web_package 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3480112115fbe00503b06c0f2348ce71540476a2
-  data.tar.gz: 302a745b6299ed41ce24477ea0e97e2028f36f1c
+  metadata.gz: 39e5ffddf3e4348860d6c29e6aec54631d247c7a
+  data.tar.gz: c1b44063c3c6861c20875709cee60e0f2fa63277
 SHA512:
-  metadata.gz: f246d62cead117fbd4e8f8da7ccba8efaa29ee22baeebf1d7aadcbf73fe26131d58640876810ee1c6676591538c07a23f8d2894daba08348b01ef9c10293efcc
-  data.tar.gz: 1e5f467edfb293b83b166bc1ce03d2bda57db2af45fdfd9d98ddcecff65aafb21edd879e38ef43999a5a9b81b0e8ae3959fbbc32eb8bfa7086cec5b0380b164f
+  metadata.gz: b962ea793e579733474c15fe721f8043c9ecd369bc66c99eace2b7a46ac65fd31088812a366a0cd71bdca31c2a33bb52e905555907aca5f58c615d9451778b22
+  data.tar.gz: 0f437161ae65822e028d1d9177f096007de4935dc236b0cdd56096dbf4f268e3fef68d89117e78b993541ff04f2c8b2fc34dfecce10e150f53943de61db036a6

data/.rubocop.yml

@@ -35,11 +35,17 @@ Naming/UncommunicativeMethodParamName:
   AllowedNames:
     - s
 
+Style/ClassVars:
+  Enabled: false
+
 Style/CharacterLiteral:
   Enabled: false
 
 Style/FrozenStringLiteralComment:
   Enabled: false
 
+Style/MultilineBlockChain:
+  Enabled: false
+
 Style/RedundantReturn:
   Enabled: false

data/README.md

@@ -1,7 +1,6 @@
-# web_package
+# Web Package
 Ruby implementation of Signed HTTP Exchange format, allowing a browser to trust that a HTTP request-response pair was generated by the origin it claims.
 
-
 ## Ever thought of saving the Internet on a flash?
 
 Easily-peasily.
@@ -12,27 +11,79 @@ For that we need a certificate with a special "CanSignHttpExchanges" extension,
 
 Also we need an `https` cdn serving static certificate in `application/cert-chain+cbor` format. We can use `gen-certurl` tool from [here](https://github.com/WICG/webpackage/tree/master/go/signedexchange#creating-our-first-signed-exchange) to convert PEM certificate into this format, so we could than serve it from a cdn.
 
