RubyGems - pandexio - Versions diffs - 0.0.6 → 0.0.7 - Mend

pandexio 0.0.6 → 0.0.7

Files changed (18) hide show

data/README.md +78 -78
data/Rakefile +8 -8
data/lib/pandexio.rb +14 -155
data/lib/request.rb +24 -24
data/lib/scope.rb +13 -0
data/lib/scope_patterns.rb +7 -0
data/lib/signer.rb +192 -0
data/lib/signing_algorithms.rb +36 -36
data/lib/signing_attributes.rb +21 -21
data/lib/signing_mechanisms.rb +16 -16
data/lib/signing_options.rb +29 -29
data/test/test_header_signing.rb +327 -296
data/test/test_query_string_signing.rb +408 -368
data/test/test_scope.rb +37 -0
data/test/test_scope_patterns.rb +56 -0
data/test/test_signer.rb +112 -0
metadata +15 -7
checksums.yaml +0 -7

data/README.md CHANGED

@@ -1,78 +1,78 @@
-#Pandexio SDK for Ruby
-##Overview
-This Pandexio SDK enables Ruby server applications to easily generate signed requests that can be consumed by the Pandexio REST API (https://platform.pandexio.com) and the Pandexio Hosted Model (https://hosted.pandexio.com).
-##Definitions
-###Pandexio::Request
-- type - class
-- attributes:
-  - method - required. The request HTTP verb (GET, POST, PUT, PATCH, DELETE).
-  - path - required. The path part of the request URL (e.g., /v2/documents/a4df7a95-d1f6-4664-b208-74568990bd15).
-  - query_parameters - optional. A hash containing the query parameters (e.g., { "coverSize" => "xl" }).
-  - headers - required. A hash containing the headers (e.g., { "Host" => "platform.pandexio.com" }). Host header must be included.
-  - payload - optional. UTF-8 encoded request body. Only applicable for POST, PUT, and PATCH requests.
-###Pandexio::SigningOptions
-- type - class
-- attributes:
-  - algorithm - required. The HMAC algorithm to use. Choose from any specified in
-    - Pandexio::SigningAlgorithms::PDX_HMAC_MD5 - MD5 HMAC
-    - Pandexio::SigningAlgorithms::PDX_HMAC_SHA1 - SHA1 HMAC
-    - Pandexio::SigningAlgorithms::PDX_HMAC_SHA256 - SHA256 HMAC
-    - Pandexio::SigningAlgorithms::PDX_HMAC_SHA384 - SHA384 HMAC
-    - Pandexio::SigningAlgorithms::PDX_HMAC_SHA512 - SHA512 HMAC
-  - mechanism - required. Specifies which signing mechanism to use. Signing mechanisms include:
-    - Pandexio::SigningMechanisms::QUERY_STRING - Sign the request using query string parameters
-    - Pandexio::SigningMechanisms::HEADER - Sign the request using headers
-  - domain_id - required. Public API key.
-  - domain_key - required. Shared secret API key used to generate HMAC signatures.
-  - date - required. ISO8601 date/time when the request was made.
-  - expires - required. Number of seconds before the request signature expires.
-  - originator - required. The name of the application, feature, etc. making the request.
-  - email_address - required. The email address of the user making the request.
-  - display_name - required. The display name of the user making the request.
-  - profile_image - optional. The profile image thumbnail, either data URL or HTTP URL of the user making the request.
-###Pandexio::to_authorized_request
-- type - method
-- arguments
-  - Pandexio::Request *normalized_request* - A non-signed request containing information about the request to be made.
-  - Pandexio::SigningOptions *signing_options* - The details specifying how to sign the *normalized_request*
-- result
-  - Pandexio::Request *authorized_request* - A signed request containing information about the request to be made as well as signing information as headers or query string parameters, depending on the *signing_options*.
-##Signing a Request
-Take the following steps to create a signed Pandexio request.
-1. Create an instance of Pandexio::Request containing details of the request to be made, the *normalized_request*.
-2. Create an instance of Pandexio::SigningOptions. These *signing_options* specify the SDK will sign the request.
-3. Call Pandexio::to_authorized_request, passing in the *normalized_request* and the *signing_options*.
-4. Build an HTTP request using the Pandexio::Request, *authorized_request*, returned by Pandexio::to_authorized_request and make the HTTP request using the HTTP client of choice.
-##All Together
-Here's an example showing the generation of a signed Pandexio request to retrieve an extra large document cover thumbnail for a given document:
-```ruby
-require 'pandexio'
-normalized_request = Pandexio::Request.new(
-  :method => "GET",
-  :path => "/v2/documents/a4df7a95-d1f6-4664-b208-74568990bd15/cover",
-  :query_parameters => { "coverSize" => "xl" },
-  :headers => { "Host" => "platform.pandexio.com" })
-signing_options = Pandexio::SigningOptions.new(
-  :algorithm => Pandexio::SigningAlgorithms::PDX_HMAC_SHA256,
-  :mechanism => Pandexio::SigningMechanisms::QUERY_STRING,
