xignature 0.1.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2f3c4d3bc528bed083fb7d10d4388f2248418c52
+  data.tar.gz: 2701be3436302be927b01e75c5060dffc89dd8c8
+SHA512:
+  metadata.gz: 20ccf1339835ceae72f7272a1d4364fbd1ae4fd4e3a35872340186a55d77ae436cc3061ba2a28c97d944cbd53b4bf661aa7189b0a221193e45533314780628bc
+  data.tar.gz: d1ce0fa5de70ccfd768b4b85b5cd8a8475d2698fb1c4ac4454ce821fc8a796abe9028baf9923dcde4dbff200222ebc82e6feda9dbfdcda14b7c341a58f097547

data/.gitignore

@@ -0,0 +1,23 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC
+.rbx
+.rspec

data/.travis.yml

@@ -0,0 +1,19 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - 2.0.0
+  - 2.2.0
+  - jruby-18mode
+  - jruby-19mode
+  - rbx-18mode
+  - rbx-19mode
+matrix:
+  allow_failures:
+    - rvm: jruby-18mode
+    - rvm: jruby-19mode
+    - rvm: rbx-18mode
+    - rvm: rbx-19mode
+
+script: bundle exec rspec spec

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+
+0.1.8 / 2015-01-16
+==================
+
+  * SECURITY: Perform constant time string comparison when validating xignatures

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,33 @@
+PATH
+  remote: .
+  specs:
+    xignature (0.1.8)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    bacon (1.2.0)
+    diff-lcs (1.2.4)
+    em-spec (0.2.6)
+      bacon
+      eventmachine
+      rspec (> 2.6.0)
+      test-unit
+    eventmachine (1.0.7)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    test-unit (2.5.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  em-spec
+  rspec
+  xignature!

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Martyn Loughran
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+xignature - xignature renamed.
+=========
+
+[![Build Status](https://secure.travis-ci.org/xn/xignature.png?branch=master)](http://travis-ci.org/xn/xignature)
+
+Examples
+--------
+
+Client example
+
+```ruby
+params       = {:some => 'parameters'}
+token        = Xignature::Token.new('my_key', 'my_secret')
+request      = Xignature::Request.new('POST', '/api/thing', params)
+auth_hash    = request.sign(token)
+query_params = params.merge(auth_hash)
+
+HTTParty.post('http://myservice/api/thing', {
+  :body => query_params
+})
+```
+
+`query_params` looks like:
+
+```ruby
+{
+  :some           => "parameters",
+  :auth_timestamp => 1273231888,
+  :auth_xignature => "28b6bb0f242f71064916fad6ae463fe91f5adc302222dfc02c348ae1941eaf80",
+  :auth_version   => "1.0",
+  :auth_key       => "my_key"
+}
+
+```
+Server example (sinatra)
+
+```ruby
+error Xignature::AuthenticationError do |controller|
+  error = controller.env["sinatra.error"]
+  halt 401, "401 UNAUTHORIZED: #{error.message}\n"
+end
+
+post '/api/thing' do
+  request = Xignature::Request.new('POST', env["REQUEST_PATH"], params)
+  # This will raise a Xignature::AuthenticationError if request does not authenticate
+  token = request.authenticate do |key|
+    Xignature::Token.new(key, lookup_secret(key))
+  end
+
+  # Do whatever you need to do
+end
+```
+
+Developing
+----------
+
+    bundle
+    bundle exec rspec spec/*_spec.rb
+
+Please see the travis status for a list of rubies tested against
+
+Copyright
+---------
+
+Copyright (c) 2010 Martyn Loughran. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/lib/xignature.rb

