Module: Cerner::OAuth1a::Internal
- Defined in:
- lib/cerner/oauth1a/internal.rb
Overview
Internal: Internal utility methods
Class Method Summary collapse
-
.constant_time_compare(left, right) ⇒ Object
Internal: Compares two Strings using a constant time algorithm to protect against timing attacks.
-
.convert_to_http_uri(url:, name: 'url') ⇒ Object
Internal: Convert an fully qualified URL String into a URI with some verification checks.
-
.convert_to_time(time:, name: 'time') ⇒ Object
Internal: Convert a time value into a Time instance.
-
.generate_nonce ⇒ Object
Internal: Generate a Nonce for invocations of the Access Token service.
-
.generate_timestamp ⇒ Object
Internal: Generate a Timestamp for invocations of the Access Token service.
Class Method Details
.constant_time_compare(left, right) ⇒ Object
Internal: Compares two Strings using a constant time algorithm to protect against timing attacks.
left - The left String right - The right String
Return true if left and right match, false otherwise.
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/cerner/oauth1a/internal.rb', line 72 def self.constant_time_compare(left, right) max_size = [left.bytesize, right.bytesize].max # convert left and right to array of bytes (Integer) left = left.unpack('C*') right = right.unpack('C*') # if either array is not the max size, expand it with zeros # having equal arrays keeps the algorithm execution time constant left = left.fill(0, left.size, max_size - left.size) if left.size < max_size right = right.fill(0, right.size, max_size - right.size) if right.size < max_size result = 0 left.each_with_index do |left_value, i| # XOR the two bytes, if equal, the operation is 0 # OR the XOR operation with the previous result result |= left_value ^ right[i] end # if every comparison resuled in 0, then left and right are equal result.zero? end |
.convert_to_http_uri(url:, name: 'url') ⇒ Object
Internal: Convert an fully qualified URL String into a URI with some verification checks
keywords - The keyword arguments:
:url - A String or a URI instance to convert to a URI instance.
:name - The parameter name of the URL for invoking methods.
Returns a URI::HTTP or URI::HTTPS
Raises ArgumentError if url is nil, invalid or not an HTTP/HTTPS URI
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/cerner/oauth1a/internal.rb', line 32 def self.convert_to_http_uri(url:, name: 'url') raise ArgumentError, "#{name} is nil" unless url if url.is_a?(URI) uri = url else begin uri = URI(url) rescue URI::InvalidURIError # raise argument error with cause raise ArgumentError, "#{name} is invalid" end end raise ArgumentError, "#{name} must be an HTTP or HTTPS URI" unless uri.is_a?(URI::HTTP) uri end |
.convert_to_time(time:, name: 'time') ⇒ Object
Internal: Convert a time value into a Time instance.
keywords - The keyword arguments:
:time - Time or any object with a #to_i that returns an Integer.
:name - The parameter name of the data for invoking methods.
Returns a Time instance in the UTC time zone.
17 18 19 20 21 |
# File 'lib/cerner/oauth1a/internal.rb', line 17 def self.convert_to_time(time:, name: 'time') raise ArgumentError, "#{name} is nil" unless time time.is_a?(Time) ? time.utc : Time.at(time.to_i).utc end |
.generate_nonce ⇒ Object
Internal: Generate a Nonce for invocations of the Access Token service.
Returns a String containing the nonce.
54 55 56 |
# File 'lib/cerner/oauth1a/internal.rb', line 54 def self.generate_nonce SecureRandom.hex end |
.generate_timestamp ⇒ Object
Internal: Generate a Timestamp for invocations of the Access Token service.
Returns an Integer representing the number of seconds since the epoch.
61 62 63 |
# File 'lib/cerner/oauth1a/internal.rb', line 61 def self. Time.now.to_i end |