web_package 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 21d491102ea52a0f47bd981ddf9d04e0be400e805b75340a58df13fc5a2304d0
+  data.tar.gz: 9763deee5944d7dc29d5f47ab490d1ea447d14e7d204f7fa3e68a69eb5ff92a3
+SHA512:
+  metadata.gz: 3b8864f0082ff7e8ccfcff2066c9cace5c877b8ef4e77f80ef9b6fc1be5f441a03436437f565eb430f169e2f673f42f2667dc19c47e3ae92d91d95a54b64ced4
+  data.tar.gz: aab6bf17a00c12d82ba3e509e75765e9d92344c11409c876e1aa7800fa3b400b25cc9f209f2678a21a5f6d7e01404d931448ca26d6e8a9930d76d88437e6a590

data/.gitignore

@@ -0,0 +1,50 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rubocop.yml

@@ -0,0 +1,42 @@
+Metrics/LineLength:
+  Max: 100
+  IgnoreCopDirectives: true
+
+Naming/UncommunicativeMethodParamName:
+  AllowedNames:
+    - s
+
+Style/CharacterLiteral:
+  Enabled: false
+
+Metrics/MethodLength:
+  Exclude:
+    - lib/web_package/cbor.rb
+    - lib/web_package/mice.rb
+    - lib/web_package/signed_http_exchange.rb
+
+Metrics/AbcSize:
+  Max: 20
+  Exclude:
+    - lib/web_package/cbor.rb
+    - lib/web_package/mice.rb
+    - lib/web_package/signed_http_exchange.rb
+
+Layout/EmptyLineAfterGuardClause:
+  Exclude:
+    - lib/web_package/signed_http_exchange.rb
+
+Metrics/ClassLength:
+  Exclude:
+    - lib/web_package/signed_http_exchange.rb
+
+Style/RedundantReturn:
+  Enabled: false
+
+Layout/SpaceInsideRangeLiteral:
+  Exclude:
+    - lib/web_package/cbor.rb
+
+Layout/ExtraSpacing:
+  Exclude:
+    - lib/web_package/cbor.rb

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Oleg Afanasyev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,2 @@
+# web_package
+Ruby implementation of Signed HTTP Exchange format, allowing a browser to trust that a HTTP request-response pair was generated by the origin it claims.

data/lib/web_package/cbor.rb

@@ -0,0 +1,89 @@
+module WebPackage
+  # Concise Binary Object Representation
+  # https://tools.ietf.org/html/rfc7049
+  class CBOR
+    include Helpers
+
+    # Major type 0: an unsigned integer.
+    # Major type 1: a negative integer.
+    # Major type 2: a byte string.
+    # Major type 3: a text string, Unicode characters that is encoded as UTF-8 [RFC3629].
+    # Major type 4: an array of data items.
+    # Major type 5: a map of pairs of data items.
+    # Major type 6: optional semantic tagging of other major types.
+    # Major type 7: floating-point numbers and simple data types that need no content.
+    MAJOR_TYPES_RANGE = 0..7
+
+    def generate(input)
+      generate_bytes(input).pack('C*')
+    end
+
+    private
+
+    # https://tools.ietf.org/html/rfc7049#section-2.1
+    def generate_bytes(input)
+      case input
+      when Hash
+        input = input.transform_keys { |key| bin(key) }
+
+        bytes = hsh_size(input)
+        bytes[0] |= major_type(5)
+
+        input.keys.sort_by(&:bytesize).each do |key|
+          bytes.concat generate_bytes(key)
+          bytes.concat generate_bytes(input[key])
+        end
+      when String, Symbol
+        input = input.to_s
+        bytes = str_size(input)
+        # rubocop: disable Style/IdenticalConditionalBranches
+        # TODO: Use major_type(3) for non-binary strings.
+        #       Right now all strings are encoded as byte strings because Chrome eats only such.
+        #       So, we need to either proove wrong, or submit an issue to chromium dev.
+        bytes[0] |= input.encoding == Encoding::BINARY ? major_type(2) : major_type(2)
+        # rubocop: enable Style/IdenticalConditionalBranches
+        bytes.concat input.bytes
+      when Integer
+        raise '[CBOR] Not implemented for negative integers' if input.negative?
+
+        bytes = int_size(input)
+        bytes[0] |= major_type(0) # a positive integer
+      else
+        raise "[CBOR] Not implemented for #{input.class} class"
+      end
+
+      bytes
+    end
+
+    def major_type(num)
+      unless MAJOR_TYPES_RANGE.include? num
+        raise "[CBOR] Cannot infer Major Type from int #{num}, which is outside of allowed range."
+      end
+
+      # the type takes up 3 most significant bits of first byte
+      num << 5
+    end
+
+    def hsh_size(hsh)
+      size = hsh.size
+      raise '[CBOR] Not implemented for the hash of size more than 23 pairs' unless size < 24
+
+      [size]
+    end
+
+    def str_size(s)
+      int_size s.bytesize
+    end
+
+    def int_size(num)
+      case num
+      when     0...   24 then [num]
+      when    24... 2**8 then [24, *[num].pack('C').bytes]
+      when  2**8...2**16 then [25, *[num].pack('S>').bytes]
+      when 2**16...2**32 then [26, *[num].pack('L>').bytes]
+      when 2**32...2**64 then [27, *[num].pack('Q>').bytes]
+      else raise '[CBOR] Not implemented for integers greater than (2**64 - 1) bits'
+      end
+    end
+  end
+end