@@ -0,0 +1,232 @@
+require 'openssl'
+
+require 'xignature/query_encoder'
+
+module Xignature
+  class AuthenticationError < RuntimeError; end
+
+  class Token
+    attr_reader :key, :secret
+
+    def initialize(key, secret)
+      @key, @secret = key, secret
+    end
+
+    def sign(request)
+      request.sign(self)
+    end
+  end
+
+  class Request
+    attr_accessor :path, :query_hash
+
+    include QueryEncoder
+
+    # http://www.w3.org/TR/NOTE-datetime
+    ISO8601 = "%Y-%m-%dT%H:%M:%SZ"
+
+    def initialize(method, path, query)
+      raise ArgumentError, "Expected string" unless path.kind_of?(String)
+      raise ArgumentError, "Expected hash" unless query.kind_of?(Hash)
+
+      query_hash = {}
+      auth_hash = {}
+      query.each do |key, v|
+        k = key.to_s.downcase
+        k[0..4] == 'auth_' ? auth_hash[k] = v : query_hash[k] = v
+      end
+
+      @method = method.upcase
+      @path, @query_hash, @auth_hash = path, query_hash, auth_hash
+      @signed = false
+    end
+
+    # Sign the request with the given token, and return the computed
+    # authentication parameters
+    #
+    def sign(token)
+      @auth_hash = {
+        :auth_version => "1.0",
+        :auth_key => token.key,
+        :auth_timestamp => Time.now.to_i.to_s
+      }
+      @auth_hash[:auth_signature] = signature(token)
+
+      @signed = true
+
+      return @auth_hash
+    end
+
+    # Authenticates the request with a token
+    #
+    # Raises an AuthenticationError if the request is invalid.
+    # AuthenticationError exception messages are designed to be exposed to API
+    # consumers, and should help them correct errors generating signatures
+    #
+    # Timestamp: Unless timestamp_grace is set to nil (which allows this check
+    # to be skipped), AuthenticationError will be raised if the timestamp is
+    # missing or further than timestamp_grace period away from the real time
+    # (defaults to 10 minutes)
+    #
+    # Xignature: Raises AuthenticationError if the signature does not match
+    # the computed HMAC. The error contains a hint for how to sign.
+    #
+    def authenticate_by_token!(token, timestamp_grace = 600)
+      # Validate that your code has provided a valid token. This does not
+      # raise an AuthenticationError since passing tokens with empty secret is
+      # a code error which should be fixed, not reported to the API's consumer
+      if token.secret.nil? || token.secret.empty?
+        raise "Provided token is missing secret"
+      end
+
+      validate_version!
+      validate_timestamp!(timestamp_grace)
+      validate_signature!(token)
+      true
+    end
+
+    # Authenticate the request with a token, but rather than raising an
+    # exception if the request is invalid, simply returns false
+    #
+    def authenticate_by_token(token, timestamp_grace = 600)
+      authenticate_by_token!(token, timestamp_grace)
+    rescue AuthenticationError
+      false
+    end
+
+    # Authenticate a request
+    #
+    # Takes a block which will be called with the auth_key from the request,
+    # and which should return a Xignature::Token (or nil if no token can be
+    # found for the key)
+    #
+    # Raises errors in the same way as authenticate_by_token!
+    #
+    def authenticate(timestamp_grace = 600)
+      raise ArgumentError, "Block required" unless block_given?
+      key = @auth_hash['auth_key']
+      raise AuthenticationError, "Missing parameter: auth_key" unless key
+      token = yield key
+      unless token
+        raise AuthenticationError, "Unknown auth_key"
+      end
+      authenticate_by_token!(token, timestamp_grace)
+      return token
+    end
+
+    # Authenticate a request asynchronously
+    #
+    # This method is useful it you're running a server inside eventmachine and
+    # need to lookup the token asynchronously.
+    #
+    # The block is passed an auth key and a deferrable which should succeed
+    # with the token, or fail if the token cannot be found
+    #
+    # This method returns a deferrable which succeeds with the valid token, or
+    # fails with an AuthenticationError which can be used to pass the error
+    # back to the user
+    #
+    def authenticate_async(timestamp_grace = 600)
+      raise ArgumentError, "Block required" unless block_given?
+      df = EM::DefaultDeferrable.new
+
+      key = @auth_hash['auth_key']
+
+      unless key
+        df.fail(AuthenticationError.new("Missing parameter: auth_key"))
+        return
+      end
+
+      token_df = yield key
+      token_df.callback { |token|
+        begin
+          authenticate_by_token!(token, timestamp_grace)
+          df.succeed(token)
+        rescue AuthenticationError => e
+          df.fail(e)
+        end
+      }
+      token_df.errback {
+        df.fail(AuthenticationError.new("Unknown auth_key"))
+      }
+    ensure
+      return df
+    end
+
+    # Expose the authentication parameters for a signed request
+    #
+    def auth_hash
+      raise "Request not signed" unless @signed
+      @auth_hash
+    end
+
+    # Query parameters merged with the computed authentication parameters
+    #
+    def signed_params
+      @query_hash.merge(auth_hash)
+    end
+
+    private
+
+      def signature(token)
+        digest = OpenSSL::Digest::SHA256.new
+        OpenSSL::HMAC.hexdigest(digest, token.secret, string_to_sign)
+      end
+
+      def string_to_sign
+        [@method, @path, parameter_string].join("\n")
+      end
+
+      def parameter_string
+        param_hash = @query_hash.merge(@auth_hash || {})
+
+        # Convert keys to lowercase strings
+        hash = {}; param_hash.each { |k,v| hash[k.to_s.downcase] = v }
+
+        # Exclude signature from signature generation!
+        hash.delete("auth_signature")
+
+        hash.sort.map do |k, v|
+          QueryEncoder.encode_param_without_escaping(k, v)
+        end.join('&')
+      end
+
+      def validate_version!
+        version = @auth_hash["auth_version"]
+        raise AuthenticationError, "Version required" unless version
+        raise AuthenticationError, "Version not supported" unless version == '1.0'
+      end
+
+      def validate_timestamp!(grace)
+        return true if grace.nil?
+
+        timestamp = @auth_hash["auth_timestamp"]
+        error = (timestamp.to_i - Time.now.to_i).abs
+        raise AuthenticationError, "Timestamp required" unless timestamp
+        if error >= grace
+          raise AuthenticationError, "Timestamp expired: Given timestamp "\
+            "(#{Time.at(timestamp.to_i).utc.strftime(ISO8601)}) "\
+            "not within #{grace}s of server time "\
+            "(#{Time.now.utc.strftime(ISO8601)})"
+        end
+        return true
+      end
+
+      def validate_signature!(token)
+        unless identical? @auth_hash["auth_signature"], signature(token)
+          raise AuthenticationError, "Invalid signature: you should have "\
+            "sent HmacSHA256Hex(#{string_to_sign.inspect}, your_secret_key)"\
+            ", but you sent #{@auth_hash["auth_signature"].inspect}"
+        end
+        return true
+      end
+
+      # Constant time string comparison
+      def identical?(a, b)
+        return true if a.nil? && b.nil?
+        return false if a.nil? || b.nil?
+        return false unless a.bytesize == b.bytesize
+        a.bytes.zip(b.bytes).reduce(0) { |memo, (a, b)| memo += a ^ b } == 0
+      end
+  end
+end