-### Required environment variables
-Having done the above-said we are now ready to assign required env vars:
+### Configuration
+
+Several parameters can be modified via `WebPackage::Settings` to configure **WebPackage** behavior.
+E.g.
+```ruby
+# variables can be set all at once:
+WebPackage::Settings.merge! expires_in: ->(uri) { uri.path.start_with?('/news') ? 7.days : 1.day },
+                            url_filter: ->(uri) { uri.host.start_with?('amp') },
+                            sub_extension: '.html'
+# or individually via dot-methods:
+WebPackage::Settings.cert_url = 'https://my.cdn.com/cert.cbor'
+```
+
+#### headers
+A `Hash`, representing html headers of SXG (outer) response.
+
+By default three headers are set: `Content-Type`, `Cache-Control`, `X-Content-Type-Options`.
+
+#### expires_in
+An `Integer` or a `Proc` evaluating to an `Integer` or an object responding to `to_i`. It sets the lifetime of signed exchange, in seconds.
+
+Default value is 7 days (604800 seconds), which is the maximum allowed by the standard. Please mind it when supplying your `Proc`.
+
+#### sub_extension
+A `String` or `nil`, representing an extension to use for proxying `.sxg` requests.
+
+Default value is `nil`, which means that `.sxg` extension is just removed from the path for the rest of Rack middlewares.
+
+#### url_filter
+A `Proc`, accepting a single argument of original URI and returning boolean value. The filter determines for which paths `.sxg` formatted routes should be added.
+
+Default value is `->(uri) { true }`, which means that all known paths are permitted and hence can be processed in SXG format using `.sxg` extension.
+
+#### cert_url, cert_path, priv_path
+
+All three are `String`, pointing to a certificate with which all pages are to be signed:
+  - `cert_url` is the url of a certificate in `application/cert-chain+cbor` format
+  - `cert_path` and `priv_path` are two paths pointing at `pem` file and private key file respectively.
+
+These are the only parameters which do not have default values. An exception is raised if they are not set beforehand. Please refer below to the section of _Required variables_ on the ways to set them.
+
+### Required variables
+
+For smooth running **WebPackage** requires three variables to be set. It can be done either via environment or with the use of `WebPackage::Settings` object:
 ```bash
 export SXG_CERT_URL='https://my.cdn.com/cert.cbor' \
-       SXG_CERT_PATH='/local/path/to/cert.pem' \
-       SXG_PRIV_PATH='/local/path/to/priv.key'
+       SXG_CERT_PATH='/path/to/cert.pem' \
+       SXG_PRIV_PATH='/path/to/priv.key'
+```
+or
+```ruby
+# app/initializers/web_package_init.rb
+
+# variables can be set all at once:
+WebPackage::Settings.merge! cert_url: 'https://my.cdn.com/cert.cbor',
+                            cert_path: '/path/to/cert.pem',
+                            priv_path: '/path/to/priv.key'
+# or individually:
+WebPackage::Settings.cert_url = 'https://my.cdn.com/cert.cbor'
 ```
-Please note, that the variables are fetched during class initialization. And failing to provide valid paths will result in an exception.
 
 ### Use it as a middleware
 
 `WebPackage::Middleware` can handle `.sxg`-format requests by wrapping the respective HTML contents into signed exchange response. For example the route `https://my.app.com/abc.sxg` will respond with signed contents for `https://my.app.com/abc`.
 
-If you already have a Rack-based application (like Rails or Sinatra), than it is easy incorporate an SXG proxy into its middleware stack.
+If you already have a Rack-based application (like Rails or Sinatra), than it is easy to incorporate an SXG proxy into its middleware stack.
 
