spec/gmail/myrsakey.pem @@ -78,9 +78,34 @@ module Contacts # (default: false) def self.authentication_url(target, options = {}) params = authentication_url_options.merge(options) + key = params.delete(:key) + params[:secure] = true if !params[:secure] && key params[:next] = target query = query_string(params) - "https://#{DOMAIN}#{AuthSubPath}Request?#{query}" + url = "https://#{DOMAIN}#{AuthSubPath}Request?#{query}" + sig = generate_sig(url, key) if key + key ? "#{url}&#{query_string(:sig => sig)}" : url + end + + # Generates the signature for a secure AuthSub request. +key+ may be an IO, String or + # OpenSSL::PKey::RSA. + # Stolen from http://github.com/stuart/google-authsub/lib/googleauthsub.rb + def self.generate_sig(url, key) + pkey = case key + when OpenSSL::PKey::RSA + key + when File + OpenSSL::PKey::RSA.new(key.read) + when String + OpenSSL::PKey::RSA.new(key) + else + raise "Private Key in wrong format. Require IO, String or OpenSSL::PKey::RSA, you gave me #{key.class}" + end + timestamp = Time.now.to_i + nonce = OpenSSL::BN.rand_range(2**64) + data = "GET #{url} #{timestamp} #{nonce}" + digest = OpenSSL::Digest::SHA1.new(data).hexdigest + sig = [pkey.private_encrypt(digest)].pack("m") #Base64 encode end # Makes an HTTPS request to exchange the given token with a session one. Session lib/contacts/google.rb @@ -28,6 +28,43 @@ describe Contacts::Google, '.authentication_url' do pairs.should include('session=1') end + it 'should imply secure=true when the key parameter is set' do + rsa = mock('OpenSSL::PKey::RSA', :private_encrypt => 'signature') + digest = mock('OpenSSL::Digest::SHA1', :hexdigest => 'digest') + OpenSSL::Digest::SHA1.expects(:new).returns(digest).at_least_once + OpenSSL::PKey::RSA.expects(:new).with('secret-key').returns(rsa).at_least_once + + pairs = parse_authentication_url(nil, :key => 'secret-key').query.split('&') + + pairs.should include('secure=1') + pairs.should include('sig=c2lnbmF0dXJl%0A') # ['signature'].pack('m') + pairs.should_not include('key=secret-key') + end + + it 'should accept File or IO key parameter' do + rsa = mock('OpenSSL::PKey::RSA', :private_encrypt => 'signature') + digest = mock('OpenSSL::Digest::SHA1', :hexdigest => 'digest') + OpenSSL::Digest::SHA1.expects(:new).returns(digest).at_least_once + OpenSSL::PKey::RSA.expects(:new).with(File.open(File.join(File.dirname(__FILE__), 'myrsakey.pem')).read).returns(rsa).at_least_once + + pairs = parse_authentication_url(nil, :key => File.open(File.join(File.dirname(__FILE__), 'myrsakey.pem'))).query.split('&') + + pairs.should include('secure=1') + pairs.should include('sig=c2lnbmF0dXJl%0A') # ['signature'].pack('m') + pairs.should_not include('key=secret-key') + end + + it 'should accept OpenSSL::Pkey::RSA key parameter' do + digest = mock('OpenSSL::Digest::SHA1', :hexdigest => 'digest') + OpenSSL::Digest::SHA1.expects(:new).returns(digest).at_least_once + + pairs = parse_authentication_url(nil, :key => OpenSSL::PKey::RSA.new(File.open(File.join(File.dirname(__FILE__), 'myrsakey.pem')).read)).query.split('&') + + pairs.should include('secure=1') + pairs.should include('sig=nhzzbfqHUOhN6iE%2BkyHQabRvtfc3pbxKQt4hHqlNtBZVliswTFfVIISFPo5Z%0Ads6YVeAKdqAAZuVFUwMDihA83ihIf8spWN%2BrKpeLxAhrUCM69oihD7csdedG%0AbN9TCToIp4q9tJj2o4SsAgxs3dK55Nc1vhCOlVB7mIbxM%2B8YGL4%3D%0A') # based on 'digest' data + pairs.should_not include('key=secret-key') + end + it 'skips parameters that have nil value' do query = parse_authentication_url(nil, :secure => nil).query query.should_not include('next') spec/gmail/auth_spec.rb c8d99af7dac8b9ca24accca9053a4eb46f447bff Kamal Fariz Mahyuddin kamal.fariz@gmail.com http://github.com/kamal/contacts/commit/2ceaadbcc8e18cd94759399c357ef0db051ba513 2ceaadbcc8e18cd94759399c357ef0db051ba513 2009-03-17T09:48:03-07:00 2009-03-17T09:31:51-07:00 Support signing the Gmail AuthSub using the :key parameter e0edfcf9d92e5a90ba0a5c78f765139ed706359c Kamal Fariz Mahyuddin kamal.fariz@gmail.com