Class: Wampproto::Auth::Cra

Inherits:

Base

• Object
• Base
• Wampproto::Auth::Cra

Includes:

Helpers

Defined in:

lib/wampproto/auth/cra.rb

Overview

generates wampcra authentication signature

Constant Summary

AUTH_METHOD =

"wampcra"

Instance Attribute Summary

• #secret ⇒ Object readonly

  Returns the value of attribute secret.

Attributes inherited from Base

#authextra, #authid, #authmethod

Class Method Summary

• .create_challenge(session_id, authid, authrole, authprovider) ⇒ Object
• .create_derive_secret(secret, salt, length, iterations) ⇒ Object
• .sign_challenge(secret, challenge, salt = nil, keylen = 32, iterations = 100) ⇒ Object

  rubocop:enable Metrics/ParameterLists.

• .verify_challenge(signature, challenge, secret, salt = nil, keylen = 32, iterations = 100) ⇒ Object

  rubocop:disable Metrics/ParameterLists.

Instance Method Summary

• #authenticate(challenge) ⇒ Object

  rubocop:enable Metrics/ParameterLists.

• #initialize(secret, authid, authextra = {}, salt = nil, keylen = 32, iterations = 100) ⇒ Cra constructor

  rubocop:disable Metrics/ParameterLists.

Methods included from Helpers

included

Constructor Details

#initialize(secret, authid, authextra = {}, salt = nil, keylen = 32, iterations = 100) ⇒ Cra

rubocop:disable Metrics/ParameterLists

# File 'lib/wampproto/auth/cra.rb', line 18

def initialize(secret, authid, authextra = {}, salt = nil, keylen = 32, iterations = 100)
  @secret     = Validate.string!("Secret", secret)
  @salt       = Validate.string!("Salt", salt) if salt
  @keylen     = Validate.int!("Keylen", keylen) if salt
  @iterations = Validate.int!("Iterations", iterations) if salt
  super(AUTH_METHOD, authid, authextra)
end

Instance Attribute Details

#secret ⇒ Object (readonly)

Returns the value of attribute secret.

# File 'lib/wampproto/auth/cra.rb', line 13

def secret
  @secret
end

Class Method Details

.create_challenge(session_id, authid, authrole, authprovider) ⇒ Object

# File 'lib/wampproto/auth/cra.rb', line 33

def create_challenge(session_id, authid, authrole, authprovider)
  nounce = binary_to_hex(SecureRandom.random_bytes(16))
  {
    authid:,
    authrole:,
    authprovider:,
    nounce:,
    authmethod: AUTH_METHOD,
    session_id:,
    timestamp: Time.now.utc.iso8601(3)
  }.to_json
end

.create_derive_secret(secret, salt, length, iterations) ⇒ Object

# File 'lib/wampproto/auth/cra.rb', line 67

def create_derive_secret(secret, salt, length, iterations)
  key = OpenSSL::KDF.pbkdf2_hmac(secret, salt:, iterations:, length:, hash: "SHA256")
  binary_to_hex(key)
end

.sign_challenge(secret, challenge, salt = nil, keylen = 32, iterations = 100) ⇒ Object

rubocop:enable Metrics/ParameterLists

# File 'lib/wampproto/auth/cra.rb', line 53

def sign_challenge(secret, challenge, salt = nil, keylen = 32, iterations = 100)
  unless salt.nil?
    hmac = OpenSSL::HMAC.new(
      create_derive_secret(secret, salt, keylen, iterations),
      "SHA256"
    )
  end
  hmac ||= OpenSSL::HMAC.new(secret, "SHA256")

  hmac.update(challenge)

  Base64.encode64(hmac.digest).rstrip
end

.verify_challenge(signature, challenge, secret, salt = nil, keylen = 32, iterations = 100) ⇒ Object

rubocop:disable Metrics/ParameterLists

# File 'lib/wampproto/auth/cra.rb', line 47

def verify_challenge(signature, challenge, secret, salt = nil, keylen = 32, iterations = 100)
  encoded_challenge = sign_challenge(secret, challenge, salt, keylen, iterations)
  signature == encoded_challenge
end

Instance Method Details

#authenticate(challenge) ⇒ Object

rubocop:enable Metrics/ParameterLists

# File 'lib/wampproto/auth/cra.rb', line 27

def authenticate(challenge)
  signature = create_signature(challenge)
  Message::Authenticate.new(signature)
end