Update linzer to 0.7

Also updates some other dependencies in Gemfile(s)

This uses the new linzer APIs and fixes an interopability bug
in the signatures.

Author: oneiros

debug_fasp/Gemfile.lock

@@ -4,7 +4,7 @@ PATH
     fasp_base (0.1.0)
       bcrypt
       httpx
-      linzer
+      linzer (>= 0.7.2)
       openssl
       rails (>= 8.0.0)
 
@@ -111,6 +111,7 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
+    cgi (0.4.2)
     concurrent-ruby (1.3.5)
     connection_pool (2.5.3)
     crack (1.0.0)
@@ -121,18 +122,20 @@ GEM
     debug (1.10.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
-    drb (2.2.1)
+    drb (2.2.3)
+    erb (5.0.1)
     erubi (1.13.1)
     et-orbi (1.2.11)
       tzinfo
+    forwardable (1.3.3)
     fugit (1.11.1)
       et-orbi (~> 1, >= 1.2.11)
       raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    hashdiff (1.1.2)
+    hashdiff (1.2.0)
     http-2 (1.1.1)
-    httpx (1.4.4)
+    httpx (1.5.0)
       http-2 (>= 1.0.0)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
@@ -148,17 +151,21 @@ GEM
     jbuilder (2.13.0)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
-    json (2.11.3)
-    language_server-protocol (3.17.0.4)
+    json (2.12.1)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    linzer (0.6.5)
+    linzer (0.7.2)
+      cgi (~> 0.4.2)
+      forwardable (~> 1.3, >= 1.3.3)
+      logger (~> 1.7, >= 1.7.0)
+      net-http (~> 0.6.0)
       openssl (~> 3.0, >= 3.0.0)
       rack (>= 2.2, < 4.0)
       starry (~> 0.2)
       stringio (~> 3.1, >= 3.1.2)
       uri (~> 1.0, >= 1.0.2)
     logger (1.7.0)
-    loofah (2.24.0)
+    loofah (2.24.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -169,9 +176,11 @@ GEM
     marcel (1.0.4)
     matrix (0.4.2)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.8)
+    mini_portile2 (2.8.9)
     minitest (5.25.5)
     msgpack (1.8.0)
+    net-http (0.6.0)
+      uri
     net-imap (0.5.8)
       date
       net-protocol
@@ -215,15 +224,15 @@ GEM
       activesupport (>= 7.0.0)
       rack
       railties (>= 7.0.0)
-    psych (5.2.4)
+    psych (5.2.6)
       date
       stringio
     public_suffix (6.0.2)
     puma (6.6.0)
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (3.1.14)
+    rack (3.1.15)
     rack-session (2.1.1)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
@@ -245,7 +254,7 @@ GEM
       activesupport (= 8.0.2)
       bundler (>= 1.15.0)
       railties (= 8.0.2)
-    rails-dom-testing (2.2.0)
+    rails-dom-testing (2.3.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
@@ -262,13 +271,14 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.13.1)
+    rdoc (6.14.0)
+      erb
       psych (>= 4.0.0)
     regexp_parser (2.10.0)
     reline (0.6.1)
       io-console (~> 0.5)
     rexml (3.4.1)
-    rubocop (1.75.5)
+    rubocop (1.75.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -286,12 +296,12 @@ GEM
       lint_roller (~> 1.1)
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    rubocop-rails (2.31.0)
+    rubocop-rails (2.32.0)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
       rubocop (>= 1.75.0, < 2.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
     rubocop-rails-omakase (1.1.0)
       rubocop (>= 1.72)
       rubocop-performance (>= 1.24)
@@ -334,13 +344,13 @@ GEM
     tailwindcss-rails (4.2.3)
       railties (>= 7.0.0)
       tailwindcss-ruby (~> 4.0)
-    tailwindcss-ruby (4.1.5)
-    tailwindcss-ruby (4.1.5-aarch64-linux-gnu)
-    tailwindcss-ruby (4.1.5-aarch64-linux-musl)
-    tailwindcss-ruby (4.1.5-arm64-darwin)
-    tailwindcss-ruby (4.1.5-x86_64-darwin)
-    tailwindcss-ruby (4.1.5-x86_64-linux-gnu)
-    tailwindcss-ruby (4.1.5-x86_64-linux-musl)
+    tailwindcss-ruby (4.1.7)
+    tailwindcss-ruby (4.1.7-aarch64-linux-gnu)
+    tailwindcss-ruby (4.1.7-aarch64-linux-musl)
+    tailwindcss-ruby (4.1.7-arm64-darwin)
+    tailwindcss-ruby (4.1.7-x86_64-darwin)
+    tailwindcss-ruby (4.1.7-x86_64-linux-gnu)
+    tailwindcss-ruby (4.1.7-x86_64-linux-musl)
     thor (1.3.2)
     thruster (0.1.13)
     thruster (0.1.13-aarch64-linux)
@@ -374,7 +384,7 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   aarch64-linux

