signing 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +7 -0
  2. data/.gems +1 -0
  3. data/.gitignore +2 -0
  4. data/Rakefile +8 -0
  5. data/Readme.md +30 -0
  6. data/lib/signing.rb +54 -0
  7. data/signing.gemspec +13 -0
  8. data/test/signing_test.rb +38 -0
  9. metadata +51 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 27be608b8ac3aee608f4310beeb4ce80a6de6cb9
4
+ data.tar.gz: 4451fb4fbcc524f46218ebca1ae617493982d0a0
5
+ SHA512:
6
+ metadata.gz: 2b1fff1e92c316a64b60b9dad4251d03b28b769be9e3aa2f6731aa66cf75cb5463f02baabcdbe93fe52c9ca8935e8e1b5895cbdfa52a11eea1150e87bec5f984
7
+ data.tar.gz: 575a9dea70071b0c1b1e299cf3a7d90c423202d0b92b139291b00f473aa0575c67fa6f21b2fe25a065d392ec2adbb2cce8e04dce3b317e0dd064387204451ab5
data/.gems ADDED
@@ -0,0 +1 @@
1
+ cutest -v 1.2.1
data/.gitignore ADDED
@@ -0,0 +1,2 @@
1
+ pkg
2
+ .gs
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ require "cutest"
2
+
3
+ task :test do
4
+ Cutest.run(Dir["test/*.rb"])
5
+ end
6
+
7
+ task :default => :test
8
+
data/Readme.md ADDED
@@ -0,0 +1,30 @@
1
+ # signing
2
+
3
+ Sign and unsign your data.
4
+
5
+ ## Usage
6
+
7
+ ```ruby
8
+ require "signing"
9
+ include Signing
10
+
11
+ signer = Signer.new("secret", "salt")
12
+
13
+ # sign
14
+ signed_value = signer.sign("value")
15
+
16
+ # unsign
17
+ signer.unsign(signed_value) # returns "value"
18
+ ```
19
+
20
+ ## Installation
21
+
22
+ Install it using rubygems.
23
+
24
+ ```
25
+ $ gem install signing
26
+ ```
27
+
28
+ ## License
29
+
30
+ MIT
data/lib/signing.rb ADDED
@@ -0,0 +1,54 @@
1
+ require "base64"
2
+ require "digest/hmac"
3
+ require "digest/sha1"
4
+
5
+ module Signing
6
+ def self.base64_encode(string)
7
+ Base64.urlsafe_encode64(string).gsub(/(=*$)/, "")
8
+ end
9
+
10
+ def self.base64_decode(string)
11
+ Base64.urlsafe_decode64(string + "=" * (-string.length % 4))
12
+ end
13
+
14
+ # constant-time comparison to prevent timing attacks
15
+ def self.compare(a, b)
16
+ len_eq = a.length == b.length
17
+ res = len_eq ? 0 : 1
18
+ left = len_eq ? a : b
19
+ (0...left.length).each { |i| res |= a[i].ord ^ b[i].ord }
20
+ res == 0
21
+ end
22
+
23
+ class Signer
24
+ def initialize(secret, salt)
25
+ @secret = secret
26
+ @salt = salt
27
+ @sep = "."
28
+ end
29
+
30
+ def sign(value)
31
+ value = Signing::base64_encode(value)
32
+ value + @sep + get_signature(value)
33
+ end
34
+
35
+ def unsign(signed_value)
36
+ return false if not signed_value.include? @sep
37
+
38
+ value, s, sig = signed_value.rpartition(@sep)
39
+ if Signing::compare(sig, get_signature(value))
40
+ return Signing::base64_decode(value)
41
+ end
42
+
43
+ false
44
+ end
45
+
46
+ private
47
+
48
+ def get_signature(value)
49
+ key = Digest::SHA1.digest("#{@salt}signer#{@secret}")
50
+ mac = Digest::HMAC.digest(value, key, Digest::SHA1)
51
+ Signing::base64_encode(mac)
52
+ end
53
+ end
54
+ end
data/signing.gemspec ADDED
@@ -0,0 +1,13 @@
1
+ # encoding: utf-8
2
+
3
+ Gem::Specification.new do |s|
4
+ s.name = "signing"
5
+ s.version = "0.0.1"
6
+ s.summary = "Sign and unsign your data."
7
+ s.description = "Sign and unsign your data."
8
+ s.authors = ["Gustavo Leguizamon"]
9
+ s.email = ["leguizamon.gustavo@gmail.com"]
10
+ s.homepage = "https://github.com/goopi/signing"
11
+ s.files = `git ls-files`.split("\n")
12
+ s.license = "MIT"
13
+ end
data/test/signing_test.rb ADDED
@@ -0,0 +1,38 @@
1
+ require File.expand_path("../lib/signing", File.dirname(__FILE__))
2
+ include Signing
3
+
4
+ scope do
5
+ setup do
6
+ {
7
+ :value => "hi",
8
+ :signed_value => "aGk.H9tzyMqq_e4j8yH-0KfNTZvoNBk",
9
+ :secret => "secret",
10
+ :salt => "salt"
11
+ }
12
+ end
13
+
14
+ test "should sign the value" do |params|
15
+ s = Signer.new(params[:secret], params[:salt])
16
+ signed_value = s.sign(params[:value])
17
+ assert_equal signed_value, params[:signed_value]
18
+
19
+ s = Signer.new("othersecret", params[:salt])
20
+ signed_value = s.sign(params[:value])
21
+ assert signed_value != params[:signed_value]
22
+
23
+ s = Signer.new(params[:secret], "othersalt")
24
+ signed_value = s.sign(params[:value])
25
+ assert signed_value != params[:signed_value]
26
+ end
27
+
28
+ test "should unsign the signed value" do |params|
29
+ s = Signer.new(params[:secret], params[:salt])
30
+ assert_equal params[:value], s.unsign(params[:signed_value])
31
+
32
+ s = Signer.new("othersecret", params[:salt])
33
+ assert_equal false, s.unsign(params[:signed_value])
34
+
35
+ s = Signer.new(params[:secret], "othersalt")
36
+ assert_equal false, s.unsign(params[:signed_value])
37
+ end
38
+ end
metadata ADDED
@@ -0,0 +1,51 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: signing
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Gustavo Leguizamon
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-09-16 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: Sign and unsign your data.
14
+ email:
15
+ - leguizamon.gustavo@gmail.com
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - .gems
21
+ - .gitignore
22
+ - Rakefile
23
+ - Readme.md
24
+ - lib/signing.rb
25
+ - signing.gemspec
26
+ - test/signing_test.rb
27
+ homepage: https://github.com/goopi/signing
28
+ licenses:
29
+ - MIT
30
+ metadata: {}
31
+ post_install_message:
32
+ rdoc_options: []
33
+ require_paths:
34
+ - lib
35
+ required_ruby_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - '>='
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ required_rubygems_version: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - '>='
43
+ - !ruby/object:Gem::Version
44
+ version: '0'
45
+ requirements: []
46
+ rubyforge_project:
47
+ rubygems_version: 2.1.3
48
+ signing_key:
49
+ specification_version: 4
50
+ summary: Sign and unsign your data.
51
+ test_files: []