RubyGems - smaak - Versions diffs - 0.1.17 → 0.2.0 - Mend

smaak 0.1.17 → 0.2.0

Files changed (16) hide show

checksums.yaml +4 -4
data/README.md +5 -1
data/lib/smaak.rb +1 -0
data/lib/smaak/auth_message.rb +11 -6
data/lib/smaak/cavage_04.rb +1 -0
data/lib/smaak/client.rb +12 -1
data/lib/smaak/server.rb +2 -1
data/lib/smaak/version.rb +1 -1
data/smaak.gemspec +1 -1
data/spec/lib/smaak/auth_message_spec.rb +24 -17
data/spec/lib/smaak/cavage_04_spec.rb +12 -10
data/spec/lib/smaak/client_spec.rb +27 -1
data/spec/lib/smaak/server_spec.rb +7 -2
data/spec/lib/smaak_spec.rb +2 -1
data/spec/spec_helper.rb +1 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f45f06921b628e88bdca56b549ece83df6ec865c
-  data.tar.gz: 2e1c446e1f3f3eed67162ca298e8ad88dc75d000
+  metadata.gz: 685bcd7d6219373c53cb4b6e64391a810b75c9b7
+  data.tar.gz: 2388377ec73aa7a30a3c5149669092865a22342c
 SHA512:
-  metadata.gz: 99d952eb0657697c4247f6d5fc1c4fb0e37ce320d31fa8ad483e008becd1958a05225cd7bbd64ed004d2e19d1df16faccd5ea80b835497e920dbdeb19f50cb0a
-  data.tar.gz: 95b53689765041860e3dcb3b5a652fb98409facf274596ce88c06fc74f897813140e134391209983268f11ea843542d907fa1ed66da0add5b8ecb6332b0d447d
+  metadata.gz: 12e5a7872bf97d282c4fd918eabaf763ff73eae95b8320bd108f3cf8e8eeab77d3c9b314330533b52a3e3d8f1080ef9c560fc0d0019f2aa77f82c7e71cc93fa2
+  data.tar.gz: 10b54cceaed0fb18133d9650627557bf120a3ff4b0bbabf97645f84cb90b6bb8896fbb0369fec9ac0a2644fc604ae0d7daf32a995138672d7ef0855b5c4528d3

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Smaak
-This gems caters for both client and server sides of a signed message interaction over HTTP implementing RFC2617 Digest Access Authentication as well as IETF draft-cavage-http-signatures-04, extended with 'x-smaak-recipient', 'x-smaak-identifier', 'x-smaak-psk', 'x-smaak-expires' and 'x-smaak-nonce' headers. The following compromises are protected against as specified: Man in the middle (header and payload signature, as well as body digest) / snooping (message body encryption), Replay (nonce + expiry), Forgery (signature), Masquerading (identifier and signature), Forwarding / Unintended recipient (recipient pub key check), Clear-text password compromise (MD5 pre-shared key, obfuscated), lack of password (pre-shared key), Message fabrication (associations are purpose-fully provisioned to known associates.)
+This gems caters for both client and server sides of a signed message interaction over HTTP implementing RFC2617 Digest Access Authentication as well as IETF draft-cavage-http-signatures-04, extended with 'x-smaak-recipient', 'x-smaak-identifier', 'x-smaak-route-info', 'x-smaak-psk', 'x-smaak-expires' and 'x-smaak-nonce' headers. The following compromises are protected against as specified: Man in the middle (header and payload signature, as well as body digest) / snooping (message body encryption), Replay (nonce + expiry), Forgery (signature), Masquerading (identifier and signature), Forwarding / Unintended recipient (recipient pub key check), Clear-text password compromise (MD5 pre-shared key, obfuscated), lack of password (pre-shared key), Message fabrication (associations are purpose-fully provisioned to known associates.)
 ## Smaak mechanism
@@ -84,6 +84,8 @@ A Smaak::Client operates on an instance of an HTTP request. The Smaak module can
 During provisioning, we recommend that the key-pair that does the signing and verification has associated with it an X.509 certificate signed by a CA you trust that contains the identity of the signer. The association is provisioned with an 'identifier' that the Authorization header transports in the 'x-smaak-identifier' header. This identifier is used on the receiver end to look up the public key of the signer in the association list. Once the associated key successfully verifies the signature, that certificate's identity can be used for identity management and authorization. This allows multiple identifiers (e.g. multiple server heads) to represent a single service (identity) with separate signing certs for each head.
+As an additional optional identifying header, x-smaak-rout-info can be utilized (e.g. in cases where x-smaak-identifier is a bus identifier and there is a need to also identify the entity that engaged on the bus)
 ## Example on-the-wire requests
 ### Un-encrypted
@@ -98,6 +100,7 @@ During provisioning, we recommend that the key-pair that does the signing and ve
     Digest: SHA-256=0190f465c943501984c4018bacdbb0be167979f261caf1fe50ce63e97d31dff2
     X-Smaak-Recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
     X-Smaak-Identifier: service-provider-public
+    X-Smaak-Route-Info:
     X-Smaak-Psk: 917e5f9bcf6d7c20a338d8a39bbf79ef
     X-Smaak-Expires: 1435225695
     X-Smaak-Nonce: 7211840395
@@ -118,6 +121,7 @@ During provisioning, we recommend that the key-pair that does the signing and ve
     Digest: SHA-256=3f4502e658dd304d4cd1004a83935ede11692751011a410134ba861a1b55df92
     X-Smaak-Recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=
     X-Smaak-Identifier: service-provider-public
+    X-Smaak-Route-Info:
     X-Smaak-Psk: 917e5f9bcf6d7c20a338d8a39bbf79ef
     X-Smaak-Expires: 1435225536
     X-Smaak-Nonce: 1443964335

