Module: OpenID::Nonce

Defined in:

lib/openid/store/nonce.rb

Constant Summary

DEFAULT_SKEW =

60 * 60 * 5

TIME_FMT =

"%Y-%m-%dT%H:%M:%SZ"

TIME_STR_LEN =

"0000-00-00T00:00:00Z".size

TIME_VALIDATOR =

/\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ/

@@NONCE_CHRS =

"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

Class Method Summary

• .check_timestamp(nonce_str, allowed_skew = nil, now = nil) ⇒ Object

  Is the timestamp that is part of the specified nonce string within the allowed clock-skew of the current time?.

• .mk_nonce(time = nil) ⇒ Object

  generate a nonce with the specified timestamp (defaults to now).

• .skew ⇒ Object

  The allowed nonce time skew in seconds.

• .skew=(new_skew) ⇒ Object
• .split_nonce(nonce_str) ⇒ Object

  Extract timestamp from a nonce string.

Class Method Details

.check_timestamp(nonce_str, allowed_skew = nil, now = nil) ⇒ Object

Is the timestamp that is part of the specified nonce string within the allowed clock-skew of the current time?

# File 'lib/openid/store/nonce.rb', line 42

def self.check_timestamp(nonce_str, allowed_skew = nil, now = nil)
  allowed_skew = skew if allowed_skew.nil?
  begin
    stamp, = split_nonce(nonce_str)
  rescue ArgumentError # bad timestamp
    return false
  end
  now ||= Time.now.to_i

  # times before this are too old
  past = now - allowed_skew

  # times newer than this are too far in the future
  future = now + allowed_skew

  (past <= stamp and stamp <= future)
end

.mk_nonce(time = nil) ⇒ Object

generate a nonce with the specified timestamp (defaults to now)

# File 'lib/openid/store/nonce.rb', line 61

def self.mk_nonce(time = nil)
  salt = CryptUtil.random_string(6, @@NONCE_CHRS)
  t = if time.nil?
    Time.now.getutc
  else
    Time.at(time).getutc
  end
  time_str = t.strftime(TIME_FMT)
  time_str + salt
end

.skew ⇒ Object

The allowed nonce time skew in seconds. Defaults to 5 hours. Used for checking nonce validity, and by stores’ cleanup methods.

# File 'lib/openid/store/nonce.rb', line 20

def self.skew
  @skew
end

.skew=(new_skew) ⇒ Object

# File 'lib/openid/store/nonce.rb', line 24

def self.skew=(new_skew)
  @skew = new_skew
end

.split_nonce(nonce_str) ⇒ Object

Extract timestamp from a nonce string

Raises:

• (ArgumentError)

# File 'lib/openid/store/nonce.rb', line 29

def self.split_nonce(nonce_str)
  timestamp_str = nonce_str[0...TIME_STR_LEN]
  raise ArgumentError if timestamp_str.size < TIME_STR_LEN
  raise ArgumentError unless timestamp_str.match(TIME_VALIDATOR)

  ts = Time.parse(timestamp_str).to_i
  raise ArgumentError if ts < 0

  [ts, nonce_str[TIME_STR_LEN..-1]]
end