Class: Signing

Inherits:

Object

• Object
• Signing

Defined in:

lib/credify/signing.rb

Instance Attribute Summary

• #signing_key ⇒ Object readonly

  Returns the value of attribute signing_key.

Instance Method Summary

• #export_seed ⇒ String

  export_seed.

• #generate_approval_token(client_id, entity_id, approved_scopes, offer_code = nil) ⇒ String

  generate_approval_token.

• #generate_claim_token(provider_id, entity_id, scope_name, claim) ⇒ Hash

  generate_claim_token.

• #generate_jwt(payload) ⇒ String

  generate_jwt.

• #generate_key_pair ⇒ Boolean

  generate_key_pair.

• #generate_request_token(client_id, encryption_public_key, scopes, offer_code = nil) ⇒ String

  generate_request_token.

• #import_seed(seed) ⇒ Boolean

  import_seed.

• #parse_jwt(jwt) ⇒ Hash

  parse_jwt.

• #sign(message) ⇒ String

  sign.

• #verify(signature, message) ⇒ Boolean

  verify.

• #verify_jwt(jwt) ⇒ Boolean

  verify_jwt.

Instance Attribute Details

#signing_key ⇒ Object (readonly)

Returns the value of attribute signing_key.

# File 'lib/credify/signing.rb', line 8

def signing_key
  @signing_key
end

Instance Method Details

#export_seed ⇒ String

export_seed

# File 'lib/credify/signing.rb', line 56

def export_seed
  if @signing_key.nil?
    raise Exception.new 'Please pass signing key'
  end
  Credify::Helpers.short_urlsafe_encode64(@signing_key.seed)
end

#generate_approval_token(client_id, entity_id, approved_scopes, offer_code = nil) ⇒ String

generate_approval_token

# File 'lib/credify/signing.rb', line 111

def generate_approval_token(client_id, entity_id, approved_scopes, offer_code = nil)
  # minus 60 just in case this timestamp could collide one in the server side.
  now = Time.now.to_i - 60
  payload = {
    client_id: client_id,
    iat: now,
    iss: entity_id,
    scopes: approved_scopes.join(' ')
  }
  unless offer_code.nil?
    payload[:offer_code] = offer_code
  end
  generate_jwt(payload)
end

#generate_claim_token(provider_id, entity_id, scope_name, claim) ⇒ Hash

generate_claim_token

# File 'lib/credify/signing.rb', line 133

def generate_claim_token(provider_id, entity_id, scope_name, claim)
  # minus 60 just in case this timestamp could collide one in the server side.
  now = Time.now.to_i - 60
  commitment = Credify::Helpers.generate_commitment
  data = claim[:"#{scope_name}:commitment"] = commitment
  scope_hash = Credify::Helpers.sha256(data)
  puts scope_hash
  payload = {
    iat: now,
    iss: provider_id,
    user_id: entity_id,
    scope_name: scope_name,
    scope_hash: scope_hash
  }
  token = generate_jwt(payload)
  { token: token, commitment: commitment }
end

#generate_jwt(payload) ⇒ String

generate_jwt

# File 'lib/credify/signing.rb', line 67

def generate_jwt(payload)
  if payload.empty?
    raise Exception.new 'Invalid payload'
  end
  header = {
    alg: 'EdDSA',
    typ: 'JWT'
  }
  message = compose_message(header, payload)
  signature = sign(message)
  message << '.' << signature
end

#generate_key_pair ⇒ Boolean

generate_key_pair

# File 'lib/credify/signing.rb', line 13

def generate_key_pair
  @signing_key = Ed25519::SigningKey.generate
  @signing_key.nil?
end

#generate_request_token(client_id, encryption_public_key, scopes, offer_code = nil) ⇒ String

generate_request_token

# File 'lib/credify/signing.rb', line 158

def generate_request_token(client_id, encryption_public_key, scopes, offer_code = nil)
  unless scopes.include?('openid')
    raise Exception 'scopes need to contain openid'
  end
  # minus 60 just in case this timestamp could collide one in the server side.
  now = Time.now.to_i - 60
  payload = {
    iat: now,
    iss: client_id,
    encryption_public_key: encryption_public_key,
    scopes: scopes.join(' ')
  }
  unless offer_code.nil?
    payload[:offer_code] = offer_code
  end
  generate_jwt(payload)
end

#import_seed(seed) ⇒ Boolean

import_seed

# File 'lib/credify/signing.rb', line 22

def import_seed(seed)
  binary = Credify::Helpers.short_urlsafe_decode64(seed)
  @signing_key = Ed25519::SigningKey.new(binary)
  @signing_key.nil?
end

#parse_jwt(jwt) ⇒ Hash

parse_jwt

# File 'lib/credify/signing.rb', line 84

def parse_jwt(jwt)
  components = jwt.split('.')
  unless components.length == 3
    raise Exception 'JST is invalid'
  end

  header = JSON.parse(Credify::Helpers.short_urlsafe_decode64(components[0]))
  payload = JSON.parse(Credify::Helpers.short_urlsafe_decode64(components[1]))
  { header: header, payload: payload, signature: components[2] }
end

#sign(message) ⇒ String

sign

# File 'lib/credify/signing.rb', line 32

def sign(message)
  if @signing_key.nil?
    raise Exception.new 'Please pass signing key'
  end
  signature = @signing_key.sign(message)
  Credify::Helpers.short_urlsafe_encode64(signature)
end

#verify(signature, message) ⇒ Boolean

verify

# File 'lib/credify/signing.rb', line 45

def verify(signature, message)
  if @signing_key.nil?
    raise Exception.new 'Please pass signing key'
  end
  raw_sign = Credify::Helpers.short_urlsafe_decode64(signature)
  @signing_key.verify_key.verify raw_sign, message
end

#verify_jwt(jwt) ⇒ Boolean

verify_jwt

# File 'lib/credify/signing.rb', line 99

def verify_jwt(jwt)
  message = compose_message(jwt[:header], jwt[:payload])
  verify(jwt[:signature], message)
end