data/lib/smaak.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Smaak
   def self.headers_to_be_signed
     [ "x-smaak-recipient",
       "x-smaak-identifier",
+      "x-smaak-route-info",
       "x-smaak-psk",
       "x-smaak-expires",
       "x-smaak-nonce",

data/lib/smaak/auth_message.rb CHANGED Viewed

@@ -3,29 +3,34 @@ require 'smaak/crypto'
 module Smaak
   class AuthMessage
     attr_reader :identifier
+    attr_reader :route_info
     attr_reader :nonce
     attr_reader :recipient
     attr_reader :psk
     attr_reader :expires
     attr_reader :encrypt
-    def self.create(recipient_public_key, psk, token_life, identifier, encrypt = false)
+    def self.create(recipient_public_key, psk, token_life, identifier, route_info = "", encrypt = false)
       nonce = Smaak::Crypto::generate_nonce
       expires = Time.now.to_i + token_life
       #Must obfuscate PSK. AuthMessage must always have an obfuscated PSK
       psk = Smaak::Crypto::obfuscate_psk(psk)
-      AuthMessage::build(recipient_public_key, psk, expires, identifier, nonce, encrypt)
+      AuthMessage::build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt)
     end
-    def self.build(recipient_public_key, psk, expires, identifier, nonce, encrypt = false)
+    def self.build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt = false)
       #No need to obfuscate PSK. Off the wire we should always expect an obfuscated PSK
-      AuthMessage.new(identifier, nonce, expires, psk, recipient_public_key, encrypt)
+      AuthMessage.new(identifier, route_info, nonce, expires, psk, recipient_public_key, encrypt)
     end
-    def initialize(identifier, nonce, expires, psk, recipient_public_key, encrypt)
-      raise ArgumentError.new("Message must have a valid identifier set") if identifier.nil? or identifier.empty?
+    def initialize(identifier, route_info, nonce, expires, psk, recipient_public_key, encrypt)
+      raise ArgumentError.new("Message must have a valid identifier set") if identifier.nil? or identifier.empty?
+      raise ArgumentError.new("Message must have a valid route information set") if route_info.nil?
       @identifier = identifier
       @identifier.freeze
+      @route_info = route_info
+      @route_info.freeze
       raise ArgumentError.new("Message must have a valid nonce set") if not validate_nonce(nonce)
       @nonce = nonce

data/lib/smaak/cavage_04.rb CHANGED Viewed

@@ -38,6 +38,7 @@ module Smaak
       @adaptor.set_header("digest", "SHA-256=#{Digest::SHA256.hexdigest(body)}")
       @adaptor.set_header("x-smaak-recipient", "#{Smaak::Crypto::encode64(auth_message.recipient)}")
       @adaptor.set_header("x-smaak-identifier", "#{auth_message.identifier}")
+      @adaptor.set_header("x-smaak-route-info", "#{auth_message.route_info}")
       @adaptor.set_header("x-smaak-psk", "#{auth_message.psk}")
       @adaptor.set_header("x-smaak-expires", "#{auth_message.expires}")
       @adaptor.set_header("x-smaak-nonce", "#{auth_message.nonce}")

