Class: Cerner::OAuth1a::Keys

Inherits:

Object

• Object
• Cerner::OAuth1a::Keys

Defined in:

lib/cerner/oauth1a/keys.rb

Overview

Public: Keys for authenticating Access Tokens by service providers. Keys can be retrieved via AccessTokenAgent#retrieve_keys.

Instance Attribute Summary

• #aes_secret_key ⇒ Object readonly

  Returns the String AES secret key.

• #rsa_public_key ⇒ Object readonly

  Returns the String RSA public key.

• #version ⇒ Object readonly

  Returns the String version identifier of the keys.

Instance Method Summary

• #==(other) ⇒ Object

  Public: Compare this to other based on attributes.

• #decrypt_hmac_secrets(hmac_secrets_param) ⇒ Object

  Public: Decrypts the HMACSecrets parameter of an oauth_token using the #aes_secret_key.

• #eql?(other) ⇒ Boolean

  Public: Compare this to other based on attributes.

• #initialize(version:, aes_secret_key:, rsa_public_key:) ⇒ Keys constructor

  Public: Constructs an instance.

• #rsa_public_key_as_pkey ⇒ Object

  Public: Returns the #rsa_public_key as an OpenSSL::PKey::RSA intance.

• #to_h ⇒ Object

  Public: Generates a Hash of the attributes.

• #verify_rsasha1_signature(oauth_token) ⇒ Object

  Public: Verifies that an oauth_token is authentic based on the #rsa_public_key.

Constructor Details

#initialize(version:, aes_secret_key:, rsa_public_key:) ⇒ Keys

Public: Constructs an instance.

arguments - The keyword arguments of the method:

:version        - The version identifier of the keys.
:aes_secret_key - The AES secret key.
:rsa_public_key - The RSA public key.

Raises ArgumentError if version, aes_secret_key or rsa_public_key is nil.

Raises:

• (ArgumentError)

# File 'lib/cerner/oauth1a/keys.rb', line 27

def initialize(version:, aes_secret_key:, rsa_public_key:)
  raise ArgumentError, 'version is nil' unless version
  raise ArgumentError, 'aes_secret_key is nil' unless aes_secret_key
  raise ArgumentError, 'rsa_public_key is nil' unless rsa_public_key

  @version = version
  @aes_secret_key = aes_secret_key
  @rsa_public_key = rsa_public_key
end

Instance Attribute Details

#aes_secret_key ⇒ Object (readonly)

Returns the String AES secret key.

# File 'lib/cerner/oauth1a/keys.rb', line 15

def aes_secret_key
  @aes_secret_key
end

#rsa_public_key ⇒ Object (readonly)

Returns the String RSA public key.

# File 'lib/cerner/oauth1a/keys.rb', line 17

def rsa_public_key
  @rsa_public_key
end

#version ⇒ Object (readonly)

Returns the String version identifier of the keys.

# File 'lib/cerner/oauth1a/keys.rb', line 13

def version
  @version
end

Instance Method Details

#==(other) ⇒ Object

Public: Compare this to other based on attributes.

other - The Keys to compare this to.

Return true if equal; false otherwise

# File 'lib/cerner/oauth1a/keys.rb', line 42

def ==(other)
  version == other.version &&
    aes_secret_key == other.aes_secret_key &&
    rsa_public_key == other.rsa_public_key
end

#decrypt_hmac_secrets(hmac_secrets_param) ⇒ Object

Public: Decrypts the HMACSecrets parameter of an oauth_token using the #aes_secret_key.

hmac_secrets_param - The extracted value of the HMACSecrets parameter of an oauth_token. The

value is assumed to be Base64 (URL safe) encoded.

Returns the decrypted secrets.

Raises ArgumentError if oauth_token is nil or invalid

Raises:

• (ArgumentError)

# File 'lib/cerner/oauth1a/keys.rb', line 103

def decrypt_hmac_secrets(hmac_secrets_param)
  raise ArgumentError, 'hmac_secrets_param is nil' unless hmac_secrets_param

  ciphertext = Base64.urlsafe_decode64(hmac_secrets_param)
  raise ArgumentError, 'hmac_secrets_param does not contain enough data' unless ciphertext.size > 16

  # extract first 16 bytes to get initialization vector
  iv = ciphertext[0, 16]
  # trim off the IV
  ciphertext = ciphertext[16..-1]

  cipher = OpenSSL::Cipher.new('AES-128-CBC')
  # invoke #decrypt to prep the instance
  cipher.decrypt
  cipher.iv = iv
  cipher.key = @aes_secret_key
  text = cipher.update(ciphertext) + cipher.final
  text
end

#eql?(other) ⇒ Boolean

Public: Compare this to other based on attributes.

other - The Keys to compare this to.

Return true if equal; false otherwise

Returns:

• (Boolean)

# File 'lib/cerner/oauth1a/keys.rb', line 53

def eql?(other)
  self == other
end

#rsa_public_key_as_pkey ⇒ Object

Public: Returns the #rsa_public_key as an OpenSSL::PKey::RSA intance.

Raises OpenSSL::PKey::RSAError if #rsa_public_key is not a valid key

# File 'lib/cerner/oauth1a/keys.rb', line 71

def rsa_public_key_as_pkey
  OpenSSL::PKey::RSA.new(@rsa_public_key)
end

#to_h ⇒ Object

Public: Generates a Hash of the attributes.

Returns a Hash with keys for each attribute.

# File 'lib/cerner/oauth1a/keys.rb', line 60

def to_h
  {
    version: @version,
    aes_secret_key: @aes_secret_key,
    rsa_public_key: @rsa_public_key
  }
end

#verify_rsasha1_signature(oauth_token) ⇒ Object

Public: Verifies that an oauth_token is authentic based on the #rsa_public_key.

oauth_token - The oauth_token value to verify.

Returns true if authentic; false otherwise.

Raises ArgumentError if oauth_token is nil or invalid Raises OpenSSL::PKey::RSAError if #rsa_public_key is not a valid key

Raises:

• (ArgumentError)

# File 'lib/cerner/oauth1a/keys.rb', line 83

def verify_rsasha1_signature(oauth_token)
  raise ArgumentError, 'oauth_token is nil' unless oauth_token

  message, raw_sig = oauth_token.split('&RSASHA1=')
  raise ArgumentError, 'unable to get message out of oauth_token' unless message
  raise ArgumentError, 'unable to get RSASHA1 signature out of oauth_token' unless raw_sig

  # URL decode value and Base64 (urlsafe) decode that result
  sig = Base64.urlsafe_decode64(URI.decode_www_form_component(raw_sig))
  rsa_public_key_as_pkey.verify(OpenSSL::Digest::SHA1.new, sig, message)
end