module DiasporaFederation::Entities::Signable

Signable is a module that encapsulates basic signature generation/verification flow for entities.

Constants

DIGEST

Digest instance used for signing

Public Instance Methods

sign_with_key(privkey) click to toggle source

Sign the data with the key

@param [OpenSSL::PKey::RSA] privkey An RSA key @return [String] A Base64 encoded signature of signature_data with key

# File lib/diaspora_federation/entities/signable.rb, line 16
def sign_with_key(privkey)
  Base64.strict_encode64(privkey.sign(DIGEST, signature_data))
end
signature_data() click to toggle source

This method defines what data is used for a signature creation/verification

@abstract @return [String] a string to sign

# File lib/diaspora_federation/entities/signable.rb, line 43
def signature_data
  raise NotImplementedError.new("you must override this method to define signature base string")
end
verify_signature(author, signature_key) click to toggle source

Check that signature is a correct signature

@param [String] author The author of the signature @param [String] signature_key The signature to be verified @raise [SignatureVerificationFailed] if the signature is not valid @raise [PublicKeyNotFound] if no public key is found

# File lib/diaspora_federation/entities/signable.rb, line 26
def verify_signature(author, signature_key)
  pubkey = DiasporaFederation.callbacks.trigger(:fetch_public_key, author)
  raise PublicKeyNotFound, "signature=#{signature_key} person=#{author} obj=#{self}" if pubkey.nil?

  signature = public_send(signature_key)
  raise SignatureVerificationFailed, "no #{signature_key} for #{self}" if signature.nil?

  valid = pubkey.verify(DIGEST, Base64.decode64(signature), signature_data)
  raise SignatureVerificationFailed, "wrong #{signature_key} for #{self}" unless valid

  logger.info "event=verify_signature signature=#{signature_key} status=valid obj=#{self}"
end