fasp_base/Gemfile.lock

@@ -4,7 +4,7 @@ PATH
     fasp_base (0.1.0)
       bcrypt
       httpx
-      linzer
+      linzer (>= 0.7.2)
       openssl
       rails (>= 8.0.0)
 
@@ -90,6 +90,7 @@ GEM
     benchmark (0.4.0)
     bigdecimal (3.1.9)
     builder (3.3.0)
+    cgi (0.4.2)
     concurrent-ruby (1.3.5)
     connection_pool (2.5.3)
     crack (1.0.0)
@@ -100,13 +101,15 @@ GEM
     debug (1.10.0)
       irb (~> 1.10)
       reline (>= 0.3.8)
-    drb (2.2.1)
+    drb (2.2.3)
+    erb (5.0.1)
     erubi (1.13.1)
+    forwardable (1.3.3)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    hashdiff (1.1.2)
+    hashdiff (1.2.0)
     http-2 (1.1.1)
-    httpx (1.4.4)
+    httpx (1.5.0)
       http-2 (>= 1.0.0)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
@@ -115,17 +118,21 @@ GEM
       pp (>= 0.6.0)
       rdoc (>= 4.0.0)
       reline (>= 0.4.2)
-    json (2.11.3)
-    language_server-protocol (3.17.0.4)
+    json (2.12.1)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    linzer (0.6.5)
+    linzer (0.7.2)
+      cgi (~> 0.4.2)
+      forwardable (~> 1.3, >= 1.3.3)
+      logger (~> 1.7, >= 1.7.0)
+      net-http (~> 0.6.0)
       openssl (~> 3.0, >= 3.0.0)
       rack (>= 2.2, < 4.0)
       starry (~> 0.2)
       stringio (~> 3.1, >= 3.1.2)
       uri (~> 1.0, >= 1.0.2)
     logger (1.7.0)
-    loofah (2.24.0)
+    loofah (2.24.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -135,8 +142,10 @@ GEM
       net-smtp
     marcel (1.0.4)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.8)
+    mini_portile2 (2.8.9)
     minitest (5.25.5)
+    net-http (0.6.0)
+      uri
     net-imap (0.5.8)
       date
       net-protocol
@@ -180,15 +189,15 @@ GEM
       activesupport (>= 7.0.0)
       rack
       railties (>= 7.0.0)
-    psych (5.2.4)
+    psych (5.2.6)
       date
       stringio
     public_suffix (6.0.2)
     puma (6.6.0)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.1.13)
-    rack-session (2.1.0)
+    rack (3.1.15)
+    rack-session (2.1.1)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)
@@ -209,7 +218,7 @@ GEM
       activesupport (= 8.0.2)
       bundler (>= 1.15.0)
       railties (= 8.0.2)
-    rails-dom-testing (2.2.0)
+    rails-dom-testing (2.3.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
@@ -226,13 +235,14 @@ GEM
       zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
-    rdoc (6.13.1)
+    rdoc (6.14.0)
+      erb
       psych (>= 4.0.0)
     regexp_parser (2.10.0)
     reline (0.6.1)
       io-console (~> 0.5)
     rexml (3.4.1)
-    rubocop (1.75.5)
+    rubocop (1.75.7)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -250,12 +260,12 @@ GEM
       lint_roller (~> 1.1)
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    rubocop-rails (2.31.0)
+    rubocop-rails (2.32.0)
       activesupport (>= 4.2.0)
       lint_roller (~> 1.1)
       rack (>= 1.1)
       rubocop (>= 1.75.0, < 2.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
     rubocop-rails-omakase (1.1.0)
       rubocop (>= 1.72)
       rubocop-performance (>= 1.24)
@@ -292,7 +302,7 @@ GEM
       base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   aarch64-linux