data/lib/smaak/client.rb CHANGED Viewed

@@ -6,6 +6,12 @@ require 'smaak/auth_message.rb'
 module Smaak
   class Client < Associate
     attr_reader :identifier
+    attr_reader :route_info
+    def initialize
+      super
+      set_route_info("")
+    end
     def set_private_key(key)
       set_key(key)
@@ -16,11 +22,16 @@ module Smaak
       @identifier = identifier
     end
+    def set_route_info(route_info)
+      @route_info = route_info
+      @route_info ||= ""
+    end
     def sign_request(associate_identifier, adaptor)
       raise ArgumentError.new("Associate invalid") if not validate_associate(associate_identifier)
       associate = @association_store[associate_identifier]
       raise ArgumentError.new("Invalid adaptor") if adaptor.nil?
-      auth_message = Smaak::AuthMessage.create(associate['public_key'].export, associate['psk'], @token_life, @identifier, associate['encrypt'])
+      auth_message = Smaak::AuthMessage.create(associate['public_key'].export, associate['psk'], @token_life, @identifier, @route_info, associate['encrypt'])
       adaptor.body = Smaak::Crypto::encrypt(adaptor.body, associate['public_key']) if auth_message.encrypt
       adaptor = Smaak::sign_authorization_headers(@key, auth_message, adaptor, Smaak::Cavage04::SPECIFICATION)
     end

data/lib/smaak/server.rb CHANGED Viewed

@@ -36,9 +36,10 @@ module Smaak
       psk = adaptor.header("x-smaak-psk")
       expires = adaptor.header("x-smaak-expires")
       identifier = adaptor.header("x-smaak-identifier")
+      route_info = adaptor.header("x-smaak-route-info")
       nonce = adaptor.header("x-smaak-nonce")
       encrypt = adaptor.header("x-smaak-encrypt")
-      auth_message = Smaak::AuthMessage.build(recipient_public_key, psk, expires, identifier, nonce, encrypt)
+      auth_message = Smaak::AuthMessage.build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt)
     end
     def verify_auth_message(auth_message)

data/lib/smaak/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Smaak
-  VERSION = "0.1.17"
+  VERSION = "0.2.0"
 end

data/smaak.gemspec CHANGED Viewed

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "persistent-cache-ram"
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
-  #spec.add_development_dependency "byebug"
+#  spec.add_development_dependency "byebug"
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'simplecov-rcov'
   spec.add_development_dependency 'rspec'

