Class: TokenAuthenticatableStrategies::EncryptionHelper

Inherits:
Object
  • Object
show all
Defined in:
app/models/concerns/token_authenticatable_strategies/encryption_helper.rb

Constant Summary collapse

DYNAMIC_NONCE_IDENTIFIER =
"|"
NONCE_SIZE =
12

Class Method Summary collapse

Class Method Details

.decrypt_token(token) ⇒ Object


8
9
10
11
12
13
14
15
16
17
18
19
20
# File 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb', line 8

def self.decrypt_token(token)
  return unless token

  # The pattern of the token is "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv_of_12_characters}"
  if token.start_with?(DYNAMIC_NONCE_IDENTIFIER) && token.size > NONCE_SIZE + DYNAMIC_NONCE_IDENTIFIER.size
    token_to_decrypt = token[1...-NONCE_SIZE]
    iv = token[-NONCE_SIZE..]

    Gitlab::CryptoHelper.aes256_gcm_decrypt(token_to_decrypt, nonce: iv)
  else
    Gitlab::CryptoHelper.aes256_gcm_decrypt(token)
  end
end

.encrypt_token(plaintext_token) ⇒ Object


22
23
24
25
26
27
28
# File 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb', line 22

def self.encrypt_token(plaintext_token)
  return Gitlab::CryptoHelper.aes256_gcm_encrypt(plaintext_token) unless Feature.enabled?(:dynamic_nonce, type: :ops)

  iv = ::Digest::SHA256.hexdigest(plaintext_token).bytes.take(NONCE_SIZE).pack('c*')
  token = Gitlab::CryptoHelper.aes256_gcm_encrypt(plaintext_token, nonce: iv)
  "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv}"
end