 #### Rails
 Add the gem to your `Gemfile`:
 ```ruby
 gem 'web_package'
 ```
-And then add the middleware:
+And then plug the middleware in:
 ```ruby
 # config/application.rb
 config.middleware.insert 0, 'WebPackage::Middleware'
@@ -108,4 +159,4 @@ Note, that the browser might spit a warning `You are using unsupported command-l
 
 ## License
 
-Web package is released under the [MIT License](../master/LICENSE).
+Web Package is released under the [MIT License](../master/LICENSE).

data/lib/web_package/cbor.rb

@@ -31,7 +31,11 @@ module WebPackage
         bytes = hsh_size(input)
         bytes[0] |= major_type(5)
 
-        input.keys.sort_by(&:bytesize).each do |key|
+        # The sorting rules are:
+        #   * If two keys have different lengths, the shorter one sorts earlier;
+        #   * If two keys have the same length, the one with the lower value
+        #     in (byte-wise) lexical order sorts earlier.
+        input.keys.sort_by { |key| [key.bytesize, *key.bytes] }.each do |key|
           bytes.concat generate_bytes(key)
           bytes.concat generate_bytes(input[key])
         end

data/lib/web_package/configuration_hash.rb

@@ -0,0 +1,18 @@
+module WebPackage
+  # A Hash class with configurable dot-methods (accessors).
+  class ConfigurationHash < Hash
+    def initialize(accessor_names, &block)
+      self.accessors = [*accessor_names]
+      super(&block)
+    end
+
+    def accessors=(method_names)
+      self.class.class_eval do
+        method_names.map(&:to_sym).each do |method_name|
+          define_method(method_name) { self[method_name] }
+          define_method("#{method_name}=") { |value| self[method_name] = value }
+        end
+      end
+    end
+  end
+end

data/lib/web_package/inner_response.rb

@@ -1,17 +1,42 @@
 module WebPackage
   # This class is a convenience to represent an original response, later to be signed and packed.
   class InnerResponse
+    include Helpers
+
     attr_reader :status, :headers, :body, :payload
 
     def initialize(status, headers, body)
       @status  = status
-      @headers = headers
+      @headers = prepare_headers(headers)
       @body    = body
       @payload = unrack_body
     end
 
     private
 
+    def prepare_headers(headers)
+      # The CBOR representation of a set of response metadata and headers is
+      # the CBOR ([RFC7049]) map with the following mappings:
+      #   - The byte string ':status' to the byte string containing the
+      #     response's 3-digit status code, and
+      #   - For each response header field, the header field's lowercase name
+      #     as a byte string to the header field's value as a byte string.
+      headers.dup.tap do |hsh|
+        # only lowercase keys allowed
+        hsh.keys.each { |key| hsh[key.to_s.downcase] = hsh.delete(key) }
+
+        # TODO: find out why we need (or do not need) Link header for the purpose of
+        #       serving Signed Http Exchange
+        hsh.merge! ':status'                => bin(@status),
+                   'content-encoding'       => 'mi-sha256-03',
+                   'x-content-type-options' => 'nosniff'
+
+        # inner cache directive is deleted because
+        # exchange's response must be cacheable by a shared cache
+        hsh.delete 'cache-control'
+      end
+    end
+
     def unrack_body
       payload = nil
 

data/lib/web_package/mice.rb

@@ -6,41 +6,8 @@ module WebPackage
 
     CHUNK_SIZE = 2**14 # bytes
 
-    attr_reader :headers, :body
-
-    def initialize(headers, body)
-      @body    = body.dup
-      @headers = headers.dup.tap do |hsh|
-        # only lowercase keys allowed
-        hsh.keys.each { |key| hsh[key.to_s.downcase] = hsh.delete(key) }
-      end
-
-      @encoded = false
-    end
-
-    def encode!
-      return if encoded?
-
-      @root_digest, @body = interlace_body_with_digests
-      @headers.merge! 'content-encoding'       => 'mi-sha256-03',
