credify 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2d00a170decb583685246f229dced080b4eb29399773680f0e8599ee8873af7
-  data.tar.gz: 12d6f970b75bd07c67cfa444e2c8ae7e7a2a5c70ed014cb52b375fb81a21cf20
+  metadata.gz: 22b70b4ef4e0b030632a418609e96ff5f84002c57c2ab03f0b8dfa96c2269079
+  data.tar.gz: 27e4c5183a0ddd41131a00ba8ef76ceab4a335c13047a8285ad4c11f3855cd82
 SHA512:
-  metadata.gz: 8a7b1682b30baffd0ef0c413ae6b26e9a24203323da32be9e59fc63f8a37c25c95b2dbc9ce4423ff9fb917429431693680d47a70275e9c12cb2cea41e70be470
-  data.tar.gz: '058461c70f4d213b42216407bd996237cfe207883e732bfb19d1cd1dd7b53bc35efc081c439312491c0e2780ea52277cace79e42a61e0c697546890baa77a0c5'
+  metadata.gz: cd20625b4eaecd91a65127d140d5fb746076ae15b064dac3a27d88f5802049f14129543ef810a166838ba71352ade6cb58b051abb4a6e6b17565d8cc0cd03d60
+  data.tar.gz: 3bfc34738682cab00664f8264e0a9f19118964b7ce4b218e47c14a507f4152711178425caf7235a9a5d869bda59badfd2fbb4f2b6ff6c5cf17795fb095fa79f3

data/README.md

@@ -40,6 +40,27 @@ def existing_key_is_used
   valid = signing.verify "message", signature
   puts valid
 end
+
+def generate_approval_token
+  signing = Signing.new
+  signing.generate_key_pair
+  token = signing.generate_approval_token 'client_id', 'entity_id', ['openid', 'email', 'phone'], 'offer-code'
+  puts token
+end
+
+def generate_request_token
+  signing = Signing.new
+  signing.generate_key_pair
+  token = signing.generate_request_token 'client_id', 'encryption_public_key', ['openid', 'email', 'phone'], 'offer-code'
+  puts token
+end
+
+def generate_claim_token
+  signing = Signing.new
+  signing.generate_key_pair
+  result = signing.generate_claim_token 'provider_id', 'entity_id', 'credify-score', { score: 100 }
+  puts result
+end
 ```
 
 ### Encryption
@@ -54,6 +75,8 @@ def new_key_is_generated
   encryption.generate_key_pair
   cipher_text = encryption.encrypt "secret message"
   plain_text = encryption.decrypt cipher_text
+  pem = encryption.export_private_key
+  puts pem
 end
 
 def existing_key_is_used

data/lib/credify.rb

@@ -1,6 +1,36 @@
 require "credify/version"
+require 'base64'
+require 'securerandom'
 
 module Credify
   class Error < StandardError; end
-  # Your code goes here...
