Class: OpenID::Server::DiffieHellmanSHA1ServerSession

Inherits:

BaseServerSession

• Object
• BaseServerSession
• OpenID::Server::DiffieHellmanSHA1ServerSession

Defined in:

lib/openid/server.rb

Overview

An object that knows how to handle association requests with the Diffie-Hellman session type.

See OpenID Specs, Section 8: Establishing Associations <openid.net/specs/openid-authentication-2_0-12.html#associations>

Direct Known Subclasses

DiffieHellmanSHA256ServerSession

Instance Attribute Summary

• #consumer_pubkey ⇒ Object

  The public key sent by the consumer in the associate request.

• #dh ⇒ Object

  The Diffie-Hellman algorithm values for this request.

• #session_type ⇒ Object readonly

  The session_type for this association session.

Class Method Summary

• .from_message(message) ⇒ Object

  Construct me from OpenID Message.

Instance Method Summary

• #answer(secret) ⇒ Object
• #initialize(dh, consumer_pubkey) ⇒ DiffieHellmanSHA1ServerSession constructor

  A new instance of DiffieHellmanSHA1ServerSession.

Methods inherited from BaseServerSession

#allowed_assoc_type?

Constructor Details

#initialize(dh, consumer_pubkey) ⇒ DiffieHellmanSHA1ServerSession

Returns a new instance of DiffieHellmanSHA1ServerSession.

# File 'lib/openid/server.rb', line 210

def initialize(dh, consumer_pubkey)
  super('DH-SHA1', ['HMAC-SHA1'])

  @hash_func = CryptUtil.method('sha1')
  @dh = dh
  @consumer_pubkey = consumer_pubkey
end

Instance Attribute Details

#consumer_pubkey ⇒ Object

The public key sent by the consumer in the associate request

# File 'lib/openid/server.rb', line 205

def consumer_pubkey
  @consumer_pubkey
end

#dh ⇒ Object

The Diffie-Hellman algorithm values for this request

# File 'lib/openid/server.rb', line 202

def dh
  @dh
end

#session_type ⇒ Object (readonly)

The session_type for this association session.

# File 'lib/openid/server.rb', line 208

def session_type
  @session_type
end

Class Method Details

.from_message(message) ⇒ Object

Construct me from OpenID Message

Raises ProtocolError when parameters required to establish the session are missing.

# File 'lib/openid/server.rb', line 222

def self.from_message(message)
  dh_modulus = message.get_arg(OPENID_NS, 'dh_modulus')
  dh_gen = message.get_arg(OPENID_NS, 'dh_gen')
  if ((!dh_modulus and dh_gen) or
      (!dh_gen and dh_modulus))

    if !dh_modulus
      missing = 'modulus'
    else
      missing = 'generator'
    end

    raise ProtocolError.new(message,
            sprintf('If non-default modulus or generator is ' +
                    'supplied, both must be supplied. Missing %s',
                    missing))
  end

  if dh_modulus or dh_gen
    dh_modulus = CryptUtil.base64_to_num(dh_modulus)
    dh_gen = CryptUtil.base64_to_num(dh_gen)
    dh = DiffieHellman.new(dh_modulus, dh_gen)
  else
    dh = DiffieHellman.from_defaults()
  end

  consumer_pubkey = message.get_arg(OPENID_NS, 'dh_consumer_public')
  if !consumer_pubkey
    raise ProtocolError.new(message,
            sprintf("Public key for DH-SHA1 session " +
                    "not found in message %s", message))
  end

  consumer_pubkey = CryptUtil.base64_to_num(consumer_pubkey)

  return self.new(dh, consumer_pubkey)
end

Instance Method Details

#answer(secret) ⇒ Object

# File 'lib/openid/server.rb', line 260

def answer(secret)
  mac_key = @dh.xor_secret(@hash_func,
                           @consumer_pubkey,
                           secret)
  return {
      'dh_server_public' => CryptUtil.num_to_base64(@dh.public),
      'enc_mac_key' => Util.to_base64(mac_key),
      }
end