Class: WebBotAuth::MessageSignature

Inherits:

Object

• Object
• WebBotAuth::MessageSignature

Defined in:

app/services/web_bot_auth/message_signature.rb

Overview

Builds an RFC 9421 HTTP Message Signature over a fixed set of covered
components, signed with the Web Bot Auth Ed25519 Key.

The same machinery serves both signature flavours:

• the directory response signature (covers +@authority;req+,
  tag +http-message-signatures-directory+)
• outbound request signatures (covers +@authority+ + +signature-agent+,
  tag +web-bot-auth+)

See Also:

• https://www.rfc-editor.org/rfc/rfc9421

Defined Under Namespace

Classes: Component

Instance Method Summary

• #headers ⇒ Hash{String=>String}

  The +Signature-Input+ and +Signature+ header pair for this signature.

• #initialize(label:, components:, created:, expires:, keyid:, tag:, alg: WebBotAuth::ALG) ⇒ MessageSignature constructor

  A new instance of MessageSignature.

• #signature_base ⇒ String

  The RFC 9421 signature base — the exact bytes that get signed.

• #signature_params ⇒ String

  The serialised signature parameters (inner list + parameters), used both in the +@signature-params+ line and as the +Signature-Input+ value.

Constructor Details

#initialize(label:, components:, created:, expires:, keyid:, tag:, alg: WebBotAuth::ALG) ⇒ MessageSignature

Returns a new instance of MessageSignature.

Parameters:

• label (String) —

  the signature label (Dictionary key), e.g. "sig1"

• components (Array<Component>) —

  the covered components, in order

• created (Integer) —

  unix timestamp the signature was created

• expires (Integer) —

  unix timestamp the signature expires

• keyid (String) —

  the signing key thumbprint

• tag (String) —

  the RFC 9421 application tag

• alg (String) (defaults to: WebBotAuth::ALG) —

  the signature algorithm identifier

# File 'app/services/web_bot_auth/message_signature.rb', line 31

def initialize(label:, components:, created:, expires:, keyid:, tag:, alg: WebBotAuth::ALG)
  @label = label
  @components = components
  @created = created
  @expires = expires
  @keyid = keyid
  @tag = tag
  @alg = alg
end

Instance Method Details

#headers ⇒ Hash{String=>String}

The +Signature-Input+ and +Signature+ header pair for this signature.

Returns:

• (Hash{String=>String})

# File 'app/services/web_bot_auth/message_signature.rb', line 44

def headers
  signature = Base64.strict_encode64(WebBotAuth::Key.sign(signature_base))
  {
    'Signature-Input' => "#{@label}=#{signature_params}",
    'Signature' => "#{@label}=:#{signature}:"
  }
end

#signature_base ⇒ String

The RFC 9421 signature base — the exact bytes that get signed.

Returns:

• (String)

# File 'app/services/web_bot_auth/message_signature.rb', line 55

def signature_base
  lines = @components.map { |component| "#{component_id(component)}: #{component.value}" }
  lines << %("@signature-params": #{signature_params})
  lines.join("\n")
end

#signature_params ⇒ String

The serialised signature parameters (inner list + parameters), used both in
the +@signature-params+ line and as the +Signature-Input+ value.

Returns:

• (String)

# File 'app/services/web_bot_auth/message_signature.rb', line 65

def signature_params
  inner_list = "(#{@components.map { |component| component_id(component) }.join(' ')})"
  "#{inner_list};created=#{@created};keyid=#{sf_string(@keyid)}" \
    ";alg=#{sf_string(@alg)};expires=#{@expires};tag=#{sf_string(@tag)}"
end