kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Use an options hash to specify digest/cipher algorithm and a serializer for MessageVerifier and MessageEncryptor.

Browse source
This commit is contained in:
Willem van Bergen 2011-09-15 14:27:12 -04:00
parent 2d30d4cb88
commit 41fea03342
4 changed files with 26 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
activesupport/lib/active_support/message_encryptor.rb
View file

@ -13,12 +13,15 @@ module ActiveSupport
class InvalidMessage < StandardError; end class InvalidMessage < StandardError; end
OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
attr_accessor :serializer def initialize(secret, options = {})
unless options.is_a?(Hash)
def initialize(secret, cipher = 'aes-256-cbc', serializer = Marshal) ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to sepcify the cipher algorithm."
options = { :cipher => options }
end
@secret = secret @secret = secret
@cipher = cipher @cipher = options[:cipher] || 'aes-256-cbc'
@serializer = serializer @serializer = options[:serializer] || Marshal
end end
def encrypt(value) def encrypt(value)
@ -30,7 +33,7 @@ module ActiveSupport
cipher.key = @secret cipher.key = @secret
cipher.iv = iv cipher.iv = iv
encrypted_data = cipher.update(serializer.dump(value)) encrypted_data = cipher.update(@serializer.dump(value))
encrypted_data << cipher.final encrypted_data << cipher.final
[encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--") [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@ -47,7 +50,7 @@ module ActiveSupport
decrypted_data = cipher.update(encrypted_data) decrypted_data = cipher.update(encrypted_data)
decrypted_data << cipher.final decrypted_data << cipher.final
serializer.load(decrypted_data) @serializer.load(decrypted_data)
rescue OpenSSLCipherError, TypeError rescue OpenSSLCipherError, TypeError
raise InvalidMessage raise InvalidMessage
end end

17
activesupport/lib/active_support/message_verifier.rb
View file

@ -26,12 +26,15 @@ module ActiveSupport
class MessageVerifier class MessageVerifier
class InvalidSignature < StandardError; end class InvalidSignature < StandardError; end
attr_accessor :serializer def initialize(secret, options = {})
unless options.is_a?(Hash)
def initialize(secret, digest = 'SHA1', serializer = Marshal) ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to sepcify the digest algorithm."
options = { :digest => options }
end
@secret = secret @secret = secret
@digest = digest @digest = options[:digest] || 'SHA1'
@serializer = serializer @serializer = options[:serializer] || Marshal
end end
def verify(signed_message) def verify(signed_message)
@ -39,14 +42,14 @@ module ActiveSupport
data, digest = signed_message.split("--") data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
serializer.load(ActiveSupport::Base64.decode64(data)) @serializer.load(ActiveSupport::Base64.decode64(data))
else else
raise InvalidSignature raise InvalidSignature
end end
end end
def generate(value) def generate(value)
data = ActiveSupport::Base64.encode64s(serializer.dump(value)) data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
"#{data}--#{generate_digest(data)}" "#{data}--#{generate_digest(data)}"
end end

6
activesupport/test/message_encryptor_test.rb
View file

@ -52,9 +52,9 @@ class MessageEncryptorTest < Test::Unit::TestCase
end end
def test_alternative_serialization_method def test_alternative_serialization_method
@encryptor.serializer = JSONSerializer.new encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64), :serializer => JSONSerializer.new)
message = @encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) }) message = encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
assert_equal @encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" } assert_equal encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
end end
private private

6
activesupport/test/message_verifier_test.rb
View file

@ -45,9 +45,9 @@ class MessageVerifierTest < Test::Unit::TestCase
end end
def test_alternative_serialization_method def test_alternative_serialization_method
@verifier.serializer = JSONSerializer.new verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!", :serializer => JSONSerializer.new)
message = @verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) }) message = verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
assert_equal @verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" } assert_equal verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
end end
def assert_not_verified(message) def assert_not_verified(message)