data/lib/web_package/errors/body_encoding_error.rb

@@ -0,0 +1,5 @@
+module WebPackage
+  module Errors
+    class BodyEncodingError < StandardError; end
+  end
+end

data/lib/web_package/helpers.rb

@@ -0,0 +1,22 @@
+module WebPackage
+  # Helper methods used in the library.
+  module Helpers
+    private
+
+    def bin(s)
+      force_bin(s.is_a?(String) ? s.dup : s.to_s)
+    end
+
+    def force_bin(s)
+      s.force_encoding Encoding::ASCII_8BIT
+    end
+
+    def digest(s)
+      Digest::SHA256.digest s
+    end
+
+    def base64(s)
+      Base64.strict_encode64 s
+    end
+  end
+end

data/lib/web_package/mice.rb

@@ -0,0 +1,58 @@
+module WebPackage
+  # Merkle Integrity Content Encoding
+  # https://tools.ietf.org/id/draft-thomson-http-mice-03.html
+  class MICE
+    include Helpers
+
+    CHUNK_SIZE = 2**14 # bytes
+
+    attr_reader :headers, :body
+
+    def initialize(headers, body)
+      @body    = body.dup
+      @headers = headers.transform_keys { |key| key.to_s.downcase } # only lowercase keys allowed
+
+      @encoded = false
+    end
+
+    def encode!
+      return if encoded?
+
+      @root_digest, @body = interlace_body_with_digests
+      @headers.merge! 'content-encoding'       => 'mi-sha256-03',
+                      'digest'                 => "mi-sha256-03=#{base64(@root_digest)}",
+                      'x-content-type-options' => 'nosniff'
+      # TODO: find out why we need (or do not need) Link header for the purpose of
+      #       serving Signed Http Exchange
+      #       linkHeader, err := formatLinkHeader(metadata.Preloads)
+      #       fetchResp.Header.Set("Link", linkHeader)
+
+      @encoded = true
+    end
+
+    def encoded?
+      @encoded
+    end
+
+    private
+
+    def interlace_body_with_digests
+      num_parts = @body.bytesize.fdiv(CHUNK_SIZE).ceil
+
+      chunks = []
+      proofs = []
+
+      num_parts.times do |i|
+        delimeter = i.zero? && "\x00" || "\x01"
+        ri = num_parts - i - 1
+
+        chunks << force_bin(@body.byteslice(ri * CHUNK_SIZE, CHUNK_SIZE))
+        proofs << digest("#{chunks.last}#{proofs.last}#{delimeter}")
+      end
+
+      chunks << [CHUNK_SIZE].pack('Q>')
+
+      return proofs.pop, chunks.zip(proofs).flatten.reverse!.join
+    end
+  end
+end

