Module: DiasporaFederation::Entities::Signable

Includes:

Logging

Included in:

AccountMigration::Signable, Relayable

Defined in:

lib/diaspora_federation/entities/signable.rb

Overview

Signable is a module that encapsulates basic signature generation/verification flow for entities.

Defined Under Namespace

Classes: PublicKeyNotFound, SignatureVerificationFailed

Constant Summary

DIGEST =

Digest instance used for signing

OpenSSL::Digest.new("SHA256")

Instance Method Summary

• #sign_with_key(privkey) ⇒ String

  Sign the data with the key.

• #signature_data ⇒ String abstract

  This method defines what data is used for a signature creation/verification.

• #verify_signature(author, signature_key) ⇒ Object

  Check that signature is a correct signature.

Methods included from Logging

included

Instance Method Details

#sign_with_key(privkey) ⇒ String

Sign the data with the key

Parameters:

• privkey (OpenSSL::PKey::RSA) —

  An RSA key

Returns:

• (String) —

  A Base64 encoded signature of #signature_data with key

# File 'lib/diaspora_federation/entities/signable.rb', line 16

def sign_with_key(privkey)
  Base64.strict_encode64(privkey.sign(DIGEST, signature_data))
end

#signature_data ⇒ String

This method is abstract.

This method defines what data is used for a signature creation/verification

Returns:

• (String) —

  a string to sign

Raises:

• (NotImplementedError)

# File 'lib/diaspora_federation/entities/signable.rb', line 43

def signature_data
  raise NotImplementedError.new("you must override this method to define signature base string")
end

#verify_signature(author, signature_key) ⇒ Object

Check that signature is a correct signature

Parameters:

• author (String) —

  The author of the signature

• signature_key (String) —

  The signature to be verified

Raises:

• (SignatureVerificationFailed) —

  if the signature is not valid

• (PublicKeyNotFound) —

  if no public key is found

# File 'lib/diaspora_federation/entities/signable.rb', line 26

def verify_signature(author, signature_key)
  pubkey = DiasporaFederation.callbacks.trigger(:fetch_public_key, author)
  raise PublicKeyNotFound, "signature=#{signature_key} person=#{author} obj=#{self}" if pubkey.nil?

  signature = public_send(signature_key)
  raise SignatureVerificationFailed, "no #{signature_key} for #{self}" if signature.nil?

  valid = pubkey.verify(DIGEST, Base64.decode64(signature), signature_data)
  raise SignatureVerificationFailed, "wrong #{signature_key} for #{self}" unless valid

  logger.info "event=verify_signature signature=#{signature_key} status=valid obj=#{self}"
end