fasp_base/app/controllers/concerns/fasp_base/api_authentication.rb

@@ -29,7 +29,7 @@ def current_user
     def require_authentication
       validate_content_digest!
       validate_signature!
-    rescue Error, Linzer::Error, ActiveRecord::RecordNotFound => e
+    rescue Error, ::Linzer::VerifyError, ActiveRecord::RecordNotFound => e
       logger.debug("Authentication error: #{e}")
       authentication_error
     end
@@ -52,37 +52,23 @@ def validate_content_digest!
     end
 
     def validate_signature!
-      signature_input = request.headers["signature-input"]&.encode("UTF-8")
-      raise Error, "signature-input is missing" if signature_input.blank?
-
-      keyid = signature_input.match(KEYID_PATTERN)[1]
-      server = Server.find(keyid)
-      linzer_request = Linzer.new_request(
-        request.method,
-        request.original_url,
-        {},
-        {
-          "content-digest" => request.headers["content-digest"],
-          "signature-input" => signature_input,
-          "signature" => request.headers["signature"]
-        }
-      )
-      message = Linzer::Message.new(linzer_request)
-      key = Linzer.new_ed25519_public_key(server.public_key_pem, keyid)
-      signature = Linzer::Signature.build(message.headers)
-      Linzer.verify(key, message, signature)
+      raise Error, "signature-input is missing" if request.headers["signature-input"].blank?
+
+      server = nil
+
+      ::Linzer.verify!(request.rack_request, no_older_than: 300) do |keyid|
+        server = Server.find(keyid)
+        ::Linzer.new_ed25519_public_key(server.public_key_pem, keyid)
+      end
+
       @current_server = server
     end
 
     def sign_response
       response.headers["content-digest"] = "sha-256=:#{OpenSSL::Digest.base64digest("sha256", response.body || "")}:"
 
-      linzer_response = Linzer.new_response(response.body, response.status, { "content-digest" => response.headers["content-digest"] })
-      message = Linzer::Message.new(linzer_response)
-      key = Linzer.new_ed25519_key(current_server.fasp_private_key_pem)
-      signature = Linzer.sign(key, message, %w[@status content-digest])
-
-      response.headers.merge!(signature.to_h)
+      key = ::Linzer.new_ed25519_key(current_server.fasp_private_key_pem)
+      ::Linzer.sign!(response, key:, components: %w[@status content-digest])
     end
   end
 end

fasp_base/fasp_base.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rails", ">= 8.0.0"
   spec.add_dependency "bcrypt"
   spec.add_dependency "httpx"
-  spec.add_dependency "linzer"
+  spec.add_dependency "linzer", ">= 0.7.2"
   spec.add_dependency "openssl"
 
   spec.add_development_dependency "webmock"

fasp_base/lib/fasp_base.rb

@@ -1,6 +1,9 @@
 require "fasp_base/version"
 require "fasp_base/engine"
 require "fasp_base/integration_test_helper"
+require "fasp_base/linzer/adapter/action_dispatch/response"
+require "fasp_base/linzer/adapter/httpx/request"
+require "fasp_base/linzer/adapter/httpx/response"
 require "fasp_base/request"
 
 module FaspBase