Module: Faria::Launchpad::Packet

Defined in:: lib/faria/launchpad/packet.rb

Defined Under Namespace

Classes: ExpiredSignature, MismatchedRequestURL, MissingRemoteKey

Constant Summary collapse

VERSION =

"v0.2"

Class Method Summary collapse

.decrypt(raw_data, options = {}, local_key:, remote_key:) ⇒ Object

for cases where you known in advance the remote key to use (such as Launchpad clients which will only be receiving messages from Launchpad and therefore will only use it’s public key for verifying signatures.
.decrypt_variable_key(raw_data, options = {}, local_key:, remote_key_func:) ⇒ Object

for cases where the signature key is not known in advance and must be determined by source information embedded in the JWT header.
.encrypt(data, options = {}, local_key:, remote_key:) ⇒ Object

encrypting is done with Launchpad public key signing is done with local private key.

Class Method Details

.decrypt(raw_data, options = {}, local_key:, remote_key:) ⇒ `Object`

for cases where you known in advance the remote key to use (such as Launchpad clients which will only be receiving messages from Launchpad and therefore will only use it’s public key for verifying signatures

# File 'lib/faria/launchpad/packet.rb', line 45

def self.decrypt(raw_data, options = {}, local_key:, remote_key: )
  version, jwe = raw_data.split(";", 2)
  jwt = JWE.decrypt(jwe, local_key)
  arr = JWT.decode(jwt, remote_key, true, { :algorithm => 'RS512' })
  payload, header = arr

  # validate_expiration will be handled by JWT decode
  validate_url!(payload, options[:actual_url])

  payload["data"]
end

.decrypt_variable_key(raw_data, options = {}, local_key:, remote_key_func:) ⇒ `Object`

for cases where the signature key is not known in advance and must be determined by source information embedded in the JWT header

# File 'lib/faria/launchpad/packet.rb', line 59

def self.decrypt_variable_key(raw_data, options = {}, local_key:, remote_key_func: )
  version, jwe = raw_data.split(";", 2)
  jwt = JWE.decrypt(jwe, local_key)
  header, payload = JWT::Decode.new(jwt, nil, false, {}).decode_segments[0..1]
  remote_key = remote_key_func.call(header, payload)
  fail(MissingRemoteKey) if remote_key.nil?

  arr = JWT.decode(jwt, remote_key, true, { :algorithm => 'RS512' })
  payload, header = arr

  # validate_expiration will be handled by JWT decode
  validate_url!(payload, options[:actual_url])

  payload["data"]
end

.encrypt(data, options = {}, local_key:, remote_key:) ⇒ `Object`

encrypting is done with Launchpad public key signing is done with local private key

# File 'lib/faria/launchpad/packet.rb', line 29

def self.encrypt(data, options = {}, local_key:, remote_key: )
  packet = { "data" => data}
  packet = add_issued_at(packet)
  packet = add_expires(packet, options[:expires_in]) if options[:expires_in]
  packet = add_api_url(packet, options[:api_url]) if options[:api_url]
  # packet = add_issuer(packet, options[:issuer])
  packet = add_source(packet, options[:source]) if options[:source]

  payload = JWT.encode(packet, local_key, 'RS512')
  "#{VERSION};" + JWE.encrypt(payload, remote_key) # public
end