smaak 0.1.11 → 0.1.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smaak/adaptors/rack_adaptor.rb +1 -0
- data/lib/smaak/server.rb +10 -3
- data/lib/smaak/version.rb +1 -1
- data/lib/smaak.rb +12 -4
- data/spec/lib/smaak_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53fd9fe4578fa68539091f3b746abda5699f6112
|
|
4
|
+
data.tar.gz: bff1001ef496c3d9d06d52964f8ffd78b65133d8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6514785cd0fceedb7732d33ea9a9933d4e589b5d8234d530b3c9e36908ec5c22bfe3b3437656ab294829a80fcb979c70b366aada9eb60382ba405f7c62896ec7
|
|
7
|
+
data.tar.gz: 4086051e9407628877a947a004b5dd83c391a2af1dd7b96c6a8f1234a8a6372c2560d276ea64b954cfeef535c7efdfe53990a4f91c35c4ef0e3f34d55ded4ec5
|
|
@@ -17,6 +17,7 @@ module Smaak
|
|
|
17
17
|
value = 0 if value.nil?
|
|
18
18
|
return value
|
|
19
19
|
end
|
|
20
|
+
return @request.env["HTTP_HOST"].split(':')[0] if not @request.env["HTTP_HOST"].nil? and header == "host"
|
|
20
21
|
return value = @request.env["REQUEST_METHOD"] if header == "request-method"
|
|
21
22
|
return @request.env["HTTP_#{header.upcase.gsub("-", "_")}"]
|
|
22
23
|
end
|
data/lib/smaak/server.rb
CHANGED
|
@@ -30,7 +30,7 @@ module Smaak
|
|
|
30
30
|
|
|
31
31
|
def build_auth_message_from_request(adaptor)
|
|
32
32
|
puts "[smaak error]: x-smaak-* headers not all present. Is this a smaak request?" if adaptor.header("x-smaak-recipient").nil? or adaptor.header("x-smaak-psk").nil? or adaptor.header("x-smaak-expires").nil? or adaptor.header("x-smaak-identifier").nil? or adaptor.header("x-smaak-nonce").nil? or adaptor.header("x-smaak-encrypt").nil?
|
|
33
|
-
recipient_public_key =
|
|
33
|
+
recipient_public_key = Smaak::Crypto::decode64(adaptor.header("x-smaak-recipient"))
|
|
34
34
|
psk = adaptor.header("x-smaak-psk")
|
|
35
35
|
expires = adaptor.header("x-smaak-expires")
|
|
36
36
|
identifier = adaptor.header("x-smaak-identifier")
|
|
@@ -69,11 +69,18 @@ module Smaak
|
|
|
69
69
|
def verify_signed_request(request)
|
|
70
70
|
adaptor = Smaak::create_adaptor(request)
|
|
71
71
|
auth_message = build_auth_message_from_request(adaptor)
|
|
72
|
-
|
|
72
|
+
if not verify_auth_message(auth_message)
|
|
73
|
+
puts "[smaak error]: could not verify auth_message"
|
|
74
|
+
return false
|
|
75
|
+
end
|
|
73
76
|
pubkey = @association_store[auth_message.identifier]['public_key']
|
|
77
|
+
puts "[smaak warning]: pubkey not specified" if (pubkey.nil?) or (pubkey == "")
|
|
74
78
|
body = Smaak::Crypto::sink(adaptor.body)
|
|
75
79
|
body = Smaak::Crypto::decrypt(body, @private_key) if auth_message.encrypt
|
|
76
|
-
|
|
80
|
+
if not Smaak::verify_authorization_headers(adaptor, pubkey)
|
|
81
|
+
puts "[smaak error]: could not verify authorization headers"
|
|
82
|
+
return false, nil
|
|
83
|
+
end
|
|
77
84
|
return auth_message, body # TBD return ID from cert
|
|
78
85
|
end
|
|
79
86
|
|
data/lib/smaak/version.rb
CHANGED
data/lib/smaak.rb
CHANGED
|
@@ -55,9 +55,17 @@ module Smaak
|
|
|
55
55
|
def self.verify_authorization_headers(adaptor, pubkey)
|
|
56
56
|
raise ArgumentError.new("Key is required") if pubkey.nil?
|
|
57
57
|
signature_headers, signature = Smaak::get_signature_data_from_request(adaptor)
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
58
|
+
if signature.nil?
|
|
59
|
+
puts "[smaak error]: could not extract signature"
|
|
60
|
+
return false
|
|
61
|
+
end
|
|
62
|
+
if signature_headers.nil?
|
|
63
|
+
puts "[smaak error]: could not extract signature headers"
|
|
64
|
+
return false
|
|
65
|
+
end
|
|
66
|
+
verified = Smaak::Crypto::verify_signature(signature, Smaak::Crypto::encode64(signature_headers), pubkey)
|
|
67
|
+
puts "[smaak error]: verification of headers and signature using pubkey failed" if not verified
|
|
68
|
+
verified
|
|
61
69
|
end
|
|
62
70
|
|
|
63
71
|
private
|
|
@@ -68,7 +76,7 @@ module Smaak
|
|
|
68
76
|
signature_headers = specification.extract_signature_headers
|
|
69
77
|
signature = specification.extract_signature
|
|
70
78
|
|
|
71
|
-
return signature_headers,
|
|
79
|
+
return signature_headers, Smaak::Crypto::decode64(signature)
|
|
72
80
|
end
|
|
73
81
|
end
|
|
74
82
|
|
data/spec/lib/smaak_spec.rb
CHANGED
|
@@ -125,7 +125,7 @@ describe Smaak do
|
|
|
125
125
|
it "should extract the signature using the specification" do
|
|
126
126
|
expect(Smaak::Cavage04).to receive(:new).and_return(@mock_specification)
|
|
127
127
|
expect(@mock_specification).to receive(:extract_signature_headers).and_return "headers"
|
|
128
|
-
expect(@mock_specification).to receive(:extract_signature).and_return "signature"
|
|
128
|
+
expect(@mock_specification).to receive(:extract_signature).and_return Base64.strict_encode64("signature")
|
|
129
129
|
Smaak::verify_authorization_headers(@adaptor, @test_server_public_key)
|
|
130
130
|
end
|
|
131
131
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smaak
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ernst van Graan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-08-
|
|
11
|
+
date: 2015-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: persistent-cache
|