deps: deduplicate npm@3 style

11 files changed, 1377 insertions, 0 deletions

diff --git a/node_modules/http-signature/.dir-locals.el b/node_modules/http-signature/.dir-locals.el
new file mode 100644
index 000000000..3bc9235f2
--- /dev/null
+++ b/node_modules/http-signature/.dir-locals.el
@@ -0,0 +1,6 @@
+((nil . ((indent-tabs-mode . nil)
+         (tab-width . 8)
+         (fill-column . 80)))
+ (js-mode . ((js-indent-level . 2)
+             (indent-tabs-mode . nil)
+             )))
\ No newline at end of file
diff --git a/node_modules/http-signature/.npmignore b/node_modules/http-signature/.npmignore
new file mode 100644
index 000000000..c143fb3a4
--- /dev/null
+++ b/node_modules/http-signature/.npmignore
@@ -0,0 +1,7 @@
+.gitmodules
+deps
+docs
+Makefile
+node_modules
+test
+tools
\ No newline at end of file
diff --git a/node_modules/http-signature/LICENSE b/node_modules/http-signature/LICENSE
new file mode 100644
index 000000000..f6d947d2f
--- /dev/null
+++ b/node_modules/http-signature/LICENSE
@@ -0,0 +1,18 @@
+Copyright Joyent, Inc. All rights reserved.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.
diff --git a/node_modules/http-signature/README.md b/node_modules/http-signature/README.md
new file mode 100644
index 000000000..de487d323
--- /dev/null
+++ b/node_modules/http-signature/README.md
@@ -0,0 +1,79 @@
+# node-http-signature
+
+node-http-signature is a node.js library that has client and server components
+for Joyent's [HTTP Signature Scheme](http_signing.md).
+
+## Usage
+
+Note the example below signs a request with the same key/cert used to start an
+HTTP server. This is almost certainly not what you actually want, but is just
+used to illustrate the API calls; you will need to provide your own key
+management in addition to this library.
+
+### Client
+
+```js
+var fs = require('fs');
+var https = require('https');
+var httpSignature = require('http-signature');
+
+var key = fs.readFileSync('./key.pem', 'ascii');
+
+var options = {
+  host: 'localhost',
+  port: 8443,
+  path: '/',
+  method: 'GET',
+  headers: {}
+};
+
+// Adds a 'Date' header in, signs it, and adds the
+// 'Authorization' header in.
+var req = https.request(options, function(res) {
+  console.log(res.statusCode);
+});
+
+
+httpSignature.sign(req, {
+  key: key,
+  keyId: './cert.pem'
+});
+
+req.end();
+```
+
+### Server
+
+```js
+var fs = require('fs');
+var https = require('https');
+var httpSignature = require('http-signature');
+
+var options = {
+  key: fs.readFileSync('./key.pem'),
+  cert: fs.readFileSync('./cert.pem')
+};
+
+https.createServer(options, function (req, res) {
+  var rc = 200;
+  var parsed = httpSignature.parseRequest(req);
+  var pub = fs.readFileSync(parsed.keyId, 'ascii');
+  if (!httpSignature.verifySignature(parsed, pub))
+    rc = 401;
+
+  res.writeHead(rc);
+  res.end();
+}).listen(8443);
+```
+
+## Installation
+
+    npm install http-signature
+
+## License
+
+MIT.
+
+## Bugs
+
+See <https://github.com/joyent/node-http-signature/issues>.
diff --git a/node_modules/http-signature/http_signing.md b/node_modules/http-signature/http_signing.md
new file mode 100644
index 000000000..dd81ee5b5
--- /dev/null
+++ b/node_modules/http-signature/http_signing.md
@@ -0,0 +1,296 @@
+# Abstract
+
+This document describes a way to add origin authentication, message integrity,
+and replay resistance to HTTP REST requests.  It is intended to be used over
+the HTTPS protocol.
+
+# Copyright Notice
+
+Copyright (c) 2011 Joyent, Inc. and the persons identified as document authors.
+All rights reserved.
+
+Code Components extracted from this document must include MIT License text.
+
+# Introduction
+
+This protocol is intended to provide a standard way for clients to sign HTTP
+requests.  RFC2617 (HTTP Authentication) defines Basic and Digest authentication
+mechanisms, and RFC5246 (TLS 1.2) defines client-auth, both of which are widely
+employed on the Internet today.  However, it is common place that the burdens of
+PKI prevent web service operators from deploying that methodology, and so many
+fall back to Basic authentication, which has poor security characteristics.
+
+Additionally, OAuth provides a fully-specified alternative for authorization
+of web service requests, but is not (always) ideal for machine to machine
+communication, as the key acquisition steps (generally) imply a fixed
+infrastructure that may not make sense to a service provider (e.g., symmetric
+keys).
+
+Several web service providers have invented their own schemes for signing
+HTTP requests, but to date, none have been placed in the public domain as a
+standard.  This document serves that purpose.  There are no techniques in this
+proposal that are novel beyond previous art, however, this aims to be a simple
+mechanism for signing these requests.
+
+# Signature Authentication Scheme
+
+The "signature" authentication scheme is based on the model that the client must
+authenticate itself with a digital signature produced by either a private
+asymmetric key (e.g., RSA) or a shared symmetric key (e.g., HMAC).  The scheme
+is parameterized enough such that it is not bound to any particular key type or
+signing algorithm.  However, it does explicitly assume that clients can send an
+HTTP `Date` header.
