class Cerner::OAuth1a::Keys

Public: Keys for authenticating Access Tokens by service providers. Keys can be retrieved via AccessTokenAgent#retrieve_keys.

Attributes

aes_secret_key[R]

Returns the String AES secret key.

rsa_public_key[R]

Returns the String RSA public key.

version[R]

Returns the String version identifier of the keys.

Public Class Methods

new(version:, aes_secret_key:, rsa_public_key:) click to toggle source

Public: Constructs an instance.

arguments - The keyword arguments of the method:

:version        - The version identifier of the keys.
:aes_secret_key - The AES secret key.
:rsa_public_key - The RSA public key.

Raises ArgumentError if version, aes_secret_key or rsa_public_key is nil.

# File lib/cerner/oauth1a/keys.rb, line 27
def initialize(version:, aes_secret_key:, rsa_public_key:)
  raise ArgumentError, 'version is nil' unless version
  raise ArgumentError, 'aes_secret_key is nil' unless aes_secret_key
  raise ArgumentError, 'rsa_public_key is nil' unless rsa_public_key

  @version = version
  @aes_secret_key = aes_secret_key
  @rsa_public_key = rsa_public_key
end

Public Instance Methods

==(other) click to toggle source

Public: Compare this to other based on attributes.

other - The Keys to compare this to.

Return true if equal; false otherwise

# File lib/cerner/oauth1a/keys.rb, line 42
def ==(other)
  version == other.version &&
    aes_secret_key == other.aes_secret_key &&
    rsa_public_key == other.rsa_public_key
end
decrypt_hmac_secrets(hmac_secrets_param) click to toggle source

Public: Decrypts the HMACSecrets parameter of an oauth_token using the aes_secret_key.

hmac_secrets_param - The extracted value of the HMACSecrets parameter of an oauth_token. The

value is assumed to be Base64 (URL safe) encoded.

Returns the decrypted secrets.

Raises ArgumentError if oauth_token is nil or invalid

# File lib/cerner/oauth1a/keys.rb, line 103
def decrypt_hmac_secrets(hmac_secrets_param)
  raise ArgumentError, 'hmac_secrets_param is nil' unless hmac_secrets_param

  ciphertext = Base64.urlsafe_decode64(hmac_secrets_param)
  raise ArgumentError, 'hmac_secrets_param does not contain enough data' unless ciphertext.size > 16

  # extract first 16 bytes to get initialization vector
  iv = ciphertext[0, 16]
  # trim off the IV
  ciphertext = ciphertext[16..-1]

  cipher = OpenSSL::Cipher.new('AES-128-CBC')
  # invoke #decrypt to prep the instance
  cipher.decrypt
  cipher.iv = iv
  cipher.key = @aes_secret_key
  text = cipher.update(ciphertext) + cipher.final
  text
end
eql?(other) click to toggle source

Public: Compare this to other based on attributes.

other - The Keys to compare this to.

Return true if equal; false otherwise

# File lib/cerner/oauth1a/keys.rb, line 53
def eql?(other)
  self == other
end
rsa_public_key_as_pkey() click to toggle source

Public: Returns the rsa_public_key as an OpenSSL::PKey::RSA intance.

Raises OpenSSL::PKey::RSAError if rsa_public_key is not a valid key

# File lib/cerner/oauth1a/keys.rb, line 71
def rsa_public_key_as_pkey
  OpenSSL::PKey::RSA.new(@rsa_public_key)
end
to_h() click to toggle source

Public: Generates a Hash of the attributes.

Returns a Hash with keys for each attribute.

# File lib/cerner/oauth1a/keys.rb, line 60
def to_h
  {
    version: @version,
    aes_secret_key: @aes_secret_key,
    rsa_public_key: @rsa_public_key
  }
end
verify_rsasha1_signature(oauth_token) click to toggle source

Public: Verifies that an oauth_token is authentic based on the rsa_public_key.

oauth_token - The oauth_token value to verify.

Returns true if authentic; false otherwise.

Raises ArgumentError if oauth_token is nil or invalid Raises OpenSSL::PKey::RSAError if rsa_public_key is not a valid key

# File lib/cerner/oauth1a/keys.rb, line 83
def verify_rsasha1_signature(oauth_token)
  raise ArgumentError, 'oauth_token is nil' unless oauth_token

  message, raw_sig = oauth_token.split('&RSASHA1=')
  raise ArgumentError, 'unable to get message out of oauth_token' unless message
  raise ArgumentError, 'unable to get RSASHA1 signature out of oauth_token' unless raw_sig

  # URL decode value and Base64 (urlsafe) decode that result
  sig = Base64.urlsafe_decode64(URI.decode_www_form_component(raw_sig))
  rsa_public_key_as_pkey.verify(OpenSSL::Digest::SHA1.new, sig, message)
end