signpost-verifier 0.1.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +10 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +5 -0
  5. data/Gemfile +4 -0
  6. data/README.md +36 -0
  7. data/Rakefile +6 -0
  8. data/lib/signpost/verifier.rb +83 -0
  9. data/lib/signpost/verifier/version.rb +5 -0
  10. data/signpost-verifier.gemspec +27 -0
  11. metadata +98 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e4bb13b957876256a53d5eb6c263f2b5fed82b10
4
+ data.tar.gz: 6033992e2048d99a65ec5f1e3d03c9960bdc067e
5
+ SHA512:
6
+ metadata.gz: 7880c36d4f9db996e93c3ed8861ad6fc6ab3b5625b7574e3e8477c1fde46f9e13818a9cda2362c40ba09ba2bb470307d32c11492346443714285026e80f5d986
7
+ data.tar.gz: 29282ecb8038c7af0b7a343d4b30e2a4b61b181efd3be6f19ece727e41b02b91d0d4203b5d82f1f35d0dd043a9ed9441ac7d2e882487f16a3ddeea83b69e9a1a
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ /bin/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.3.1
5
+ before_install: gem install bundler -v 1.12.5
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in signpost-verifier.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,36 @@
1
+ # Signpost::Verifier
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/signpost/verifier`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'signpost-verifier'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install signpost-verifier
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/signpost-verifier.
36
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/lib/signpost/verifier.rb ADDED
@@ -0,0 +1,83 @@
1
+ require 'time'
2
+ require 'open3'
3
+
4
+ require 'signpost/verifier/version'
5
+
6
+ module Signpost # :nodoc:
7
+ class SignpostError < StandardError
8
+ end
9
+
10
+ MAX_AGE = 10
11
+
12
+ module Verifier # :nodoc: TODO DOCME
13
+ ROOT = File.expand_path('../../../', __FILE__)
14
+ if RUBY_PLATFORM =~ /darwin/
15
+ BIN_VERIFIER = File.expand_path('bin/signpost-verify-darwin', ROOT)
16
+ else
17
+ BIN_VERIFIER = File.expand_path('bin/signpost-verify-linux', ROOT)
18
+ end
19
+
20
+ VerificationError = Class.new(Signpost::SignpostError)
21
+
22
+ def self.verify(
23
+ verb: raise,
24
+ date: raise,
25
+ host: raise,
26
+ path: raise,
27
+ signature: raise,
28
+ authorized_keyfile: raise
29
+ )
30
+ validate_timestamp!(date)
31
+ canonical = canonicalize(verb, date, host, path)
32
+
33
+ unless signature
34
+ raise(VerificationError, 'missing X-Signpost-Signature header')
35
+ end
36
+
37
+ out, err, stat = Open3.capture3(
38
+ BIN_VERIFIER, authorized_keyfile.to_s, signature, stdin_data: canonical
39
+ )
40
+ return out.strip if stat.success?
41
+ bail("signature verification failed: #{err.strip}")
42
+ end
43
+
44
+ def self.verify_action_dispatch_request(req, authorized_keyfile)
45
+ h = req.headers
46
+ verify(
47
+ verb: h['REQUEST_METHOD'],
48
+ date: h['HTTP_DATE'],
49
+ host: h['HTTP_HOST'],
50
+ path: h['PATH_INFO'],
51
+ signature: h['HTTP_X_SIGNPOST_SIGNATURE'],
52
+ authorized_keyfile: authorized_keyfile
53
+ )
54
+ end
55
+
56
+ def self.verify_net_http_request(request, authorized_keyfile)
57
+ verify(
58
+ verb: request.method,
59
+ date: request['Date'],
60
+ host: request['Host'],
61
+ path: request.path,
62
+ signature: request['X-Signpost-Signature'],
63
+ authorized_keyfile: authorized_keyfile
64
+ )
65
+ end
66
+
67
+ def self.validate_timestamp!(httpdate, max_age = MAX_AGE)
68
+ bail('missing Date header') unless httpdate
69
+ timestamp = Time.parse(httpdate)
70
+ bail('invalid HTTP Date') if timestamp.httpdate != httpdate
71
+ bail('request is too old') if (Time.now - timestamp) > max_age
72
+ true
73
+ end
74
+
75
+ def self.bail(msg)
76
+ raise(VerificationError, msg)
77
+ end
78
+
79
+ def self.canonicalize(verb, date, host, path)
80
+ [verb, date, host, path].join("\n") + "\n"
81
+ end
82
+ end
83
+ end
data/lib/signpost/verifier/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Signpost
2
+ module Verifier
3
+ VERSION = "0.1.6"
4
+ end
5
+ end
data/signpost-verifier.gemspec ADDED
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'signpost/verifier/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "signpost-verifier"
8
+ spec.version = Signpost::Verifier::VERSION
9
+ spec.authors = ["Burke Libbey"]
10
+ spec.email = ["burke.libbey@shopify.com"]
11
+
12
+ spec.summary = %q{Verify HTTP requests signed by signpost-signer}
13
+ spec.description = %q{Verify signed HTTP requests against a list of authorized_keys}
14
+ spec.homepage = "https://github.com/Shopify/signpost"
15
+
16
+ bins = ['signpost-verify-linux', 'signpost-verify-darwin']
17
+ binfiles = bins.map { |b| "bin/#{b}" }
18
+
19
+ spec.files = binfiles + `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ spec.bindir = 'bin'
21
+ spec.executables = bins
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_development_dependency "bundler", "~> 1.11"
25
+ spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rspec", "~> 3.0"
27
+ end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: signpost-verifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.6
5
+ platform: ruby
6
+ authors:
7
+ - Burke Libbey
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-09-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ description: Verify signed HTTP requests against a list of authorized_keys
56
+ email:
57
+ - burke.libbey@shopify.com
58
+ executables:
59
+ - signpost-verify-linux
60
+ - signpost-verify-darwin
61
+ extensions: []
62
+ extra_rdoc_files: []
63
+ files:
64
+ - ".gitignore"
65
+ - ".rspec"
66
+ - ".travis.yml"
67
+ - Gemfile
68
+ - README.md
69
+ - Rakefile
70
+ - bin/signpost-verify-darwin
71
+ - bin/signpost-verify-linux
72
+ - lib/signpost/verifier.rb
73
+ - lib/signpost/verifier/version.rb
74
+ - signpost-verifier.gemspec
75
+ homepage: https://github.com/Shopify/signpost
76
+ licenses: []
77
+ metadata: {}
78
+ post_install_message:
79
+ rdoc_options: []
80
+ require_paths:
81
+ - lib
82
+ required_ruby_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ required_rubygems_version: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ requirements: []
93
+ rubyforge_project:
94
+ rubygems_version: 2.5.1
95
+ signing_key:
96
+ specification_version: 4
97
+ summary: Verify HTTP requests signed by signpost-signer
98
+ test_files: []