Merge pull request #11 from emartech/openssl-1.0-fix-proposal

Fix openssl 1.1.0 compatibility

.github/workflows/lua.yml

@@ -12,8 +12,8 @@ jobs:
     runs-on: ubuntu-18.04
     strategy:
       matrix:
-         luaVersion: ["5.1.5", "5.2.4", "luajit"]
-    
+         luaVersion: ["luajit"]
+
     steps:
     - uses: actions/checkout@master
     - uses: leafo/[email protected]
@@ -22,12 +22,20 @@ jobs:
     - uses: leafo/[email protected]
     - name: Install
       run: |
-        sudo apt-get install libssl1.0-dev
-        luarocks install --server=http://luarocks.org/dev openssl
-        luarocks install luasec OPENSSL_LIBDIR=/usr/lib/x86_64-linux-gnu
-        luarocks install busted
-        luarocks install rapidjson 0.7.1
-        luarocks install luacrypto 0.3.2-2
+        sudo apt update && \
+        sudo apt install -y build-essential libreadline-dev zip unzip cmake wget luajit libluajit-5.1-dev && \
+        wget https://luarocks.org/releases/luarocks-3.8.0.tar.gz && \
+        tar zxpf luarocks-3.8.0.tar.gz && \
+        cd luarocks-3.8.0 && \
+        ./configure && \
+        make && sudo make install && \
+        cd .. && \
+        rm -rf luarocks-3.8.0 && \
+        rm luarocks-3.8.0.tar.gz && \
+        luarocks install busted && \
+        luarocks install rapidjson 0.7.1 && \
+        luarocks install luasocket && \
+        luarocks install lua-resty-openssl 0.8.8-1 && \
         luarocks install date 2.1.2-1
     - name: Test
       run: busted spec

Dockerfile

@@ -0,0 +1,22 @@
+FROM ubuntu:18.04
+
+RUN apt update && \
+    apt install -y build-essential libreadline-dev zip unzip cmake wget luajit libluajit-5.1-dev && \
+    wget https://luarocks.org/releases/luarocks-3.8.0.tar.gz && \
+    tar zxpf luarocks-3.8.0.tar.gz && \
+    cd luarocks-3.8.0 && \
+    ./configure && \
+    make && make install && \
+    cd .. && \
+    rm -rf luarocks-3.8.0 && \
+    rm luarocks-3.8.0.tar.gz
+
+RUN luarocks install busted && \
+    luarocks install rapidjson 0.7.1 && \
+    luarocks install luasocket && \
+    luarocks install lua-resty-openssl 0.8.8-1 && \
+    luarocks install date 2.1.2-1
+
+WORKDIR /my-workspace
+
+COPY . .

Makefile

@@ -0,0 +1,7 @@
+.PHONY: build test
+
+build:
+	docker-compose build
+
+test:
+	docker-compose run --rm app busted spec

README.md

@@ -8,23 +8,21 @@ We are using it for our OpenResty based API gateway server for authenticating th
 Prerequisite
 ------------
 
-In order to run the tests, Lua, LuaRocks and some libraries must be installed.
+In order to run the tests, Docker must be installed.
 
 Setup
 -----
 
-Some tips to setup the local development environment on a Mac:
+Some tips to setup the local development environment:
 
 ```bash
-brew install lua
-brew install luarocks
-brew install cmake
-brew install openssl
-luarocks install busted
-luarocks install luasocket
-luarocks install rapidjson
-luarocks install luacrypto 0.3.2-2 OPENSSL_DIR=/usr/local/opt/openssl
-luarocks install date
+make build
+```
+
+Running tests
+-----
+```bash
+make tests
 ```
 
 Examples
@@ -110,11 +108,6 @@ request should now look like this:
 --]]
 ```
 
-Run the tests
--------------
-
-To run all the tests, use the `busted` command.
-
 About Escher
 ------------
 

docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+  app:
+    build: .
+    working_dir: /my-workspace
+    volumes:
+      - .:/my-workspace

escher-0.4.0-1.rockspec → escher-0.4.1-1.rockspec

@@ -1,8 +1,8 @@
 package = "Escher"
-version = "0.4.0-1"
+version = "0.4.1-1"
 source = {
   url = "git://github.com/emartech/escher-lua",
-  tag = "0.4.0-1",
+  tag = "0.4.1-1",
   dir = "escher-lua"
 }
 description = {
@@ -11,7 +11,7 @@ description = {
     license = "MIT"
 }
 dependencies = {
-    "luacrypto == 0.3.2-2",
+    "lua-resty-openssl == 0.8.8-1",
     "date == 2.1.2-1"
 }
 build = {
@@ -21,6 +21,7 @@ build = {
         ["escher.canonicalizer"] = "src/escher/canonicalizer.lua",
         ["escher.signer"] = "src/escher/signer.lua",
         ["escher.urlhandler"] = "src/escher/urlhandler.lua",
-        ["escher.utils"] = "src/escher/utils.lua"
+        ["escher.utils"] = "src/escher/utils.lua",
+        ["escher.crypto"] = "src/escher/crypto.lua"
     }
 }

spec/escher_unit_spec.lua

@@ -1,3 +1,7 @@
+local openssl = require("resty.openssl")
+
+assert(openssl.load_library())
+
 local Escher = require("escher")
 
 describe("Escher", function()

spec/testsuite_spec.lua

@@ -1,3 +1,7 @@
+local openssl = require("resty.openssl")
+
+assert(openssl.load_library())
+
 local json = require("rapidjson")
 local socketUrl = require("socket.url")
 local date = require("date")

src/escher/canonicalizer.lua

@@ -1,4 +1,4 @@
-local crypto = require("crypto")
+local crypto = require("escher.crypto")
 local urlhandler = require("escher.urlhandler")
 local utils = require("escher.utils")
 

src/escher/crypto.lua

@@ -0,0 +1,32 @@
+local digest = require("resty.openssl.digest")
+local hmac = require("resty.openssl.hmac")
+
+local function binaryToHex(char)
+  return string.format("%.2x", string.byte(char))
+end
+
+local crypto = {}
+
+function crypto.digest(algorithm, inputString)
+  local binary = digest.new(algorithm):final(inputString)
+
+  local binaryAsHex = string.gsub(binary, ".", binaryToHex)
+
+  return binaryAsHex
+end
+
+crypto.hmac = {}
+
+function crypto.hmac.digest(algorithm, inputString, key, shouldReturnBinaryString)
+  local binary = hmac.new(key, algorithm):final(inputString)
+
+  if shouldReturnBinaryString then
+    return binary
+  end
+
+  local binaryAsHex = string.gsub(binary, ".", binaryToHex)
+
+  return binaryAsHex
+end
+
+return crypto

src/escher/signer.lua

@@ -1,4 +1,4 @@
-local crypto = require("crypto")
+local crypto = require("escher.crypto")
 local Canonicalizer = require("escher.canonicalizer")
 local utils = require("escher.utils")
 
@@ -44,7 +44,7 @@ local function getSigningKey(self, date, secret)
 end
 
 function Signer:calculateSignature(request, headersToSign, date, secret)
-  local stringToSign = self:getStringToSign(request, headersToSign, date, secret)
+  local stringToSign = self:getStringToSign(request, headersToSign, date)
   local signingKey = getSigningKey(self, date, secret)
 
   return crypto.hmac.digest(self.hashAlgo, stringToSign, signingKey, false)