data/spec/lib/smaak/auth_message_spec.rb CHANGED Viewed

@@ -10,49 +10,56 @@ describe Smaak::AuthMessage do
     @test_server_public_key = @test_server_private_key.public_key
     @test_identity = "test-service"
     @test_identifier = 'test-service-1.cpt1.host-h.net'
+    @test_route_info = 'identifier'
     @test_recipient = @test_server_public_key.export
     @test_encrypt = true
   end
   before :each do
     @test_expires = Time.now.to_i + @test_token_life
-    @iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+    @iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
   end
   context "when initialized" do
     it "should raise an ArgumentError if no identifier is provided" do
       expect {
-        Smaak::AuthMessage.new(nil, nil, nil, nil, nil, nil)
+        Smaak::AuthMessage.new(nil, @test_route_info, nil, nil, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid identifier set"
     end
+    it "should raise an ArgumentError if no route information is provided" do
+      expect {
+        Smaak::AuthMessage.new(@test_identifier, nil, nil, nil, nil, nil, nil)
+      }.to raise_error ArgumentError, "Message must have a valid route information set"
+    end
     it "should raise an ArgumentError if no nonce is provided" do
       expect {
-        Smaak::AuthMessage.new(@test_identifier, nil, nil, nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, nil, nil, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid nonce set"
     end
     it "should raise an ArgumentError if an invalid nonce is provided" do
       expect {
-        Smaak::AuthMessage.new(@test_identifier, 0, nil, nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, 0, nil, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid nonce set"
       expect {
-        Smaak::AuthMessage.new(@test_identifier, 'invalid nonce', nil, nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, 'invalid nonce', nil, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid nonce set"
     end
     it "should raise an ArgumentError if no expiry is provided" do
       expect {
-        Smaak::AuthMessage.new(@test_identifier, @test_nonce, nil, nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, nil, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid expiry set"
     end
     it "should raise an ArgumentError if an invalid expiry is provided" do
       expect {
-        Smaak::AuthMessage.new(@test_identifier, @test_nonce, 0, nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, 0, nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid expiry set"
       expect {
-        Smaak::AuthMessage.new(@test_identifier, @test_nonce, 'invalid expire', nil, nil, nil)
+        Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, 'invalid expire', nil, nil, nil)
       }.to raise_error ArgumentError, "Message must have a valid expiry set"
     end
@@ -81,23 +88,23 @@ describe Smaak::AuthMessage do
     end
     it "should translate the encrypt parameter from string to boolean" do
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
       expect(iut.encrypt).to eq(false)
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, true)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, true)
       expect(iut.encrypt).to eq(true)
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "false")
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "false")
       expect(iut.encrypt).to eq(false)
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "true")
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, "true")
       expect(iut.encrypt).to eq(true)
     end
   end
   context "when asked if it has expired" do
     it "should return true if the current timestamp exceeds that of the message expiry" do
-      iut = Smaak::AuthMessage.new(@test_identifier, @test_nonce, Time.now - 1, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
+      iut = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, Time.now - 1, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, false)
       expect(iut.expired?).to eq(true)
     end
@@ -145,15 +152,15 @@ describe Smaak::AuthMessage do
   context "when asked to create an AuthMessage from scratch" do
     it "should initialize with the recipient_public_key, psk, expires, identifier, nonce, encrypt provided, calculating expiry, generating a nonce, and obfuscating the PSK" do
       allow(Smaak::Crypto).to receive(:generate_nonce).and_return(@test_nonce)
-      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
-      Smaak::AuthMessage.create(@test_recipient, @test_psk, @test_token_life, @test_identifier, @test_encrypt)
+      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      Smaak::AuthMessage.create(@test_recipient, @test_psk, @test_token_life, @test_identifier, @test_route_info, @test_encrypt)
     end
   end
   context "when asked to build an AuthMessage from existing data" do
     it "should initialize with the recipient_public_key, psk, expires, identifier, nonce, encrypt provided" do
-      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
-      Smaak::AuthMessage.build(@test_recipient, Smaak::Crypto::obfuscate_psk(@test_psk), @test_expires, @test_identifier, @test_nonce, @test_encrypt)
+      expect(Smaak::AuthMessage).to receive(:new).with(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      Smaak::AuthMessage.build(@test_recipient, Smaak::Crypto::obfuscate_psk(@test_psk), @test_expires, @test_identifier, @test_route_info, @test_nonce, @test_encrypt)
     end
   end
 end