+
+## Authorization Header
+
+The client is expected to send an Authorization header (as defined in RFC 2617)
+with the following parameterization:
+
+    credentials := "Signature" params
+    params := 1#(keyId | algorithm | [headers] | [ext] | signature)
+    digitalSignature := plain-string
+
+    keyId := "keyId" "=" <"> plain-string <">
+    algorithm := "algorithm" "=" <"> plain-string <">
+    headers := "headers" "=" <"> 1#headers-value <">
+    ext := "ext" "=" <"> plain-string <">
+    signature := "signature" "=" <"> plain-string <">
+
+    headers-value := plain-string
+    plain-string   = 1*( %x20-21 / %x23-5B / %x5D-7E )
+
+### Signature Parameters
+
+#### keyId
+
+REQUIRED.  The `keyId` field is an opaque string that the server can use to look
+up the component they need to validate the signature.  It could be an SSH key
+fingerprint, an LDAP DN, etc.  Management of keys and assignment of `keyId` is
+out of scope for this document.
+
+#### algorithm
+
+REQUIRED. The `algorithm` parameter is used if the client and server agree on a
+non-standard digital signature algorithm.  The full list of supported signature
+mechanisms is listed below.
+
+#### headers
+
+OPTIONAL.  The `headers` parameter is used to specify the list of HTTP headers
+used to sign the request.  If specified, it should be a quoted list of HTTP
+header names, separated by a single space character.  By default, only one
+HTTP header is signed, which is the `Date` header.  Note that the list MUST be
+specified in the order the values are concatenated together during signing. To
+include the HTTP request line in the signature calculation, use the special
+`request-line` value.  While this is overloading the definition of `headers` in
+HTTP linguism, the request-line is defined in RFC 2616, and as the outlier from
+headers in useful signature calculation, it is deemed simpler to simply use
+`request-line` than to add a separate parameter for it.
+
+#### extensions
+
+OPTIONAL.  The `extensions` parameter is used to include additional information
+which is covered by the request.  The content and format of the string is out of
+scope for this document, and expected to be specified by implementors.
+
+#### signature
+
+REQUIRED.  The `signature` parameter is a `Base64` encoded digital signature
+generated by the client. The client uses the `algorithm` and `headers` request
+parameters to form a canonicalized `signing string`.  This `signing string` is
+then signed with the key associated with `keyId` and the algorithm
+corresponding to `algorithm`.  The `signature` parameter is then set to the
+`Base64` encoding of the signature.
+
+### Signing String Composition
+
+In order to generate the string that is signed with a key, the client MUST take
+the values of each HTTP header specified by `headers` in the order they appear.
+
+1. If the header name is not `request-line` then append the lowercased header
+   name followed with an ASCII colon `:` and an ASCII space ` `.
+2. If the header name is `request-line` then append the HTTP request line,
+   otherwise append the header value.
+3. If value is not the last value then append an ASCII newline `\n`. The string
+   MUST NOT include a trailing ASCII newline.
+
+# Example Requests
+
+All requests refer to the following request (body omitted):
+
+    POST /foo HTTP/1.1
+    Host: example.org
+    Date: Tue, 07 Jun 2011 20:51:35 GMT
+    Content-Type: application/json
+    Content-MD5: h0auK8hnYJKmHTLhKtMTkQ==
+    Content-Length: 123
+
+The "rsa-key-1" keyId refers to a private key known to the client and a public
+key known to the server. The "hmac-key-1" keyId refers to key known to the
+client and server.
+
+## Default parameterization
+
+The authorization header and signature would be generated as:
+
+    Authorization: Signature keyId="rsa-key-1",algorithm="rsa-sha256",signature="Base64(RSA-SHA256(signing string))"
+
+The client would compose the signing string as:
+
+    date: Tue, 07 Jun 2011 20:51:35 GMT
+
+## Header List
+
+The authorization header and signature would be generated as:
+
+    Authorization: Signature keyId="rsa-key-1",algorithm="rsa-sha256",headers="request-line date content-type content-md5",signature="Base64(RSA-SHA256(signing string))"
+
+The client would compose the signing string as (`+ "\n"` inserted for
+readability):
+
+    POST /foo HTTP/1.1 + "\n"
+    date: Tue, 07 Jun 2011 20:51:35 GMT + "\n"
+    content-type: application/json + "\n"
+    content-md5: h0auK8hnYJKmHTLhKtMTkQ==
+
+## Algorithm
+
+The authorization header and signature would be generated as:
+
+    Authorization: Signature keyId="hmac-key-1",algorithm="hmac-sha1",signature="Base64(HMAC-SHA1(signing string))"
+
+The client would compose the signing string as:
+
+    date: Tue, 07 Jun 2011 20:51:35 GMT
+
+# Signing Algorithms
+
+Currently supported algorithm names are:
+
+* rsa-sha1
+* rsa-sha256
+* rsa-sha512
+* dsa-sha1
+* hmac-sha1
+* hmac-sha256
+* hmac-sha512
+
+# Security Considerations
+
+## Default Parameters
+
+Note the default parameterization of the `Signature` scheme is only safe if all
+requests are carried over a secure transport (i.e., TLS).  Sending the default
+scheme over a non-secure transport will leave the request vulnerable to
+spoofing, tampering, replay/repudiation, and integrity violations (if using the
+STRIDE threat-modeling methodology).
+
+## Insecure Transports
+
+If sending the request over plain HTTP, service providers SHOULD require clients
+to sign ALL HTTP headers, and the `request-line`.  Additionally, service
+providers SHOULD require `Content-MD5` calculations to be performed to ensure
+against any tampering from clients.
+
+## Nonces
+
+Nonces are out of scope for this document simply because many service providers
+fail to implement them correctly, or do not adopt security specifications
+because of the infrastructure complexity.  Given the `header` parameterization,
+a service provider is fully enabled to add nonce semantics into this scheme by
+using something like an `x-request-nonce` header, and ensuring it is signed
+with the `Date` header.
