Class: Smaak::Server

Inherits:

Associate

• Object
• Associate
• Smaak::Server

Defined in:

lib/smaak/server.rb

Instance Attribute Summary

• #nonce_store ⇒ Object

  Returns the value of attribute nonce_store.

• #private_key ⇒ Object readonly

  Returns the value of attribute private_key.

• #verify_recipient ⇒ Object

  Returns the value of attribute verify_recipient.

Attributes inherited from Associate

#association_store, #key, #token_life

Instance Method Summary

• #auth_message_unique?(auth_message) ⇒ Boolean
• #build_auth_message_from_request(adaptor) ⇒ Object
• #compile_response(auth_message, data) ⇒ Object
• #initialize ⇒ Server constructor

  A new instance of Server.

• #set_private_key(key) ⇒ Object
• #set_public_key(key) ⇒ Object
• #verify_auth_message(auth_message) ⇒ Object
• #verify_signed_request(request) ⇒ Object

Methods inherited from Associate

#add_association, #set_key, #set_token_life

Constructor Details

#initialize ⇒ Server

Returns a new instance of Server.

# File 'lib/smaak/server.rb', line 11

def initialize
  super
  @nonce_store = Persistent::Cache.new("nonce_store", @token_life, Persistent::Cache::STORAGE_RAM)
  @verify_recipient = true
end

Instance Attribute Details

#nonce_store ⇒ Object

Returns the value of attribute nonce_store.

# File 'lib/smaak/server.rb', line 7

def nonce_store
  @nonce_store
end

#private_key ⇒ Object (readonly)

Returns the value of attribute private_key.

# File 'lib/smaak/server.rb', line 8

def private_key
  @private_key
end

#verify_recipient ⇒ Object

Returns the value of attribute verify_recipient.

# File 'lib/smaak/server.rb', line 9

def verify_recipient
  @verify_recipient
end

Instance Method Details

#auth_message_unique?(auth_message) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/smaak/server.rb', line 25

def auth_message_unique?(auth_message)
  if nonce_store[auth_message.nonce].nil?
    nonce_store[auth_message.nonce] = 1
    return true
  end
  false
end

#build_auth_message_from_request(adaptor) ⇒ Object

# File 'lib/smaak/server.rb', line 33

def build_auth_message_from_request(adaptor)
  puts "[smaak error]: x-smaak-* headers not all present. Is this a smaak request?" if adaptor.header("x-smaak-recipient").nil? or adaptor.header("x-smaak-psk").nil? or adaptor.header("x-smaak-expires").nil? or adaptor.header("x-smaak-identifier").nil? or adaptor.header("x-smaak-nonce").nil? or adaptor.header("x-smaak-encrypt").nil?
  recipient_public_key = Smaak::Crypto::decode64(adaptor.header("x-smaak-recipient"))
  psk = adaptor.header("x-smaak-psk")
  expires = adaptor.header("x-smaak-expires")
  identifier = adaptor.header("x-smaak-identifier")
  route_info = adaptor.header("x-smaak-route-info")
  nonce = adaptor.header("x-smaak-nonce")
  encrypt = adaptor.header("x-smaak-encrypt")
  auth_message = Smaak::AuthMessage.build(recipient_public_key, psk, expires, identifier, route_info, nonce, encrypt)
end

#compile_response(auth_message, data) ⇒ Object

# File 'lib/smaak/server.rb', line 90

def compile_response(auth_message, data)
  return Smaak::Crypto::encrypt(data, @association_store[auth_message.identifier]['public_key']) if auth_message.encrypt
  data
end

#set_private_key(key) ⇒ Object

# File 'lib/smaak/server.rb', line 21

def set_private_key(key)
  @private_key = adapt_rsa_key(key)
end

#set_public_key(key) ⇒ Object

# File 'lib/smaak/server.rb', line 17

def set_public_key(key)
  set_key(key)
end

#verify_auth_message(auth_message) ⇒ Object

# File 'lib/smaak/server.rb', line 45

def verify_auth_message(auth_message)
  if not auth_message_unique?(auth_message)
    puts "[smaak error]: message not unique"
    return false
  end
  puts "[smaak error]: public key not set. Did you call set_public_key() ?" if @key.nil?
  if (@verify_recipient) and (not auth_message.intended_for_recipient?(@key.export))
    puts "[smaak error]: message not intended for this recipient"
    return false
  end
  identifier = auth_message.identifier
  if @association_store[identifier].nil?
    puts "[smaak error]: unknown associate #{identifier}"
    return false
  end
  if auth_message.expired?
    puts "[smaak error]: message expired. Are the sender and receiver's clocks in sync?"
    return false
  end
  psk = @association_store[identifier]['psk']
  if not auth_message.verify(psk)
    puts "[smaak error]: PSK mismatch"
    return false
  end
  true
end

#verify_signed_request(request) ⇒ Object

# File 'lib/smaak/server.rb', line 72

def verify_signed_request(request)
  adaptor = Smaak::create_adaptor(request)
  auth_message = build_auth_message_from_request(adaptor)
  if not verify_auth_message(auth_message)
    puts "[smaak error]: could not verify auth_message"
    return false
  end
  pubkey = @association_store[auth_message.identifier]['public_key']
  puts "[smaak warning]: pubkey not specified" if (pubkey.nil?) or (pubkey == "")
  body = Smaak::Crypto::sink(adaptor.body)
  body = Smaak::Crypto::decrypt(body, @private_key) if auth_message.encrypt
  if not Smaak::verify_authorization_headers(adaptor, pubkey)
    puts "[smaak error]: could not verify authorization headers"
    return false, nil
  end
  return auth_message, body # TBD return ID from cert
end