-                      'digest'                 => "mi-sha256-03=#{base64(@root_digest)}",
-                      'x-content-type-options' => 'nosniff'
-      # TODO: find out why we need (or do not need) Link header for the purpose of
-      #       serving Signed Http Exchange
-      #       linkHeader, err := formatLinkHeader(metadata.Preloads)
-      #       fetchResp.Header.Set("Link", linkHeader)
-
-      @encoded = true
-    end
-
-    def encoded?
-      @encoded
-    end
-
-    private
-
-    def interlace_body_with_digests
-      num_parts = @body.bytesize.fdiv(CHUNK_SIZE).ceil
+    def encode(text)
+      num_parts = text.bytesize.fdiv(CHUNK_SIZE).ceil
 
       chunks = []
       proofs = []
@@ -49,7 +16,7 @@ module WebPackage
         delimeter = i.zero? && "\x00" || "\x01"
         ri = num_parts - i - 1
 
-        chunks << force_bin(@body.byteslice(ri * CHUNK_SIZE, CHUNK_SIZE))
+        chunks << force_bin(text.byteslice(ri * CHUNK_SIZE, CHUNK_SIZE))
         proofs << digest("#{chunks.last}#{proofs.last}#{delimeter}")
       end
 

data/lib/web_package/middleware.rb

@@ -9,7 +9,13 @@ module WebPackage
     end
 
     def call(env)
-      env[SXG_FLAG] = true if sxg_delete!(env['PATH_INFO'])
+      Settings.url_filter[uri(env)] ? process(env) : @app.call(env)
+    end
+
+    private
+
+    def process(env)
+      env[SXG_FLAG] = true if substitute_sxg_extension!(env['PATH_INFO'])
 
       response = @app.call(env)
       return response unless response[0] == 200 && env[SXG_FLAG]
@@ -18,22 +24,20 @@ module WebPackage
       response[2].close if response[2].respond_to? :close
 
       # substituting the original response with SXG
-      SignedHttpExchange.new(url(env), response).to_rack_response
+      SignedHttpExchange.new(uri(env), response).to_rack_response
     end
 
-    private
-
-    def sxg_delete!(path)
+    def substitute_sxg_extension!(path)
       return unless path.is_a?(String) && (i = path.rindex(SXG_EXT))
 
       # check that extension is either the last char or followed by a slash
       ch = path[i + SXG_EXT.size]
       return if ch && ch != ?/
 
-      path.slice! i, SXG_EXT.size
+      path[i, SXG_EXT.size] = Settings.sub_extension.to_s
     end
 
-    def url(env)
+    def uri(env)
       URI("https://#{env['HTTP_HOST'] || env['SERVER_NAME']}").tap do |u|
         path  = env['PATH_INFO']
         port  = env['SERVER_PORT']
@@ -42,7 +46,7 @@ module WebPackage
         u.path  = path
         u.port  = port if !u.port && port != '80'
         u.query = query if query && !query.empty?
-      end.to_s
+      end
     end
   end
 end

data/lib/web_package/settings.rb

@@ -0,0 +1,17 @@
+module WebPackage
+  OPTIONS = %i[headers expires_in sub_extension url_filter cert_url cert_path priv_path].freeze
+  ENV_KEYS = Set.new(%w[SXG_CERT_URL SXG_CERT_PATH SXG_PRIV_PATH]).freeze
+  DEFAULTS = {
+    headers: { 'Content-Type'           => 'application/signed-exchange;v=b3',
+               'Cache-Control'          => 'no-transform',
+               'X-Content-Type-Options' => 'nosniff' },
+    expires_in:    60 * 60 * 24 * 7, # 7.days
+    sub_extension: nil, # proxy as default format (html)
+    url_filter: ->(_uri) { true } # all paths are permitted
+  }.freeze
+
+  Settings = ConfigurationHash.new(OPTIONS) do |config, key|
+    env_key = "SXG_#{key.upcase}"
+    config[key] = ENV.fetch env_key if ENV_KEYS.include? env_key
+  end.tap { |config| config.merge! DEFAULTS }
+end

data/lib/web_package/signed_http_exchange.rb

@@ -8,17 +8,10 @@ module WebPackage
   # Current implementation is lazy, meaning that signing is performed upon the
   # invocation of the `body` method.
   class SignedHttpExchange
+    include Helpers
+
     SIGNATURE_MAX_SIZE = 2**14
     HEADERS_MAX_SIZE   = 2**19
-    SXG_HEADERS = {
-      'Content-Type'           => 'application/signed-exchange;v=b3',
-      'Cache-Control'          => 'no-transform',