+
+## Clock Skew
+
+As the default scheme is to sign the `Date` header, service providers SHOULD
+protect against logged replay attacks by enforcing a clock skew.  The server
+SHOULD be synchronized with NTP, and the recommendation in this specification
+is to allow 300s of clock skew (in either direction).
+
+## Required Headers to Sign
+
+It is out of scope for this document to dictate what headers a service provider
+will want to enforce, but service providers SHOULD at minimum include the
+`Date` header.
+
+# References
+
+## Normative References
+
+* [RFC2616] Hypertext Transfer Protocol -- HTTP/1.1
+* [RFC2617] HTTP Authentication: Basic and Digest Access Authentication
+* [RFC5246] The Transport Layer Security (TLS) Protocol Version 1.2
+
+## Informative References
+
+    Name: Mark Cavage (editor)
+    Company: Joyent, Inc.
+    Email: mark.cavage@joyent.com
+    URI: http://www.joyent.com
+
+# Appendix A - Test Values
+
+The following test data uses the RSA (2048b) keys, which we will refer
+to as `keyId=Test` in the following samples:
+
+    -----BEGIN PUBLIC KEY-----
+    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3
+    6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6
+    Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw
+    oYi+1hqp1fIekaxsyQIDAQAB
+    -----END PUBLIC KEY-----
+
+    -----BEGIN RSA PRIVATE KEY-----
+    MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF
+    NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F
+    UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB
+    AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA
+    QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK
+    kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg
+    f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u
+    412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc
+    mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7
+    kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA
+    gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW
+    G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI
+    7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==
+    -----END RSA PRIVATE KEY-----
+
+And all examples use this request:
+
+    POST /foo?param=value&pet=dog HTTP/1.1
+    Host: example.com
+    Date: Thu, 05 Jan 2012 21:31:40 GMT
+    Content-Type: application/json
+    Content-MD5: Sd/dVLAcvNLSq16eXua5uQ==
+    Content-Length: 18
+
+    {"hello": "world"}
+
+### Default
+
+The string to sign would be:
+
+    date: Thu, 05 Jan 2012 21:31:40 GMT
+
+The Authorization header would be:
+
+    Authorization: Signature keyId="Test",algorithm="rsa-sha256",signature="ATp0r26dbMIxOopqw0OfABDT7CKMIoENumuruOtarj8n/97Q3htHFYpH8yOSQk3Z5zh8UxUym6FYTb5+A0Nz3NRsXJibnYi7brE/4tx5But9kkFGzG+xpUmimN4c3TMN7OFH//+r8hBf7BT9/GmHDUVZT2JzWGLZES2xDOUuMtA="
+
+### All Headers
+
+Parameterized to include all headers, the string to sign would be (`+ "\n"`
+inserted for readability):
+
+    POST /foo?param=value&pet=dog HTTP/1.1 + "\n"
+    host: example.com + "\n"
+    date: Thu, 05 Jan 2012 21:31:40 GMT + "\n"
+    content-type: application/json + "\n"
+    content-md5: Sd/dVLAcvNLSq16eXua5uQ== + "\n"
+    content-length: 18
+
+The Authorization header would be:
+
+    Authorization: Signature keyId="Test",algorithm="rsa-sha256",headers="request-line host date content-type content-md5 content-length",signature="H/AaTDkJvLELy4i1RujnKlS6dm8QWiJvEpn9cKRMi49kKF+mohZ15z1r+mF+XiKS5kOOscyS83olfBtsVhYjPg2Ei3/D9D4Mvb7bFm9IaLJgYTFFuQCghrKQQFPiqJN320emjHxFowpIm1BkstnEU7lktH/XdXVBo8a6Uteiztw="
+
diff --git a/node_modules/http-signature/lib/index.js b/node_modules/http-signature/lib/index.js
new file mode 100644
index 000000000..56a9967da
--- /dev/null
+++ b/node_modules/http-signature/lib/index.js
@@ -0,0 +1,27 @@
+// Copyright 2015 Joyent, Inc.
+
+var parser = require('./parser');
+var signer = require('./signer');
+var verify = require('./verify');
+var util = require('./util');
+
+
+
+///--- API
+
+module.exports = {
+
+  parse: parser.parseRequest,
+  parseRequest: parser.parseRequest,
+
+  sign: signer.signRequest,
+  signRequest: signer.signRequest,
+
+  sshKeyToPEM: util.sshKeyToPEM,
+  sshKeyFingerprint: util.fingerprint,
+  pemToRsaSSHKey: util.pemToRsaSSHKey,
+
+  verify: verify.verifySignature,
+  verifySignature: verify.verifySignature,
+  verifyHMAC: verify.verifyHMAC
+};
diff --git a/node_modules/http-signature/lib/parser.js b/node_modules/http-signature/lib/parser.js
new file mode 100644
index 000000000..fd9ac1022
--- /dev/null
+++ b/node_modules/http-signature/lib/parser.js
@@ -0,0 +1,304 @@
+// Copyright 2012 Joyent, Inc.  All rights reserved.