data/spec/lib/smaak/cavage_04_spec.rb CHANGED Viewed

@@ -18,9 +18,10 @@ describe Smaak::Cavage04 do
       @test_server_public_key = @test_server_private_key.public_key
       @test_identity = "test-service"
       @test_identifier = 'test-service-1.cpt1.host-h.net'
+      @test_route_info = 'identifier'
       @test_recipient = @test_server_public_key.export
       @test_encrypt = true
-      @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+      @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
     end
     context "as a specification implementation" do
@@ -177,11 +178,12 @@ describe Smaak::Cavage04 do
          expect(headers[3].split(":")[0]).to eql("digest")
          expect(headers[4].split(":")[0]).to eql("x-smaak-recipient")
          expect(headers[5].split(":")[0]).to eql("x-smaak-identifier")
-         expect(headers[6].split(":")[0]).to eql("x-smaak-psk")
-         expect(headers[7].split(":")[0]).to eql("x-smaak-expires")
-         expect(headers[8].split(":")[0]).to eql("x-smaak-nonce")
-         expect(headers[9].split(":")[0]).to eql("x-smaak-encrypt")
-         expect(headers[10].split(":")[0]).to eql("content-length")
+         expect(headers[6].split(":")[0]).to eql("x-smaak-route-info")
+         expect(headers[7].split(":")[0]).to eql("x-smaak-psk")
+         expect(headers[8].split(":")[0]).to eql("x-smaak-expires")
+         expect(headers[9].split(":")[0]).to eql("x-smaak-nonce")
+         expect(headers[10].split(":")[0]).to eql("x-smaak-encrypt")
+         expect(headers[11].split(":")[0]).to eql("content-length")
       end
       it "should not include int he list of signature headers non-signature headers" do
@@ -198,7 +200,7 @@ describe Smaak::Cavage04 do
   context "when receiving a signed header" do
     before :each do
       @env = \
-{"CONTENT_LENGTH"=>"25", "CONTENT_TYPE"=>"text/plain", "GATEWAY_INTERFACE"=>"CGI/1.1", "PATH_INFO"=>"/secure-service", "QUERY_STRING"=>"", "REMOTE_ADDR"=>"10.0.0.224", "REMOTE_HOST"=>"service-provider-public", "REQUEST_METHOD"=>"POST", "REQUEST_URI"=>"http://service-provider-internal:9393/secure-service", "SCRIPT_NAME"=>"", "SERVER_NAME"=>"service-provider-internal", "SERVER_PORT"=>"9393", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/2.0.0/2014-02-24)", "HTTP_ACCEPT_ENCODING"=>"gzip;q=1.0,deflate;q=0.6,identity;q=0.3", "HTTP_ACCEPT"=>"*/*", "HTTP_USER_AGENT"=>"Ruby", "HTTP_AUTHORIZATION"=>"Signature keyId=\"rsa-key-1\",algorithm=\"rsa-sha256\", headers=\"host date digest x-smaak-recipient x-smaak-identifier x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length\", signature=\"RQgXQo+Fugz1ubgV1UAJvdPaNHiwTMtu0x+LNJ/7rvY5gaY5R88tUPtcFMzjRzw2QXtY5pettjfbq9LvISnW5MFG7p+goY4YsF4a6b7KgbU8RCAMLVyj4zWEIh/R+3WovuhcG8e5iLGN5/HGHkgDjZzi1a2WwU+tcwSwKBQ0BN+hKUV6haAHxUcNJ8bOgtnZZpSbD0megEmmBwiOjY5EsdM9wFMqGRrBWYV950xs/cPgO7Hjgq4kTnBiFC8Zkcz5zmkkokVE6VliNSPrqIZHm4fGk9UWyDYydlE+4z/wa4KrDs7/JXCQh+HF+BfSlnhG1xm9UT857o8Uz3j8ds4hvzUJyVcHX5B7wFln5szSFz5cdNFdMq6RP3e/TWGEV9J3sWi3pLymQog9jfkS1sjBSUxlc0Nh1hyiBFjybPZcbx6L77hsYV7dnCKF1z5UItvNj2JOkUCe+ppDkfhNxNkSUv9KBir+U+xJwDh+uyO/IAj8TB0cklsdnJNNHCDA4Mmi59RnA6uMsjOo6j7btkRF8nZmDvq0AWmgIUnwIWNWt13ecBH6u1Y03s5D09gX8sILKWuhC4oGEzjE7gBxrORn/MSPNAwAOsx/3ud4PFlOa7DGKApolpL0099w5QgFDqDYALujDdZC2GNgHCdoJqNLoMCEkyVWArvvgxtQ4Xq/0zU=\"", "HTTP_HOST"=>"service-provider-internal", "HTTP_DATE"=>"2015-06-23 13:40:07 GMT", "HTTP_DIGEST"=>"SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc", "HTTP_X_SMAAK_RECIPIENT"=>"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=", "HTTP_X_SMAAK_IDENTIFIER"=>"service-provider-public", "HTTP_X_SMAAK_PSK"=>"917e5f9bcf6d7c20a338d8a39bbf79ef", "HTTP_X_SMAAK_EXPIRES"=>"1435066809", "HTTP_X_SMAAK_NONCE"=>"6457661831", "HTTP_X_SMAAK_ENCRYPT"=>"false", "HTTP_CONNECTION"=>"close"}
+{"CONTENT_LENGTH"=>"25", "CONTENT_TYPE"=>"text/plain", "GATEWAY_INTERFACE"=>"CGI/1.1", "PATH_INFO"=>"/secure-service", "QUERY_STRING"=>"", "REMOTE_ADDR"=>"10.0.0.224", "REMOTE_HOST"=>"service-provider-public", "REQUEST_METHOD"=>"POST", "REQUEST_URI"=>"http://service-provider-internal:9393/secure-service", "SCRIPT_NAME"=>"", "SERVER_NAME"=>"service-provider-internal", "SERVER_PORT"=>"9393", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"WEBrick/1.3.1 (Ruby/2.0.0/2014-02-24)", "HTTP_ACCEPT_ENCODING"=>"gzip;q=1.0,deflate;q=0.6,identity;q=0.3", "HTTP_ACCEPT"=>"*/*", "HTTP_USER_AGENT"=>"Ruby", "HTTP_AUTHORIZATION"=>"Signature keyId=\"rsa-key-1\",algorithm=\"rsa-sha256\", headers=\"host date digest x-smaak-recipient x-smaak-identifier x-smaak-route-info