Class: SecurityHelper

Inherits:
Object
  • Object
show all
Defined in:
lib/myinfo/helpers/security_helper.rb

Overview

Helper class for security related codes

Class Method Summary collapse

Class Method Details

.generate_client_assertion(client_id, url, thumbprint, private_signing_key) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/myinfo/helpers/security_helper.rb', line 50

def generate_client_assertion(client_id, url, thumbprint, private_signing_key)
  now = Time.now.to_i
  payload = {
    sub: client_id,
    jti: SecureRandom.alphanumeric(40),
    aud: url,
    iss: client_id,
    iat: now,
    exp: now + 300,
    cnf: {
      jkt: thumbprint
    }
  }

  headers = {
    typ: 'JWT',
    alg: 'ES256'
  }

  JWT.encode(payload, private_signing_key, 'ES256', headers)
end

.generate_dpop(url, access_token, http_method, key_pairs) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/myinfo/helpers/security_helper.rb', line 30

def generate_dpop(url, access_token, http_method, key_pairs)
  now = Time.now.to_i
  payload = {
    htu: url,
    htm: http_method,
    jti: SecureRandom.alphanumeric(40),
    iat: now,
    exp: now + 120
  }

  if access_token.present?
    payload[:ath] = Base64.urlsafe_encode64(Digest::SHA256.digest(access_token), padding: false)
  end

  private_key = OpenSSL::PKey.read(key_pairs[:private_key])
  jwk = JWT::JWK.new(OpenSSL::PKey.read(key_pairs[:public_key]), { use: 'sig', alg: 'ES256' })

  JWT.encode(payload, private_key, 'ES256', { typ: 'dpop+jwt', jwk: jwk.export })
end

.generate_session_key_pairObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/myinfo/helpers/security_helper.rb', line 11

def generate_session_key_pair
  ec = OpenSSL::PKey::EC.generate('prime256v1')

  group = ec.public_key.group
  point = ec.public_key
  asn1 = OpenSSL::ASN1::Sequence(
    [
      OpenSSL::ASN1::Sequence([
                                OpenSSL::ASN1::ObjectId('id-ecPublicKey'),
                                OpenSSL::ASN1::ObjectId(group.curve_name)
                              ]),
      OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
    ]
  )
  public_key = OpenSSL::PKey::EC.new(asn1.to_der)

  { private_key: ec.to_pem, public_key: public_key.to_pem }
end

.thumbprint(key) ⇒ Object 



72
73
74
75
76
 
# File 'lib/myinfo/helpers/security_helper.rb', line 72

def thumbprint(key)
  jwk = JWT::JWK.new(OpenSSL::PKey.read(key), { use: 'sig', alg: 'ES256' })
  jwk_hash = jwk.export
  jwk_hash[:kid]
end