+
+var assert = require('assert-plus');
+var util = require('util');
+
+
+
+///--- Globals
+
+var Algorithms = {
+  'rsa-sha1': true,
+  'rsa-sha256': true,
+  'rsa-sha512': true,
+  'dsa-sha1': true,
+  'hmac-sha1': true,
+  'hmac-sha256': true,
+  'hmac-sha512': true
+};
+
+var State = {
+  New: 0,
+  Params: 1
+};
+
+var ParamsState = {
+  Name: 0,
+  Quote: 1,
+  Value: 2,
+  Comma: 3
+};
+
+
+
+///--- Specific Errors
+
+function HttpSignatureError(message, caller) {
+  if (Error.captureStackTrace)
+    Error.captureStackTrace(this, caller || HttpSignatureError);
+
+  this.message = message;
+  this.name = caller.name;
+}
+util.inherits(HttpSignatureError, Error);
+
+function ExpiredRequestError(message) {
+  HttpSignatureError.call(this, message, ExpiredRequestError);
+}
+util.inherits(ExpiredRequestError, HttpSignatureError);
+
+
+function InvalidHeaderError(message) {
+  HttpSignatureError.call(this, message, InvalidHeaderError);
+}
+util.inherits(InvalidHeaderError, HttpSignatureError);
+
+
+function InvalidParamsError(message) {
+  HttpSignatureError.call(this, message, InvalidParamsError);
+}
+util.inherits(InvalidParamsError, HttpSignatureError);
+
+
+function MissingHeaderError(message) {
+  HttpSignatureError.call(this, message, MissingHeaderError);
+}
+util.inherits(MissingHeaderError, HttpSignatureError);
+
+
+
+///--- Exported API
+
+module.exports = {
+
+  /**
+   * Parses the 'Authorization' header out of an http.ServerRequest object.
+   *
+   * Note that this API will fully validate the Authorization header, and throw
+   * on any error.  It will not however check the signature, or the keyId format
+   * as those are specific to your environment.  You can use the options object
+   * to pass in extra constraints.
+   *
+   * As a response object you can expect this:
+   *
+   *     {
+   *       "scheme": "Signature",
+   *       "params": {
+   *         "keyId": "foo",
+   *         "algorithm": "rsa-sha256",
+   *         "headers": [
+   *           "date" or "x-date",
+   *           "content-md5"
+   *         ],
+   *         "signature": "base64"
+   *       },
+   *       "signingString": "ready to be passed to crypto.verify()"
+   *     }
+   *
+   * @param {Object} request an http.ServerRequest.
+   * @param {Object} options an optional options object with:
+   *                   - clockSkew: allowed clock skew in seconds (default 300).
+   *                   - headers: required header names (def: date or x-date)
+   *                   - algorithms: algorithms to support (default: all).
+   * @return {Object} parsed out object (see above).
+   * @throws {TypeError} on invalid input.
+   * @throws {InvalidHeaderError} on an invalid Authorization header error.
+   * @throws {InvalidParamsError} if the params in the scheme are invalid.
+   * @throws {MissingHeaderError} if the params indicate a header not present,
+   *                              either in the request headers from the params,
+   *                              or not in the params from a required header
+   *                              in options.
+   * @throws {ExpiredRequestError} if the value of date or x-date exceeds skew.
+   */
+  parseRequest: function parseRequest(request, options) {
+    assert.object(request, 'request');
+    assert.object(request.headers, 'request.headers');
+    if (options === undefined) {
+      options = {};
+    }
+    if (options.headers === undefined) {
+      options.headers = [request.headers['x-date'] ? 'x-date' : 'date'];
+    }
+    assert.object(options, 'options');
+    assert.arrayOfString(options.headers, 'options.headers');
+    assert.optionalNumber(options.clockSkew, 'options.clockSkew');
+
+    if (!request.headers.authorization)
+      throw new MissingHeaderError('no authorization header present in ' +
+                                   'the request');
+
+    options.clockSkew = options.clockSkew || 300;
+
+
+    var i = 0;
+    var state = State.New;
+    var substate = ParamsState.Name;
+    var tmpName = '';
+    var tmpValue = '';
+
+    var parsed = {
+      scheme: '',
+      params: {},
+      signingString: '',
+
+      get algorithm() {
+        return this.params.algorithm.toUpperCase();
+      },
+
+      get keyId() {
+        return this.params.keyId;
+      }
+
+    };
+
+    var authz = request.headers.authorization;
+    for (i = 0; i < authz.length; i++) {
+      var c = authz.charAt(i);
+
+      switch (Number(state)) {
+
+      case State.New:
+        if (c !== ' ') parsed.scheme += c;
+        else state = State.Params;
+        break;
+
+      case State.Params:
+        switch (Number(substate)) {
+
+        case ParamsState.Name:
+          var code = c.charCodeAt(0);
+          // restricted name of A-Z / a-z
+          if ((code >= 0x41 && code <= 0x5a) || // A-Z
+              (code >= 0x61 && code <= 0x7a)) { // a-z
+            tmpName += c;
+          } else if (c === '=') {
+            if (tmpName.length === 0)
+              throw new InvalidHeaderError('bad param format');
+            substate = ParamsState.Quote;
+          } else {
+            throw new InvalidHeaderError('bad param format');
+          }
+          break;
+
+        case ParamsState.Quote:
+          if (c === '"') {
+            tmpValue = '';
+            substate = ParamsState.Value;
+          } else {
+            throw new InvalidHeaderError('bad param format');
+          }
+          break;
+
+        case ParamsState.Value:
+          if (c === '"') {
+            parsed.params[tmpName] = tmpValue;
+            substate = ParamsState.Comma;
+          } else {
+            tmpValue += c;
+          }
+          break;
+
+        case ParamsState.Comma:
+          if (c === ',') {
+            tmpName = '';
+            substate = ParamsState.Name;
+          } else {
+            throw new InvalidHeaderError('bad param format');
+          }
+          break;
+
+        default:
+          throw new Error('Invalid substate');
+        }
+        break;
+
+      default:
+        throw new Error('Invalid substate');
