Module: Blockstack
- Defined in:
- lib/blockstack.rb,
lib/blockstack/user.rb,
lib/blockstack/version.rb
Defined Under Namespace
Classes: InvalidAuthResponse, User
Constant Summary
collapse
- USER_AGENT =
"blockstack-ruby #{VERSION}"- ALGORITHM =
"ES256K"
- REQUIRED_CLAIMS =
%w(iss iat jti exp username profile public_keys)
- DEFAULT_LEEWAY =
30
- DEFAULT_VALID_WITHIN =
30
- DEFAULT_API =
"https://core.blockstack.org"
- VERSION =
"7.0.0"
Class Method Summary
collapse
Class Method Details
.api ⇒ Object
22
23
24
|
# File 'lib/blockstack.rb', line 22
def self.api
@@api
end
|
.api=(api) ⇒ Object
18
19
20
|
# File 'lib/blockstack.rb', line 18
def self.api=(api)
@@api = api.nil? ? DEFAULT_API : api
end
|
.get_address_from_did(decentralized_id) ⇒ Object
92
93
94
95
96
|
# File 'lib/blockstack.rb', line 92
def self.get_address_from_did(decentralized_id)
did_type = get_did_type(decentralized_id)
return nil if did_type != 'btc-addr'
decentralized_id.split(':')[2]
end
|
.get_did_type(decentralized_id) ⇒ Object
85
86
87
88
89
90
|
# File 'lib/blockstack.rb', line 85
def self.get_did_type(decentralized_id)
did_parts = decentralized_id.split(':')
raise 'Decentralized IDs must have 3 parts' if did_parts.length != 3
raise 'Decentralized IDs must start with "did"' if did_parts[0].downcase != 'did'
did_parts[1].downcase
end
|
.leeway ⇒ Object
30
31
32
|
# File 'lib/blockstack.rb', line 30
def self.leeway
@@leeway
end
|
.leeway=(leeway) ⇒ Object
26
27
28
|
# File 'lib/blockstack.rb', line 26
def self.leeway=(leeway)
@@leeway = leeway.nil? ? DEFAULT_LEEWAY : leeway
end
|
.valid_within ⇒ Object
38
39
40
|
# File 'lib/blockstack.rb', line 38
def self.valid_within
@@valid_within
end
|
.valid_within=(valid_within) ⇒ Object
34
35
36
|
# File 'lib/blockstack.rb', line 34
def self.valid_within=(valid_within)
@@valid_within = valid_within.nil? ? DEFAULT_VALID_WITHIN : valid_within
end
|
.verify_auth_response(auth_token) ⇒ Object
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# File 'lib/blockstack.rb', line 42
def self.verify_auth_response(auth_token)
public_key = nil
verify = false
decoded_tokens = JWTB.decode auth_token, public_key, verify, algorithm: ALGORITHM
decoded_token = decoded_tokens[0]
REQUIRED_CLAIMS.each do |field|
raise InvalidAuthResponse.new("Missing required '#{field}' claim.") if !decoded_token.key?(field.to_s)
end
raise InvalidAuthResponse.new("Missing required 'iat' claim.") if !decoded_token["iat"]
raise InvalidAuthResponse.new("'iat' timestamp claim is skewed too far from present.") if (Time.now.to_i - decoded_token["iat"]).abs > self.valid_within
public_keys = decoded_token['public_keys']
raise InvalidAuthResponse.new("Invalid public_keys array: only 1 key is supported") unless public_keys.length == 1
compressed_hex_public_key = public_keys[0]
bignum = OpenSSL::BN.new(compressed_hex_public_key, 16)
group = OpenSSL::PKey::EC::Group.new 'secp256k1'
public_key = OpenSSL::PKey::EC::Point.new(group, bignum)
ecdsa_key = OpenSSL::PKey::EC.new 'secp256k1'
ecdsa_key.public_key = public_key
verify = true
decoded_tokens = JWTB.decode auth_token, ecdsa_key, verify, algorithm: ALGORITHM, exp_leeway: self.leeway
decoded_token = decoded_tokens[0]
raise InvalidAuthResponse.new("Public keys don't match issuer address") unless self.public_keys_match_issuer?(decoded_token)
raise InvalidAuthResponse.new("Public keys don't match owner of claimed username") unless self.public_keys_match_username?(decoded_token)
return decoded_token
rescue JWTB::VerificationError => error
raise InvalidAuthResponse.new("Signature on JWT is invalid")
rescue JWTB::DecodeError => error
raise InvalidAuthResponse.new("Unable to decode JWT")
rescue RuntimeError => error
raise InvalidAuthResponse.new(error.message)
end
|