rack-blinkbox-zuul-tokens 0.0.2

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZGRjMjg2MmQ3YmY5ZjY0YjU1NjNjYzQ3ZWViMGUyMmNhYjA3OGViYQ==
+  data.tar.gz: !binary |-
+    MzI0YzEwMjdiZGRhOTlkNGYyNTBkMjAzNDRlMjQ3NDhiYTJjZjAwNA==
+SHA512:
+  metadata.gz: !binary |-
+    OWUwNThlZjQ4YzE3NmViNzEwNzYzMTQxZmQxNzYwYTk4MTA3ZWY3MGRkY2E5
+    NzNjZTQwZGEwMDQwYWI3NTIwMGNhOGRhOTlmMTFhMTU5ZTliYTViODRkM2Vh
+    MGY0OTE2ZDUyMGFiYWFmNzk1NmFkNjQ2NTMyZjdkNzY5ZDViYzg=
+  data.tar.gz: !binary |-
+    MDM2MzA3ZGY1OTk1N2Q0NmFmZjFkM2ZiNWFlNDA4M2U2MzVkZTI5NTllNjk2
+    ODNkNzE0OWQ0ZmQxOTk3NzBjNGJhZWJlODg0MzNkYTE1MzA4N2EyNjBjMWNj
+    MGJlMWNiZjQzZThhNzE1MTY3NzRlMTY3OTQyNTNlZjA5YzMxZDc=

data/.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+log/
+pkg/
+Gemfile.lock

data/.rspec

@@ -0,0 +1,5 @@
+--no-color
+--require spec_helper
+--format progress -o log/spec.log
+--format html     -o log/spec.html
+-cfs

data/.travis.yml

@@ -0,0 +1,13 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.1.2
+deploy:
+  provider: rubygems
+  api_key:
+    secure: IOY7z+QUAzc8ADiD3hyywMLl4l7YxrL8kbfvkAja316jsGCSNqCCcNxa+wx1UiCXfavSNB0kFB1BwRLELS7ADxF0Shyg4h0g+/CbwUHVTELg8J0JfyuV7oEnMZVve12SQzolGeFynGecU6tah5NGRjUgr4+2O9BvIl9umWG8DKU=
+  gem: rack-blinkbox-zuul-tokens
+  on:
+    repo: blinkboxbooks/rack-blinkbox-zuul-tokens.rb
+    rvm: 2.1.2
+    branch: master

data/CHANGELOG.md

@@ -0,0 +1,19 @@
+# Change Log
+
+## 0.1.0 ([#4](https://git.mobcastdev.com/Zuul/rack-blinkbox-zuul-tokens/pull/4) 2014-06-30 17:34:52)
+
+Move to artifactory
+
+### Improvements
+
+- Move to Artifactory
+
+## 0.0.2
+
+### Bug Fixes
+
+- (CP-607) Can now differentiate between no attempt to provide a bearer token, and providing an empty bearer token.
+
+## 0.0.1
+
+Initial release with basic token parsing functionality.

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org/"
+
+gemspec

data/LICENCE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 blinkbox Books Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,3 @@
+# Zuul Authentication for Rack Applications
+
+This gem will automatically check the authenticity of any blinkbox authorisation tokens coming into your Rack application and provide details of the authenticated user.

data/Rakefile

@@ -0,0 +1,20 @@
+require 'rake'
+require 'bundler/gem_tasks'
+
+task :default => :build
+task :build => :test
+task :test => :spec
+
+desc "Run all rspec tests"
+begin
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new(:spec) do |t|
+    t.pattern = 'spec/**/*_spec.rb'
+  end
+rescue LoadError => e
+  raise e
+  task :spec do
+    $stderr.puts "Please install rspec: `gem install rspec`"
+  end
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/rack/blinkbox/zuul/tokens.rb

