time_sensitive_hmac 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.rspec
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in time_sensitive_hmac.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright (c) 2013 Rob Howard
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,29 @@
+# TimeSensitiveHmac
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'time_sensitive_hmac'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install time_sensitive_hmac
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new('spec')
+task :test => :spec

data/lib/time_sensitive_hmac.rb

@@ -0,0 +1,6 @@
+require "time_sensitive_hmac/version"
+require "time_sensitive_hmac/signature"
+
+module TimeSensitiveHmac
+
+end

data/lib/time_sensitive_hmac/signature.rb

@@ -0,0 +1,55 @@
+require 'base64'
+require 'openssl'
+
+module TimeSensitiveHmac
+  class Signature
+
+    attr_reader :secret, :digest
+
+    def initialize(secret, opts={})
+      @secret = secret
+      @digest = OpenSSL::Digest::Digest.new(
+                  opts[:digest] || 'sha256'
+                )
+    end
+
+    def generate(time, data, context=nil)
+      raw = OpenSSL::HMAC.digest(
+        digest,
+        secret,
+        data_from_parts(time, context, data)
+      )
+      encode(raw)
+    end
+
+    def verify(sig, time, data, context=nil, grace_period_in_seconds=0)
+      # TODO: grace period
+      # Take inspiration from HOTP (RFC 4226) for time intervals:
+      # http://tools.ietf.org/html/rfc4226#page-35
+      check_sig = generate(time, data, context)
+      sig == check_sig
+    end
+
+    def verify_now(sig, data, context=nil, grace_period_in_seconds=0)
+      verify(sig, Time.now, context, grace_period_in_seconds)
+    end
+
+    protected
+
+      def encode(input)
+        # encode64 includes a trailing \n.
+        input && Base64.encode64(input).strip
+      end
+
+      def data_from_parts(time, context, data)
+        [time.utc.to_i, encode(context), encode(data)].compact.join(':')
+      end
+
+      def normalise_to_time_class(time)
+        unless time.is_a? Time
+          time = Time.at(time.to_i)
+        end
+        time
+      end
+  end
+end

data/lib/time_sensitive_hmac/version.rb

@@ -0,0 +1,3 @@
+module TimeSensitiveHmac
+  VERSION = "0.0.1"
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+require 'bundler/setup'
+require 'time_sensitive_hmac'
+
+RSpec.configure do |config|
+  # ...
+end
+

data/spec/time_sensitive_hmac_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe TimeSensitiveHmac do
+  let(:secret) { 'abcd' * 8 }
+
+  context "instantiating" do
+    it "defaults to SHA256" do
+      sig = TimeSensitiveHmac::Signature.new(secret)
+      sig.digest.name.should == 'SHA256'
+    end
+
+    it "accepts any valid OpenSSL::Digest type" do
+      sig = TimeSensitiveHmac::Signature.new(secret, :digest => 'sha1')
+      sig.digest.name.should == 'SHA1'
+    end
+
+    it "assumes OpenSSL will reject default digest types" do
+      -> {
+        TimeSensitiveHmac::Signature.new(secret, :digest => 'sha666')
+      }.should raise_error(RuntimeError)
+    end
+  end
+
+  context "generating" do
+    let!(:now)      { Time.utc(2013,1,1) }
+    let(:signature) { TimeSensitiveHmac::Signature.new(secret) }
+
+    it "generates with a time and data chunk" do
+      digest = signature.generate(now, '{"sample"=>"data"}')
+      digest.should == 'qDdAbSFV3/oDpmD10L0LySWZugYbzbCKxyZ7Z9Nd0RY='
+    end
+
+    it "generates with time, data, and a URL path context" do
+      digest = signature.generate(
+        now,
+        '{"sample"=>"data"}',
+        '/path/with?query=string'
+      )
+      digest.should == 'Wq+9pR/thhyUz0rTFHj4CxGQPGT271ZEJMdDSMPeucg='
+    end
+  end
+
+  context "verification at exact moments" do
+    pending "verifies signatures with valid data"
+    pending "verifies signatures with a valid data and context pair"
+    pending "fails invalid signatures"
+  end
+
+  context "verification with grace period" do
+    pending "verifies signatures with valid data"
+    pending "verifies signatures with a valid data and context pair"
+    pending "fails invalid signatures"
+    pending "fails valid signatures outside of the grace period"
+  end
+end

data/time_sensitive_hmac.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'time_sensitive_hmac/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "time_sensitive_hmac"
+  spec.version       = TimeSensitiveHmac::VERSION
+  spec.authors       = ["Rob Howard"]
+  spec.email         = ["rob@robhoward.id.au"]
+  spec.description   = %q{A tiny library for calculation and verification of HMAC signatures bound to a particular time.}
+  spec.summary       = spec.description
+  spec.homepage      = ""
+  spec.license       = "Apache 2.0"
+
+  spec.required_ruby_version = '>= 1.9.2'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: time_sensitive_hmac
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Rob Howard
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-04-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A tiny library for calculation and verification of HMAC signatures bound
+  to a particular time.
+email:
+- rob@robhoward.id.au
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/time_sensitive_hmac.rb
+- lib/time_sensitive_hmac/signature.rb
+- lib/time_sensitive_hmac/version.rb
+- spec/spec_helper.rb
+- spec/time_sensitive_hmac_spec.rb
+- time_sensitive_hmac.gemspec
+homepage: ''
+licenses:
+- Apache 2.0
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 433686917233539613
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: A tiny library for calculation and verification of HMAC signatures bound
+  to a particular time.
+test_files:
+- spec/spec_helper.rb
+- spec/time_sensitive_hmac_spec.rb