Module: Linzer::Common Private

Included in:

Signer, Verifier

Defined in:

lib/linzer/common.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Shared functionality for signature base computation and validation.

This module contains the core logic for building the canonical signature base string that gets signed/verified, as defined in RFC 9421 Section 2.5.

See Also:

• RFC 9421 Section 2.5

Class Method Summary

• .signature_base(message, serialized_components, parameters) ⇒ String private

  Computes the signature base string for an HTTP message.

• .signature_base_line(component, message) ⇒ String private

  Builds a single line of the signature base for a component.

• .signature_params_line(serialized_components, parameters) ⇒ String private

  Builds the @signature-params line for the signature base.

Class Method Details

.signature_base(message, serialized_components, parameters) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Computes the signature base string for an HTTP message.

The signature base is a canonical string representation of the covered components, formatted according to RFC 9421. This is the string that gets cryptographically signed.

Examples:

Signature base format

# Each covered component on its own line:
# "@method": POST
# "@path": /foo
# "content-type": application/json
# "@signature-params": ("@method" "@path" "content-type");created=1618884473

# File 'lib/linzer/common.rb', line 29

def signature_base(message, serialized_components, parameters)
  signature_base =
    serialized_components.each_with_object(+"") do |component, base|
      base << "%s\n" % signature_base_line(component, message)
    end

  signature_base << signature_params_line(serialized_components, parameters)

  signature_base
end

.signature_base_line(component, message) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Builds a single line of the signature base for a component.

# File 'lib/linzer/common.rb', line 46

def signature_base_line(component, message)
  field_id = FieldId.new(field_name: component)
  "%s: %s" % [field_id.serialize, message[field_id]]
end

.signature_params_line(serialized_components, parameters) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Builds the @signature-params line for the signature base.

This is always the last line of the signature base and contains the covered components list and signature parameters.

# File 'lib/linzer/common.rb', line 60

def signature_params_line(serialized_components, parameters)
  identifiers = serialized_components.map { |c| Starry.parse_item(c) }

  signature_params =
    Starry.serialize([Starry::InnerList.new(identifiers, parameters)])

  "%s: %s" % [Starry.serialize("@signature-params"), signature_params]
end