@@ -0,0 +1,2 @@
+require "rack/blinkbox/zuul/tokens/token_decoder"
+require "rack/blinkbox/zuul/tokens/version"

data/lib/rack/blinkbox/zuul/tokens/file_key_finder.rb

@@ -0,0 +1,36 @@
+require "rack"
+require "sandal"
+
+module Rack
+  module Blinkbox
+    module Zuul
+      # A simple key finder which uses the key identifier to locate keys on the file system.
+      class FileKeyFinder
+
+        # Initialises a new file key finder.
+        #
+        # @param key_dir [String] The directory in which keys are located.
+        def initialize(key_dir = "./keys")
+          @key_dir = key_dir
+        end
+
+        # Loads a key with a specified identifier.
+        #
+        # @param key_id [String] The key identifier.
+        # @param type [Symbol] :public, :private or :symmetric, depending on the required key type.
+        # @return [String]
+        def key_with_id(key_id, type)
+          raise Sandal::InvalidTokenError.new("Unspecified key.") if key_id.nil?
+          key_dir = ::File.join(@key_dir, ::File.expand_path(key_id, "/")) # mitigate directory expansion attacks
+          key_file = "#{key_dir}/#{type}.pem"
+          begin
+            ::File.read(key_file) # TODO: Binary read
+          rescue
+            raise Sandal::InvalidTokenError.new("Unknown key.")
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/rack/blinkbox/zuul/tokens/token_decoder.rb

@@ -0,0 +1,78 @@
+require "rack"
+require "sandal"
+require "rack/blinkbox/zuul/tokens/file_key_finder"
+
+module Rack
+  module Blinkbox
+    module Zuul
+      # Rack middleware for decoding blinkbox Zuul authentication tokens.
+      class TokenDecoder
+
+        # Initialises a new token decoder.
+        #
+        # @param app [??] The Rack application.
+        # @param key_finder [#key_with_id] The class that is used to find
+        #
+        def initialize(app, key_finder = nil)
+          @app = app
+          @key_finder = key_finder || FileKeyFinder.new("./keys")
+        end
+
+        def call(env)
+          access_token = extract_bearer_token(env)
+          if access_token
+            env["zuul.access_token"] = access_token
+            begin
+              env["zuul.claims"] = claims = decode_access_token(access_token)
+              
+              user_guid = claims["sub"]
+              env["zuul.user_guid"] = user_guid
+              env["zuul.user_id"] = user_guid.match(/\Aurn:blinkbox:zuul:user:(\d+)\Z/)[1]
+              env["zuul.user_roles"] = claims["bb/rol"] || []
+
+              client_guid = claims["bb/cid"]
+              if client_guid
+                env["zuul.client_guid"] = client_guid
+                env["zuul.client_id"] = client_guid.match(/\Aurn:blinkbox:zuul:client:(\d+)\Z/)[1]
+              end
+            rescue => error
+              env["zuul.error"] = error
+            end
+          end
+          @app.call(env)   
+        end
+
+        private
+
+        def extract_bearer_token(env)
+          auth_header = env["HTTP_AUTHORIZATION"]
+          return nil if auth_header.nil?
+              
+          auth_scheme, bearer_token = auth_header.split(" ", 2)
+          return nil unless auth_scheme == "Bearer"
+
+          # return an empty string if there was no bearer token in the header so that it's possible to
+          # differentiate between no attempt to provide a bearer token, in the cases above where the
+          # Authorization header is missing or doesn't use the Bearer scheme, and an attempt to provide
+          # bearer token but it happens to be empty.
+          bearer_token || ""
+        end
+
+        def decode_access_token(access_token)
+          Sandal.decode_token(access_token) do |header|            
+            if header["alg"] == Sandal::Sig::ES256::NAME
+              key = @key_finder.key_with_id(header["kid"], :public)
+              Sandal::Sig::ES256.new(key)
+            elsif header["enc"] == Sandal::Enc::A128GCM::NAME && header["alg"] == Sandal::Enc::Alg::RSA_OAEP::NAME
+              key = @key_finder.key_with_id(header["kid"], :private)
+              Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(key))
+            else
+              raise Sandal::UnsupportedTokenError.new("Unsupported signing/encryption method.")
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/rack/blinkbox/zuul/tokens/version.rb

