Module: VeracodeApiSigning::Formatters

Includes:

Regions

Included in:

HMACAuth

Defined in:

lib/veracode_api_signing/formatters.rb

Constant Summary

Constants included from Regions

Regions::REGIONS

Instance Method Summary

• #format_signing_data(api_key_id, host, url, method) ⇒ String

  The formatted signing data.

• #format_veracode_hmac_header(auth_scheme, api_key_id, timestamp, nonce, signature) ⇒ String

  The formatted hmac header.

Methods included from Regions

#get_region_for_api_credential, #remove_prefix_from_api_credential

Instance Method Details

#format_signing_data(api_key_id, host, url, method) ⇒ String

Returns the formatted signing data.

Examples:

format_signing_data("0123456789abcdef", "veracode.com", "/home", "GET") #=> "id=0123456789abcdef&host=veracode.com&url=/home&method=GET"

format_signing_data("0123456789abcdef", "VERACODE.com", "/home", "get") #=> "id=0123456789abcdef&host=veracode.com&url=/home&method=GET"

Parameters:

• api_key_id (String) —

  the veracode api key

• host (String) —

  the url host

• url (String) —

  the url path

• method (String) —

  method to use [get, post, put, patch, delete]

Returns:

• (String) —

  the formatted signing data

# File 'lib/veracode_api_signing/formatters.rb', line 17

def format_signing_data(api_key_id, host, url, method)
  # Ensure some things are in the right case.
  # Note: that path (url) is allowed to be case-sensitive (because path is sent along verbatim)
  api_key_id = remove_prefix_from_api_credential(api_key_id).downcase
  host = host.downcase
  method = method.upcase

  "id=#{api_key_id}&host=#{host}&url=#{url}&method=#{method}"
end

#format_veracode_hmac_header(auth_scheme, api_key_id, timestamp, nonce, signature) ⇒ String

Returns the formatted hmac header.

Examples:

format_veracode_hmac_header(auth_scheme="VERACODE-HMAC-SHA-256", api_key_id="702a1650", timestamp="1445452792746", nonce="3b1974fbaa7c97cc", signature="b81c0315b8df360778083d1b408916f8") => "VERACODE-HMAC-SHA-256 id=702a1650,ts=1445452792746,nonce=3b1974fbaa7c97cc,sig=b81c0315b8df360778083d1b408916f8"

Parameters:

• auth_scheme (String) —

  the veracode auth scheme

• api_key_id (String) —

  the veracode api key

• timestamp (String) —

  the epoch timestamp

• nonce (String) —

  the random nonce

• signature (String) —

  the veracode signature

Returns:

• (String) —

  the formatted hmac header

# File 'lib/veracode_api_signing/formatters.rb', line 35

def format_veracode_hmac_header(auth_scheme, api_key_id, timestamp, nonce, signature)
  # NOTE: This should _NOT_ manipulate case and so-on, that would likely break things.
  api_key_id = remove_prefix_from_api_credential(api_key_id)
  "#{auth_scheme} id=#{api_key_id},ts=#{timestamp},nonce=#{nonce},sig=#{signature}"
end