signpost-signer 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 03ec990f21112ed52f8b82c9e6c193583e5ca374
4
+ data.tar.gz: fe6d1975f70a60c401e025a15413f23e2be71f18
5
+ SHA512:
6
+ metadata.gz: e1c1a0d4730f71514446691e8cc478e3261a6ee8a84bd4e684054212a8544fb0c077e7a7dd51a8fc26df684ba48d704662753919584aa3897315f6f3ae659b2d
7
+ data.tar.gz: a8cc56c26b93a84b920fafb4716490cb95639738f662326ff39d7d896b4b1558c0fc42c998247bbac77654e94bbbe3438521b12bd1b90031af235492e291c0ef
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ /bin
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.0.0
4
+ before_install: gem install bundler -v 1.11.2
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in signpost-signer.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,36 @@
1
+ # Signpost::Signer
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/signpost/signer`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'signpost-signer'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install signpost-signer
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/signpost-signer.
36
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,58 @@
1
+ require 'time'
2
+ require 'open3'
3
+
4
+ require 'signpost/signer/version'
5
+
6
+ module Signpost # :nodoc:
7
+ class SignpostError < StandardError
8
+ end
9
+
10
+ module Signer # :nodoc: TODO DOCME
11
+ ROOT = File.expand_path('../../../', __FILE__)
12
+ if RUBY_PLATFORM =~ /darwin/
13
+ BIN_SIGNER = File.expand_path('bin/signpost-sign-darwin', ROOT)
14
+ else
15
+ BIN_SIGNER = File.expand_path('bin/signpost-sign-linux', ROOT)
16
+ end
17
+
18
+ SignatureFailed = Class.new(Signpost::SignpostError)
19
+ SSHKeyError = Class.new(Signpost::SignpostError)
20
+
21
+ KEYFILE_CANDIDATES = [
22
+ File.expand_path('~/.ssh/id_ed25519'),
23
+ File.expand_path('~/.ssh/id_rsa')
24
+ ].freeze
25
+
26
+ def self.sign_request(request, keyfile = find_keyfile)
27
+ request['Date'] = Time.now.httpdate unless request['Date']
28
+ canonical = canonicalize(request)
29
+ request['X-Signpost-Signature'] = sign(canonical, keyfile)
30
+ request
31
+ end
32
+
33
+ def self.find_keyfile
34
+ if kf = ENV['SIGNPOST_KEYFILE']
35
+ return File.expand_path(kf)
36
+ end
37
+ KEYFILE_CANDIDATES.each { |kf| return kf if File.exist?(kf) }
38
+ raise(SSHKeyError, "couldn't find a usable SSH key")
39
+ end
40
+
41
+ def self.canonicalize(request)
42
+ verb = request.method
43
+ date = request.fetch('Date')
44
+ host = request.fetch('Host')
45
+ path = request.path
46
+
47
+ [verb, date, host, path].join("\n") + "\n"
48
+ end
49
+
50
+ def self.sign(message, keyfile)
51
+ out, err, stat = Open3.capture3(
52
+ BIN_SIGNER, keyfile, stdin_data: message
53
+ )
54
+ return out.strip if stat.success?
55
+ raise(SignatureFailed, "signpost-sign failed: #{err.strip}")
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,5 @@
1
+ module Signpost
2
+ module Signer
3
+ VERSION = "0.1.2"
4
+ end
5
+ end
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'signpost/signer/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "signpost-signer"
8
+ spec.version = Signpost::Signer::VERSION
9
+ spec.authors = ["Burke Libbey"]
10
+ spec.email = ["burke.libbey@shopify.com"]
11
+
12
+ spec.summary = %q(Sign HTTP requests with X-Signpost-Signature)
13
+ spec.description = %q(Sign HTTP requests with a local SSH keypair for verification on the server against a list of authorized_keys)
14
+ spec.homepage = "https://github.com/Shopify/signpost"
15
+
16
+ bins = ['signpost-sign-linux', 'signpost-sign-darwin']
17
+ binfiles = bins.map { |b| "bin/#{b}" }
18
+
19
+ spec.files = binfiles + `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ spec.bindir = 'bin'
21
+ spec.executables = bins
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_development_dependency "bundler", "~> 1.11"
25
+ spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rspec", "~> 3.0"
27
+ end
metadata ADDED
@@ -0,0 +1,101 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: signpost-signer
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.2
5
+ platform: ruby
6
+ authors:
7
+ - Burke Libbey
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-09-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ description: Sign HTTP requests with a local SSH keypair for verification on the server
56
+ against a list of authorized_keys
57
+ email:
58
+ - burke.libbey@shopify.com
59
+ executables:
60
+ - signpost-sign-linux
61
+ - signpost-sign-darwin
62
+ extensions: []
63
+ extra_rdoc_files: []
64
+ files:
65
+ - ".gitignore"
66
+ - ".rspec"
67
+ - ".travis.yml"
68
+ - Gemfile
69
+ - README.md
70
+ - Rakefile
71
+ - bin/console
72
+ - bin/setup
73
+ - bin/signpost-sign-darwin
74
+ - bin/signpost-sign-linux
75
+ - lib/signpost/signer.rb
76
+ - lib/signpost/signer/version.rb
77
+ - signpost-signer.gemspec
78
+ homepage: https://github.com/Shopify/signpost
79
+ licenses: []
80
+ metadata: {}
81
+ post_install_message:
82
+ rdoc_options: []
83
+ require_paths:
84
+ - lib
85
+ required_ruby_version: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ required_rubygems_version: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
95
+ requirements: []
96
+ rubyforge_project:
97
+ rubygems_version: 2.5.1
98
+ signing_key:
99
+ specification_version: 4
100
+ summary: Sign HTTP requests with X-Signpost-Signature
101
+ test_files: []