Class: RightSupport::Crypto::SignedHash

Inherits:
Object
  • Object
show all
Defined in:
lib/right_support/crypto/signed_hash.rb

Constant Summary collapse

DefaultEncoding =
nil
DEFAULT_OPTIONS =
{
  :digest   => Digest::SHA1,
  :encoding => DefaultEncoding
}

Instance Method Summary collapse

Constructor Details

#initialize(hash = {}, options = {}) ⇒ SignedHash

Returns a new instance of SignedHash.



19
20
21
22
23
24
25
26
27
# File 'lib/right_support/crypto/signed_hash.rb', line 19

def initialize(hash={}, options={})
  options = DEFAULT_OPTIONS.merge(options)
  @hash        = hash
  @digest      = options[:digest]
  @encoding    = options[:encoding]
  @public_key  = options[:public_key]
  @private_key = options[:private_key]
  duck_type_check
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(meth, *args) ⇒ Object



54
55
56
# File 'lib/right_support/crypto/signed_hash.rb', line 54

def method_missing(meth, *args)
  @hash.__send__(meth, *args)
end

Instance Method Details

#sign(expires_at) ⇒ Object

Raises:

  • (ArgumentError)


29
30
31
32
33
34
35
# File 'lib/right_support/crypto/signed_hash.rb', line 29

def sign(expires_at)
  raise ArgumentError, "Cannot sign; missing private_key" unless @private_key
  raise ArgumentError, "expires_at must be a Time in the future" unless time_check(expires_at)

   = {:expires_at => expires_at}
  @private_key.private_encrypt( digest( encode( canonicalize( frame(@hash, ) ) ) ) )
end

#verify(signature, expires_at) ⇒ Object



47
48
49
50
51
52
# File 'lib/right_support/crypto/signed_hash.rb', line 47

def verify(signature, expires_at)
  verify!(signature, expires_at)
  true
rescue Exception => e
  false
end

#verify!(signature, expires_at) ⇒ Object

Raises:

  • (ArgumentError)


37
38
39
40
41
42
43
44
45
# File 'lib/right_support/crypto/signed_hash.rb', line 37

def verify!(signature, expires_at)
  raise ArgumentError, "Cannot verify; missing public_key" unless @public_key

   = {:expires_at => expires_at}
  expected = digest( encode( canonicalize( frame(@hash, ) ) ) )
  actual = @public_key.public_decrypt(signature)
  raise SecurityError, "Signature mismatch: expected #{expected}, got #{actual}" unless actual == expected
  raise SecurityError, "The signature has expired (or expires_at is not a Time)" unless time_check(expires_at)
end