x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length\", signature=\"RQgXQo+Fugz1ubgV1UAJvdPaNHiwTMtu0x+LNJ/7rvY5gaY5R88tUPtcFMzjRzw2QXtY5pettjfbq9LvISnW5MFG7p+goY4YsF4a6b7KgbU8RCAMLVyj4zWEIh/R+3WovuhcG8e5iLGN5/HGHkgDjZzi1a2WwU+tcwSwKBQ0BN+hKUV6haAHxUcNJ8bOgtnZZpSbD0megEmmBwiOjY5EsdM9wFMqGRrBWYV950xs/cPgO7Hjgq4kTnBiFC8Zkcz5zmkkokVE6VliNSPrqIZHm4fGk9UWyDYydlE+4z/wa4KrDs7/JXCQh+HF+BfSlnhG1xm9UT857o8Uz3j8ds4hvzUJyVcHX5B7wFln5szSFz5cdNFdMq6RP3e/TWGEV9J3sWi3pLymQog9jfkS1sjBSUxlc0Nh1hyiBFjybPZcbx6L77hsYV7dnCKF1z5UItvNj2JOkUCe+ppDkfhNxNkSUv9KBir+U+xJwDh+uyO/IAj8TB0cklsdnJNNHCDA4Mmi59RnA6uMsjOo6j7btkRF8nZmDvq0AWmgIUnwIWNWt13ecBH6u1Y03s5D09gX8sILKWuhC4oGEzjE7gBxrORn/MSPNAwAOsx/3ud4PFlOa7DGKApolpL0099w5QgFDqDYALujDdZC2GNgHCdoJqNLoMCEkyVWArvvgxtQ4Xq/0zU=\"", "HTTP_HOST"=>"service-provider-internal", "HTTP_DATE"=>"2015-06-23 13:40:07 GMT", "HTTP_DIGEST"=>"SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc", "HTTP_X_SMAAK_RECIPIENT"=>"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=", "HTTP_X_SMAAK_IDENTIFIER"=>"service-provider-public", "HTTP_X_SMAAK_ROUTE_INFO"=>"", "HTTP_X_SMAAK_PSK"=>"917e5f9bcf6d7c20a338d8a39bbf79ef", "HTTP_X_SMAAK_EXPIRES"=>"1435066809", "HTTP_X_SMAAK_NONCE"=>"6457661831", "HTTP_X_SMAAK_ENCRYPT"=>"false", "HTTP_CONNECTION"=>"close"}
       @request = Rack::Request.new(@env)
       @adaptor = Smaak::RackAdaptor.new(@request)
       @iut = Smaak::Cavage04.new(@adaptor)
@@ -207,7 +209,7 @@ describe Smaak::Cavage04 do
     context "when asked to extract signature headers from a request" do
       it "should find the signature headers list in the authorization header return them separated using spaces" do
         expect(@iut.extract_signature_headers).to eq(\
-"(request-target): post /secure-service\nhost: service-provider-internal\ndate: 2015-06-23 13:40:07 GMT\ndigest: SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc\nx-smaak-recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\nx-smaak-identifier: service-provider-public\nx-smaak-psk: 917e5f9bcf6d7c20a338d8a39bbf79ef\nx-smaak-expires: 1435066809\nx-smaak-nonce: 6457661831\nx-smaak-encrypt: false\ncontent-length: 25")
+"(request-target): post /secure-service\nhost: service-provider-internal\ndate: 2015-06-23 13:40:07 GMT\ndigest: SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc\nx-smaak-recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\nx-smaak-identifier: service-provider-public\nx-smaak-route-info: \nx-smaak-psk: 917e5f9bcf6d7c20a338d8a39bbf79ef\nx-smaak-expires: 1435066809\nx-smaak-nonce: 6457661831\nx-smaak-encrypt: false\ncontent-length: 25")
       end
       it "should prepend the (request-target) header" do
@@ -215,9 +217,9 @@ describe Smaak::Cavage04 do
       end
       it "should return the signature headers in the order expressed in the signature, so that signature verification can succeed" do
-        #host date digest x-smaak-recipient x-smaak-identifier x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length
+        #host date digest x-smaak-recipient x-smaak-identifier x-smaak-route-info x-smaak-psk x-smaak-expires x-smaak-nonce x-smaak-encrypt content-length
         expect(@iut.extract_signature_headers).to eq(\
-"(request-target): post /secure-service\nhost: service-provider-internal\ndate: 2015-06-23 13:40:07 GMT\ndigest: SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc\nx-smaak-recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\nx-smaak-identifier: service-provider-public\nx-smaak-psk: 917e5f9bcf6d7c20a338d8a39bbf79ef\nx-smaak-expires: 1435066809\nx-smaak-nonce: 6457661831\nx-smaak-encrypt: false\ncontent-length: 25")
+"(request-target): post /secure-service\nhost: service-provider-internal\ndate: 2015-06-23 13:40:07 GMT\ndigest: SHA-256=748957b58cc24d2bb9eb8f9c468571712a14f6a89ce936c0fb2d3c5016e4dbdc\nx-smaak-recipient: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFxL2tiYjdBNWllQWV1WlBBVnI3MAo5cjl1TkFzc2dmYkdjeGMzZTc3RDNndkY4U2tzbURNQmQyTUt5TUh0ZjBrM1pqSVdZemJJVG5jQXM1Nnd4cmRSClhiVHpIZnhjMll1dDMwd0ljR2YvUVk4ZTJXNmdMWko4aVM3MXlYb0JQNFpEc2lLSXd4ajFsenYyVFlXWnNSL3EKd28xSzBxZ1NzOXJJVEVkWDVqampycHBYWTdobHNPMGVKQ2JBRG0weEtnU1hMcFQycnJzUnJ2OFllRXFvZTRMaQpDOFd6RjZZRlh1U3RHR1E4SXlxbjdPaTN5aVU2WFc3OTl2cFpIeHJlaERYaytDalZuU0ZXWkVPUHg3cENpam9SCnlXb0gyUmR6QVpQczdVdVJWOUdGWWFQeHRudmttNVdVZDVTdWVCNlMxT2E4dVZ3UnpyeXl6WkRjdG0xdWs1VjIKUE0zLzFqbFJMbFJzTWxSeHdZUDRzaFMzVlhjTkdGYjkvbzkvTjkzbitKZUFpSGd4YU5pQjN6YVV0a05XWWs0Vgozang2d0psTythOUNxdGJJeXg2ZzdyTHhOanVqRFpRZTZGcUdsMzVkVDR5MHA2UmVuUWQ4b1p5aWw3dlpqSkJaCjluTWRJblMyU05wWUZFclBsb25rdXNZKzZsam9TbFNLMXVSRmd2S3dzeGE3RmROMXZWSnRJQk9qdVJzSk9DaHYKOTB2K0ZEQWwxSnNZVUNPUnByUmtMWXB2TWI4Q1BZaUlzb3JmTUdKNnI3NktYUEIzRS9xejRmaWJ1UmZVeWJxMgp5eGxRTVJKb216d1BPemUrbWRQUU5Hd3VTTjU0VnByYXhoNGFpcWtaUVBsSWpRb1dFaFVKRWxMb0NtQXZ4TmtxCmRBcVZJMXZ3cS9FRXFBTEh3amJKRXIwQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\nx-smaak-identifier: service-provider-public\nx-smaak-route-info: \nx-smaak-psk: 917e5f9bcf6d7c20a338d8a39bbf79ef\nx-smaak-expires: 1435066809\nx-smaak-nonce: 6457661831\nx-smaak-encrypt: false\ncontent-length: 25")
       end
     end

