Class: BitBalloon::Multipass

Inherits:

Object

• Object
• BitBalloon::Multipass

Defined in:

lib/bitballoon/multipass.rb

Instance Method Summary

• #decode_token(token) ⇒ Object
• #generate_token(customer_data_hash) ⇒ Object
• #initialize(multipass_secret) ⇒ Multipass constructor

  A new instance of Multipass.

Constructor Details

#initialize(multipass_secret) ⇒ Multipass

Returns a new instance of Multipass.

# File 'lib/bitballoon/multipass.rb', line 9

def initialize(multipass_secret)
  ### Use the Multipass secret to derive two cryptographic keys,
  ### one for encryption, one for signing
  key_material = OpenSSL::Digest.new("sha256").digest(multipass_secret)
  @encryption_key = key_material[ 0,16]
  @signature_key  = key_material[16,16]
end

Instance Method Details

#decode_token(token) ⇒ Object

# File 'lib/bitballoon/multipass.rb', line 32

def decode_token(token)
  decoded_token = Base64.urlsafe_decode64(token)
  ciphertext, signature = [decoded_token[0..-33], decoded_token[-32..-1]]

  sig = sign(ciphertext)

  raise "Bad signature" unless sign(ciphertext) == signature

  JSON.parse(decrypt(ciphertext))
end

#generate_token(customer_data_hash) ⇒ Object

# File 'lib/bitballoon/multipass.rb', line 17

def generate_token(customer_data_hash)
  ### Store the current time in ISO8601 format.
  ### The token will only be valid for a small timeframe around this timestamp.
  customer_data_hash["created_at"] = Time.now.iso8601

  ### Serialize the customer data to JSON and encrypt it
  ciphertext = encrypt(customer_data_hash.to_json)

  ### Create a signature (message authentication code) of the ciphertext
  ### and encode everything using URL-safe Base64 (RFC 4648)
  sig = sign(ciphertext)

  Base64.urlsafe_encode64(ciphertext + sign(ciphertext))
end