class SecureToken::SecureTokenService::Decryptor

Public Class Methods

new(serializer) click to toggle source
# File lib/secure_token.rb, line 95
def initialize(serializer)
  @serializer = serializer
end

Public Instance Methods

decrypt_and_verify(message, key_pair) click to toggle source
# File lib/secure_token.rb, line 99
def decrypt_and_verify(message, key_pair)
  begin
    message = Base64.urlsafe_decode64(message)
  rescue ArgumentError
    return nil
  end

  verified = verify(message, key_pair.signing_key)
  return nil unless verified


  begin
    decrypted = decrypt(verified, key_pair.encryption_key).force_encoding('utf-8')
  rescue OpenSSL::Cipher::CipherError
    return nil
  end

  @serializer.deserialize(decrypted)
end

Private Instance Methods

decrypt(data, key) click to toggle source
# File lib/secure_token.rb, line 127
def decrypt(data, key)
  salt, data = data[0, 8], data[8..-1]

  decrypter = OpenSSL::Cipher::Cipher.new CRYPT_ALGO
  decrypter.decrypt
  decrypter.pkcs5_keyivgen key, salt

  decrypted = decrypter.update data
  decrypted << decrypter.final

  decrypted
end
verify(message, key) click to toggle source
# File lib/secure_token.rb, line 121
def verify(message, key)
  signature, payload = message[0, SIGNATURE_LENGTH], message[SIGNATURE_LENGTH..-1]
  valid_signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(HASH_ALGO), key, payload)
  signature == valid_signature ? payload : nil
end