data/spec/lib/smaak/client_spec.rb CHANGED Viewed

@@ -13,6 +13,7 @@ describe Smaak::Client do
     @test_data = {}
     @iut = Smaak::Client.new
     @test_identifier = 'test-client-1.cpt1.host-h.net'
+    @test_route_info = 'identifier'
     @test_token_life = 5
     @iut.set_identifier(@test_identifier)
     @iut.set_private_key(@test_client_private_key)
@@ -45,6 +46,30 @@ describe Smaak::Client do
     end
   end
+  context "when given an route information" do
+    it "should remember a the route information provided" do
+      iut = Smaak::Client.new
+      expect(iut.route_info).to eq("")
+      iut.set_route_info(@test_route_info)
+      expect(iut.route_info).to eq(@test_route_info)
+    end
+  end
+  context "when given no route information" do
+    it "should remember empty route information" do
+      iut = Smaak::Client.new
+      iut.set_route_info(nil)
+      expect(iut.route_info).to eq("")
+    end
+  end
+  context "when initialized" do
+    it "should have empty route information" do
+      iut = Smaak::Client.new
+      expect(iut.route_info).to eq("")
+    end
+  end
   context "when asked to sign a request destined for an associate" do
     it "should raise an ArgumentError if the associate is unknown" do
       expect{
@@ -62,8 +87,9 @@ describe Smaak::Client do
     end
     it "should create a new auth message using the associate details" do
-      expect(Smaak::AuthMessage).to receive(:create).with(@test_service_public_key.export, @test_service_psk, @test_token_life, @test_identifier, @test_encrypt)
+      expect(Smaak::AuthMessage).to receive(:create).with(@test_service_public_key.export, @test_service_psk, @test_token_life, @test_identifier, @test_route_info, @test_encrypt)
       expect {
+        @iut.set_route_info(@test_route_info)
         @iut.sign_request(@test_service_identifier, @test_adaptor)
       }.to raise_error NoMethodError
     end