-      'X-Content-Type-Options' => 'nosniff'
-    }.freeze
-    CERT_URL  = ENV.fetch 'SXG_CERT_URL'
-    CERT_PATH = ENV.fetch 'SXG_CERT_PATH'
-    PRIV_PATH = ENV.fetch 'SXG_PRIV_PATH'
-    INTEGRITY = 'digest/mi-sha256-03'.freeze
 
     # Mock request-response pair just in case:
     MOCK_URL  = 'https://example.com/wow-fake-path'.freeze
@@ -28,38 +21,38 @@ module WebPackage
     #   url      - request url (string)
     #   response - an array, equivalent to Rack's one: [status_code, headers, body]
     def initialize(url = MOCK_URL, response = MOCK_RESP)
-      @uri = build_uri_from url
-      @url = @uri.to_s
-      @inner = InnerResponse.new(*response)
+      @uri    = build_uri_from url
+      @url    = @uri.to_s
+      @inner  = InnerResponse.new(*response)
+      @signer = Signer.take
 
-      @cbor = CBOR.new
-      @mice = MICE.new(@inner.headers, @inner.payload).tap(&:encode!)
-      @signer = Signer.new CERT_PATH, PRIV_PATH
+      @digest, @payload_body = MICE.new.encode @inner.payload
+      @inner.headers.merge! 'digest' => "mi-sha256-03=#{base64(@digest)}"
     end
 
     def headers
-      SXG_HEADERS
+      Settings.headers
     end
 
     # https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-05#section-5.3
     def body
       return @body if @body
-      @body = ''
+      buffer = ''
 
       # 1. 8 bytes consisting of the ASCII characters "sxg1" followed by 4
       #    0x00 bytes, to serve as a file signature.  This is redundant with
       #    the MIME type, and recipients that receive both MUST check that
       #    they match and stop parsing if they don't.
       # TODO: The implementation of the final RFC MUST use the following line:
-      # @body << "sxg1\x00\x00\x00\x00"
-      @body << "sxg1-b3\x00"
+      # buffer << "sxg1\x00\x00\x00\x00"
+      buffer << "sxg1-b3\x00"
 
       # 2.  2 bytes storing a big-endian integer "fallbackUrlLength".
-      @body << [@url.bytesize].pack('S>')
+      buffer << [@url.bytesize].pack('S>')
 
       # 3.  "fallbackUrlLength" bytes holding a "fallbackUrl", which MUST be
       #     an absolute URL with a scheme of "https".
-      @body << @url
+      buffer << @url
 
       # 4.  3 bytes storing a big-endian integer "sigLength".  If this is
       #     larger than 16384 (16*1024), parsing MUST fail.
@@ -67,26 +60,26 @@ module WebPackage
         raise Errors::BodyEncodingError, 'Structured Signature Header length is too large: '\
               "#{signature.bytesize} bytes, max: #{SIGNATURE_MAX_SIZE} bytes."
       end
-      @body << [signature.bytesize].pack('L>').byteslice(-3, 3)
+      buffer << [signature.bytesize].pack('L>').byteslice(-3, 3)
 
       # 5.  3 bytes storing a big-endian integer "headerLength".  If this is
       #     larger than 524288 (512*1024), parsing MUST fail.
-      if encoded_mice_headers.bytesize > HEADERS_MAX_SIZE
+      if cbor_encoded_headers.bytesize > HEADERS_MAX_SIZE
         raise Errors::BodyEncodingError, 'Response Headers length is too large: '\
-              "#{encoded_mice_headers.bytesize} bytes, max: #{HEADERS_MAX_SIZE} bytes."
+              "#{cbor_encoded_headers.bytesize} bytes, max: #{HEADERS_MAX_SIZE} bytes."
       end
-      @body << [encoded_mice_headers.bytesize].pack('L>').byteslice(-3, 3)
+      buffer << [cbor_encoded_headers.bytesize].pack('L>').byteslice(-3, 3)
 
       # 6.  "sigLength" bytes holding the "Signature" header field's value
       #     (Section 3.1).
-      @body << signature
+      buffer << signature
 
       # 7.  "headerLength" bytes holding "signedHeaders", the canonical
       #     serialization (Section 3.4) of the CBOR representation of the
       #     response headers of the exchange represented by the "application/
       #     signed-exchange" resource (Section 3.2), excluding the
       #     "Signature" header field.
-      @body << encoded_mice_headers