-  :domain_id => "1234567890",
-  :domain_key => "asdfjklqwerzxcv",
-  :date => Time.utc(2015, 6, 10, 13, 22, 46),
-  :expires => 90,
-  :originator => "Demo",
-  :email_address => "terry@contoso.com",
-  :display_name => "Terry Contoso")
-authorized_request = Pandexio::to_authorized_request(normalized_request, signing_options)
-```
+#Pandexio SDK for Ruby
+##Overview
+This Pandexio SDK enables Ruby server applications to easily generate signed requests that can be consumed by the Pandexio REST API (https://platform.pandexio.com) and the Pandexio Hosted Model (https://hosted.pandexio.com).
+##Definitions
+###Pandexio::Request
+- type - class
+- attributes:
+    - method - required. The request HTTP verb (GET, POST, PUT, PATCH, DELETE).
+    - path - required. The path part of the request URL (e.g., /v2/documents/a4df7a95-d1f6-4664-b208-74568990bd15).
+    - query_parameters - optional. A hash containing the query parameters (e.g., { "coverSize" => "xl" }).
+    - headers - required. A hash containing the headers (e.g., { "Host" => "platform.pandexio.com" }). Host header must be included.
+    - payload - optional. UTF-8 encoded request body. Only applicable for POST, PUT, and PATCH requests.
+###Pandexio::SigningOptions
+- type - class
+- attributes:
+    - algorithm - required. The HMAC algorithm to use. Choose from any specified in
+        - Pandexio::SigningAlgorithms::PDX_HMAC_MD5 - MD5 HMAC
+        - Pandexio::SigningAlgorithms::PDX_HMAC_SHA1 - SHA1 HMAC
+        - Pandexio::SigningAlgorithms::PDX_HMAC_SHA256 - SHA256 HMAC
+        - Pandexio::SigningAlgorithms::PDX_HMAC_SHA384 - SHA384 HMAC
+        - Pandexio::SigningAlgorithms::PDX_HMAC_SHA512 - SHA512 HMAC
+    - mechanism - required. Specifies which signing mechanism to use. Signing mechanisms include:
+        - Pandexio::SigningMechanisms::QUERY_STRING - Sign the request using query string parameters
+        - Pandexio::SigningMechanisms::HEADER - Sign the request using headers
+    - domain_id - required. Public API key.
+    - domain_key - required. Shared secret API key used to generate HMAC signatures.
+    - date - required. ISO8601 date/time when the request was made.
+    - expires - required. Number of seconds before the request signature expires.
+    - originator - required. The name of the application, feature, etc. making the request.
+    - email_address - required. The email address of the user making the request.
+    - display_name - required. The display name of the user making the request.
+    - profile_image - optional. The profile image thumbnail, either data URL or HTTP URL of the user making the request.
+###Pandexio::to_authorized_request
+- type - method
+- arguments
+    - Pandexio::Request *normalized_request* - A non-signed request containing information about the request to be made.
+    - Pandexio::SigningOptions *signing_options* - The details specifying how to sign the *normalized_request*
+- result
+    - Pandexio::Request *authorized_request* - A signed request containing information about the request to be made as well as signing information as headers or query string parameters, depending on the *signing_options*.
+##Signing a Request
+Take the following steps to create a signed Pandexio request.
+1. Create an instance of Pandexio::Request containing details of the request to be made, the *normalized_request*.
+2. Create an instance of Pandexio::SigningOptions. These *signing_options* specify the SDK will sign the request.
+3. Call Pandexio::to_authorized_request, passing in the *normalized_request* and the *signing_options*.
+4. Build an HTTP request using the Pandexio::Request, *authorized_request*, returned by Pandexio::to_authorized_request and make the HTTP request using the HTTP client of choice.
+##All Together
+Here's an example showing the generation of a signed Pandexio request to retrieve an extra large document cover thumbnail for a given document:
+```ruby
+require 'pandexio'
+normalized_request = Pandexio::Request.new(
+    :method => "GET",
+    :path => "/v2/documents/a4df7a95-d1f6-4664-b208-74568990bd15/cover",
+    :query_parameters => { "coverSize" => "xl" },
+    :headers => { "Host" => "platform.pandexio.com" })
+signing_options = Pandexio::SigningOptions.new(
+    :algorithm => Pandexio::SigningAlgorithms::PDX_HMAC_SHA256,
+    :mechanism => Pandexio::SigningMechanisms::QUERY_STRING,
+    :domain_id => "1234567890",
+    :domain_key => "asdfjklqwerzxcv",
+    :date => Time.utc(2015, 6, 10, 13, 22, 46),
+    :expires => 90,
+    :originator => "Demo",
+    :email_address => "terry@contoso.com",
+    :display_name => "Terry Contoso")
+authorized_request = Pandexio::to_authorized_request(normalized_request, signing_options)
+```