data/lib/web_package/signed_http_exchange.rb

@@ -0,0 +1,238 @@
+# encoding: ASCII-8BIT
+
+module WebPackage
+  # Builds headers and body of SXG format for a given pair of HTTP request-response.
+  # SXG format allows a browser to trust that a single HTTP request/response pair was
+  # generated by the origin it claims.
+  #
+  # Accetps two arguments: response url and response object (with body, headers and status).
+  # Provides two public methods to build HTTP response in SXG format: headers and body.
+  # Current implementation is lazy, meaning that signing is performed upon the
+  # invocation of the `body` method.
+  class SignedHttpExchange
+    SIGNATURE_MAX_SIZE = 2**14
+    HEADERS_MAX_SIZE   = 2**19
+    SXG_HEADERS = {
+      'Content-Type'           => 'application/signed-exchange;v=b3',
+      'Cache-Control'          => 'no-transform',
+      'X-Content-Type-Options' => 'nosniff'
+    }.freeze
+    CERT_URL  = ENV['SXG_CERT_URL']
+    CERT_PATH = ENV['SXG_CERT_PATH']
+    PRIV_PATH = ENV['SXG_PRIV_PATH']
+    INTEGRITY = 'digest/mi-sha256-03'.freeze
+
+    # Mock request-response pair just in case:
+    MOCK_URL  = 'https://example.com/wow-fake-path'.freeze
+    Response  = Struct.new :body, :headers, :status
+    MOCK_RESP = Response['<h1>Hello!</h1>', { 'Content-Type' => 'text/html; charset=utf-8' }, 200]
+
+    attr_reader :url, :response, :mice
+
+    # accepts two args representing a request-response pair to be packed into SXG format
+    def initialize(url = MOCK_URL, response = MOCK_RESP)
+      @uri = build_uri_from url
+      @response = response
+
+      @cbor = CBOR.new
+      @mice = MICE.new(@response.headers, @response.body).tap(&:encode!)
+      @signer = Signer.new CERT_PATH, PRIV_PATH
+    end
+
+    def headers
+      SXG_HEADERS
+    end
+
+    # https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-05#section-5.3
+    def body
+      return @body if @body
+      @body = ''
+
+      # 1. 8 bytes consisting of the ASCII characters "sxg1" followed by 4
+      #    0x00 bytes, to serve as a file signature.  This is redundant with
+      #    the MIME type, and recipients that receive both MUST check that
+      #    they match and stop parsing if they don't.
+      # TODO: The implementation of the final RFC MUST use the following line:
+      # @body << "sxg1\x00\x00\x00\x00"
+      @body << "sxg1-b3\x00"
+
+      # 2.  2 bytes storing a big-endian integer "fallbackUrlLength".
+      @body << [fallback_url.bytesize].pack('S>')
+
+      # 3.  "fallbackUrlLength" bytes holding a "fallbackUrl", which MUST be
+      #     an absolute URL with a scheme of "https".
+      @body << fallback_url
+
+      # 4.  3 bytes storing a big-endian integer "sigLength".  If this is
+      #     larger than 16384 (16*1024), parsing MUST fail.
+      if signature.bytesize > SIGNATURE_MAX_SIZE
+        raise Errors::BodyEncodingError, 'Structured Signature Header length is too large: '\
+              "#{signature.bytesize} bytes, max: #{SIGNATURE_MAX_SIZE} bytes."
+      end
+      @body << [signature.bytesize].pack('L>').byteslice(-3, 3)
+
+      # 5.  3 bytes storing a big-endian integer "headerLength".  If this is
+      #     larger than 524288 (512*1024), parsing MUST fail.
+      if encoded_mice_headers.bytesize > HEADERS_MAX_SIZE
+        raise Errors::BodyEncodingError, 'Response Headers length is too large: '\
+              "#{encoded_mice_headers.bytesize} bytes, max: #{HEADERS_MAX_SIZE} bytes."
+      end
+      @body << [encoded_mice_headers.bytesize].pack('L>').byteslice(-3, 3)
+
+      # 6.  "sigLength" bytes holding the "Signature" header field's value
+      #     (Section 3.1).
+      @body << signature
+
+      # 7.  "headerLength" bytes holding "signedHeaders", the canonical
+      #     serialization (Section 3.4) of the CBOR representation of the
+      #     response headers of the exchange represented by the "application/
+      #     signed-exchange" resource (Section 3.2), excluding the
+      #     "Signature" header field.
+      @body << encoded_mice_headers
+
+      # 8.  The payload body (Section 3.3 of [RFC7230]) of the exchange
+      #     represented by the "application/signed-exchange" resource.
+      #     Note that the use of the payload body here means that a
+      #     "Transfer-Encoding" header field inside the "application/signed-
+      #     exchange" header block has no effect.  A "Transfer-Encoding"
+      #     header field on the outer HTTP response that transfers this
+      #     resource still has its normal effect.
+      @body << @mice.body
+    end
+
+    private
+
+    def message
+      return @message if @message
+      @message = ''
+
+      # Help in debugging "VerifyFinal failed." error, source code:
+      #   https://github.com/chromium/chromium/blob/8f0bd6c8be04f0dd556d42820f1eec0963dfe10b/
+      #   content/browser/web_package/signed_exchange_signature_verifier.cc#L120
+      # It may look as if something is wrong with the certificate or signing algorithm, but in fact
+      # the error is caused by the message being composed incorrectly.
