Class: IosAppAttest::NonceGenerator

Inherits:

Object

• Object
• IosAppAttest::NonceGenerator

Defined in:

lib/ios_app_attest/nonce_generator.rb

Overview

Generates and manages challenge nonces for iOS App Attestation

The NonceGenerator class is responsible for creating secure random nonces, encrypting them, and storing them in Redis for later validation during the attestation verification process.

This class uses IosAppAttest::NonceError for error handling.

Examples:

Basic usage

redis = Redis.new
generator = IosAppAttest::NonceGenerator.new(redis_client: redis)
nonce_data = generator.generate

With custom expiry time

generator = IosAppAttest::NonceGenerator.new(
  redis_client: redis,
  expiry_seconds: 300
)
nonce_data = generator.generate

Instance Attribute Summary

• #expiry_seconds ⇒ Object readonly

  Returns the value of attribute expiry_seconds.

• #logger ⇒ Object readonly

  Returns the value of attribute logger.

• #redis_client ⇒ Object readonly

  Returns the value of attribute redis_client.

Instance Method Summary

• #generate ⇒ Hash

  Generate a new nonce and store it in Redis.

• #initialize(redis_client:, logger: nil, expiry_seconds: 120) ⇒ NonceGenerator constructor

  Initialize the nonce generator.

Constructor Details

#initialize(redis_client:, logger: nil, expiry_seconds: 120) ⇒ NonceGenerator

Initialize the nonce generator

Parameters:

• redis_client (Object) —

  Redis client for nonce storage

• logger (Object) (defaults to: nil) —

  Logger instance (optional)

• expiry_seconds (Integer) (defaults to: 120) —

  Nonce expiry time in seconds (default: 120)

# File 'lib/ios_app_attest/nonce_generator.rb', line 35

def initialize(redis_client:, logger: nil, expiry_seconds: 120)
  @redis_client = redis_client
  @logger = logger
  @expiry_seconds = expiry_seconds
end

Instance Attribute Details

#expiry_seconds ⇒ Object (readonly)

Returns the value of attribute expiry_seconds.

# File 'lib/ios_app_attest/nonce_generator.rb', line 29

def expiry_seconds
  @expiry_seconds
end

#logger ⇒ Object (readonly)

Returns the value of attribute logger.

# File 'lib/ios_app_attest/nonce_generator.rb', line 29

def logger
  @logger
end

#redis_client ⇒ Object (readonly)

Returns the value of attribute redis_client.

# File 'lib/ios_app_attest/nonce_generator.rb', line 29

def redis_client
  @redis_client
end

Instance Method Details

#generate ⇒ Hash

Generate a new nonce and store it in Redis

This method generates a cryptographically secure random nonce, encrypts it using AES-256-CBC, and stores it in Redis for later validation. The nonce is stored with an expiry time specified during initialization.

Returns:

• (Hash) —

  Hash containing:

  • :challenge_nonce_id [String] A unique identifier for the challenge

  • :challenge_nonce [String] Base64-encoded encrypted challenge nonce

  • :initialization_vector [String] Base64-encoded initialization vector

Raises:

• (IosAppAttest::NonceError) —

  If nonce generation fails due to Redis errors or configuration issues

# File 'lib/ios_app_attest/nonce_generator.rb', line 52

def generate
  begin
    store_nonce_in_redis
    encrypted_nonce, iv = encrypt
  rescue IosAppAttest::Error => error
    # Re-raise IosAppAttest errors directly
    log_error("IosAppAttest nonce generation failed: #{error}")
    raise error
  rescue StandardError => error
    # Wrap other errors in NonceGenerationError
    log_error("IosAppAttest nonce generation failed: #{error}")
    raise IosAppAttest::NonceError, "Nonce generation failed: #{error.message}"
  end

  {
    challenge_nonce_id: nonce_id,
    challenge_nonce: base64_encode(encrypted_nonce),
    initialization_vector: base64_encode(iv)
  }
end