data/Rakefile CHANGED

@@ -1,9 +1,9 @@
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.libs << 'test'
-  t.verbose = true
-end
-desc "Run tests"
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+    t.libs << 'test'
+    t.verbose = true
+end
+desc "Run tests"
 task :default => :test

data/lib/pandexio.rb CHANGED

@@ -1,156 +1,15 @@
-require 'time'
-require 'stringio'
-require 'openssl'
-require_relative 'request.rb'
-require_relative 'signing_algorithms.rb'
-require_relative 'signing_attributes.rb'
-require_relative 'signing_mechanisms.rb'
-require_relative 'signing_options.rb'
-module Pandexio
-  LINE_BREAK = "\r\n"
-  private_constant :LINE_BREAK
-  private
-  def self.ordinal_key_value_sort(a, b)
-    a_codepoints, b_codepoints = a[0].codepoints.to_a, b[0].codepoints.to_a
-    min = [a_codepoints.length, b_codepoints.length].min - 1
-    for i in 0..min
-      a_codepoint = a_codepoints[i]
-      b_codepoint = b_codepoints[i]
-      c = a_codepoint <=> b_codepoint
-      return c if c != 0
-    end
-    return a_codepoints.length <=> b_codepoints.length
-  end
-  def self.build_canonical_query_string(query_parameters)
-    temp_query_parameters = query_parameters.dup
-    temp_query_parameters = temp_query_parameters.sort { |a, b| ordinal_key_value_sort(a, b) }
-    canonical_query_string = StringIO.new
-    temp_query_parameters.each do |key, value|
-      next if key == SigningAttributes::ALGORITHM || key == SigningAttributes::CREDENTIAL || key == SigningAttributes::SIGNED_HEADERS || key == SigningAttributes::SIGNATURE
-      canonical_query_string << "&" if canonical_query_string.length > 0
-      canonical_query_string << "#{key}=#{value}"
-    end
-    return canonical_query_string.string
-  end
-  def self.build_canonical_headers(headers)
-    temp_headers = {}
-    headers.each do |key, value|
-      next if key == SigningAttributes::AUTHORIZATION
-      temp_headers[key.downcase.strip] = value
-    end
-    temp_headers = temp_headers.sort { |a, b| ordinal_key_value_sort(a, b) }
-    canonical_headers, signed_headers = StringIO.new, StringIO.new
-    temp_headers.each do |key, value|
-      next if key == SigningAttributes::AUTHORIZATION
-      canonical_headers << LINE_BREAK if canonical_headers.length > 0
-      canonical_headers << "#{key}:#{value}"
-      signed_headers << ";" if signed_headers.length > 0
-      signed_headers << "#{key}"
-    end
-    return canonical_headers.string, signed_headers.string
-  end
-  def self.build_canonical_payload(payload, digest)
-    canonical_payload = digest.hexdigest(payload).encode('UTF-8')
-    return canonical_payload;
-  end
-  def self.build_canonical_request(request, digest)
-    canonical_query_string = build_canonical_query_string(request.query_parameters)
-    canonical_headers, signed_headers = build_canonical_headers(request.headers)
-    canonical_payload = build_canonical_payload(request.payload, digest)
-    canonical_request = "#{request.method}#{LINE_BREAK}#{request.path}#{LINE_BREAK}#{canonical_query_string}#{LINE_BREAK}#{canonical_headers}#{LINE_BREAK}#{signed_headers}#{LINE_BREAK}#{canonical_payload}"
-    return canonical_request, signed_headers
-  end
-  def self.build_string_to_sign(canonical_request, signing_options)
-    signing_string = "#{signing_options.algorithm}#{LINE_BREAK}#{signing_options.date.iso8601}#{LINE_BREAK}#{canonical_request}".encode('UTF-8')
-    return signing_string
-  end
-  def self.generate_signature(string_to_sign, signing_options, digest)
-    return OpenSSL::HMAC.hexdigest(digest, signing_options.domain_key, string_to_sign)
-  end
-  public
-  def self.to_authorized_request(normalized_request, signing_options)
-    raise ArgumentError, 'normalized_request must be of type Pandexio::Request and cannot be nil' unless !normalized_request.nil? && normalized_request.is_a?(Request)
-    raise ArgumentError, 'normalized_request.query_parameters must be of type Hash and cannot be nil' unless !normalized_request.query_parameters.nil? && normalized_request.query_parameters.is_a?(Hash)
-    raise ArgumentError, 'normalized_request.headers must be of type Hash and cannot be nil' unless !normalized_request.headers.nil? && normalized_request.headers.is_a?(Hash)
-    raise ArgumentError, 'signing_options must be of type Pandexio::SigningOptions cannot be nil' unless !signing_options.nil? && signing_options.is_a?(SigningOptions)