data/spec/lib/smaak/server_spec.rb CHANGED Viewed

@@ -17,7 +17,8 @@ describe Smaak::Server do
     @test_psk = "testpresharedkey"
     @test_server_public_key = @test_server_private_key.public_key
     @test_identifier = 'test-service-1.cpt1.host-h.net'
-    @message = Smaak::AuthMessage.new(@test_identifier, @test_nonce, Time.now.to_i, @test_psk, @test_server_public_key.export, false)
+    @test_route_info = 'identifier'
+    @message = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, Time.now.to_i, @test_psk, @test_server_public_key.export, false)
     @iut.add_association(@test_identifier, @test_server_public_key, @test_psk, false)
     @iut.set_public_key(@test_server_public_key)
     @iut.set_private_key(@test_server_private_key)
@@ -28,7 +29,7 @@ describe Smaak::Server do
     expect(@iut.nonce_store[@test_nonce]).to eq(nil)
     @test_expires = "#{Time.now.to_i + 5}"
-    @env = {"CONTENT_LENGTH" => "25", "REQUEST_METHOD" => "POST", "PATH_INFO" => "/gems/smaak", "HTTP_X_SMAAK_ENCRYPT" => "false", "HTTP_X_SMAAK_RECIPIENT" => Base64.strict_encode64(@test_server_public_key.export), "HTTP_X_SMAAK_IDENTIFIER" => @test_identifier, "HTTP_X_SMAAK_NONCE" => @test_nonce, "HTTP_X_SMAAK_EXPIRES" => @test_expires, "HTTP_X_SMAAK_PSK" => Smaak::Crypto::obfuscate_psk(@test_psk) }
+    @env = {"CONTENT_LENGTH" => "25", "REQUEST_METHOD" => "POST", "PATH_INFO" => "/gems/smaak", "HTTP_X_SMAAK_ENCRYPT" => "false", "HTTP_X_SMAAK_RECIPIENT" => Base64.strict_encode64(@test_server_public_key.export), "HTTP_X_SMAAK_IDENTIFIER" => @test_identifier, "HTTP_X_SMAAK_ROUTE_INFO" => @test_route_info, "HTTP_X_SMAAK_NONCE" => @test_nonce, "HTTP_X_SMAAK_EXPIRES" => @test_expires, "HTTP_X_SMAAK_PSK" => Smaak::Crypto::obfuscate_psk(@test_psk) }
     @auth_message = mock_auth_message(@env)
   end
@@ -123,6 +124,10 @@ describe Smaak::Server do
       expect(@auth_message.identifier).to eql(@test_identifier)
     end
+    it "should set the route-info to the x-smaak-route-info header value" do
+      expect(@auth_message.route_info).to eql(@test_route_info)
+    end
     it "should set the nonce to the x-smaak-nonce header value" do
       expect(@auth_message.nonce).to eql(@test_nonce)
     end

data/spec/lib/smaak_spec.rb CHANGED Viewed

@@ -11,9 +11,10 @@ describe Smaak do
     @test_expires = Time.now.to_i + 5
     @test_psk = "testpresharedkey"
     @test_identifier = 'test-service-1.cpt1.host-h.net'
+    @test_route_info = 'identifier'
     @test_recipient = @test_server_public_key.export
     @test_encrypt = true
-    @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
+    @auth_message = Smaak::AuthMessage.new(@test_identifier, @test_route_info, @test_nonce, @test_expires, Smaak::Crypto::obfuscate_psk(@test_psk), @test_recipient, @test_encrypt)
     @adaptor = Smaak::create_adaptor(@request)
     @mock_specification = Smaak::Cavage04.new(@adaptor)
   end

data/spec/spec_helper.rb CHANGED Viewed

@@ -35,6 +35,7 @@ RSpec.configure do |config|
   #     --seed 1234
   config.order = 'random'
 end
+RSpec::Expectations.configuration.warn_about_potential_false_positives = false
 SimpleCov.formatter = SimpleCov::Formatter::RcovFormatter
 SimpleCov.start do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smaak
 version: !ruby/object:Gem::Version
-  version: 0.1.17
+  version: 0.2.0
 platform: ruby
 authors:
 - Ernst van Graan
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-05 00:00:00.000000000 Z
+date: 2016-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: persistent-cache-ram