module Yoti::SSL

Manages security behaviour that requires the use of OpenSSL actions

Public Class Methods

auth_key_from_pem() click to toggle source

Extracts the public key from pem key, converts it to a DER base 64 encoded value @return [String] base 64 encoded authentication key

# File lib/yoti/ssl.rb, line 36
def auth_key_from_pem
  public_key = private_key.public_key
  Base64.strict_encode64(public_key.to_der)
end
decipher(key, user_iv, text) click to toggle source

Uses the decrypted receipt key and the current user's iv to decode the text @param key [String] base 64 decoded key @param user_iv [String] base 64 decoded iv @param text [String] base 64 decoded cyphered text @return [String] base 64 decoded deciphered text

# File lib/yoti/ssl.rb, line 54
def decipher(key, user_iv, text)
  ssl_decipher = OpenSSL::Cipher.new('AES-256-CBC')
  ssl_decipher.decrypt
  ssl_decipher.key = key
  ssl_decipher.iv = user_iv
  ssl_decipher.update(text) + ssl_decipher.final
end
decrypt_token(encrypted_connect_token) click to toggle source

Uses the pem key to decrypt an encrypted connect token @param encrypted_connect_token [String] @return [String] decrypted connect token decoded in base 64

# File lib/yoti/ssl.rb, line 24
def decrypt_token(encrypted_connect_token)
  raise SslError, 'Encrypted token cannot be nil.' unless encrypted_connect_token

  begin
    private_key.private_decrypt(Base64.urlsafe_decode64(encrypted_connect_token))
  rescue StandardError => e
    raise SslError, "Could not decrypt token. #{e}"
  end
end
get_secure_signature(message) click to toggle source

Sign message using a secure SHA256 hash and the private key @param message [String] message to be signed @return [String] signed message encoded in base 64

# File lib/yoti/ssl.rb, line 44
def get_secure_signature(message)
  digest = OpenSSL::Digest.new('SHA256')
  Base64.strict_encode64(private_key.sign(digest, message))
end
pem() click to toggle source

Gets the private key from either a String (YOTI_KEY) or a pem file (YOTI_KEY_FILE_PATH) @return [String] the content of the private key

# File lib/yoti/ssl.rb, line 11
def pem
  @pem ||= begin
    if Yoti.configuration.key.to_s.empty?
      File.read(Yoti.configuration.key_file_path, encoding: 'utf-8')
    else
      Yoti.configuration.key
    end
  end
end
reload!() click to toggle source

Reset and reload the Private Key used for SSL functions @deprecated will be removed in 2.0.0

# File lib/yoti/ssl.rb, line 64
def reload!
  @private_key = nil
  @pem = nil
  nil
end

Private Class Methods

private_key() click to toggle source
# File lib/yoti/ssl.rb, line 72
def private_key
  @private_key ||= OpenSSL::PKey::RSA.new(pem)
rescue StandardError => e
  raise SslError, "The secure key is invalid. #{e}"
end