-    raise ArgumentError, 'signing_options.domain_id must be of type String and cannot be nil or empty' unless !signing_options.domain_id.nil? && signing_options.domain_id.is_a?(String) && !signing_options.domain_id.empty?
-    raise ArgumentError, 'signing_options.domain_key must be of type String and cannot be nil or empty' unless !signing_options.domain_key.nil? && signing_options.domain_key.is_a?(String) && !signing_options.domain_key.empty?
-    raise ArgumentError, 'signing_options.algorithm must be of type String and cannot be nil or empty' unless SigningAlgorithms.is_v(signing_options.algorithm)
-    raise ArgumentError, 'signing_options.mechanism must be a valid signing mechanism' unless SigningMechanisms.is_v(signing_options.mechanism)
-    raise ArgumentError, 'signing_options.date must be of type Time and cannot be nil' unless !signing_options.date.nil? && signing_options.date.is_a?(Time)
-    raise ArgumentError, 'signing_options.expires must be of type Fixnum and cannot be nil or empty' unless !signing_options.expires.nil? && signing_options.expires.is_a?(Fixnum) && signing_options.expires > 0
-    raise ArgumentError, 'signing_options.originator must be of type String and cannot be nil or empty' unless !signing_options.originator.nil? && signing_options.originator.is_a?(String)  && !signing_options.originator.empty?
-    raise ArgumentError, 'signing_options.email_address must be of type String and cannot be nil or empty' unless !signing_options.email_address.nil? && signing_options.email_address.is_a?(String)  && !signing_options.email_address.empty?
-    raise ArgumentError, 'signing_options.display_name must be of type String and cannot be nil or empty' unless !signing_options.display_name.nil? && signing_options.display_name.is_a?(String)  && !signing_options.display_name.empty?
-    authorized_request = Pandexio::Request.new(
-      :method => normalized_request.method,
-      :path => normalized_request.path,
-      :query_parameters => normalized_request.query_parameters.clone,
-      :headers => normalized_request.headers.clone,
-      :payload => normalized_request.payload)
-    append = lambda { |p|
-      p[SigningAttributes::DATE] = signing_options.date.iso8601
-      p[SigningAttributes::EXPIRES] = signing_options.expires
-      p[SigningAttributes::ORIGINATOR] = signing_options.originator
-      p[SigningAttributes::EMAIL_ADDRESS] = signing_options.email_address
-      p[SigningAttributes::DISPLAY_NAME] = signing_options.display_name
-      p[SigningAttributes::PROFILE_IMAGE] = signing_options.profile_image if !signing_options.profile_image.nil? && signing_options.profile_image.is_a?(String) && !signing_options.profile_image.empty?
-    }
-    append.call(
-      signing_options.mechanism == SigningMechanisms::QUERY_STRING ? authorized_request.query_parameters :
-      signing_options.mechanism == SigningMechanisms::HEADER ? authorized_request.headers : {})
-    digest = SigningAlgorithms.to_d(signing_options.algorithm)
-    canonical_request, signed_headers = build_canonical_request(authorized_request, digest)
-    string_to_sign = build_string_to_sign(canonical_request, signing_options)
-    signature = generate_signature(string_to_sign, signing_options, digest)
-    if signing_options.mechanism == SigningMechanisms::QUERY_STRING
-      authorized_request.query_parameters[SigningAttributes::ALGORITHM] = signing_options.algorithm
-      authorized_request.query_parameters[SigningAttributes::CREDENTIAL] = signing_options.domain_id
-      authorized_request.query_parameters[SigningAttributes::SIGNED_HEADERS] = signed_headers
-      authorized_request.query_parameters[SigningAttributes::SIGNATURE] = signature
-    elsif signing_options.mechanism == SigningMechanisms::HEADER
-      authorized_request.headers[SigningAttributes::AUTHORIZATION] = "#{signing_options.algorithm} Credential=#{signing_options.domain_id}, SignedHeaders=#{signed_headers}, Signature=#{signature}"
-    end
-    return authorized_request
-  end
+require_relative 'signer.rb'
+module Pandexio
+    def self.to_authorized_request(normalized_request, signing_options)
+        signer = Pandexio::Signer.new()
+        authorized_request = signer.sign(normalized_request, signing_options)
+        return authorized_request
+    end
 end