@@ -0,0 +1,9 @@
+module Rack
+  module Blinkbox
+    module Zuul
+      class Tokens
+        VERSION = File.read(File.join(__dir__,"../../../../../VERSION")) rescue "0.0.2"
+      end
+    end
+  end
+end

data/rack-blinkbox-zuul-tokens.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "rack/blinkbox/zuul/tokens/version"
+
+Gem::Specification.new do |s|
+  s.name          = "rack-blinkbox-zuul-tokens"
+  s.version       = Rack::Blinkbox::Zuul::Tokens::VERSION
+  s.authors       = ["Greg Beech", "JP Hastings-Spital"]
+  s.email         = ["greg@blinkbox.com", "jphastings@blinkbox.com"]
+  s.description   = %q{Automatically processes Zuul authorisation tokens on Rack apps}
+  s.summary       = %q{blinkbox books authentication for rack apps}
+  s.homepage      = ""
+
+  s.files         = `git ls-files`.split($/)
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+
+  s.add_dependency "rack"
+  s.add_dependency "sandal", "~> 0.5", ">= 0.5.1"
+
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rack-test"
+  s.add_development_dependency "rspec", "~> 2.0"
+  s.add_development_dependency "sinatra"
+end

data/spec/keys/test-enc/private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAtvdg4VF2VXLQ6X/CUpeGVaTCqThSG4r6EwLVV0YFtMhRHfS3
+Xk3QJik/wNHZDewBvu+g7f3BC25xuz0PbxAKds5QkRYZW0X/tIsIQtIYFco1okY7
+2iQrsoR2sbE9jqpIMOcdtoLMeF69XP2sUoIWElbEFpwyoU9wY1PTbQMzhUQ4P8Ld
+1hdQ+GwyLbTj3IC5ODSTNErYuO5W8gS9Gc/36uPr/LIs0D9S8nhReO/cI+UHUPLK
+jhYtFSXjVf280ZwDXaqcbV6q1ecDbPQr6t/Ri6ePIa20R3OzGsXP9k952ksIw35G
+PEgzGjyPkeUEY8O8Ss3X0Dz1Bhrvre6L+w7inQIDAQABAoIBADdi9XnfziGZyzIU
+EcAszGaapK7TNM/Pp1of7nMn6ExMo3mc/fFXPt5+eCUnoTw8qF6jbaT9vvV17onO
+tyBYy8IhPHRfKzfdHcYKnGqV7OKTvt6rwiyL7Ipy3Pd3fvn0BDyBihYYzErX6xz+
+Ua78YDAXAe8SQ6VfRddbpdIHOQ5rEE9Q8lyjleaRzRUEdklzJaix/WfNefLgY+8n
+VtDcx5A43A4BsSMesBf2z2iXXDPu9RvIqaJWfMUa6dtpW2cCHV1xCl4t84BROneF
+KB86TOmoIZqraWvDVQM7nlpsTLYWkByiXlvc1019H9ZtxWkt8w+VVbaiIePIxVW8
+scH1j4UCgYEA2cn6ymUuFChU7iNSwqFdfCUgz430umb+telVDbbJadKDMjMHbj+c
+JBi/y0HhHSocIkVOs+J5j0YRudm9n0KdmqM9DcE11W7stjTg2W0/pCMxnHBKOxQk
+ERXjbkdk6twfaUi3j9laY6CQsoUiApiGdlAluWgtMPwfCsI1Cnaz628CgYEA1xFV
+n2otCltQjPMmOeDofF68tqHmJE2LWv9hCU+zaO6aP2Vu1HCCUGeww6UuqPHsmWS0
+27MbfGfxMWrDT8NJWZkDvC5/WGYhK7/oErOv/uctHXwYaRF+QeqnzaZDIQiu+1pH
+LvurZ6wYHCE4LSAxnjjL8vJXbVoR3jRIYliA/LMCgYEAusz3gyoNv9RoJGm/zpjB
+qn3eCqhjxI4a4sTj4wNo9o9NYH1MXk/JCV0BBMHY6D76KprvynLyeOVMxu/wKO3m
+aICjGW0jU5H1DsOEKHoAIDTflKLryIiZ9t2jWS97a8aqWo+4gnWXheRut/BhH4Db
+tBdChCjKuj1GEuBIxlTSNZkCgYAtDNSCsBr/MGGPJN+8//+zDaU6HG+46wVl6ljJ
+Ooi6UkC9RuIQXgDuFspQMSm0+fg1qYK5AqufQ6aiU1rWOnIC8qp1oMfMHJiWMXzL
+bhhPrN0mb/gtCh0Icb70tP8azFbbD+4ZSV5+OO5T9iFuUnASVJNkMJ9fqJ5VjV4c
+O63JQQKBgAXA4FWRnI5IE482PXb9J1p4pnbi3IlK791obCdOpH2dHPp4EkPCHALm
+Az8zQW1tXpwNOzq7RSf/jnuKEYk64JYjtDtHLAILJhoWA7vplU0Fj+HyosJolO88
+htgRN++wPL8F3XNPZU0htRKXFJi1TClxwH3BjZnltFRhS7VxxV9K
+-----END RSA PRIVATE KEY-----