+      }
+
+    }
+
+    if (!parsed.params.headers || parsed.params.headers === '') {
+      if (request.headers['x-date']) {
+        parsed.params.headers = ['x-date'];
+      } else {
+        parsed.params.headers = ['date'];
+      }
+    } else {
+      parsed.params.headers = parsed.params.headers.split(' ');
+    }
+
+    // Minimally validate the parsed object
+    if (!parsed.scheme || parsed.scheme !== 'Signature')
+      throw new InvalidHeaderError('scheme was not "Signature"');
+
+    if (!parsed.params.keyId)
+      throw new InvalidHeaderError('keyId was not specified');
+
+    if (!parsed.params.algorithm)
+      throw new InvalidHeaderError('algorithm was not specified');
+
+    if (!parsed.params.signature)
+      throw new InvalidHeaderError('signature was not specified');
+
+    // Check the algorithm against the official list
+    parsed.params.algorithm = parsed.params.algorithm.toLowerCase();
+    if (!Algorithms[parsed.params.algorithm])
+      throw new InvalidParamsError(parsed.params.algorithm +
+                                   ' is not supported');
+
+    // Build the signingString
+    for (i = 0; i < parsed.params.headers.length; i++) {
+      var h = parsed.params.headers[i].toLowerCase();
+      parsed.params.headers[i] = h;
+
+      if (h !== 'request-line') {
+        var value = request.headers[h];
+        if (!value)
+          throw new MissingHeaderError(h + ' was not in the request');
+        parsed.signingString += h + ': ' + value;
+      } else {
+        parsed.signingString +=
+          request.method + ' ' + request.url + ' HTTP/' + request.httpVersion;
+      }
+
+      if ((i + 1) < parsed.params.headers.length)
+        parsed.signingString += '\n';
+    }
+
+    // Check against the constraints
+    var date;
+    if (request.headers.date || request.headers['x-date']) {
+        if (request.headers['x-date']) {
+          date = new Date(request.headers['x-date']);
+        } else {
+          date = new Date(request.headers.date);
+        }
+      var now = new Date();
+      var skew = Math.abs(now.getTime() - date.getTime());
+
+      if (skew > options.clockSkew * 1000) {
+        throw new ExpiredRequestError('clock skew of ' +
+                                      (skew / 1000) +
+                                      's was greater than ' +
+                                      options.clockSkew + 's');
+      }
+    }
+
+    options.headers.forEach(function (hdr) {
+      // Remember that we already checked any headers in the params
+      // were in the request, so if this passes we're good.
+      if (parsed.params.headers.indexOf(hdr) < 0)
+        throw new MissingHeaderError(hdr + ' was not a signed header');
+    });
+
+    if (options.algorithms) {
+      if (options.algorithms.indexOf(parsed.params.algorithm) === -1)
+        throw new InvalidParamsError(parsed.params.algorithm +
+                                     ' is not a supported algorithm');
+    }
+
+    return parsed;
+  }
+
+};
diff --git a/node_modules/http-signature/lib/signer.js b/node_modules/http-signature/lib/signer.js
new file mode 100644
index 000000000..3507f4dbf
--- /dev/null
+++ b/node_modules/http-signature/lib/signer.js
@@ -0,0 +1,178 @@
+// Copyright 2012 Joyent, Inc.  All rights reserved.
+
+var assert = require('assert-plus');
+var crypto = require('crypto');
+var http = require('http');
+
+var sprintf = require('util').format;
+
+
+
+///--- Globals
+
+var Algorithms = {
+  'rsa-sha1': true,
+  'rsa-sha256': true,
+  'rsa-sha512': true,
+  'dsa-sha1': true,
+  'hmac-sha1': true,
+  'hmac-sha256': true,
+  'hmac-sha512': true
+};
+
+var Authorization =
+  'Signature keyId="%s",algorithm="%s",headers="%s",signature="%s"';
+
+
+
+///--- Specific Errors
+
+function MissingHeaderError(message) {
+    this.name = 'MissingHeaderError';
+    this.message = message;
+    this.stack = (new Error()).stack;
+}
+MissingHeaderError.prototype = new Error();
+
+
+function InvalidAlgorithmError(message) {
+    this.name = 'InvalidAlgorithmError';
+    this.message = message;
+    this.stack = (new Error()).stack;
+}
+InvalidAlgorithmError.prototype = new Error();
+
+
+
+///--- Internal Functions
+
+function _pad(val) {
+  if (parseInt(val, 10) < 10) {
+    val = '0' + val;
+  }
+  return val;
+}
+
+
+function _rfc1123() {
+  var date = new Date();
+
+  var months = ['Jan',
+                'Feb',
+                'Mar',
+                'Apr',
+                'May',
+                'Jun',
+                'Jul',
+                'Aug',
+                'Sep',
+                'Oct',
+                'Nov',
+                'Dec'];
+  var days = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'];
+  return days[date.getUTCDay()] + ', ' +
+    _pad(date.getUTCDate()) + ' ' +
+    months[date.getUTCMonth()] + ' ' +
+    date.getUTCFullYear() + ' ' +
+    _pad(date.getUTCHours()) + ':' +
+    _pad(date.getUTCMinutes()) + ':' +
+    _pad(date.getUTCSeconds()) +
+    ' GMT';
+}
+
+
+
+///--- Exported API
+
+module.exports = {
+
+  /**
+   * Adds an 'Authorization' header to an http.ClientRequest object.
+   *
+   * Note that this API will add a Date header if it's not already set. Any
+   * other headers in the options.headers array MUST be present, or this
+   * will throw.
+   *
+   * You shouldn't need to check the return type; it's just there if you want
+   * to be pedantic.
+   *
+   * @param {Object} request an instance of http.ClientRequest.
+   * @param {Object} options signing parameters object:
+   *                   - {String} keyId required.
+   *                   - {String} key required (either a PEM or HMAC key).
+   *                   - {Array} headers optional; defaults to ['date'].
+   *                   - {String} algorithm optional; defaults to 'rsa-sha256'.
+   *                   - {String} httpVersion optional; defaults to '1.1'.
+   * @return {Boolean} true if Authorization (and optionally Date) were added.
+   * @throws {TypeError} on bad parameter types (input).
+   * @throws {InvalidAlgorithmError} if algorithm was bad.
+   * @throws {MissingHeaderError} if a header to be signed was specified but
+   *                              was not present.
+   */
+  signRequest: function signRequest(request, options) {
+    assert.object(request, 'request');
+    assert.object(options, 'options');
+    assert.optionalString(options.algorithm, 'options.algorithm');
+    assert.string(options.keyId, 'options.keyId');
+    assert.optionalArrayOfString(options.headers, 'options.headers');
+    assert.optionalString(options.httpVersion, 'options.httpVersion');
+
+    if (!request.getHeader('Date'))
+      request.setHeader('Date', _rfc1123());
+    if (!options.headers)
+      options.headers = ['date'];
+    if (!options.algorithm)
+      options.algorithm = 'rsa-sha256';
+    if (!options.httpVersion)
+      options.httpVersion = '1.1';
+
+    options.algorithm = options.algorithm.toLowerCase();
+
+    if (!Algorithms[options.algorithm])
+      throw new InvalidAlgorithmError(options.algorithm + ' is not supported');
+
+    var i;
+    var stringToSign = '';
+    for (i = 0; i < options.headers.length; i++) {
+      if (typeof (options.headers[i]) !== 'string')
+        throw new TypeError('options.headers must be an array of Strings');
+
+      var h = options.headers[i].toLowerCase();
+
+      if (h !== 'request-line') {
+        var value = request.getHeader(h);
+        if (!value) {
+          throw new MissingHeaderError(h + ' was not in the request');
+        }
+        stringToSign += h + ': ' + value;
+      } else {
+        stringToSign +=
+          request.method + ' ' + request.path + ' HTTP/' + options.httpVersion;
+      }
+
+      if ((i + 1) < options.headers.length)
+        stringToSign += '\n';
+    }
+
+    var alg = options.algorithm.match(/(hmac|rsa)-(\w+)/);
+    var signature;
+    if (alg[1] === 'hmac') {
+      var hmac = crypto.createHmac(alg[2].toUpperCase(), options.key);
+      hmac.update(stringToSign);
+      signature = hmac.digest('base64');
+    } else {
+      var signer = crypto.createSign(options.algorithm.toUpperCase());
+      signer.update(stringToSign);
+      signature = signer.sign(options.key, 'base64');
+    }
+
+    request.setHeader('Authorization', sprintf(Authorization,
+                                               options.keyId,
+                                               options.algorithm,
+                                               options.headers.join(' '),
+                                               signature));
+
+    return true;
+  }
+
+};
diff --git a/node_modules/http-signature/lib/util.js b/node_modules/http-signature/lib/util.js
new file mode 100644
index 000000000..2e1ce4d46
--- /dev/null
+++ b/node_modules/http-signature/lib/util.js
@@ -0,0 +1,306 @@
+// Copyright 2012 Joyent, Inc.  All rights reserved.
+
+var assert = require('assert-plus');
+var crypto = require('crypto');
+
+var asn1 = require('asn1');
+var ctype = require('ctype');
+
+
+
+///--- Helpers
+
+function readNext(buffer, offset) {
+  var len = ctype.ruint32(buffer, 'big', offset);
+  offset += 4;
+
+  var newOffset = offset + len;
+
+  return {
+    data: buffer.slice(offset, newOffset),
+    offset: newOffset
+  };
+}
+
+
+function writeInt(writer, buffer) {
+  writer.writeByte(0x02); // ASN1.Integer
+  writer.writeLength(buffer.length);
+
+  for (var i = 0; i < buffer.length; i++)
+    writer.writeByte(buffer[i]);
+
+  return writer;
+}
+
+
+function rsaToPEM(key) {
+  var buffer;
+  var der;
+  var exponent;
+  var i;
+  var modulus;
+  var newKey = '';
+  var offset = 0;
+  var type;
+  var tmp;
+
+  try {
+    buffer = new Buffer(key.split(' ')[1], 'base64');
+
+    tmp = readNext(buffer, offset);
+    type = tmp.data.toString();
+    offset = tmp.offset;
+
+    if (type !== 'ssh-rsa')
+      throw new Error('Invalid ssh key type: ' + type);
+
+    tmp = readNext(buffer, offset);
+    exponent = tmp.data;
+    offset = tmp.offset;
+
+    tmp = readNext(buffer, offset);
+    modulus = tmp.data;
+  } catch (e) {
+    throw new Error('Invalid ssh key: ' + key);
+  }
+
+  // DER is a subset of BER
+  der = new asn1.BerWriter();
+
+  der.startSequence();
+
+  der.startSequence();
+  der.writeOID('1.2.840.113549.1.1.1');
+  der.writeNull();
+  der.endSequence();
+
+  der.startSequence(0x03); // bit string
+  der.writeByte(0x00);
+
+  // Actual key
+  der.startSequence();
+  writeInt(der, modulus);
+  writeInt(der, exponent);
+  der.endSequence();
+
+  // bit string
+  der.endSequence();
+
+  der.endSequence();
+
+  tmp = der.buffer.toString('base64');
+  for (i = 0; i < tmp.length; i++) {
+    if ((i % 64) === 0)
+      newKey += '\n';
+    newKey += tmp.charAt(i);
+  }
+
+  if (!/\\n$/.test(newKey))
+    newKey += '\n';
+
+  return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
+}
+
+
+function dsaToPEM(key) {
+  var buffer;
+  var offset = 0;
+  var tmp;
+  var der;
+  var newKey = '';
+
+  var type;
+  var p;
+  var q;
+  var g;
+  var y;
+
+  try {
+    buffer = new Buffer(key.split(' ')[1], 'base64');
+
+    tmp = readNext(buffer, offset);
+    type = tmp.data.toString();
+    offset = tmp.offset;
+
+    /* JSSTYLED */
+    if (!/^ssh-ds[as].*/.test(type))
+      throw new Error('Invalid ssh key type: ' + type);
+
+    tmp = readNext(buffer, offset);
+    p = tmp.data;
+    offset = tmp.offset;
+
+    tmp = readNext(buffer, offset);
+    q = tmp.data;
+    offset = tmp.offset;
+
+    tmp = readNext(buffer, offset);
+    g = tmp.data;
+    offset = tmp.offset;
+
+    tmp = readNext(buffer, offset);
+    y = tmp.data;
+  } catch (e) {
+    console.log(e.stack);
+    throw new Error('Invalid ssh key: ' + key);
+  }
+
+  // DER is a subset of BER
+  der = new asn1.BerWriter();
+
+  der.startSequence();
+
+  der.startSequence();
+  der.writeOID('1.2.840.10040.4.1');
+
+  der.startSequence();
+  writeInt(der, p);
+  writeInt(der, q);
+  writeInt(der, g);
+  der.endSequence();
+
+  der.endSequence();
+
+  der.startSequence(0x03); // bit string
+  der.writeByte(0x00);
+  writeInt(der, y);
+  der.endSequence();
+
+  der.endSequence();
+
+  tmp = der.buffer.toString('base64');
+  for (var i = 0; i < tmp.length; i++) {
+    if ((i % 64) === 0)
+      newKey += '\n';
+    newKey += tmp.charAt(i);
+  }
+
+  if (!/\\n$/.test(newKey))
+    newKey += '\n';
+
+  return '-----BEGIN PUBLIC KEY-----' + newKey + '-----END PUBLIC KEY-----\n';
+}
+
+
+///--- API
+
+module.exports = {
+
+  /**
+   * Converts an OpenSSH public key (rsa only) to a PKCS#8 PEM file.
+   *
+   * The intent of this module is to interoperate with OpenSSL only,
+   * specifically the node crypto module's `verify` method.
+   *
+   * @param {String} key an OpenSSH public key.
+   * @return {String} PEM encoded form of the RSA public key.
+   * @throws {TypeError} on bad input.
+   * @throws {Error} on invalid ssh key formatted data.
+   */
+  sshKeyToPEM: function sshKeyToPEM(key) {
+    assert.string(key, 'ssh_key');
+
+    /* JSSTYLED */
+    if (/^ssh-rsa.*/.test(key))
+      return rsaToPEM(key);
+
+    /* JSSTYLED */
+    if (/^ssh-ds[as].*/.test(key))
+      return dsaToPEM(key);
+
+    throw new Error('Only RSA and DSA public keys are allowed');
+  },
+
+
+  /**
+   * Generates an OpenSSH fingerprint from an ssh public key.
+   *
+   * @param {String} key an OpenSSH public key.
+   * @return {String} key fingerprint.
+   * @throws {TypeError} on bad input.
+   * @throws {Error} if what you passed doesn't look like an ssh public key.
+   */
+  fingerprint: function fingerprint(key) {
+    assert.string(key, 'ssh_key');
+
+    var pieces = key.split(' ');
+    if (!pieces || !pieces.length || pieces.length < 2)
+      throw new Error('invalid ssh key');
+
+    var data = new Buffer(pieces[1], 'base64');
+
+    var hash = crypto.createHash('md5');
+    hash.update(data);
+    var digest = hash.digest('hex');
+
+    var fp = '';
+    for (var i = 0; i < digest.length; i++) {
+      if (i && i % 2 === 0)
+        fp += ':';
+
+      fp += digest[i];
+    }
+
+    return fp;
+  },
+
+  /**
+   * Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
+   *
+   * The reverse of the above function.
+   */
+  pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
+    assert.equal('string', typeof (pem), 'typeof pem');
+
+    // chop off the BEGIN PUBLIC KEY and END PUBLIC KEY portion
+    var cleaned = pem.split('\n').slice(1, -2).join('');
+
+    var buf = new Buffer(cleaned, 'base64');
+
+    var der = new asn1.BerReader(buf);
+
+    der.readSequence();
+    der.readSequence();
+
+    var oid = der.readOID();
+    assert.equal(oid, '1.2.840.113549.1.1.1', 'pem not in RSA format');
+
+    // Null -- XXX this probably isn't good practice
+    der.readByte();
+    der.readByte();
+
+    // bit string sequence
+    der.readSequence(0x03);
+    der.readByte();
+    der.readSequence();
+
+    // modulus
+    assert.equal(der.peek(), asn1.Ber.Integer, 'modulus not an integer');
+    der._offset = der.readLength(der.offset + 1);
+    var modulus = der._buf.slice(der.offset, der.offset + der.length);
+    der._offset += der.length;
+
+    // exponent
+    assert.equal(der.peek(), asn1.Ber.Integer, 'exponent not an integer');
+    der._offset = der.readLength(der.offset + 1);
+    var exponent = der._buf.slice(der.offset, der.offset + der.length);
+    der._offset += der.length;
+
+    // now, make the key
+    var type = new Buffer('ssh-rsa');
+    var buffer = new Buffer(4 + type.length + 4 + modulus.length +
+      4 + exponent.length);
+    var i = 0;
+    buffer.writeUInt32BE(type.length, i);     i += 4;
+    type.copy(buffer, i);                     i += type.length;
+    buffer.writeUInt32BE(exponent.length, i); i += 4;
+    exponent.copy(buffer, i);                 i += exponent.length;
+    buffer.writeUInt32BE(modulus.length, i);  i += 4;
+    modulus.copy(buffer, i);                  i += modulus.length;
+
+    var s = (type.toString() + ' ' + buffer.toString('base64') + ' ' +
+      (comment || ''));
+    return s;
+  }
+};
diff --git a/node_modules/http-signature/lib/verify.js b/node_modules/http-signature/lib/verify.js
new file mode 100644
index 000000000..f6ad0c2b1
--- /dev/null
+++ b/node_modules/http-signature/lib/verify.js
@@ -0,0 +1,56 @@
+// Copyright 2015 Joyent, Inc.
+
+var assert = require('assert-plus');
+var crypto = require('crypto');
+
+
+
+///--- Exported API
+
+module.exports = {
+  /**
+   * Verify RSA/DSA signature against public key.  You are expected to pass in
+   * an object that was returned from `parse()`.
+   *
+   * @param {Object} parsedSignature the object you got from `parse`.
+   * @param {String} pubkey RSA/DSA private key PEM.
+   * @return {Boolean} true if valid, false otherwise.
+   * @throws {TypeError} if you pass in bad arguments.
+   */
+  verifySignature: function verifySignature(parsedSignature, pubkey) {
+    assert.object(parsedSignature, 'parsedSignature');
+    assert.string(pubkey, 'pubkey');
+
+    var alg = parsedSignature.algorithm.match(/^(RSA|DSA)-(\w+)/);
+    if (!alg || alg.length !== 3)
+      throw new TypeError('parsedSignature: unsupported algorithm ' +
+                          parsedSignature.algorithm);
+
+    var verify = crypto.createVerify(alg[0]);
+    verify.update(parsedSignature.signingString);
+    return verify.verify(pubkey, parsedSignature.params.signature, 'base64');
+  },
+
+  /**
+   * Verify HMAC against shared secret.  You are expected to pass in an object
+   * that was returned from `parse()`.
+   *
+   * @param {Object} parsedSignature the object you got from `parse`.
+   * @param {String} secret HMAC shared secret.
+   * @return {Boolean} true if valid, false otherwise.
+   * @throws {TypeError} if you pass in bad arguments.
+   */
+  verifyHMAC: function verifyHMAC(parsedSignature, secret) {
+    assert.object(parsedSignature, 'parsedHMAC');
+    assert.string(secret, 'secret');
+
+    var alg = parsedSignature.algorithm.match(/^HMAC-(\w+)/);
+    if (!alg || alg.length !== 2)
+      throw new TypeError('parsedSignature: unsupported algorithm ' +
+                          parsedSignature.algorithm);
+
+    var hmac = crypto.createHmac(alg[1].toUpperCase(), secret);
+    hmac.update(parsedSignature.signingString);
+    return (hmac.digest('base64') === parsedSignature.params.signature);
+  }
+};
diff --git a/node_modules/http-signature/package.json b/node_modules/http-signature/package.json
new file mode 100644
index 000000000..910f81181
--- /dev/null
+++ b/node_modules/http-signature/package.json
@@ -0,0 +1,100 @@
+{
+  "_args": [
+    [
+      "http-signature@~0.11.0",
+      "/Users/rebecca/code/npm/node_modules/request"
+    ]
+  ],
+  "_from": "http-signature@>=0.11.0 <0.12.0",
+  "_id": "http-signature@0.11.0",
+  "_inCache": true,
+  "_location": "/http-signature",
+  "_nodeVersion": "0.10.36",
+  "_npmUser": {
+    "email": "patrick.f.mooney@gmail.com",
+    "name": "pfmooney"
+  },
+  "_npmVersion": "2.5.1",
+  "_phantomChildren": {},
+  "_requested": {
+    "name": "http-signature",
+    "raw": "http-signature@~0.11.0",
+    "rawSpec": "~0.11.0",
+    "scope": null,
+    "spec": ">=0.11.0 <0.12.0",
+    "type": "range"
+  },
+  "_requiredBy": [
+    "/request"
+  ],
+  "_resolved": "https://registry.npmjs.org/http-signature/-/http-signature-0.11.0.tgz",
+  "_shasum": "1796cf67a001ad5cd6849dca0991485f09089fe6",
+  "_shrinkwrap": null,
+  "_spec": "http-signature@~0.11.0",
+  "_where": "/Users/rebecca/code/npm/node_modules/request",
+  "author": {
+    "name": "Joyent, Inc"
+  },
+  "bugs": {
+    "url": "https://github.com/joyent/node-http-signature/issues"
+  },
+  "contributors": [
+    {
+      "name": "Mark Cavage",
+      "email": "mcavage@gmail.com"
+    },
+    {
+      "name": "David I. Lehn",
+      "email": "dil@lehn.org"
+    },
+    {
+      "name": "Patrick Mooney",
+      "email": "patrick.f.mooney@gmail.com"
+    }
+  ],
+  "dependencies": {
+    "asn1": "0.1.11",
+    "assert-plus": "^0.1.5",
+    "ctype": "0.5.3"
+  },
+  "description": "Reference implementation of Joyent's HTTP Signature scheme.",
+  "devDependencies": {
+    "node-uuid": "^1.4.1",
+    "tap": "0.4.2"
+  },
+  "directories": {},
+  "dist": {
+    "shasum": "1796cf67a001ad5cd6849dca0991485f09089fe6",
+    "tarball": "http://registry.npmjs.org/http-signature/-/http-signature-0.11.0.tgz"
+  },
+  "engines": {
+    "node": ">=0.8"
+  },
+  "homepage": "https://github.com/joyent/node-http-signature/",
+  "keywords": [
+    "https",
+    "request"
+  ],
+  "license": "MIT",
+  "main": "lib/index.js",
+  "maintainers": [
+    {
+      "name": "mcavage",
+      "email": "mcavage@gmail.com"
+    },
+    {
+      "name": "pfmooney",
+      "email": "patrick.f.mooney@gmail.com"
+    }
+  ],
+  "name": "http-signature",
+  "optionalDependencies": {},
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/joyent/node-http-signature.git"
+  },
+  "scripts": {
+    "test": "tap test/*.js"
+  },
+  "version": "0.11.0"
+}