data/lib/request.rb CHANGED

@@ -1,25 +1,25 @@
-module Pandexio
-  class Request
-    def initialize(params = {})
-      @method = params.fetch(:method, nil)
-      @path = params.fetch(:path, nil)
-      @query_parameters = params.fetch(:query_parameters, {})
-      @headers = params.fetch(:headers, {})
-      @payload = params.fetch(:payload, nil)
-    end
-    attr_accessor :method
-    attr_accessor :path
-    attr_accessor :query_parameters
-    attr_accessor :headers
-    attr_accessor :payload
-    def to_s
-      "#{@method} #{@path}#{LINE_BREAK}query_parameters: #{query_parameters}#{LINE_BREAK}headers: #{headers}#{LINE_BREAK}payload: #{payload}"
-    end
-  end
+module Pandexio
+    class Request
+        def initialize(params = {})
+            @method = params.fetch(:method, nil)
+            @path = params.fetch(:path, nil)
+            @query_parameters = params.fetch(:query_parameters, {})
+            @headers = params.fetch(:headers, {})
+            @payload = params.fetch(:payload, nil)
+        end
+        attr_accessor :method
+        attr_accessor :path
+        attr_accessor :query_parameters
+        attr_accessor :headers
+        attr_accessor :payload
+        def to_s
+            "#{@method} #{@path}#{LINE_BREAK}query_parameters: #{query_parameters}#{LINE_BREAK}headers: #{headers}#{LINE_BREAK}payload: #{payload}"
+        end
+    end
 end

data/lib/scope.rb ADDED

@@ -0,0 +1,13 @@
+module Pandexio
+    class Scope
+        def initialize(params = {})
+            @document_ids = params.fetch(:document_ids, [])
+        end
+        attr_accessor :document_ids
+    end
+end

data/lib/scope_patterns.rb ADDED

@@ -0,0 +1,7 @@
+module Pandexio
+    class ScopePatterns
+        DOCUMENT_PATH_PATTERN = /(\/.*?documents\/)(?<documentid>[a-zA-Z0-9\-_]+)/i
+    end
+end

