Class: Bunq::Signature

Inherits:
Object
  • Object
show all
Defined in:
lib/bunq/signature.rb

Constant Summary collapse

BUNQ_HEADER_PREFIX =

headers in raw_headers hash in rest client are all lower case

'X-Bunq-'.downcase
BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER = 
'X-Bunq-Server-Signature'.downcase

Instance Method Summary collapse

Constructor Details

#initialize(private_key, server_public_key) ⇒ Signature

Returns a new instance of Signature.



11
12
13
14
15
16
17
 
# File 'lib/bunq/signature.rb', line 11

def initialize(private_key, server_public_key)
  fail ArgumentError, 'private_key is mandatory' unless private_key
  fail ArgumentError, 'server_public_key is mandatory' unless server_public_key

  @private_key = OpenSSL::PKey::RSA.new(private_key)
  @server_public_key = OpenSSL::PKey::RSA.new(server_public_key)
end

Instance Method Details

#create(body) ⇒ Object 



19
20
21
22
23
 
# File 'lib/bunq/signature.rb', line 19

def create(body)
  signature = private_key.sign(digest, body.to_s)

  Base64.strict_encode64(signature)
end

#verify!(response) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/bunq/signature.rb', line 25

def verify!(response)
  return if skip_signature_check(response.code)

  signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }
  unless signature_headers
    fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
  end

  signature_headers_value = signature_headers[1]
  unless signature_headers_value
    fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
  end

  signature = Base64.strict_decode64(signature_headers_value.first)
  if !verify_modern(signature, response) && !verify_legacy(signature, response)
    fail InvalidResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body)
  end
end