data/spec/keys/test-enc/public.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvdg4VF2VXLQ6X/CUpeG
+VaTCqThSG4r6EwLVV0YFtMhRHfS3Xk3QJik/wNHZDewBvu+g7f3BC25xuz0PbxAK
+ds5QkRYZW0X/tIsIQtIYFco1okY72iQrsoR2sbE9jqpIMOcdtoLMeF69XP2sUoIW
+ElbEFpwyoU9wY1PTbQMzhUQ4P8Ld1hdQ+GwyLbTj3IC5ODSTNErYuO5W8gS9Gc/3
+6uPr/LIs0D9S8nhReO/cI+UHUPLKjhYtFSXjVf280ZwDXaqcbV6q1ecDbPQr6t/R
+i6ePIa20R3OzGsXP9k952ksIw35GPEgzGjyPkeUEY8O8Ss3X0Dz1Bhrvre6L+w7i
+nQIDAQAB
+-----END PUBLIC KEY-----

data/spec/keys/test-sig/private.pem

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMqMf7hAPTPnlzIGje7hqS2nREDdznqikgMCihnPowF7oAoGCCqGSM49
+AwEHoUQDQgAEKpuxnYoh/sGl8483iLIqe0sn+oZP4yZLKIfcKJXGf3ooU/X/9sL+
+r+dmErttJrIv0JE3WrcheSNT58Oee1hZZQ==
+-----END EC PRIVATE KEY-----

data/spec/keys/test-sig/public.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKpuxnYoh/sGl8483iLIqe0sn+oZP
+4yZLKIfcKJXGf3ooU/X/9sL+r+dmErttJrIv0JE3WrcheSNT58Oee1hZZQ==
+-----END PUBLIC KEY-----