data/lib/signer.rb ADDED

@@ -0,0 +1,192 @@
+require 'time'
+require 'stringio'
+require 'openssl'
+require_relative 'request.rb'
+require_relative 'scope.rb'
+require_relative 'scope_patterns.rb'
+require_relative 'signing_algorithms.rb'
+require_relative 'signing_attributes.rb'
+require_relative 'signing_mechanisms.rb'
+require_relative 'signing_options.rb'
+module Pandexio
+    class Signer
+        LINE_BREAK = "\r\n"
+        private_constant :LINE_BREAK
+        private
+        def extract_scope(normalized_request)
+            scope = Pandexio::Scope.new()
+            match = normalized_request.path.match(Pandexio::ScopePatterns::DOCUMENT_PATH_PATTERN)
+            if !match.nil?
+                document_id = match["documentid"]
+                scope.document_ids.push(document_id)
+            end
+            normalized_request.query_parameters.each do |key, value|
+                next if key.casecmp('documentids') != 0
+                document_ids = value.split(',')
+                scope.document_ids.concat(document_ids)
+            end
+            return scope
+        end
+        def ordinal_key_value_sort(a, b)
+            a_codepoints, b_codepoints = a[0].codepoints.to_a, b[0].codepoints.to_a
+            min = [a_codepoints.length, b_codepoints.length].min - 1
+            for i in 0..min
+                a_codepoint = a_codepoints[i]
+                b_codepoint = b_codepoints[i]
+                c = a_codepoint <=> b_codepoint
+                return c if c != 0
+            end
+            return a_codepoints.length <=> b_codepoints.length
+        end
+        def build_canonical_query_string(query_parameters)
+            temp_query_parameters = query_parameters.sort { |a, b| ordinal_key_value_sort(a, b) }
+            canonical_query_string = StringIO.new
+            temp_query_parameters.each do |key, value|
+                next if key.casecmp(SigningAttributes::ALGORITHM) == 0 ||
+                        key.casecmp(SigningAttributes::CREDENTIAL) == 0 ||
+                        key.casecmp(SigningAttributes::SIGNED_HEADERS) == 0 ||
+                        key.casecmp(SigningAttributes::SIGNATURE) == 0
+                canonical_query_string << "&" if canonical_query_string.length > 0
+                canonical_query_string << "#{key}=#{value}"
+            end
+            return canonical_query_string.string
+        end
+        def build_canonical_headers(headers)
+            temp_headers = {}
+            headers.each do |key, value|
+                next if key.casecmp(SigningAttributes::AUTHORIZATION) == 0
+                temp_headers[key.downcase.strip] = value
+            end
+            temp_headers = temp_headers.sort { |a, b| ordinal_key_value_sort(a, b) }
+            canonical_headers, signed_headers = StringIO.new, StringIO.new
+            temp_headers.each do |key, value|
+                canonical_headers << LINE_BREAK if canonical_headers.length > 0
+                canonical_headers << "#{key}:#{value}"
+                signed_headers << ";" if signed_headers.length > 0
+                signed_headers << "#{key}"
+            end
+            return canonical_headers.string, signed_headers.string
+        end
+        def build_canonical_payload(payload, digest)
+            canonical_payload = digest.hexdigest(payload).encode('UTF-8')
+            return canonical_payload;
+        end
+        def build_canonical_request(request, digest)
+            canonical_query_string = build_canonical_query_string(request.query_parameters)
+            canonical_headers, signed_headers = build_canonical_headers(request.headers)
+            canonical_payload = build_canonical_payload(request.payload, digest)
+            canonical_request = "#{request.method}#{LINE_BREAK}#{request.path}#{LINE_BREAK}#{canonical_query_string}#{LINE_BREAK}#{canonical_headers}#{LINE_BREAK}#{signed_headers}#{LINE_BREAK}#{canonical_payload}"
+            return canonical_request, signed_headers
+        end
+        def build_string_to_sign(canonical_request, signing_options)
+            signing_string = "#{signing_options.algorithm}#{LINE_BREAK}#{signing_options.date.iso8601}#{LINE_BREAK}#{canonical_request}".encode('UTF-8')
+            return signing_string
+        end
+        def generate_signature(string_to_sign, signing_options, digest)
+            return OpenSSL::HMAC.hexdigest(digest, signing_options.domain_key, string_to_sign)
+        end
+        def build_authorized_request(normalized_request, signing_options)
+            authorized_request = Pandexio::Request.new(
+                :method => normalized_request.method,
+                :path => normalized_request.path,
+                :query_parameters => normalized_request.query_parameters.clone,
+                :headers => normalized_request.headers.clone,
+                :payload => normalized_request.payload)
+            append = lambda { |p|
+                p[SigningAttributes::DATE] = signing_options.date.iso8601
+                p[SigningAttributes::EXPIRES] = signing_options.expires
