Module: Linzer::Common Private

Included in:

Signer, Verifier

Defined in:

lib/linzer/common.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Shared functionality for signature base computation and validation.

This module contains the core logic for building the canonical signature base string that gets signed/verified, as defined in RFC 9421 Section 2.5.

See Also:

• RFC 9421 Section 2.5

Class Method Summary

• .signature_base(message, serialized_components, parameters, field_ids: nil) ⇒ String private

  Computes the signature base string for an HTTP message.

• .signature_base_line(component, message) ⇒ String private

  Builds a single line of the signature base for a component.

• .signature_params_line(serialized_components, parameters) ⇒ Object private

Class Method Details

.signature_base(message, serialized_components, parameters, field_ids: nil) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Computes the signature base string for an HTTP message.

The signature base is a canonical string representation of the covered components, formatted according to RFC 9421. This is the string that gets cryptographically signed.

Examples:

Signature base format

# Each covered component on its own line:
# "@method": POST
# "@path": /foo
# "content-type": application/json
# "@signature-params": ("@method" "@path" "content-type");created=1618884473

Parameters:

• message (Message) —

  The HTTP message

• serialized_components (Array<String>) —

  Serialized component identifiers

• parameters (Hash) —

  Signature parameters (created, keyid, etc.)

Returns:

• (String) —

  The signature base string

# File 'lib/linzer/common.rb', line 29

def signature_base(message, serialized_components, parameters, field_ids: nil)
  buf = +""

  if field_ids
    i = 0
    len = serialized_components.size
    while i < len
      buf << serialized_components[i] << ": " << String(message[field_ids[i]]) << "\n"
      i += 1
    end
  else
    serialized_components.each do |component|
      buf << signature_base_line(component, message) << "\n"
    end
  end

  buf << signature_params_line(serialized_components, parameters)

  buf
end

.signature_base_line(component, message) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Builds a single line of the signature base for a component.

Parameters:

• component (String) —

  The serialized component identifier

• message (Message) —

  The HTTP message

Returns:

• (String) —

  The formatted line (e.g., ‘“@method”: POST’)

# File 'lib/linzer/common.rb', line 56

def signature_base_line(component, message)
  field_id = FieldId.new(field_name: component)
  "%s: %s" % [field_id.serialize, message[field_id]]
end

.signature_params_line(serialized_components, parameters) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/linzer/common.rb', line 73

def signature_params_line(serialized_components, parameters)
  params_str = HTTP::StructuredField.serialize_parameters(parameters)
  components_str = serialized_components.join(" ")

  "#{SERIALIZED_SIGNATURE_PARAMS}: (#{components_str})#{params_str}"
end