data/spec/rack/blinkbox/zuul/tokens/token_decoder_spec.rb

@@ -0,0 +1,81 @@
+require_relative "../../../../spec_helper"
+
+describe "A Rack app using Zuul TokenDecoder" do
+  include Rack::Test::Methods
+
+  def app
+    @app ||= App.new
+  end
+
+  context "with no token" do
+    before(:all) do
+      get "/"
+    end
+    describe "the request environment" do
+      subject { last_request.env }
+      it { should_not have_key_starting_with("zuul.") }
+    end
+  end
+
+  context "with a well-formed signed/encrypted token" do
+    before(:all) do
+      claims = {
+        "sub" => "urn:blinkbox:zuul:user:123",
+        "exp" => (Time.now + 1800).to_i,
+        "jti" => "urn:blinkbox:zuul:access-token:4857",
+        "bb/cid" => "urn:blinkbox:zuul:client:38"
+      }
+      puts File.expand_path("./")
+      signer = Sandal::Sig::ES256.new(File.read("./spec/keys/test-sig/private.pem"))
+      encrypter = Sandal::Enc::A128GCM.new(Sandal::Enc::Alg::RSA_OAEP.new(File.read("./spec/keys/test-enc/public.pem")))
+      jws_token = Sandal.encode_token(claims, signer, { "kid" => "test-sig" })
+      jwe_token = Sandal.encrypt_token(jws_token, encrypter, { "kid" => "test-enc", "cty" => "JWT" })
+      get "/", nil, { "HTTP_AUTHORIZATION" => "Bearer #{jwe_token}" }
+    end
+    describe "the request environment" do
+      subject { last_request.env }
+      it { should have_key("zuul.access_token") }
+      it { should_not have_key("zuul.error") }
+      its(["zuul.user_guid"]) { should eq("urn:blinkbox:zuul:user:123") }
+      its(["zuul.user_id"]) { should eq("123") }
+      its(["zuul.client_guid"]) { should eq("urn:blinkbox:zuul:client:38") }
+      its(["zuul.client_id"]) { should eq("38") }
+    end
+  end
+
+  context "with a well-formed encrypted but unsigned token" do
+    pending
+  end
+
+  context "with a well-formed signed but unencrypted token" do
+    pending
+  end
+
+  context "with a well-formed but unsigned/unencrypted token" do
+    before(:all) do
+      token = Sandal.encode_token({ "sub" => "urn:blinkbox:zuul:user:123" }, Sandal::Sig::NONE)
+      get "/", nil, { "HTTP_AUTHORIZATION" => "Bearer #{token}" }
+    end
+    describe "the request environment" do
+      subject { last_request.env }
+      it { should have_key("zuul.access_token") }
+      it { should have_key("zuul.error") }
+      it { should_not have_key_starting_with("zuul.user") }
+      it { should_not have_key_starting_with("zuul.client") }
+    end
+  end
+
+  context "with an invalidly formed token" do
+    before(:all) do
+      get "/", nil, { "HTTP_AUTHORIZATION" => "Bearer some.random.invalid.token.value" }
+    end
+    describe "the request environment" do
+      subject { last_request.env }
+      it { should have_key("zuul.access_token") }
+      it { should have_key("zuul.error") }
+      it { should_not have_key_starting_with("zuul.user") }
+      it { should_not have_key_starting_with("zuul.client") }
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+require "sinatra/base"
+$:<<File.join(File.dirname(__FILE__), "..", "lib")
+
+require "rack/test"
+require "rack/blinkbox/zuul/tokens"
+require "sandal"
+
+class App < Sinatra::Base
+  use Rack::Blinkbox::Zuul::TokenDecoder, Rack::Blinkbox::Zuul::FileKeyFinder.new("./spec/keys")
+end
+
+class Hash
+  def has_key_starting_with?(prefix)
+    keys.any? { |k| k =~ /^#{::Regexp.escape(prefix)}/ }
+  end
+end

metadata

@@ -0,0 +1,171 @@
+--- !ruby/object:Gem::Specification
+name: rack-blinkbox-zuul-tokens
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Greg Beech
+- JP Hastings-Spital
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sandal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Automatically processes Zuul authorisation tokens on Rack apps
+email:
+- greg@blinkbox.com
+- jphastings@blinkbox.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- CHANGELOG.md
+- Gemfile
+- LICENCE
+- README.md
+- Rakefile
+- VERSION
+- lib/.DS_Store
+- lib/rack/.DS_Store
+- lib/rack/blinkbox/.DS_Store
+- lib/rack/blinkbox/zuul/.DS_Store
+- lib/rack/blinkbox/zuul/tokens.rb
+- lib/rack/blinkbox/zuul/tokens/file_key_finder.rb
+- lib/rack/blinkbox/zuul/tokens/token_decoder.rb
+- lib/rack/blinkbox/zuul/tokens/version.rb
+- rack-blinkbox-zuul-tokens.gemspec
+- spec/.DS_Store
+- spec/keys/test-enc/private.pem
+- spec/keys/test-enc/public.pem
+- spec/keys/test-sig/private.pem
+- spec/keys/test-sig/public.pem
+- spec/rack/.DS_Store
+- spec/rack/blinkbox/.DS_Store
+- spec/rack/blinkbox/zuul/tokens/token_decoder_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: blinkbox books authentication for rack apps
+test_files:
+- spec/.DS_Store
+- spec/keys/test-enc/private.pem
+- spec/keys/test-enc/public.pem
+- spec/keys/test-sig/private.pem
+- spec/keys/test-sig/public.pem
+- spec/rack/.DS_Store
+- spec/rack/blinkbox/.DS_Store
+- spec/rack/blinkbox/zuul/tokens/token_decoder_spec.rb
+- spec/spec_helper.rb