Module: Yoti::SSL

Defined in:

lib/yoti/ssl.rb

Overview

Manages security behaviour that requires the use of OpenSSL actions

Class Method Summary

• .auth_key_from_pem ⇒ String

  Extracts the public key from pem key, converts it to a DER base 64 encoded value.

• .decipher(key, user_iv, text) ⇒ String

  Uses the decrypted receipt key and the current user’s iv to decode the text.

• .decrypt_token(encrypted_connect_token) ⇒ String

  Uses the pem key to decrypt an encrypted connect token.

• .get_secure_signature(message) ⇒ String

  Sign message using a secure SHA256 hash and the private key.

• .pem ⇒ String

  Gets the private key from either a String (YOTI_KEY) or a pem file (YOTI_KEY_FILE_PATH).

• .reload! ⇒ Object deprecated Deprecated.

  2.0.0

Class Method Details

.auth_key_from_pem ⇒ String

Extracts the public key from pem key, converts it to a DER base 64 encoded value

Returns:

• (String) —

  base 64 encoded authentication key

# File 'lib/yoti/ssl.rb', line 36

def auth_key_from_pem
  public_key = private_key.public_key
  Base64.strict_encode64(public_key.to_der)
end

.decipher(key, user_iv, text) ⇒ String

Uses the decrypted receipt key and the current user’s iv to decode the text

Parameters:

• key (String) —

  base 64 decoded key

• user_iv (String) —

  base 64 decoded iv

• text (String) —

  base 64 decoded cyphered text

Returns:

• (String) —

  base 64 decoded deciphered text

# File 'lib/yoti/ssl.rb', line 54

def decipher(key, user_iv, text)
  ssl_decipher = OpenSSL::Cipher.new('AES-256-CBC')
  ssl_decipher.decrypt
  ssl_decipher.key = key
  ssl_decipher.iv = user_iv
  ssl_decipher.update(text) + ssl_decipher.final
end

.decrypt_token(encrypted_connect_token) ⇒ String

Uses the pem key to decrypt an encrypted connect token

Parameters:

• encrypted_connect_token (String)

Returns:

• (String) —

  decrypted connect token decoded in base 64

Raises:

• (SslError)

# File 'lib/yoti/ssl.rb', line 24

def decrypt_token(encrypted_connect_token)
  raise SslError, 'Encrypted token cannot be nil.' unless encrypted_connect_token

  begin
    private_key.private_decrypt(Base64.urlsafe_decode64(encrypted_connect_token))
  rescue StandardError => e
    raise SslError, "Could not decrypt token. #{e}"
  end
end

.get_secure_signature(message) ⇒ String

Sign message using a secure SHA256 hash and the private key

Parameters:

• message (String) —

  message to be signed

Returns:

• (String) —

  signed message encoded in base 64

# File 'lib/yoti/ssl.rb', line 44

def get_secure_signature(message)
  digest = OpenSSL::Digest::SHA256.new
  Base64.strict_encode64(private_key.sign(digest, message))
end

.pem ⇒ String

Gets the private key from either a String (YOTI_KEY) or a pem file (YOTI_KEY_FILE_PATH)

Returns:

• (String) —

  the content of the private key

# File 'lib/yoti/ssl.rb', line 11

def pem
  @pem ||= begin
    if Yoti.configuration.key.to_s.empty?
      File.read(Yoti.configuration.key_file_path, encoding: 'utf-8')
    else
      Yoti.configuration.key
    end
  end
end

.reload! ⇒ Object

Deprecated.

2.0.0

Reset and reload the Private Key used for SSL functions

# File 'lib/yoti/ssl.rb', line 64

def reload!
  @private_key = nil
  @pem = nil
  nil
end