+                p[SigningAttributes::ORIGINATOR] = signing_options.originator
+                p[SigningAttributes::EMAIL_ADDRESS] = signing_options.email_address
+                p[SigningAttributes::DISPLAY_NAME] = signing_options.display_name
+                p[SigningAttributes::PROFILE_IMAGE] = signing_options.profile_image if !signing_options.profile_image.nil? && signing_options.profile_image.is_a?(String) && !signing_options.profile_image.empty?
+            }
+            append.call(
+                signing_options.mechanism == SigningMechanisms::QUERY_STRING ? authorized_request.query_parameters :
+                signing_options.mechanism == SigningMechanisms::HEADER ? authorized_request.headers : {})
+            digest = SigningAlgorithms.to_d(signing_options.algorithm)
+            canonical_request, signed_headers = build_canonical_request(authorized_request, digest)
+            string_to_sign = build_string_to_sign(canonical_request, signing_options)
+            signature = generate_signature(string_to_sign, signing_options, digest)
+            if signing_options.mechanism == SigningMechanisms::QUERY_STRING
+                authorized_request.query_parameters[SigningAttributes::ALGORITHM] = signing_options.algorithm
+                authorized_request.query_parameters[SigningAttributes::CREDENTIAL] = signing_options.domain_id
+                authorized_request.query_parameters[SigningAttributes::SIGNED_HEADERS] = signed_headers
+                authorized_request.query_parameters[SigningAttributes::SIGNATURE] = signature
+            elsif signing_options.mechanism == SigningMechanisms::HEADER
+                authorized_request.headers[SigningAttributes::AUTHORIZATION] = "#{signing_options.algorithm} Credential=#{signing_options.domain_id}, SignedHeaders=#{signed_headers}, Signature=#{signature}"
+            end
+            return authorized_request
+        end
+        public
+        def sign(normalized_request, signing_options)
+            scope, authorized_request = scope_and_sign(normalized_request, signing_options)
+            return authorized_request
+        end
+        def scope_and_sign(normalized_request, signing_options)
+            raise ArgumentError, 'normalized_request must be of type Pandexio::Request and cannot be nil' unless !normalized_request.nil? && normalized_request.is_a?(Request)
+            raise ArgumentError, 'normalized_request.query_parameters must be of type Hash and cannot be nil' unless !normalized_request.query_parameters.nil? && normalized_request.query_parameters.is_a?(Hash)
+            raise ArgumentError, 'normalized_request.headers must be of type Hash and cannot be nil' unless !normalized_request.headers.nil? && normalized_request.headers.is_a?(Hash)
+            raise ArgumentError, 'signing_options must be of type Pandexio::SigningOptions cannot be nil' unless !signing_options.nil? && signing_options.is_a?(SigningOptions)
+            raise ArgumentError, 'signing_options.domain_id must be of type String and cannot be nil or empty' unless !signing_options.domain_id.nil? && signing_options.domain_id.is_a?(String) && !signing_options.domain_id.empty?
+            raise ArgumentError, 'signing_options.domain_key must be of type String and cannot be nil or empty' unless !signing_options.domain_key.nil? && signing_options.domain_key.is_a?(String) && !signing_options.domain_key.empty?
+            raise ArgumentError, 'signing_options.algorithm must be of type String and cannot be nil or empty' unless SigningAlgorithms.is_v(signing_options.algorithm)
+            raise ArgumentError, 'signing_options.mechanism must be a valid signing mechanism' unless SigningMechanisms.is_v(signing_options.mechanism)
+            raise ArgumentError, 'signing_options.date must be of type Time and cannot be nil' unless !signing_options.date.nil? && signing_options.date.is_a?(Time)
+            raise ArgumentError, 'signing_options.expires must be of type Fixnum and cannot be nil or empty' unless !signing_options.expires.nil? && signing_options.expires.is_a?(Fixnum) && signing_options.expires > 0
+            raise ArgumentError, 'signing_options.originator must be of type String and cannot be nil or empty' unless !signing_options.originator.nil? && signing_options.originator.is_a?(String)    && !signing_options.originator.empty?
+            raise ArgumentError, 'signing_options.email_address must be of type String and cannot be nil or empty' unless !signing_options.email_address.nil? && signing_options.email_address.is_a?(String)    && !signing_options.email_address.empty?
+            raise ArgumentError, 'signing_options.display_name must be of type String and cannot be nil or empty' unless !signing_options.display_name.nil? && signing_options.display_name.is_a?(String)    && !signing_options.display_name.empty?
+            scope = extract_scope(normalized_request)
+            authorized_request = build_authorized_request(normalized_request, signing_options)
+            return scope, authorized_request
+        end
+    end
+end