class SecureToken::SecureTokenService::Decryptor
Public Class Methods
new(serializer)
click to toggle source
# File lib/secure_token.rb, line 95 def initialize(serializer) @serializer = serializer end
Public Instance Methods
decrypt_and_verify(message, key_pair)
click to toggle source
# File lib/secure_token.rb, line 99 def decrypt_and_verify(message, key_pair) begin message = Base64.urlsafe_decode64(message) rescue ArgumentError return nil end verified = verify(message, key_pair.signing_key) return nil unless verified begin decrypted = decrypt(verified, key_pair.encryption_key).force_encoding('utf-8') rescue OpenSSL::Cipher::CipherError return nil end @serializer.deserialize(decrypted) end
Private Instance Methods
decrypt(data, key)
click to toggle source
# File lib/secure_token.rb, line 127 def decrypt(data, key) salt, data = data[0, 8], data[8..-1] decrypter = OpenSSL::Cipher::Cipher.new CRYPT_ALGO decrypter.decrypt decrypter.pkcs5_keyivgen key, salt decrypted = decrypter.update data decrypted << decrypter.final decrypted end
verify(message, key)
click to toggle source
# File lib/secure_token.rb, line 121 def verify(message, key) signature, payload = message[0, SIGNATURE_LENGTH], message[SIGNATURE_LENGTH..-1] valid_signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(HASH_ALGO), key, payload) signature == valid_signature ? payload : nil end