smaak 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/smaak/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35ff71fbfaf02d293801182e42f59164750f55fe
|
|
4
|
+
data.tar.gz: 4880e170915ed649513c20540c1e8622d073a787
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 140f7c33ecb4349c0b244cb7752223fbd7aa05a650bb64322acf4df60c0456a78971024d5d63015dbd1251cbda527311abdbec7a6e95262a210b39381e613c13
|
|
7
|
+
data.tar.gz: 0d2e39786006a82f6bfdd2e449650a87ea5736cf8bd4f8fcacc3be2f5aed89a8bd9da289fb96f2d522c55af1eb6b0e603573aa92893ef2bb2ee966d0ed36dd9b
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
This gems caters for both client and server sides of a signed message interaction over HTTP implementing RFC2617 Digest Access Authentication as well as IETF draft-cavage-http-signatures-04, extended with 'x-smaak-recipient', 'x-smaak-identifier', 'x-smaak-psk', 'x-smaak-expires' and 'x-smaak-nonce' headers. The following compromises are protected against as specified: Man in the middle (header and payload signature, as well as body digest) / snooping (message body encryption), Replay (nonce + expiry), Forgery (signature), Masquerading (identifier and signature), Forwarding / Unintended recipient (recipient pub key check), Clear-text password compromise (MD5 pre-shared key, obfuscated), lack of password (pre-shared key), Message fabrication (associations are purpose-fully provisioned to known associates.)
|
|
4
4
|
|
|
5
|
-
## Smaak mechanism
|
|
5
|
+
## Smaak mechanism
|
|
6
6
|
|
|
7
7
|
When provisioning a Smaak::Server and a Smaak::Client, all associations these services should be aware of are provisioned by calling add_association. The associations are indexed by identifier (e.g. FQDN of the associate,) and remember the associate's public key, a pre-shared key and a boolean indicating whether the association expects data to encrypted.
|
|
8
8
|
|
|
@@ -12,7 +12,7 @@ The signing of an HTTP request and the placement of the signature in an Authoriz
|
|
|
12
12
|
|
|
13
13
|
Smaak verifies an AuthMessage signed in the Authorization header by looking at nonce, expiry, recipient and pre-shared key. The order of headers signed is important for signature verification.
|
|
14
14
|
|
|
15
|
-
### Example Server
|
|
15
|
+
### Example Server
|
|
16
16
|
|
|
17
17
|
A Smaak::Server operates on an instance of an HTTP request received. The Smaak module can be told about different request technology implementations by providing an adaptor to a request technology (Smaak::add_request_adaptor). The gem ships with a Rack::Request adaptor. Call Smaak::create_adaptor with your request to get an instance of an adaptor.
|
|
18
18
|
|
|
@@ -25,6 +25,7 @@ When setting up a Smaak::Server, tell the server of your SmaakService and verify
|
|
|
25
25
|
@smaak_server.set_public_key(File.read '/secure/server_public.pem')
|
|
26
26
|
@smaak_server.set_private_key(File.read '/secure/server_private.pem') # only required when encryption is specified
|
|
27
27
|
@smaak_server.add_association('client-facing-service-needing-back-end-data', File.read '/secure/client_public.pem', 'client-pre-shared-key')
|
|
28
|
+
end
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
class SecureService
|
|
@@ -35,7 +36,7 @@ When setting up a Smaak::Server, tell the server of your SmaakService and verify
|
|
|
35
36
|
end
|
|
36
37
|
end
|
|
37
38
|
|
|
38
|
-
### Example Client
|
|
39
|
+
### Example Client
|
|
39
40
|
|
|
40
41
|
A Smaak::Client operates on an instance of an HTTP request. The Smaak module can be told about different request technology implementations by providing an adaptor to a request technology (Smaak::add_request_adaptor). The gem ships with a Net::HTTP adaptor. Call Smaak::create_adaptor with your request to get an instance of an adaptor.
|
|
41
42
|
|
|
@@ -53,6 +54,7 @@ A Smaak::Client operates on an instance of an HTTP request. The Smaak module can
|
|
|
53
54
|
response = @client.post('service-provider', 'http://service-provider.com:9393/backend', { 'index1' => 'data1', 'index2' => 'data2' }.to_json)
|
|
54
55
|
[200, response.body]
|
|
55
56
|
end
|
|
57
|
+
end
|
|
56
58
|
|
|
57
59
|
class SecureConsumer
|
|
58
60
|
def initialize
|
data/lib/smaak/version.rb
CHANGED