class Pakyow::Support::MessageVerifier
Signs and verifes messages for a key.
Constants
- JOIN_CHARACTER
Attributes
key[R]
Public Class Methods
digest(message, key:)
click to toggle source
Generates a digest for a message with a key.
# File lib/pakyow/support/message_verifier.rb, line 55 def digest(message, key:) Base64.urlsafe_encode64( OpenSSL::HMAC.digest( OpenSSL::Digest.new("sha256"), message.to_s, key.to_s ) ) end
key()
click to toggle source
Generates a random key.
# File lib/pakyow/support/message_verifier.rb, line 49 def key SecureRandom.hex(24) end
new(key = self.class.key)
click to toggle source
TODO: support configuring the digest TODO: support rotations by calling `rotate` with options
# File lib/pakyow/support/message_verifier.rb, line 19 def initialize(key = self.class.key) @key = key end
valid?(digest, message:, key:)
click to toggle source
Returns true if the digest is valid for the message and key.
# File lib/pakyow/support/message_verifier.rb, line 65 def valid?(digest, message:, key:) digest == self.digest(message, key: key) end
Public Instance Methods
sign(message)
click to toggle source
Returns a signed message.
# File lib/pakyow/support/message_verifier.rb, line 25 def sign(message) [Base64.urlsafe_encode64(message), self.class.digest(message, key: @key)].join(JOIN_CHARACTER) end
verify(signed)
click to toggle source
Returns the message if the signature is valid for the key, or raises `TamperedMessage`.
# File lib/pakyow/support/message_verifier.rb, line 31 def verify(signed) message, digest = signed.to_s.split(JOIN_CHARACTER, 2) begin message = Base64.urlsafe_decode64(message.to_s) rescue ArgumentError end if self.class.valid?(digest, message: message, key: @key) message else raise(TamperedMessage) end end