module NKEYS

Copyright 2018 The NATS Authors Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2018 The NATS Authors Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Constants

CRC16TAB
PREFIX_BYTE_ACCOUNT

PREFIX_BYTE_ACCOUNT is the version byte used for encoded NATS Accounts

PREFIX_BYTE_CLUSTER

PREFIX_BYTE_CLUSTER is the version byte used for encoded NATS Clusters

PREFIX_BYTE_OPERATOR

PREFIX_BYTE_OPERATOR is the version byte used for encoded NATS Operators

PREFIX_BYTE_PRIVATE

PREFIX_BYTE_PRIVATE is the version byte used for encoded NATS Private keys

PREFIX_BYTE_SEED

PREFIX_BYTE_SEED is the version byte used for encoded NATS Seeds

PREFIX_BYTE_SERVER

PREFIX_BYTE_SERVER is the version byte used for encoded NATS Servers

PREFIX_BYTE_USER

PREFIX_BYTE_USER is the version byte used for encoded NATS Users

VERSION

Public Class Methods

crc16(data) click to toggle source
# File lib/nkeys/crc16.rb, line 18
def crc16(data)
  crc = 0
  data.each do |b|
    crc = ((crc << 8) & 0xffff) ^ CRC16TAB[((crc>>8)^b)&0x00FF]
  end

  crc
end
decode_seed(src) click to toggle source
# File lib/nkeys.rb, line 57
def decode_seed(src)
  if src.nil? || src.empty?
    raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
  end

  # Take the encoded seed if provided and generate the private and public keys,
  # since both are needed to be able to sign things.
  raw = nil
  begin
    base32_decoded = Base32.decode(src).bytes
    raw = base32_decoded[0...(base32_decoded.size-2)]
  rescue
    raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
  end

  # 248 = 11111000
  b1 = raw[0] & 248

  # 7 = 00000111
  b2 = (raw[0] & 7) << 5 | ((raw[1] & 248) >> 3)

  if b1 != PREFIX_BYTE_SEED
    raise NKEYS::InvalidSeed, "nkeys: Invalid Seed"
  elsif !valid_public_prefix_byte(b2)
    raise NKEYS::InvalidPrefixByte, "nkeys: Invalid Prefix Byte"
  end

  prefix = b2
  result = raw[2..(raw.size)].pack('c*')

  [prefix, result]
end
from_public_key(public_key) click to toggle source

Create a keypair capable of verifying signatures. @param [String] public_key The public key to create the KeyPair.

# File lib/nkeys.rb, line 53
def from_public_key(public_key)
  KeyPair.new(public_key: public_key)
end
from_seed(seed) click to toggle source

Create a keypair to use for signing from a seed. @param [String] seed The seed from which can create a public/private KeyPair.

# File lib/nkeys.rb, line 44
def from_seed(seed)
  _, raw_seed = decode_seed(seed)
  keys = Ed25519::SigningKey.new(raw_seed)

  KeyPair.new(seed: seed, keys: keys)
end
valid_prefix_byte(prefix) click to toggle source
# File lib/nkeys.rb, line 102
def valid_prefix_byte(prefix)
  case
  when prefix == PREFIX_BYTE_OPERATOR; true
  when prefix == PREFIX_BYTE_SERVER; true
  when prefix == PREFIX_BYTE_CLUSTER; true
  when prefix == PREFIX_BYTE_ACCOUNT; true
  when prefix == PREFIX_BYTE_USER; true
  when prefix == PREFIX_BYTE_SEED; true
  when prefix == PREFIX_BYTE_PRIVATE; true
  else
    false
  end
end
valid_public_prefix_byte(prefix) click to toggle source
# File lib/nkeys.rb, line 90
def valid_public_prefix_byte(prefix)
  case
  when prefix == PREFIX_BYTE_OPERATOR; true
  when prefix == PREFIX_BYTE_SERVER; true
  when prefix == PREFIX_BYTE_CLUSTER; true
  when prefix == PREFIX_BYTE_ACCOUNT; true
  when prefix == PREFIX_BYTE_USER; true
  else
    false
  end
end