+      buffer << cbor_encoded_headers
 
       # 8.  The payload body (Section 3.3 of [RFC7230]) of the exchange
       #     represented by the "application/signed-exchange" resource.
@@ -95,7 +88,9 @@ module WebPackage
       #     exchange" header block has no effect.  A "Transfer-Encoding"
       #     header field on the outer HTTP response that transfers this
       #     resource still has its normal effect.
-      @body << @mice.body
+      buffer << @payload_body
+
+      @body = buffer
     end
 
     def to_rack_response
@@ -106,7 +101,7 @@ module WebPackage
 
     def message
       return @message if @message
-      @message = ''
+      buffer = ''
 
       # Help in debugging "VerifyFinal failed." error, source code:
       #   https://github.com/chromium/chromium/blob/8f0bd6c8be04f0dd556d42820f1eec0963dfe10b/
@@ -124,49 +119,50 @@ module WebPackage
       # certificate and an exchange-signing certificate.
 
       # 1.  A string that consists of octet 32 (0x20) repeated 64 times.
-      @message << "\x20" * 64
+      buffer << "\x20" * 64
 
       # 2.  A context string: the ASCII encoding of "HTTP Exchange 1".
       #     ... but implementations of drafts MUST NOT use it and MUST use another
       #     draft-specific string beginning with "HTTP Exchange 1 " instead.
       # TODO: The implementation of the final RFC MUST use the following line:
-      # @message << "HTTP Exchange 1"
-      @message << 'HTTP Exchange 1 b3'
+      # buffer << "HTTP Exchange 1"
+      buffer << 'HTTP Exchange 1 b3'
 
       # 3.  A single 0 byte which serves as a separator.
-      @message << "\x00"
+      buffer << "\x00"
 
       # 4.  If "cert-sha256" is set, a byte holding the value 32
       #     followed by the 32 bytes of the value of "cert-sha256".
       #     Otherwise a 0 byte.
-      @message << (@signer.cert_sha256 ? "\x20#{@signer.cert_sha256}" : "\x00")
+      buffer << (@signer.cert_sha256 ? "\x20#{@signer.cert_sha256}" : "\x00")
 
       # 5.  The 8-byte big-endian encoding of the length in bytes of
       #     "validity-url", followed by the bytes of "validity-url".
-      @message << [validity_url.bytesize].pack('Q>')
-      @message << validity_url
+      buffer << [validity_url.bytesize].pack('Q>')
+      buffer << validity_url
 
       # 6.  The 8-byte big-endian encoding of "date".
-      @message << [@signer.signed_at.to_i].pack('Q>')
+      buffer << [signed_at.to_i].pack('Q>')
 
       # 7.  The 8-byte big-endian encoding of "expires".
-      @message << [@signer.expires_at.to_i].pack('Q>')
+      buffer << [expires_at.to_i].pack('Q>')
 
       # 8.  The 8-byte big-endian encoding of the length in bytes of
       #     "requestUrl", followed by the bytes of "requestUrl".
-      @message << [@url.bytesize].pack('Q>')
-      @message << @url
+      buffer << [@url.bytesize].pack('Q>')
+      buffer << @url
 
       # 9.  The 8-byte big-endian encoding of the length in bytes of
       #     "responseHeaders", followed by the bytes of
       #     "responseHeaders".
-      @message << [encoded_mice_headers.bytesize].pack('Q>')
-      @message << encoded_mice_headers
+      buffer << [cbor_encoded_headers.bytesize].pack('Q>')
+      buffer << cbor_encoded_headers
+
+      @message = buffer
     end
 
-    def encoded_mice_headers
-      @encoded_mice_headers ||=
-        @cbor.generate @mice.headers.merge(':status' => bin(@inner.status))
+    def cbor_encoded_headers
+      @cbor_encoded_headers ||= CBOR.new.generate @inner.headers
     end
 
     # returns a string representing serialized label + params
@@ -199,14 +195,35 @@ module WebPackage
       #   4tb9Q==*;validity-url="https://example.com/resource.validity.msg"
       @signature ||=
         structured_header_for 'label', 'cert-sha256':  @signer.cert_sha256.bytes,
-                                       'cert-url':     CERT_URL,
-                                       'date':         @signer.signed_at.to_i,
