signpost-verifier 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +10 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +5 -0
  5. data/Gemfile +4 -0
  6. data/README.md +36 -0
  7. data/Rakefile +6 -0
  8. data/lib/signpost/verifier.rb +83 -0
  9. data/lib/signpost/verifier/version.rb +5 -0
  10. data/signpost-verifier.gemspec +27 -0
  11. metadata +98 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e4bb13b957876256a53d5eb6c263f2b5fed82b10
4
+ data.tar.gz: 6033992e2048d99a65ec5f1e3d03c9960bdc067e
5
+ SHA512:
6
+ metadata.gz: 7880c36d4f9db996e93c3ed8861ad6fc6ab3b5625b7574e3e8477c1fde46f9e13818a9cda2362c40ba09ba2bb470307d32c11492346443714285026e80f5d986
7
+ data.tar.gz: 29282ecb8038c7af0b7a343d4b30e2a4b61b181efd3be6f19ece727e41b02b91d0d4203b5d82f1f35d0dd043a9ed9441ac7d2e882487f16a3ddeea83b69e9a1a
data/.gitignore ADDED
@@ -0,0 +1,10 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ /bin/
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.3.1
5
+ before_install: gem install bundler -v 1.12.5
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in signpost-verifier.gemspec
4
+ gemspec
data/README.md ADDED
@@ -0,0 +1,36 @@
1
+ # Signpost::Verifier
2
+
3
+ Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/signpost/verifier`. To experiment with that code, run `bin/console` for an interactive prompt.
4
+
5
+ TODO: Delete this and the text above, and describe your gem
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'signpost-verifier'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install signpost-verifier
22
+
23
+ ## Usage
24
+
25
+ TODO: Write usage instructions here
26
+
27
+ ## Development
28
+
29
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
30
+
31
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/signpost-verifier.
36
+
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/lib/signpost/verifier.rb ADDED
@@ -0,0 +1,83 @@
1
+ require 'time'
2
+ require 'open3'
3
+
4
+ require 'signpost/verifier/version'
5
+
6
+ module Signpost # :nodoc:
7
+ class SignpostError < StandardError
8
+ end
9
+
10
+ MAX_AGE = 10
11
+
12
+ module Verifier # :nodoc: TODO DOCME
13
+ ROOT = File.expand_path('../../../', __FILE__)
14
+ if RUBY_PLATFORM =~ /darwin/
15
+ BIN_VERIFIER = File.expand_path('bin/signpost-verify-darwin', ROOT)
16
+ else
17
+ BIN_VERIFIER = File.expand_path('bin/signpost-verify-linux', ROOT)
18
+ end
19
+
20
+ VerificationError = Class.new(Signpost::SignpostError)
21
+
22
+ def self.verify(
23
+ verb: raise,
24
+ date: raise,
25
+ host: raise,
26
+ path: raise,
27
+ signature: raise,
28
+ authorized_keyfile: raise
29
+ )
30
+ validate_timestamp!(date)
31
+ canonical = canonicalize(verb, date, host, path)
32
+
33
+ unless signature
34
+ raise(VerificationError, 'missing X-Signpost-Signature header')
35
+ end
36
+
37
+ out, err, stat = Open3.capture3(
38
+ BIN_VERIFIER, authorized_keyfile.to_s, signature, stdin_data: canonical
39
+ )
40
+ return out.strip if stat.success?
41
+ bail("signature verification failed: #{err.strip}")
42
+ end
43
+
44
+ def self.verify_action_dispatch_request(req, authorized_keyfile)
45
+ h = req.headers
46
+ verify(
47
+ verb: h['REQUEST_METHOD'],
48
+ date: h['HTTP_DATE'],
49
+ host: h['HTTP_HOST'],
50
+ path: h['PATH_INFO'],
51
+ signature: h['HTTP_X_SIGNPOST_SIGNATURE'],
52
+ authorized_keyfile: authorized_keyfile
53
+ )
54
+ end
55
+
56
+ def self.verify_net_http_request(request, authorized_keyfile)
57
+ verify(
58
+ verb: request.method,
59
+ date: request['Date'],
60
+ host: request['Host'],
61
+ path: request.path,
62
+ signature: request['X-Signpost-Signature'],
63
+ authorized_keyfile: authorized_keyfile
64
+ )
65
+ end
66
+
67
+ def self.validate_timestamp!(httpdate, max_age = MAX_AGE)
68
+ bail('missing Date header') unless httpdate
69
+ timestamp = Time.parse(httpdate)
70
+ bail('invalid HTTP Date') if timestamp.httpdate != httpdate
71
+ bail('request is too old') if (Time.now - timestamp) > max_age
72
+ true
73
+ end
74
+
75
+ def self.bail(msg)
76
+ raise(VerificationError, msg)
77
+ end
78
+
79
+ def self.canonicalize(verb, date, host, path)
80
+ [verb, date, host, path].join("\n") + "\n"
81
+ end
82
+ end
83
+ end
data/lib/signpost/verifier/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ module Signpost
2
+ module Verifier
3
+ VERSION = "0.1.6"
4
+ end
5
+ end
data/signpost-verifier.gemspec ADDED
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'signpost/verifier/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "signpost-verifier"
8
+ spec.version = Signpost::Verifier::VERSION
9
+ spec.authors = ["Burke Libbey"]
10
+ spec.email = ["burke.libbey@shopify.com"]
11
+
12
+ spec.summary = %q{Verify HTTP requests signed by signpost-signer}
13
+ spec.description = %q{Verify signed HTTP requests against a list of authorized_keys}
14
+ spec.homepage = "https://github.com/Shopify/signpost"
15
+
16
+ bins = ['signpost-verify-linux', 'signpost-verify-darwin']
17
+ binfiles = bins.map { |b| "bin/#{b}" }
18
+
19
+ spec.files = binfiles + `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ spec.bindir = 'bin'
21
+ spec.executables = bins
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_development_dependency "bundler", "~> 1.11"
25
+ spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_development_dependency "rspec", "~> 3.0"
27
+ end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: signpost-verifier
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.6
5
+ platform: ruby
6
+ authors:
7
+ - Burke Libbey
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-09-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '3.0'
55
+ description: Verify signed HTTP requests against a list of authorized_keys
56
+ email:
57
+ - burke.libbey@shopify.com
58
+ executables:
59
+ - signpost-verify-linux
60
+ - signpost-verify-darwin
61
+ extensions: []
62
+ extra_rdoc_files: []
63
+ files:
64
+ - ".gitignore"
65
+ - ".rspec"
66
+ - ".travis.yml"
67
+ - Gemfile
68
+ - README.md
69
+ - Rakefile
70
+ - bin/signpost-verify-darwin
71
+ - bin/signpost-verify-linux
72
+ - lib/signpost/verifier.rb
73
+ - lib/signpost/verifier/version.rb
74
+ - signpost-verifier.gemspec
75
+ homepage: https://github.com/Shopify/signpost
76
+ licenses: []
77
+ metadata: {}
78
+ post_install_message:
79
+ rdoc_options: []
80
+ require_paths:
81
+ - lib
82
+ required_ruby_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ required_rubygems_version: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ requirements: []
93
+ rubyforge_project:
94
+ rubygems_version: 2.5.1
95
+ signing_key:
96
+ specification_version: 4
97
+ summary: Verify HTTP requests signed by signpost-signer
98
+ test_files: []