smaak 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/smaak/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35ff71fbfaf02d293801182e42f59164750f55fe
|
|
4
|
+
data.tar.gz: 4880e170915ed649513c20540c1e8622d073a787
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 140f7c33ecb4349c0b244cb7752223fbd7aa05a650bb64322acf4df60c0456a78971024d5d63015dbd1251cbda527311abdbec7a6e95262a210b39381e613c13
|
|
7
|
+
data.tar.gz: 0d2e39786006a82f6bfdd2e449650a87ea5736cf8bd4f8fcacc3be2f5aed89a8bd9da289fb96f2d522c55af1eb6b0e603573aa92893ef2bb2ee966d0ed36dd9b
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
This gems caters for both client and server sides of a signed message interaction over HTTP implementing RFC2617 Digest Access Authentication as well as IETF draft-cavage-http-signatures-04, extended with 'x-smaak-recipient', 'x-smaak-identifier', 'x-smaak-psk', 'x-smaak-expires' and 'x-smaak-nonce' headers. The following compromises are protected against as specified: Man in the middle (header and payload signature, as well as body digest) / snooping (message body encryption), Replay (nonce + expiry), Forgery (signature), Masquerading (identifier and signature), Forwarding / Unintended recipient (recipient pub key check), Clear-text password compromise (MD5 pre-shared key, obfuscated), lack of password (pre-shared key), Message fabrication (associations are purpose-fully provisioned to known associates.)
|
|
4
4
|
|
|
5
|
-
## Smaak mechanism
|
|
5
|
+
## Smaak mechanism
|
|
6
6
|
|
|
7
7
|
When provisioning a Smaak::Server and a Smaak::Client, all associations these services should be aware of are provisioned by calling add_association. The associations are indexed by identifier (e.g. FQDN of the associate,) and remember the associate's public key, a pre-shared key and a boolean indicating whether the association expects data to encrypted.
|
|
8
8
|
|
|
@@ -12,7 +12,7 @@ The signing of an HTTP request and the placement of the signature in an Authoriz
|
|
|
12
12
|
|
|
13
13
|
Smaak verifies an AuthMessage signed in the Authorization header by looking at nonce, expiry, recipient and pre-shared key. The order of headers signed is important for signature verification.
|
|
14
14
|
|
|
15
|
-
### Example Server
|
|
15
|
+
### Example Server
|
|
16
16
|
|
|
17
17
|
A Smaak::Server operates on an instance of an HTTP request received. The Smaak module can be told about different request technology implementations by providing an adaptor to a request technology (Smaak::add_request_adaptor). The gem ships with a Rack::Request adaptor. Call Smaak::create_adaptor with your request to get an instance of an adaptor.
|
|
18
18
|
|
|
@@ -25,6 +25,7 @@ When setting up a Smaak::Server, tell the server of your SmaakService and verify
|
|
|
25
25
|
@smaak_server.set_public_key(File.read '/secure/server_public.pem')
|
|
26
26
|
@smaak_server.set_private_key(File.read '/secure/server_private.pem') # only required when encryption is specified
|
|
27
27
|
@smaak_server.add_association('client-facing-service-needing-back-end-data', File.read '/secure/client_public.pem', 'client-pre-shared-key')
|
|
28
|
+
end
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
class SecureService
|
|
@@ -35,7 +36,7 @@ When setting up a Smaak::Server, tell the server of your SmaakService and verify
|
|
|
35
36
|
end
|
|
36
37
|
end
|
|
37
38
|
|
|
38
|
-
### Example Client
|
|
39
|
+
### Example Client
|
|
39
40
|
|
|
40
41
|
A Smaak::Client operates on an instance of an HTTP request. The Smaak module can be told about different request technology implementations by providing an adaptor to a request technology (Smaak::add_request_adaptor). The gem ships with a Net::HTTP adaptor. Call Smaak::create_adaptor with your request to get an instance of an adaptor.
|
|
41
42
|
|
|
@@ -53,6 +54,7 @@ A Smaak::Client operates on an instance of an HTTP request. The Smaak module can
|
|
|
53
54
|
response = @client.post('service-provider', 'http://service-provider.com:9393/backend', { 'index1' => 'data1', 'index2' => 'data2' }.to_json)
|
|
54
55
|
[200, response.body]
|
|
55
56
|
end
|
|
57
|
+
end
|
|
56
58
|
|
|
57
59
|
class SecureConsumer
|
|
58
60
|
def initialize
|
data/lib/smaak/version.rb
CHANGED