-                                       'expires':      @signer.expires_at.to_i,
-                                       'integrity':    INTEGRITY,
+                                       'cert-url':     Settings.cert_url,
+                                       'date':         signed_at.to_i,
+                                       'expires':      expires_at.to_i,
+                                       'integrity':    'digest/mi-sha256-03',
                                        'sig':          @signer.sign(message).bytes,
                                        'validity-url': validity_url
     end
 
+    def signed_at
+      @signed_at ||= Time.now
+    end
+
+    def expires_at
+      @expires_at ||= begin
+        lifetime = case Settings.expires_in
+                   when Integer then Settings.expires_in
+                   when Proc then Settings.expires_in[@uri].to_i
+                   else raise 'Settings.expires_in is allowed to be Integer or Proc only'
+                   end
+
+        # valid lifetime is within (0, 7.days] range
+        if lifetime <= 0 || lifetime > DEFAULTS[:expires_in]
+          raise "expires_in (#{lifetime}) is out of permitted range (0, #{DEFAULTS[:expires_in]}]"
+        end
+
+        signed_at + lifetime
+      end
+    end
+
     def build_uri_from(url)
       u = url.is_a?(URI) ? url : URI(url)
       raise '[SignedHttpExchange] Request host is required' if u.host.nil?
@@ -223,13 +240,5 @@ module WebPackage
         URI::HTTPS.build(host: @uri.host, path: no_format_path, query: @uri.query).to_s
       end
     end
-
-    def bin(s)
-      s.to_s.force_encoding Encoding::ASCII_8BIT
-    end
-
-    def base64(s)
-      Base64.strict_encode64 s
-    end
   end
 end

data/lib/web_package/signer.rb

@@ -1,17 +1,21 @@
 require 'openssl'
+require 'singleton'
 
 module WebPackage
   # Performs signing of a message with ECDSA.
   class Signer
+    include Singleton
     include Helpers
-    attr_reader :signed_at, :expires_at, :cert, :integrity, :cert_url
+
+    attr_reader :cert, :cert_url
+
+    def self.take
+      @@instance ||= new(Settings.cert_path, Settings.priv_path)
+    end
 
     def initialize(path_to_cert, path_to_key)
       @alg  = OpenSSL::PKey::EC.new(File.read(path_to_key))
       @cert = OpenSSL::X509::Certificate.new(File.read(path_to_cert))
-
-      @signed_at  = Time.now
-      @expires_at = @signed_at + 60 * 60 * 24 * 7
     end
 
     def sign(message)

data/lib/web_package/version.rb

@@ -1,3 +1,3 @@
 module WebPackage
-  VERSION = '0.1.0'.freeze
+  VERSION = '0.2.0'.freeze
 end

data/lib/web_package.rb

@@ -1,8 +1,11 @@
 require 'uri'
+require 'set'
 
 require 'web_package/errors/body_encoding_error'
 require 'web_package/version'
 require 'web_package/helpers'
+require 'web_package/configuration_hash'
+require 'web_package/settings'
 require 'web_package/mice'
 require 'web_package/cbor'
 require 'web_package/inner_response'

data/web_package.gemspec

@@ -18,6 +18,5 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '>=2.2.0'
 
-  s.add_development_dependency 'byebug'
   s.add_development_dependency 'rubocop', '~> 0.67'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: web_package
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Oleg Afanasyev
@@ -9,22 +9,8 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-12 00:00:00.000000000 Z
+date: 2019-05-16 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -53,11 +39,13 @@ files:
 - README.md
 - lib/web_package.rb
 - lib/web_package/cbor.rb
+- lib/web_package/configuration_hash.rb
 - lib/web_package/errors/body_encoding_error.rb
 - lib/web_package/helpers.rb
 - lib/web_package/inner_response.rb
 - lib/web_package/mice.rb
 - lib/web_package/middleware.rb
+- lib/web_package/settings.rb
 - lib/web_package/signed_http_exchange.rb
 - lib/web_package/signer.rb
 - lib/web_package/version.rb