smaak 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/lib/smaak/client.rb +1 -1
- data/lib/smaak/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79837f66e4da4cd06c198b68f4ed72c059b3f0b5
|
|
4
|
+
data.tar.gz: ce28822db26ceb509362dd03e66da05971b14e8f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 887a641de2a26636eb03a6ffba6f8fde13f43bd2d7563380688fe0d4d129d4630c66594b1ab1aa65d9d3f7d22894b779bd87797ccce42202d2f5039caaf0f7b6
|
|
7
|
+
data.tar.gz: cde62c30f2a56a78acd2de3df92b349e563bfe3c4c34384ff593692a45c4a32d80f7ea575069bfecee62b28b146b8a5f580ddf044b0e0cde289162a63cd4973b
|
data/README.md
CHANGED
|
@@ -16,6 +16,28 @@ Or install it yourself as:
|
|
|
16
16
|
|
|
17
17
|
$ gem install smaak
|
|
18
18
|
|
|
19
|
+
## Use cases
|
|
20
|
+
|
|
21
|
+
This gem and mechanism is attempts to alleviate the following attacks and concerns for inter-service communication. This is not a public client/server mechanism.
|
|
22
|
+
|
|
23
|
+
Man-in-the-middle attack:
|
|
24
|
+
|
|
25
|
+
Use this gem to communicate inside an HTTP tunnel that you trust. For internal private networks, place a secure CA on your network.
|
|
26
|
+
|
|
27
|
+
Masquerading:
|
|
28
|
+
|
|
29
|
+
Each association made requires messages to be signed using that association's keypair.
|
|
30
|
+
|
|
31
|
+
Forgery:
|
|
32
|
+
|
|
33
|
+
The indentity of the requestor is signed. The HTTP headers, URL and body / querystring is not. Authorization is left to a service that understands the identity and its permissions.
|
|
34
|
+
|
|
35
|
+
Replay:
|
|
36
|
+
|
|
37
|
+
The request is signed with an expiry and a nonce.
|
|
38
|
+
|
|
39
|
+
Designing for future protocol security requirements. The nonce and expiry are optional features. Passing in a RequestData object for signing, and a RequestSigningValidator object that validates the data content includes all that is required for security, allows us to, in future, cater for man-in-the-middle attacks as well if, for example, the validator requires timestamp, url, form data/querystring, method, etc. to be in the data. If this is all signed, a device in the middle cannot modify the request without the source's private key, and man-in-the-middle is defeated.
|
|
40
|
+
|
|
19
41
|
## Usage
|
|
20
42
|
|
|
21
43
|
TODO: Write usage instructions here
|
data/lib/smaak/client.rb
CHANGED
|
@@ -14,7 +14,7 @@ module Smaak
|
|
|
14
14
|
@identity = identity
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def build_auth_header(associate_identity)
|
|
17
|
+
def build_auth_header(associate_identity, request_signing_data = nil, request_signing_data_validator = nil)
|
|
18
18
|
raise ArgumentError.new("Associate invalid") if not validate_associate(associate_identity)
|
|
19
19
|
associate = @association_store[associate_identity]
|
|
20
20
|
message_data = Smaak::compile_auth_message_data(associate['public_key'], associate['psk'], @token_life, @identity)
|
data/lib/smaak/version.rb
CHANGED