data/lib/xignature/query_encoder.rb

@@ -0,0 +1,47 @@
+module Xignature
+  # Query string encoding extracted with thanks from em-http-request
+  module QueryEncoder
+    class << self
+      # URL encodes query parameters:
+      # single k=v, or a URL encoded array, if v is an array of values
+      def encode_param(k, v)
+        if v.is_a?(Array)
+          v.map { |e| escape(k) + "[]=" + escape(e) }.join("&")
+        else
+          escape(k) + "=" + escape(v)
+        end
+      end
+
+      # Like encode_param, but doesn't url escape keys or values
+      def encode_param_without_escaping(k, v)
+        if v.is_a?(Array)
+          v.map { |e| k + "[]=" + e }.join("&")
+        else
+          "#{k}=#{v}"
+        end
+      end
+
+      private
+
+      def escape(s)
+        if defined?(EscapeUtils)
+          EscapeUtils.escape_url(s.to_s)
+        else
+          s.to_s.gsub(/([^a-zA-Z0-9_.-]+)/n) {
+            '%'+$1.unpack('H2'*bytesize($1)).join('%').upcase
+          }
+        end
+      end
+
+      if ''.respond_to?(:bytesize)
+        def bytesize(string)
+          string.bytesize
+        end
+      else
+        def bytesize(string)
+          string.size
+        end
+      end
+    end
+  end
+end

data/lib/xignature/version.rb

@@ -0,0 +1,3 @@
+module Xignature
+  VERSION = "0.1.8"
+end

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'xignature'
+
+require 'rspec'
+require 'em-spec/rspec'
+
+RSpec.configure do |config|
+
+end