+      # So, if you get such an error - please check the `message` first.
+
+      # From specs:
+      # https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses-05#section-3.5
+      #
+      # Let "message" be the concatenation of the following byte
+      # strings.  This matches the [RFC8446] format to avoid cross-
+      # protocol attacks if anyone uses the same key in a TLS
+      # certificate and an exchange-signing certificate.
+
+      # 1.  A string that consists of octet 32 (0x20) repeated 64 times.
+      @message << "\x20" * 64
+
+      # 2.  A context string: the ASCII encoding of "HTTP Exchange 1".
+      #     ... but implementations of drafts MUST NOT use it and MUST use another
+      #     draft-specific string beginning with "HTTP Exchange 1 " instead.
+      # TODO: The implementation of the final RFC MUST use the following line:
+      # @message << "HTTP Exchange 1"
+      @message << 'HTTP Exchange 1 b3'
+
+      # 3.  A single 0 byte which serves as a separator.
+      @message << "\x00"
+
+      # 4.  If "cert-sha256" is set, a byte holding the value 32
+      #     followed by the 32 bytes of the value of "cert-sha256".
+      #     Otherwise a 0 byte.
+      @message << (@signer.cert_sha256 ? "\x20#{@signer.cert_sha256}" : "\x00")
+
+      # 5.  The 8-byte big-endian encoding of the length in bytes of
+      #     "validity-url", followed by the bytes of "validity-url".
+      @message << [validity_url.bytesize].pack('Q>')
+      @message << validity_url
+
+      # 6.  The 8-byte big-endian encoding of "date".
+      @message << [@signer.signed_at.to_i].pack('Q>')
+
+      # 7.  The 8-byte big-endian encoding of "expires".
+      @message << [@signer.expires_at.to_i].pack('Q>')
+
+      # 8.  The 8-byte big-endian encoding of the length in bytes of
+      #     "requestUrl", followed by the bytes of "requestUrl".
+      @message << [url.bytesize].pack('Q>')
+      @message << url
+
+      # 9.  The 8-byte big-endian encoding of the length in bytes of
+      #     "responseHeaders", followed by the bytes of
+      #     "responseHeaders".
+      @message << [encoded_mice_headers.bytesize].pack('Q>')
+      @message << encoded_mice_headers
+    end
+
+    def encoded_mice_headers
+      @encoded_mice_headers ||=
+        @cbor.generate @mice.headers.merge(':status' => bin(response.status))
+    end
+
+    # returns a string representing serialized label + params
+    def structured_header_for(label, params)
+      if params['cert-url'].blank?
+        raise '[SignedHttpExchange] No certificate url provided - please use `SXG_CERT_URL` '\
+              'env var. Endpoint should respond with `application/cert-chain+cbor` content type.'
+      end
+
+      res = [label]
+
+      params.sort.each do |key, value|
+        # https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-09#section-4.1.10
+        res << "#{key}=" + case value
+                           when Integer then value.to_s
+                           when String  then %("#{value}")                   # a text string
+                           when Array   then "*#{base64(value.pack('C*'))}*" # a byte string
+                           end
+      end
+
+      res.join(?;)
+    end
+
+    # https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-09
+    def signature
+      # Example of a signature:
+      #   label;cert-sha256=*+DoXYlCX+bFRyW65R3bFA2ICIz8Tyu54MLFUFo5tziA=*;cert-url="https://exampl
+      #   e.com/cert.cbor";date=1555925114;expires=1555928714;integrity="digest/mi-sha256-03";sig=*
+      #   MEQCIBgsnVxmRqzjeFczuXnQClf2bwtHdGeGGSMOz6y5EH7HAiAu1lt2ERsWIRcOmszB3XneSWoGKrMD7wvalVfPp
+      #   4tb9Q==*;validity-url="https://example.com/resource.validity.msg"
+      @signature ||=
+        structured_header_for 'label', 'cert-sha256':  @signer.cert_sha256.bytes,
+                                       'cert-url':     CERT_URL,
+                                       'date':         @signer.signed_at.to_i,
+                                       'expires':      @signer.expires_at.to_i,
+                                       'integrity':    INTEGRITY,
+                                       'sig':          @signer.sign(message).bytes,
+                                       'validity-url': validity_url
+    end
+
+    def build_uri_from(url)
+      u = url.is_a?(URI) ? url : URI(url)
+      raise "[SignedHttpExchange] Unsupported URI scheme: #{u.scheme}" unless u.is_a? URI::HTTPS
+      raise '[SignedHttpExchange] Request host is required' if u.host.blank?
+
+      u
+    end
+
+    def fallback_url
+      @fallback_url ||= @uri.to_s
+    end
+
+    def validity_url
+      @validity_url ||= begin
+        path = @uri.path
+        fi = path.index(?.)
+        no_format_path = fi ? path[0...fi] : path # path without format, i.e. default :html
+
+        URI::HTTPS.build(host: @uri.host, path: no_format_path).to_s
+      end
+    end
+
+    def bin(s)
+      s.to_s.force_encoding Encoding::ASCII_8BIT
+    end
+
+    def base64(s)
+      Base64.strict_encode64 s
+    end
+  end
+end

