Class: MastercardCoreSdk::Util::Jose

Inherits:

Object

• Object
• MastercardCoreSdk::Util::Jose

Extended by:

Core, Exceptions

Defined in:

lib/mastercard_core_sdk/util/jose.rb

Constant Summary

SEGMENTS =

5

Class Attribute Summary

• .aad ⇒ Object

  Returns the value of attribute aad.

• .aes_enc_key ⇒ Object

  Returns the value of attribute aes_enc_key.

• .al ⇒ Object

  Returns the value of attribute al.

• .alg ⇒ Object

  Returns the value of attribute alg.

• .api_config ⇒ Object

  Returns the value of attribute api_config.

• .auth_tag ⇒ Object

  Returns the value of attribute auth_tag.

• .cek ⇒ Object

  Returns the value of attribute cek.

• .cipher_text ⇒ Object

  Returns the value of attribute cipher_text.

• .enc ⇒ Object

  Returns the value of attribute enc.

• .encrypted_cek ⇒ Object

  Returns the value of attribute encrypted_cek.

• .hmac_input ⇒ Object

  Returns the value of attribute hmac_input.

• .hmac_key ⇒ Object

  Returns the value of attribute hmac_key.

• .iv ⇒ Object

  Returns the value of attribute iv.

• .jwe_protected_header ⇒ Object

  Returns the value of attribute jwe_protected_header.

• .plain_text ⇒ Object

  Returns the value of attribute plain_text.

• .private_key ⇒ Object

  Returns the value of attribute private_key.

• .public_key ⇒ Object

  Returns the value of attribute public_key.

Class Method Summary

• .decode_compact_serialized(input) ⇒ Object
• .decrypt(input, private_key) ⇒ Object
• .derive_al ⇒ Object
• .derive_encryption_and_hmac_keys ⇒ Object
• .secure_compare(a, b) ⇒ Object
• .sha_size ⇒ Object
• .to_s ⇒ Object
• .url_safe_decode64(binary) ⇒ String

  Returns the Base64Url decoded version of ‘binary` without padding.

• .url_safe_encode64(binary) ⇒ String

  Returns the Base64Url encoded version of ‘binary` without padding.

• .verify_cbc_authentication_tag! ⇒ Object

Class Attribute Details

.aad ⇒ Object

Returns the value of attribute aad.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def aad
  @aad
end

.aes_enc_key ⇒ Object

Returns the value of attribute aes_enc_key.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def aes_enc_key
  @aes_enc_key
end

.al ⇒ Object

Returns the value of attribute al.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def al
  @al
end

.alg ⇒ Object

Returns the value of attribute alg.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def alg
  @alg
end

.api_config ⇒ Object

Returns the value of attribute api_config.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def api_config
  @api_config
end

.auth_tag ⇒ Object

Returns the value of attribute auth_tag.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def auth_tag
  @auth_tag
end

.cek ⇒ Object

Returns the value of attribute cek.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def cek
  @cek
end

.cipher_text ⇒ Object

Returns the value of attribute cipher_text.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def cipher_text
  @cipher_text
end

.enc ⇒ Object

Returns the value of attribute enc.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def enc
  @enc
end

.encrypted_cek ⇒ Object

Returns the value of attribute encrypted_cek.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def encrypted_cek
  @encrypted_cek
end

.hmac_input ⇒ Object

Returns the value of attribute hmac_input.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def hmac_input
  @hmac_input
end

.hmac_key ⇒ Object

Returns the value of attribute hmac_key.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def hmac_key
  @hmac_key
end

.iv ⇒ Object

Returns the value of attribute iv.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def iv
  @iv
end

.jwe_protected_header ⇒ Object

Returns the value of attribute jwe_protected_header.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 17

def jwe_protected_header
  @jwe_protected_header
end

.plain_text ⇒ Object

Returns the value of attribute plain_text.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def plain_text
  @plain_text
end

.private_key ⇒ Object

Returns the value of attribute private_key.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def private_key
  @private_key
end

.public_key ⇒ Object

Returns the value of attribute public_key.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 16

def public_key
  @public_key
end

Class Method Details

.decode_compact_serialized(input) ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 63

def decode_compact_serialized(input)
  unless input.count('.') + 1 == SEGMENTS
    raise SDKValidationError.new("Invalid format, should include #{SEGMENTS} segments.")
  end
  header, self.encrypted_cek, self.iv, self.cipher_text, self.auth_tag = input.split('.').collect do |segment|
    url_safe_decode64 segment
  end
  self.aad = input.split('.').first
  self.jwe_protected_header = JSON.load(header)
end

.decrypt(input, private_key) ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 74

def decrypt(input, private_key)
  decode_compact_serialized input
  self.alg = jwe_protected_header["alg"]
  self.enc = jwe_protected_header["enc"]
  self.private_key = private_key
  cipher = OpenSSL::Cipher.new 'AES-128-CBC'
  cipher.decrypt
  self.cek = private_key.private_decrypt encrypted_cek, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
  self.hmac_key, self.aes_enc_key = derive_encryption_and_hmac_keys
  cipher.key = aes_enc_key
  cipher.iv = iv
  self.plain_text = cipher.update(cipher_text) + cipher.final
  self.al = derive_al
  self.hmac_input = [ aad, iv, cipher_text, al ].join
  verify_cbc_authentication_tag!
  return self.plain_text
end

.derive_al ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 92

def derive_al
  [(aad.bytesize * 8)].pack('Q>')
end

.derive_encryption_and_hmac_keys ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 96

def derive_encryption_and_hmac_keys
  cek.unpack(
    "a#{cek.length / 2}" * 2
  )
end

.secure_compare(a, b) ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 111

def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize
  
  l = a.unpack "C#{a.bytesize}"
  
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

.sha_size ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 31

def sha_size
  case enc.to_sym
  when :'A128CBC-HS256'
    256
  when :'A256CBC-HS512'
    512
  else
    raise 'Unknown Hash Size'
  end
end

.to_s ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 19

def to_s
  [
    jwe_protected_header,
    encrypted_cek,
    iv,
    cipher_text,
    auth_tag
  ].collect do |segment|
    url_safe_encode64 segment.to_s
  end.join('.')
end

.url_safe_decode64(binary) ⇒ String

Returns the Base64Url decoded version of ‘binary` without padding.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 45

def url_safe_decode64(binary)
  binary = binary.tr('-_', '+/')
  case binary.bytesize % 4
  when 2
    binary += '=='
  when 3
    binary += '='
  end
  return Base64.decode64(binary)
end

.url_safe_encode64(binary) ⇒ String

Returns the Base64Url encoded version of ‘binary` without padding.

# File 'lib/mastercard_core_sdk/util/jose.rb', line 59

def url_safe_encode64(binary)
  return Base64.strict_encode64(binary).tr('+/', '-_').delete('=')
end

.verify_cbc_authentication_tag! ⇒ Object

# File 'lib/mastercard_core_sdk/util/jose.rb', line 102

def verify_cbc_authentication_tag!
  expected_auth_tag = OpenSSL::HMAC.digest(
    OpenSSL::Digest.new("SHA#{sha_size}"), hmac_key, hmac_input
  )[0, sha_size / 2 / 8]
  unless secure_compare(auth_tag, expected_auth_tag)
    raise SDKValidationError.new(ERR_MSG_JOSE_DECRYPTION)
  end
end