Class: Cerner::OAuth1a::Keys
- Inherits:
-
Object
- Object
- Cerner::OAuth1a::Keys
- Defined in:
- lib/cerner/oauth1a/keys.rb
Overview
Public: Keys for authenticating Access Tokens by service providers. Keys can be retrieved via AccessTokenAgent#retrieve_keys.
Instance Attribute Summary collapse
-
#aes_secret_key ⇒ Object
readonly
Returns the String AES secret key.
-
#rsa_public_key ⇒ Object
readonly
Returns the String RSA public key.
-
#version ⇒ Object
readonly
Returns the String version identifier of the keys.
Instance Method Summary collapse
-
#==(other) ⇒ Object
Public: Compare this to other based on attributes.
-
#decrypt_hmac_secrets(hmac_secrets_param) ⇒ Object
Public: Decrypts the HMACSecrets parameter of an oauth_token using the #aes_secret_key.
-
#eql?(other) ⇒ Boolean
Public: Compare this to other based on attributes.
-
#initialize(version:, aes_secret_key:, rsa_public_key:) ⇒ Keys
constructor
Public: Constructs an instance.
-
#rsa_public_key_as_pkey ⇒ Object
Public: Returns the #rsa_public_key as an OpenSSL::PKey::RSA intance.
-
#to_h ⇒ Object
Public: Generates a Hash of the attributes.
-
#verify_rsasha1_signature(oauth_token) ⇒ Object
Public: Verifies that an oauth_token is authentic based on the #rsa_public_key.
Constructor Details
#initialize(version:, aes_secret_key:, rsa_public_key:) ⇒ Keys
Public: Constructs an instance.
arguments - The keyword arguments of the method:
:version - The version identifier of the keys.
:aes_secret_key - The AES secret key.
:rsa_public_key - The RSA public key.
Raises ArgumentError if version, aes_secret_key or rsa_public_key is nil.
27 28 29 30 31 32 33 34 35 |
# File 'lib/cerner/oauth1a/keys.rb', line 27 def initialize(version:, aes_secret_key:, rsa_public_key:) raise ArgumentError, 'version is nil' unless version raise ArgumentError, 'aes_secret_key is nil' unless aes_secret_key raise ArgumentError, 'rsa_public_key is nil' unless rsa_public_key @version = version @aes_secret_key = aes_secret_key @rsa_public_key = rsa_public_key end |
Instance Attribute Details
#aes_secret_key ⇒ Object (readonly)
Returns the String AES secret key.
15 16 17 |
# File 'lib/cerner/oauth1a/keys.rb', line 15 def aes_secret_key @aes_secret_key end |
#rsa_public_key ⇒ Object (readonly)
Returns the String RSA public key.
17 18 19 |
# File 'lib/cerner/oauth1a/keys.rb', line 17 def rsa_public_key @rsa_public_key end |
#version ⇒ Object (readonly)
Returns the String version identifier of the keys.
13 14 15 |
# File 'lib/cerner/oauth1a/keys.rb', line 13 def version @version end |
Instance Method Details
#==(other) ⇒ Object
Public: Compare this to other based on attributes.
other - The Keys to compare this to.
Return true if equal; false otherwise
42 43 44 45 46 |
# File 'lib/cerner/oauth1a/keys.rb', line 42 def ==(other) version == other.version && aes_secret_key == other.aes_secret_key && rsa_public_key == other.rsa_public_key end |
#decrypt_hmac_secrets(hmac_secrets_param) ⇒ Object
Public: Decrypts the HMACSecrets parameter of an oauth_token using the #aes_secret_key.
hmac_secrets_param - The extracted value of the HMACSecrets parameter of an oauth_token. The
value is assumed to be Base64 (URL safe) encoded.
Returns the decrypted secrets.
Raises ArgumentError if oauth_token is nil or invalid
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/cerner/oauth1a/keys.rb', line 103 def decrypt_hmac_secrets(hmac_secrets_param) raise ArgumentError, 'hmac_secrets_param is nil' unless hmac_secrets_param ciphertext = Base64.urlsafe_decode64(hmac_secrets_param) raise ArgumentError, 'hmac_secrets_param does not contain enough data' unless ciphertext.size > 16 # extract first 16 bytes to get initialization vector iv = ciphertext[0, 16] # trim off the IV ciphertext = ciphertext[16..-1] cipher = OpenSSL::Cipher.new('AES-128-CBC') # invoke #decrypt to prep the instance cipher.decrypt cipher.iv = iv cipher.key = @aes_secret_key text = cipher.update(ciphertext) + cipher.final text end |
#eql?(other) ⇒ Boolean
Public: Compare this to other based on attributes.
other - The Keys to compare this to.
Return true if equal; false otherwise
53 54 55 |
# File 'lib/cerner/oauth1a/keys.rb', line 53 def eql?(other) self == other end |
#rsa_public_key_as_pkey ⇒ Object
Public: Returns the #rsa_public_key as an OpenSSL::PKey::RSA intance.
Raises OpenSSL::PKey::RSAError if #rsa_public_key is not a valid key
71 72 73 |
# File 'lib/cerner/oauth1a/keys.rb', line 71 def rsa_public_key_as_pkey OpenSSL::PKey::RSA.new(@rsa_public_key) end |
#to_h ⇒ Object
Public: Generates a Hash of the attributes.
Returns a Hash with keys for each attribute.
60 61 62 63 64 65 66 |
# File 'lib/cerner/oauth1a/keys.rb', line 60 def to_h { version: @version, aes_secret_key: @aes_secret_key, rsa_public_key: @rsa_public_key } end |
#verify_rsasha1_signature(oauth_token) ⇒ Object
Public: Verifies that an oauth_token is authentic based on the #rsa_public_key.
oauth_token - The oauth_token value to verify.
Returns true if authentic; false otherwise.
Raises ArgumentError if oauth_token is nil or invalid Raises OpenSSL::PKey::RSAError if #rsa_public_key is not a valid key
83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/cerner/oauth1a/keys.rb', line 83 def verify_rsasha1_signature(oauth_token) raise ArgumentError, 'oauth_token is nil' unless oauth_token , raw_sig = oauth_token.split('&RSASHA1=') raise ArgumentError, 'unable to get message out of oauth_token' unless raise ArgumentError, 'unable to get RSASHA1 signature out of oauth_token' unless raw_sig # URL decode value and Base64 (urlsafe) decode that result sig = Base64.urlsafe_decode64(URI.decode_www_form_component(raw_sig)) rsa_public_key_as_pkey.verify(OpenSSL::Digest::SHA1.new, sig, ) end |