Module: Blockstack
- Defined in:
- lib/blockstack.rb,
lib/blockstack/version.rb
Defined Under Namespace
Classes: InvalidAuthResponse
Constant Summary
collapse
- USER_AGENT =
"blockstack-ruby #{VERSION}"
- ALGORITHM =
"ES256K"
- REQUIRED_CLAIMS =
%w(iss iat jti exp username profile public_keys)
- DEFAULT_LEEWAY =
30
- DEFAULT_VALID_WITHIN =
30
- DEFAULT_API =
"http://localhost:6270"
- VERSION =
"0.5.9"
Class Method Summary
collapse
Class Method Details
.api ⇒ Object
21
22
23
|
# File 'lib/blockstack.rb', line 21
def self.api
@@api
end
|
.api=(api) ⇒ Object
17
18
19
|
# File 'lib/blockstack.rb', line 17
def self.api=(api)
@@api = api.nil? ? DEFAULT_API : api
end
|
.get_address_from_did(decentralized_id) ⇒ Object
91
92
93
94
95
|
# File 'lib/blockstack.rb', line 91
def self.get_address_from_did(decentralized_id)
did_type = get_did_type(decentralized_id)
return nil if did_type != 'btc-addr'
decentralized_id.split(':')[2]
end
|
.get_did_type(decentralized_id) ⇒ Object
84
85
86
87
88
89
|
# File 'lib/blockstack.rb', line 84
def self.get_did_type(decentralized_id)
did_parts = decentralized_id.split(':')
raise 'Decentralized IDs must have 3 parts' if did_parts.length != 3
raise 'Decentralized IDs must start with "did"' if did_parts[0].downcase != 'did'
did_parts[1].downcase
end
|
.leeway ⇒ Object
29
30
31
|
# File 'lib/blockstack.rb', line 29
def self.leeway
@@leeway
end
|
.leeway=(leeway) ⇒ Object
25
26
27
|
# File 'lib/blockstack.rb', line 25
def self.leeway=(leeway)
@@leeway = leeway.nil? ? DEFAULT_LEEWAY : leeway
end
|
.valid_within ⇒ Object
37
38
39
|
# File 'lib/blockstack.rb', line 37
def self.valid_within
@@valid_within
end
|
.valid_within=(valid_within) ⇒ Object
33
34
35
|
# File 'lib/blockstack.rb', line 33
def self.valid_within=(valid_within)
@@valid_within = valid_within.nil? ? DEFAULT_VALID_WITHIN : valid_within
end
|
.verify_auth_response(auth_token) ⇒ Object
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# File 'lib/blockstack.rb', line 41
def self.verify_auth_response(auth_token)
public_key = nil
verify = false
decoded_tokens = JWTB.decode auth_token, public_key, verify, algorithm: ALGORITHM
decoded_token = decoded_tokens[0]
REQUIRED_CLAIMS.each do |field|
raise InvalidAuthResponse.new("Missing required '#{field}' claim.") if !decoded_token.key?(field.to_s)
end
raise InvalidAuthResponse.new("Missing required 'iat' claim.") if !decoded_token["iat"]
raise InvalidAuthResponse.new("'iat' timestamp claim is skewed too far from present.") if (Time.now.to_i - decoded_token["iat"]).abs > self.valid_within
public_keys = decoded_token['public_keys']
raise InvalidAuthResponse.new("Invalid public_keys array: only 1 key is supported") unless public_keys.length == 1
compressed_hex_public_key = public_keys[0]
bignum = OpenSSL::BN.new(compressed_hex_public_key, 16)
group = OpenSSL::PKey::EC::Group.new 'secp256k1'
public_key = OpenSSL::PKey::EC::Point.new(group, bignum)
ecdsa_key = OpenSSL::PKey::EC.new 'secp256k1'
ecdsa_key.public_key = public_key
verify = true
decoded_tokens = JWTB.decode auth_token, ecdsa_key, verify, algorithm: ALGORITHM, exp_leeway: self.leeway
decoded_token = decoded_tokens[0]
raise InvalidAuthResponse.new("Public keys don't match issuer address") unless self.public_keys_match_issuer?(decoded_token)
raise InvalidAuthResponse.new("Public keys don't match owner of claimed username") unless self.public_keys_match_username?(decoded_token)
return decoded_token
rescue JWTB::VerificationError => error
raise InvalidAuthResponse.new("Signature on JWT is invalid")
rescue JWTB::DecodeError => error
raise InvalidAuthResponse.new("Unable to decode JWT")
rescue RuntimeError => error
raise InvalidAuthResponse.new(error.message)
end
|