smaak 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/lib/smaak/client.rb +1 -1
- data/lib/smaak/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79837f66e4da4cd06c198b68f4ed72c059b3f0b5
|
|
4
|
+
data.tar.gz: ce28822db26ceb509362dd03e66da05971b14e8f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 887a641de2a26636eb03a6ffba6f8fde13f43bd2d7563380688fe0d4d129d4630c66594b1ab1aa65d9d3f7d22894b779bd87797ccce42202d2f5039caaf0f7b6
|
|
7
|
+
data.tar.gz: cde62c30f2a56a78acd2de3df92b349e563bfe3c4c34384ff593692a45c4a32d80f7ea575069bfecee62b28b146b8a5f580ddf044b0e0cde289162a63cd4973b
|
data/README.md
CHANGED
|
@@ -16,6 +16,28 @@ Or install it yourself as:
|
|
|
16
16
|
|
|
17
17
|
$ gem install smaak
|
|
18
18
|
|
|
19
|
+
## Use cases
|
|
20
|
+
|
|
21
|
+
This gem and mechanism is attempts to alleviate the following attacks and concerns for inter-service communication. This is not a public client/server mechanism.
|
|
22
|
+
|
|
23
|
+
Man-in-the-middle attack:
|
|
24
|
+
|
|
25
|
+
Use this gem to communicate inside an HTTP tunnel that you trust. For internal private networks, place a secure CA on your network.
|
|
26
|
+
|
|
27
|
+
Masquerading:
|
|
28
|
+
|
|
29
|
+
Each association made requires messages to be signed using that association's keypair.
|
|
30
|
+
|
|
31
|
+
Forgery:
|
|
32
|
+
|
|
33
|
+
The indentity of the requestor is signed. The HTTP headers, URL and body / querystring is not. Authorization is left to a service that understands the identity and its permissions.
|
|
34
|
+
|
|
35
|
+
Replay:
|
|
36
|
+
|
|
37
|
+
The request is signed with an expiry and a nonce.
|
|
38
|
+
|
|
39
|
+
Designing for future protocol security requirements. The nonce and expiry are optional features. Passing in a RequestData object for signing, and a RequestSigningValidator object that validates the data content includes all that is required for security, allows us to, in future, cater for man-in-the-middle attacks as well if, for example, the validator requires timestamp, url, form data/querystring, method, etc. to be in the data. If this is all signed, a device in the middle cannot modify the request without the source's private key, and man-in-the-middle is defeated.
|
|
40
|
+
|
|
19
41
|
## Usage
|
|
20
42
|
|
|
21
43
|
TODO: Write usage instructions here
|
data/lib/smaak/client.rb
CHANGED
|
@@ -14,7 +14,7 @@ module Smaak
|
|
|
14
14
|
@identity = identity
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def build_auth_header(associate_identity)
|
|
17
|
+
def build_auth_header(associate_identity, request_signing_data = nil, request_signing_data_validator = nil)
|
|
18
18
|
raise ArgumentError.new("Associate invalid") if not validate_associate(associate_identity)
|
|
19
19
|
associate = @association_store[associate_identity]
|
|
20
20
|
message_data = Smaak::compile_auth_message_data(associate['public_key'], associate['psk'], @token_life, @identity)
|
data/lib/smaak/version.rb
CHANGED