.password = @password
     end
-    context "parsing token between expiration dates" do
+    context "decoding token between expiration dates" do
       setup do
         Timecop.travel(Time.iso8601('2010-03-04T19:20:10Z')) do
           assert_nothing_raised do
-            @token = OpenToken.parse @opentoken
+            @token = OpenToken.decode @opentoken
           end
         end
       end
@@ -29,31 +29,31 @@ class TestOpentoken < Test::Unit::TestCase
       end
     end
 
-    context "parsing token when current time is before expiration date" do
+    context "decoding token when current time is before expiration date" do
       should "raise TokenExpiredError" do
         Timecop.travel(Time.iso8601('2010-03-04T19:19:10Z')) do
           assert_raises OpenToken::TokenExpiredError do
-            @token = OpenToken.parse @opentoken
+            @token = OpenToken.decode @opentoken
           end
         end
       end
     end
 
-    context "parsing token when current time is equal to expiration date" do
+    context "decoding token when current time is equal to expiration date" do
       should "raise TokenExpiredError" do
         Timecop.travel(Time.iso8601('2010-03-04T19:24:15Z')) do
           assert_raises OpenToken::TokenExpiredError do
-            @token = OpenToken.parse @opentoken
+            @token = OpenToken.decode @opentoken
           end
         end
       end
     end
 
-    context "parsing token with attribute value containing apostrophe" do
+    context "decoding token with attribute value containing apostrophe" do
       setup do
         Timecop.travel(Time.iso8601('2011-01-13T11:08:01Z')) do
           @opentoken = "T1RLAQLIjiqgexqi1PQcEKCetvGoSYR2jhDFSIfE5ctlSBxEnq3S1ydjAADQUNRIKJx6_14aE3MQZnDABupGJrKNfoJHFS5VOnKexjMtboeOgst31Hf-D9CZBrpB7Jv0KBwnQ7DN3HizecPT76oX3UGtq_Vi5j5bKYCeObYm9W6h7NY-VzcZY5TTqIuulc2Jit381usAWZ2Sv1c_CWwhrH4hw-x7vUQMSjErvXK1qvsrFCpfNr7XlArx0HjI6kT5XEaHgQNdC0zrLw9cZ4rewoEisR3H5oM7B6gMaP82wTSFVBXvpn5r0KT-Iuc3JuG2en1zVh3GNf110oQCKQ**"
-          @token = OpenToken.parse @opentoken
+          @token = OpenToken.decode @opentoken
         end
       end
       should 'preserve apostrophe in attribute payload' do
@@ -63,7 +63,23 @@ class TestOpentoken < Test::Unit::TestCase
 
     should 'raise invalid token error parsing nil token' do
       assert_raises OpenToken::TokenInvalidError do
-        OpenToken.parse nil
+        OpenToken.decode nil
+      end
+    end
+  end
+
+  context "encoding token" do
+    setup do
+      OpenToken.password = "Password1"
+    end
+    context "with aes-128-cbc and subject attribute" do
+      setup do
+          @attributesIn = { "subject" => "john", "email" => "john@example.com"}
+          @token = OpenToken.encode @attributesIn, OpenToken::CIPHER_AES_128_CBC
+      end
+      should "be decodable" do
+        @attributesOut = OpenToken.decode @token
+        assert_equal @attributesIn, @attributesOut
       end
     end
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: opentoken
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 19
   prerelease: 
   segments: 
   - 1
+  - 1
   - 0
-  - 0
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors: 
 - Ryan Sonnek
@@ -15,12 +15,12 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-01-18 00:00:00 -06:00
-default_executable: 
+date: 2011-10-13 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  type: :runtime
-  version_requirements: &id001 !ruby/object:Gem::Requirement 
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -31,12 +31,12 @@ dependencies:
         - 0
         - 3
         version: 3.0.3
-  requirement: *id001
-  prerelease: false
-  name: activesupport
-- !ruby/object:Gem::Dependency 
   type: :runtime
-  version_requirements: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: i18n
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -45,12 +45,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id002
-  prerelease: false
-  name: i18n
+  type: :runtime
+  version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  type: :development
-  version_requirements: &id003 !ruby/object:Gem::Requirement 
+  name: shoulda
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -59,12 +59,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id003
-  prerelease: false
-  name: shoulda
-- !ruby/object:Gem::Dependency 
   type: :development
-  version_requirements: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: timecop
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -75,82 +75,36 @@ dependencies:
         - 3
         - 4
         version: 0.3.4
-  requirement: *id004
-  prerelease: false
-  name: timecop
-- !ruby/object:Gem::Dependency 
   type: :development
-  version_requirements: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 0
-        - 0
-        version: 1.0.0
-  requirement: *id005
-  prerelease: false
-  name: bundler
-- !ruby/object:Gem::Dependency 
-  type: :development
-  version_requirements: &id006 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 5
-        - 2
-        version: 1.5.2
-  requirement: *id006
-  prerelease: false
-  name: jeweler
-- !ruby/object:Gem::Dependency 
-  type: :development
-  version_requirements: &id007 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  requirement: *id007
-  prerelease: false
-  name: rcov
+  version_requirements: *id004
 description: parse opentoken properties passed for Single Signon requests
-email: ryan@codecrate.com
+email: 
+- ryan@socialcast.com
 executables: []
 
 extensions: []
 
-extra_rdoc_files: 
-- LICENSE
-- README.rdoc
+extra_rdoc_files: []
+
 files: 
 - .document
+- .gitignore
+- CONTRIBUTORS.txt
 - Gemfile
-- LICENSE
-- README.rdoc
+- LICENSE.txt
+- README.md
 - Rakefile
-- VERSION
 - lib/opentoken.rb
 - lib/opentoken/key_value_serializer.rb
 - lib/opentoken/password_key_generator.rb
 - lib/opentoken/token.rb
+- lib/opentoken/version.rb
 - opentoken.gemspec
 - test/helper.rb
 - test/test_opentoken.rb
-has_rdoc: true
-homepage: http://github.com/wireframe/opentoken
-licenses: 
-- MIT
+homepage: http://github.com/socialcast/opentoken
+licenses: []
+
 post_install_message: 
 rdoc_options: []
 
@@ -176,8 +130,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: "0"
 requirements: []
 
-rubyforge_project: 
-rubygems_version: 1.4.2
+rubyforge_project: opentoken
+rubygems_version: 1.8.5
 signing_key: 
 specification_version: 3
 summary: ruby implementation of the opentoken specification

data/LICENSE

@@ -1,20 +0,0 @@
-Copyright (c) 2009 Ryan Sonnek
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -1,25 +0,0 @@
-= opentoken
-
-Parse encrypted opentoken properties
-
-see http://www.pingidentity.com/opentoken
-
-== Usage
-
-  #configure decryption with shared key
-  OpenToken.password = 'shared_secret_to_decrypt'
-
-  #decrypt opentoken into hash of attributes
-  attributes = OpenToken.parse opentoken
-  
-== Note on Patches/Pull Requests
- 
-* Fork the project.
-* Make your feature addition or bug fix.
-* Add tests for it. This is important so I don't break it in a future version unintentionally.
-* Commit, do not mess with rakefile, version, or history. (bump version in a commit by itself I can ignore when I pull)
-* Send me a pull request. Bonus points for topic branches.
-
-== Copyright
-
-Copyright (c) 2010 Ryan Sonnek. See LICENSE for details.

data/VERSION

@@ -1 +0,0 @@
-1.0.0