data/lib/web_package/signer.rb

@@ -0,0 +1,23 @@
+module WebPackage
+  # Performs signing of a message with ECDSA.
+  class Signer
+    include Helpers
+    attr_reader :signed_at, :expires_at, :cert, :integrity, :cert_url
+
+    def initialize(path_to_cert, path_to_key)
+      @alg      = OpenSSL::PKey::EC.new(File.read(path_to_key))
+      @cert     = OpenSSL::X509::Certificate.new(File.read(path_to_cert))
+
+      @signed_at  = Time.zone.now
+      @expires_at = @signed_at + 7.days
+    end
+
+    def sign(message)
+      @alg.dsa_sign_asn1 digest(message)
+    end
+
+    def cert_sha256
+      @cert_sha256 ||= digest(@cert.to_der)
+    end
+  end
+end

data/lib/web_package/version.rb

@@ -0,0 +1,3 @@
+module WebPackage
+  VERSION = '0.0.0'.freeze
+end

data/lib/web_package.rb

@@ -0,0 +1,8 @@
+require 'web_package/errors/body_format_error'
+require 'web_package/errors/certificate_url_format_error'
+require 'web_package/version'
+require 'web_package/helpers'
+require 'web_package/mice'
+require 'web_package/cbor'
+require 'web_package/signed_http_exchange'
+require 'web_package/signer'

data/web_package.gemspec

@@ -0,0 +1,22 @@
+require File.expand_path('lib/web_package/version', __dir__)
+require 'date'
+
+Gem::Specification.new do |s|
+  s.name        = 'web_package'
+  s.version     = WebPackage::VERSION
+  s.date        = Date.today.to_s
+  s.summary     = 'Packaging Websites with Ruby.'
+  s.description = 'Ruby implementation of Signed HTTP Exchange format, allowing a browser to '\
+                  'trust that a HTTP request-response pair was generated by the origin it claims.'
+  s.authors     = ['Oleg Afanasyev', 'Alexey Martynyuk']
+  s.email       = ['gafrom@gmail.com']
+  s.homepage    = 'https://github.com/gafrom/web_package'
+  s.license     = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  s.require_paths = ['lib']
+
+  s.required_ruby_version = '>=2.0.0'
+
+  s.add_development_dependency 'rubocop', '~> 0.67'
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification
+name: web_package
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Oleg Afanasyev
+- Alexey Martynyuk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-04-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.67'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.67'
+description: Ruby implementation of Signed HTTP Exchange format, allowing a browser
+  to trust that a HTTP request-response pair was generated by the origin it claims.
+email:
+- gafrom@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- LICENSE
+- README.md
+- lib/web_package.rb
+- lib/web_package/cbor.rb
+- lib/web_package/errors/body_encoding_error.rb
+- lib/web_package/helpers.rb
+- lib/web_package/mice.rb
+- lib/web_package/signed_http_exchange.rb
+- lib/web_package/signer.rb
+- lib/web_package/version.rb
+- web_package.gemspec
+homepage: https://github.com/gafrom/web_package
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Packaging Websites with Ruby.
+test_files: []