data/spec/xignature_spec.rb

@@ -0,0 +1,285 @@
+require File.expand_path('../spec_helper', __FILE__)
+
+describe Xignature do
+  before :each do
+    Time.stub!(:now).and_return(Time.at(1234))
+
+    @token = Xignature::Token.new('key', 'secret')
+
+    @request = Xignature::Request.new('POST', '/some/path', {
+      "query" => "params",
+      "go" => "here"
+    })
+  end
+
+  describe "generating signatures" do
+    before :each do
+      @signature = "3b237953a5ba6619875cbb2a2d43e8da9ef5824e8a2c689f6284ac85bc1ea0db"
+    end
+
+    it "should generate signature correctly" do
+      @request.sign(@token)
+      string = @request.send(:string_to_sign)
+      string.should == "POST\n/some/path\nauth_key=key&auth_timestamp=1234&auth_version=1.0&go=here&query=params"
+
+      digest = OpenSSL::Digest::SHA256.new
+      signature = OpenSSL::HMAC.hexdigest(digest, @token.secret, string)
+      signature.should == @signature
+    end
+
+    it "should make auth_hash available after request is signed" do
+      @request.query_hash = {
+        "query" => "params"
+      }
+      lambda {
+        @request.auth_hash
+      }.should raise_error('Request not signed')
+
+      @request.sign(@token)
+      @request.auth_hash.should == {
+        :auth_signature => "da078fcedd72941b6c873caa40d0d6b2000ebfc700cee802b128dd20f72e74e9",
+        :auth_version => "1.0",
+        :auth_key => "key",
+        :auth_timestamp => '1234'
+      }
+    end
+
+    it "should cope with symbol keys" do
+      @request.query_hash = {
+        :query => "params",
+        :go => "here"
+      }
+      @request.sign(@token)[:auth_signature].should == @signature
+    end
+
+    it "should cope with upcase keys (keys are lowercased before signing)" do
+      @request.query_hash = {
+        "Query" => "params",
+        "GO" => "here"
+      }
+      @request.sign(@token)[:auth_signature].should == @signature
+    end
+
+    it "should generate correct string when query hash contains array" do
+      @request.query_hash = {
+        "things" => ["thing1", "thing2"]
+      }
+      @request.send(:string_to_sign).should == "POST\n/some/path\nthings[]=thing1&things[]=thing2"
+    end
+
+    # This may well change in auth version 2
+    it "should not escape keys or values in the query string" do
+      @request.query_hash = {
+        "key;" => "value@"
+      }
+      @request.send(:string_to_sign).should == "POST\n/some/path\nkey;=value@"
+    end
+
+    it "should cope with requests where the value is nil (antiregression)" do
+      @request.query_hash = {
+        "key" => nil
+      }
+      @request.send(:string_to_sign).should == "POST\n/some/path\nkey="
+    end
+
+    it "should use the path to generate signature" do
+      @request.path = '/some/other/path'
+      @request.sign(@token)[:auth_signature].should_not == @signature
+    end
+
+    it "should use the query string keys to generate signature" do
+      @request.query_hash = {
+        "other" => "query"
+      }
+      @request.sign(@token)[:auth_signature].should_not == @signature
+    end
+
+    it "should use the query string values to generate signature" do
+      @request.query_hash = {
+        "key" => "notfoo",
+        "other" => 'bar'
+      }
+      @request.sign(@token)[:signature].should_not == @signature
+    end
+  end
+
+  describe "verification" do
+    before :each do
+      @request.sign(@token)
+      @params = @request.signed_params
+    end
+
+    it "should verify requests" do
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      request.authenticate_by_token(@token).should == true
+    end
+
+    it "should raise error if signature is not correct" do
+      @params[:auth_signature] =  'asdf'
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error('Invalid signature: you should have sent HmacSHA256Hex("POST\n/some/path\nauth_key=key&auth_timestamp=1234&auth_version=1.0&go=here&query=params", your_secret_key), but you sent "asdf"')
+    end
+
+    it "should raise error if timestamp not available" do
+      @params.delete(:auth_timestamp)
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error('Timestamp required')
+    end
+
+    it "should raise error if timestamp has expired (default of 600s)" do
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      Time.stub!(:now).and_return(Time.at(1234 + 599))
+      request.authenticate_by_token!(@token).should == true
+      Time.stub!(:now).and_return(Time.at(1234 - 599))
+      request.authenticate_by_token!(@token).should == true
+      Time.stub!(:now).and_return(Time.at(1234 + 600))
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error("Timestamp expired: Given timestamp (1970-01-01T00:20:34Z) not within 600s of server time (1970-01-01T00:30:34Z)")
+      Time.stub!(:now).and_return(Time.at(1234 - 600))
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error("Timestamp expired: Given timestamp (1970-01-01T00:20:34Z) not within 600s of server time (1970-01-01T00:10:34Z)")
+    end
+
+    it "should be possible to customize the timeout grace period" do
+      grace = 10
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      Time.stub!(:now).and_return(Time.at(1234 + grace - 1))
+      request.authenticate_by_token!(@token, grace).should == true
+      Time.stub!(:now).and_return(Time.at(1234 + grace))
+      lambda {
+        request.authenticate_by_token!(@token, grace)
+      }.should raise_error("Timestamp expired: Given timestamp (1970-01-01T00:20:34Z) not within 10s of server time (1970-01-01T00:20:44Z)")
+    end
+
+    it "should be possible to skip timestamp check by passing nil" do
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      Time.stub!(:now).and_return(Time.at(1234 + 1000))
+      request.authenticate_by_token!(@token, nil).should == true
+    end
+
+    it "should check that auth_version is supplied" do
+      @params.delete(:auth_version)
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error('Version required')
+    end
+
+    it "should check that auth_version equals 1.0" do
+      @params[:auth_version] = '1.1'
+      request = Xignature::Request.new('POST', '/some/path', @params)
+      lambda {
+        request.authenticate_by_token!(@token)
+      }.should raise_error('Version not supported')
+    end
+
+    it "should validate that the provided token has a non-empty secret" do
+      token = Xignature::Token.new('key', '')
+      request = Xignature::Request.new('POST', '/some/path', @params)
+
+      lambda {
+        request.authenticate_by_token!(token)
+      }.should raise_error('Provided token is missing secret')
+    end
+
+    describe "when used with optional block" do
+      it "should optionally take a block which yields the signature" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        request.authenticate do |key|
+          key.should == @token.key
+          @token
+        end.should == @token
+      end
+
+      it "should raise error if no auth_key supplied to request" do
+        @params.delete(:auth_key)
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        lambda {
+          request.authenticate { |key| nil }
+        }.should raise_error('Missing parameter: auth_key')
+      end
+
+      it "should raise error if block returns nil (i.e. key doesn't exist)" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        lambda {
+          request.authenticate { |key| nil }
+        }.should raise_error('Unknown auth_key')
+      end
+
+      it "should raise unless block given" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        lambda {
+          request.authenticate
+        }.should raise_error(ArgumentError, "Block required")
+      end
+    end
+
+    describe "authenticate_async" do
+      include EM::SpecHelper
+      default_timeout 1
+
+      it "returns a deferrable which succeeds if authentication passes" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        em {
+          df = EM::DefaultDeferrable.new
+
+          request_df = request.authenticate_async do |key|
+            df
+          end
+
+          df.succeed(@token)
+
+          request_df.callback { |token|
+            token.should == @token
+            done
+          }
+        }
+      end
+
+      it "returns a deferrable which fails if block df fails" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        em {
+          df = EM::DefaultDeferrable.new
+
+          request_df = request.authenticate_async do |key|
+            df
+          end
+
+          df.fail()
+
+          request_df.errback { |e|
+            e.class.should == Xignature::AuthenticationError
+            e.message.should == 'Unknown auth_key'
+            done
+          }
+        }
+      end
+
+      it "returns a deferrable which fails if request does not validate" do
+        request = Xignature::Request.new('POST', '/some/path', @params)
+        em {
+          df = EM::DefaultDeferrable.new
+
+          request_df = request.authenticate_async do |key|
+            df
+          end
+
+          token = Xignature::Token.new('key', 'wrong_secret')
+          df.succeed(token)
+
+          request_df.errback { |e|
+            e.class.should == Xignature::AuthenticationError
+            e.message.should =~ /Invalid signature/
+            done
+          }
+        }
+      end
+    end
+  end
+end

