Class: Pwnedkeys::Response

Inherits:

Object

Object
Pwnedkeys::Response

show all

Defined in:: lib/pwnedkeys/response.rb

Overview

Generate a v1 compromise attestation.

Defined Under Namespace

Classes: Error

Instance Method Summary collapse

#initialize(key) ⇒ Response constructor

Create a new response.
#to_json(*spki_format) ⇒ String

Produce a JSON format compromise attestation.

Constructor Details

#initialize(key) ⇒ `Response`

Create a new response.

Parameters:

key (OpenSSL::PKey::PKey, String) —

the key for which to generate the compromise attestation. It can either be an OpenSSL key object itself, or a string that ‘OpenSSL::PKey.read` will accept (so a PEM or DER format PKCS#8-like key).

Raises:

(Error) —

if an invalid argument type was passed, or if the key given is not, in fact, a private key.

# File 'lib/pwnedkeys/response.rb', line 25

def initialize(key)
  @key = if key.kind_of?(OpenSSL::PKey::PKey)
    key
  elsif key.is_a?(String)
    begin
      OpenSSL::PKey.read(key)
    rescue OpenSSL::PKey::PKeyError
      raise Error,
            "Unable to parse provided key data"
    end
  else
    raise Error,
          "Invalid argument type passed to Pwnedkeys::Response.new (need OpenSSL::PKey::PKey or string, got #{key.class})"
  end

  unless @key.private?
    raise Error,
          "Provided key is not a private key."
  end
end

Instance Method Details

#to_json(*spki_format) ⇒ `String`

Produce a JSON format compromise attestation.

Parameters:

spki_format (Object) —

some key types (specifically, ECDSA keys) can generate multiple formats of public key info, which hash to different key fingerprints. This parameter allows you to specify which format of SPKI should be generated. See the relevant key type’s ‘#to_spki` method to see what the valid values are.

Returns:

(String) —

the JSON response body, which is a JSON Web Signature containing proof of possession of the private key.

# File 'lib/pwnedkeys/response.rb', line 57

def to_json(*spki_format)
  header = {
    alg: key_alg,
    kid: @key.to_spki(*spki_format).spki_fingerprint.hexdigest,
  }

  obj = {
    payload:   b64("This key is pwned!  See https://pwnedkeys.com for more info."),
    protected: b64(header.to_json),
  }

  obj[:signature] = b64(sign(obj))
  obj.to_json
end

Class: Pwnedkeys::Response

Overview

Defined Under Namespace

Instance Method Summary collapse

Constructor Details

#initialize(key) ⇒ Response

Instance Method Details

#to_json(*spki_format) ⇒ String

#initialize(key) ⇒ `Response`

#to_json(*spki_format) ⇒ `String`