Method: ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar#initialize

Defined in:

lib/action_dispatch/middleware/cookies.rb

#initialize(parent_jar) ⇒ EncryptedKeyRotatingCookieJar

Returns a new instance of EncryptedKeyRotatingCookieJar.

# File 'lib/action_dispatch/middleware/cookies.rb', line 651

def initialize(parent_jar)
  super

  if request.use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, key_len)
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
  end

  request.cookies_rotations.encrypted.each do |(*secrets)|
    options = secrets.extract_options!
    @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
  end

  if upgrade_legacy_hmac_aes_cbc_cookies?
    legacy_cipher = "aes-256-cbc"
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(legacy_cipher))
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)

    @encryptor.rotate(secret, sign_secret, cipher: legacy_cipher, digest: digest, serializer: SERIALIZER)
  elsif prepare_upgrade_legacy_hmac_aes_cbc_cookies?
    future_cipher = encrypted_cookie_cipher
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(future_cipher))

    @encryptor.rotate(secret, nil, cipher: future_cipher, serializer: SERIALIZER)
  end
end