data/xignature.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "xignature/version"
+
+Gem::Specification.new do |s|
+  s.name        = "xignature"
+  s.version     = Xignature::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Martyn Loughran", "XN"]
+  s.email       = ["me@mloughran.com", "christian.trosclair@gmail.com"]
+  s.homepage    = "http://github.com/xn/xignature"
+  s.summary     = %q{Simple key/secret based authentication for apis without domain collisions.}
+  s.description = %q{Simple key/secret based authentication for apis without domain collisions.}
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency "jruby-openssl" if defined?(JRUBY_VERSION)
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "em-spec"
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: xignature
+version: !ruby/object:Gem::Version
+  version: 0.1.8
+platform: ruby
+authors:
+- Martyn Loughran
+- XN
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: em-spec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple key/secret based authentication for apis without domain collisions.
+email:
+- me@mloughran.com
+- christian.trosclair@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/xignature.rb
+- lib/xignature/query_encoder.rb
+- lib/xignature/version.rb
+- spec/spec_helper.rb
+- spec/xignature_spec.rb
+- xignature.gemspec
+homepage: http://github.com/xn/xignature
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Simple key/secret based authentication for apis without domain collisions.
+test_files:
+- spec/spec_helper.rb
+- spec/xignature_spec.rb
+has_rdoc: