request_signing 0.1.0.pre2 → 0.1.0.pre3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/request_signing.rb +1 -1
- data/lib/request_signing/errors.rb +13 -1
- data/lib/request_signing/key_stores/static.rb +1 -1
- data/lib/request_signing/test_utils.rb +55 -0
- data/lib/request_signing/version.rb +1 -1
- data/request_signing-faraday.gemspec +2 -3
- data/request_signing-rack.gemspec +2 -3
- data/request_signing-ssm.gemspec +2 -3
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 54aa72ad7948b5b1f34da5abd6efa5d10d4e5bef
|
|
4
|
+
data.tar.gz: 670402e483314b0057ab6a336def431bbebf48b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd206d497060a433d516d179cc355d23e50f74e7bc61b86e1444fd3a87142910ba713f59523991457c02ce06a6828c6b068e911f0d9657dfbfa2f34286eee023
|
|
7
|
+
data.tar.gz: cc1b7ecebc2c183fd81ea3a17406fd946988bcc3a4b18a2cc29fa6a051d10a645b8a47fd863aed88e413792ceed833eb91a1d6512e3f905d62f4b8391eeef791
|
data/lib/request_signing.rb
CHANGED
|
@@ -62,7 +62,7 @@ module RequestSigning
|
|
|
62
62
|
string_for_signing = RequestSigning.make_string_for_signing(signature_parameters.headers, verifiable_req)
|
|
63
63
|
signature = decode_signature(signature_parameters.signature)
|
|
64
64
|
unless alg.verify_signature(key, signature, string_for_signing)
|
|
65
|
-
raise SignatureMismatch
|
|
65
|
+
raise SignatureMismatch, key_id: signature_parameters.key_id
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
@@ -1,7 +1,19 @@
|
|
|
1
1
|
module RequestSigning
|
|
2
2
|
|
|
3
3
|
# Base class for all errors
|
|
4
|
-
class Error < StandardError
|
|
4
|
+
class Error < StandardError
|
|
5
|
+
attr_reader :key_id
|
|
6
|
+
|
|
7
|
+
def initialize(*args, key_id: nil)
|
|
8
|
+
super(*args)
|
|
9
|
+
@key_id = key_id
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def message
|
|
13
|
+
return super unless key_id
|
|
14
|
+
"#{super}, key_id=#{key_id}"
|
|
15
|
+
end
|
|
16
|
+
end
|
|
5
17
|
|
|
6
18
|
# Key with specified keyId could not be found
|
|
7
19
|
class KeyNotFound < Error; end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
module RequestSigning
|
|
2
|
+
module TestUtils
|
|
3
|
+
# Provides helpers for testing request signature verification integration
|
|
4
|
+
# Example:
|
|
5
|
+
# require 'rack/test'
|
|
6
|
+
# require 'request_signing'
|
|
7
|
+
# require 'request_signing/test_utils'
|
|
8
|
+
#
|
|
9
|
+
# class MyServerTest < Minitest::Test
|
|
10
|
+
# include Rack::Test::Methods
|
|
11
|
+
# include RequestSigning::TestUtils::Rack
|
|
12
|
+
#
|
|
13
|
+
# attr_reader :app
|
|
14
|
+
#
|
|
15
|
+
# def setup
|
|
16
|
+
# my_app = MyApp.new
|
|
17
|
+
# signer_key_store = RequestSigning::KeyStores::Static.new(
|
|
18
|
+
# "test_key" => "123qweasdzxc456rtyfghvbn789uiojk",
|
|
19
|
+
# "bad_test_key" => "11111111111111111111111111111111"
|
|
20
|
+
# )
|
|
21
|
+
# signer = RequestSigning::Signer.new(adapter: :rack, key_store: signer_key_store)
|
|
22
|
+
# @app = wrap_with_request_signer(app: my_app, signer: signer)
|
|
23
|
+
# end
|
|
24
|
+
#
|
|
25
|
+
# def test_lets_signed_requests_through
|
|
26
|
+
# signed(key_id: "test_key") { post "/v1/foo" }
|
|
27
|
+
# assert last_response.successful?
|
|
28
|
+
# end
|
|
29
|
+
#
|
|
30
|
+
# def test_rejects_requests_with_bad_signatures
|
|
31
|
+
# signed(key_id: "bad_test_key") { post "/v1/foo" }
|
|
32
|
+
# refute last_response.successful?
|
|
33
|
+
# end
|
|
34
|
+
#
|
|
35
|
+
module Rack
|
|
36
|
+
def wrap_with_request_signer(signer:, app:)
|
|
37
|
+
proc do |env|
|
|
38
|
+
if sign_params = env["request_signing.test.sign_params"]
|
|
39
|
+
env["HTTP_DATE"] ||= Time.now.httpdate
|
|
40
|
+
env["HTTP_SIGNATURE"] = signer.create_signature!(env, sign_params).to_s
|
|
41
|
+
end
|
|
42
|
+
app.call(env)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def signed(key_id:, algorithm: "hmac-sha256", headers: %w[(request-target) host date])
|
|
47
|
+
env "request_signing.test.sign_params", { key_id: key_id, algorithm: algorithm, headers: headers }
|
|
48
|
+
yield
|
|
49
|
+
ensure
|
|
50
|
+
env "request_signing.test.sign_params", nil
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
lib = File.expand_path('../lib', __FILE__)
|
|
3
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require 'request_signing/version'
|
|
5
4
|
|
|
6
5
|
Gem::Specification.new do |spec|
|
|
7
6
|
spec.name = "request_signing-faraday"
|
|
8
|
-
spec.version = "0.1.0.
|
|
7
|
+
spec.version = "0.1.0.pre3"
|
|
9
8
|
spec.authors = ["Vlad Yarotsky"]
|
|
10
9
|
spec.email = ["vlad@remind101.com"]
|
|
11
10
|
|
|
@@ -19,6 +18,6 @@ Gem::Specification.new do |spec|
|
|
|
19
18
|
spec.require_paths = ["lib"]
|
|
20
19
|
spec.metadata["yard.run"] = "yri"
|
|
21
20
|
|
|
22
|
-
spec.add_dependency "request_signing",
|
|
21
|
+
spec.add_dependency "request_signing", "~> 0.1.0.pre2"
|
|
23
22
|
spec.add_dependency "faraday", "~> 0.9"
|
|
24
23
|
end
|
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
lib = File.expand_path('../lib', __FILE__)
|
|
3
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require 'request_signing/version'
|
|
5
4
|
|
|
6
5
|
Gem::Specification.new do |spec|
|
|
7
6
|
spec.name = "request_signing-rack"
|
|
8
|
-
spec.version = "0.1.0.
|
|
7
|
+
spec.version = "0.1.0.pre3"
|
|
9
8
|
spec.authors = ["Vlad Yarotsky"]
|
|
10
9
|
spec.email = ["vlad@remind101.com"]
|
|
11
10
|
|
|
@@ -19,6 +18,6 @@ Gem::Specification.new do |spec|
|
|
|
19
18
|
spec.require_paths = ["lib"]
|
|
20
19
|
spec.metadata["yard.run"] = "yri"
|
|
21
20
|
|
|
22
|
-
spec.add_dependency "request_signing",
|
|
21
|
+
spec.add_dependency "request_signing", "~> 0.1.0.pre2"
|
|
23
22
|
spec.add_dependency "rack", "~> 2.0"
|
|
24
23
|
end
|
data/request_signing-ssm.gemspec
CHANGED
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
# coding: utf-8
|
|
2
2
|
lib = File.expand_path('../lib', __FILE__)
|
|
3
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require 'request_signing/version'
|
|
5
4
|
|
|
6
5
|
Gem::Specification.new do |spec|
|
|
7
6
|
spec.name = "request_signing-ssm"
|
|
8
|
-
spec.version = "0.1.0.
|
|
7
|
+
spec.version = "0.1.0.pre3"
|
|
9
8
|
spec.authors = ["Vlad Yarotsky"]
|
|
10
9
|
spec.email = ["vlad@remind101.com"]
|
|
11
10
|
|
|
@@ -19,6 +18,6 @@ Gem::Specification.new do |spec|
|
|
|
19
18
|
spec.require_paths = ["lib"]
|
|
20
19
|
spec.metadata["yard.run"] = "yri"
|
|
21
20
|
|
|
22
|
-
spec.add_dependency "request_signing",
|
|
21
|
+
spec.add_dependency "request_signing", "~> 0.1.0.pre2"
|
|
23
22
|
spec.add_dependency "aws-sdk-ssm", "~> 1"
|
|
24
23
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: request_signing
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.0.
|
|
4
|
+
version: 0.1.0.pre3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vlad Yarotsky
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Implementation of http request signing draft https://tools.ietf.org/html/draft-cavage-http-signatures-08
|
|
14
14
|
email:
|
|
@@ -43,6 +43,7 @@ files:
|
|
|
43
43
|
- lib/request_signing/key_stores/static.rb
|
|
44
44
|
- lib/request_signing/parameter_parser.rb
|
|
45
45
|
- lib/request_signing/signature_parameters.rb
|
|
46
|
+
- lib/request_signing/test_utils.rb
|
|
46
47
|
- lib/request_signing/version.rb
|
|
47
48
|
- request_signing-faraday.gemspec
|
|
48
49
|
- request_signing-rack.gemspec
|