Module: HmacAuthentication
- Defined in:
- lib/hmac_authentication/version.rb,
lib/hmac_authentication/signature.rb
Constant Summary collapse
- VERSION =
'0.0.0'
- NO_SIGNATURE =
1
- INVALID_FORMAT =
2
- UNSUPPORTED_ALGORITHM =
3
- MATCH =
4
- MISMATCH =
5
Class Method Summary collapse
- .parse_digest(name) ⇒ Object
- .request_signature(request, digest, headers, secret_key) ⇒ Object
- .signed_headers(request, headers) ⇒ Object
- .string_to_sign(req, headers) ⇒ Object
- .validate_request(request, headers, secret_key) ⇒ Object
Class Method Details
.parse_digest(name) ⇒ Object
27 28 29 30 31 |
# File 'lib/hmac_authentication/signature.rb', line 27 def self.parse_digest(name) OpenSSL::Digest.new name rescue nil end |
.request_signature(request, digest, headers, secret_key) ⇒ Object
21 22 23 24 25 |
# File 'lib/hmac_authentication/signature.rb', line 21 def self.request_signature(request, digest, headers, secret_key) hmac = OpenSSL::HMAC.new secret_key, digest hmac << string_to_sign(request, headers) << (request.body || '') digest.name.downcase + ' ' + Base64.strict_encode64(hmac.digest) end |
.signed_headers(request, headers) ⇒ Object
11 12 13 |
# File 'lib/hmac_authentication/signature.rb', line 11 def self.signed_headers(request, headers) headers.map { |name| request[name] || '' } end |
.string_to_sign(req, headers) ⇒ Object
15 16 17 18 19 |
# File 'lib/hmac_authentication/signature.rb', line 15 def self.string_to_sign(req, headers) # TODO(mbland): Test for paths of the form 'http://foo.com/bar?baz' [req.method, signed_headers(req, headers).join("\n"), req.uri.path] .join("\n") end |
.validate_request(request, headers, secret_key) ⇒ Object
33 34 35 36 37 38 39 40 41 42 |
# File 'lib/hmac_authentication/signature.rb', line 33 def self.validate_request(request, headers, secret_key) header = request['Gap-Signature'] return NO_SIGNATURE unless header components = header.split ' ' return INVALID_FORMAT, header unless components.size == 2 digest = parse_digest components.first return UNSUPPORTED_ALGORITHM, header unless digest computed = request_signature(request, digest, headers, secret_key) [(header == computed) ? MATCH : MISMATCH, header, computed] end |