+
+  class Helpers
+    def self.sha256(message)
+      base64 = Digest::SHA256.base64digest(message)
+      Helpers.short_urlsafe_encode64(Base64.decode64(base64))
+    end
+
+    #
+    # short_urlsafe_encode64
+    # @param [Binary] - str
+    # @return [String] - Base64 URL encoded string without padding
+    def self.short_urlsafe_encode64(bytes)
+      Base64.urlsafe_encode64(bytes).delete('=')
+    end
+
+    #
+    # short_urlsafe_decode64
+    # @return [Binary]
+    def self.short_urlsafe_decode64(str)
+      Base64.urlsafe_decode64(str + '=' * (-1 * str.size & 3))
+    end
+
+    def self.generate_commitment(bytes = 32)
+      random_bytes = SecureRandom.random_bytes(bytes)
+      short_urlsafe_encode64(random_bytes)
+    end
+
+  end
+
 end

data/lib/credify/encryption.rb

@@ -2,6 +2,7 @@ require 'openssl'
 require 'openssl/oaep'
 require "base64"
 require 'openssl_pkcs8_pure'
+require 'credify'
 
 class Encryption
   attr_reader :private_key, :public_key
@@ -43,7 +44,7 @@ class Encryption
   # @param [String] payload - Base64 URL encoded string
   # @return [Boolean]
   def import_private_key_base64_url(payload)
-    bytes = short_urlsafe_decode64(payload)
+    bytes = Credify::Helpers.short_urlsafe_decode64(payload)
     base64 = Base64.encode64(bytes)
     formatted = base64.scan(/.{1,64}/).join("\n")
     pem = add_box('PRIVATE KEY', formatted)
@@ -55,7 +56,7 @@ class Encryption
   # @param [String] payload - Base64 URL encoded string
   # @return [Boolean]
   def import_public_key_base64_url(payload)
-    bytes = short_urlsafe_decode64(payload)
+    bytes = Credify::Helpers.short_urlsafe_decode64(payload)
     base64 = Base64.encode64(bytes)
     formatted = base64.scan(/.{1,64}/).join("\n")
     pem = add_box('PUBLIC KEY', formatted)
@@ -73,7 +74,7 @@ class Encryption
     label = ''
     md = OpenSSL::Digest::SHA256
     cipher_text = @public_key.public_encrypt_oaep(message, label, md)
-    short_urlsafe_encode64(cipher_text)
+    Credify::Helpers.short_urlsafe_encode64(cipher_text)
   end
 
   #
@@ -86,7 +87,7 @@ class Encryption
     end
     label = ''
     md = OpenSSL::Digest::SHA256
-    raw_cipher = short_urlsafe_decode64(cipher)
+    raw_cipher = Credify::Helpers.short_urlsafe_decode64(cipher)
     raw_text = @private_key.private_decrypt_oaep(raw_cipher, label, md)
     raw_text
   end
@@ -94,7 +95,7 @@ class Encryption
   #
   # export_private_key
   # @param [Boolean] in_base64_url
-  # @return [Signing] - PCKS8 PEM or Base64 URL encoded string
+  # @return [Signing | String] - PCKS8 PEM or Base64 URL encoded string
   def export_private_key(in_base64_url = false)
     if @private_key.nil?
       raise Exception.new 'Please pass private key'
@@ -103,7 +104,7 @@ class Encryption
 
     if in_base64_url
       formatted = remove_box('PRIVATE KEY', pem)
-      short_urlsafe_encode64(Base64.decode64(formatted))
+      Credify::Helpers.short_urlsafe_encode64(Base64.decode64(formatted))
     else
       pem
     end
@@ -112,7 +113,7 @@ class Encryption
   #
   # export_public_key
   # @param [Boolean] in_base64_url
-  # @return [Signing] - PCKS8 PEM or Base64 URL encoded string
+  # @return [Signing | String] - PCKS8 PEM or Base64 URL encoded string
   def export_public_key(in_base64_url = false)
     if @public_key.nil?
       raise Exception.new 'Please pass public key'
@@ -122,7 +123,7 @@ class Encryption
 
     if in_base64_url
       formatted = remove_box('PUBLIC KEY', pem)
-      short_urlsafe_encode64(Base64.decode64(formatted))
+      Credify::Helpers.short_urlsafe_encode64(Base64.decode64(formatted))
     else
       pem
     end
@@ -131,7 +132,7 @@ class Encryption
 
   protected
 
-
+  #
   # remove_box
   # @param [String] tag - Either 'PUBLIC KEY' or 'PRIVATE KEY'
   # @param [String] pem - String value loaded from a PEM file
@@ -152,18 +153,4 @@ class Encryption
     "-----BEGIN #{tag}-----\n" << payload << "\n-----END #{tag}-----"
   end
 
-  #
-  # short_urlsafe_encode64
-  # @param [Binary] - str
-  # @return [String] - Base64 URL encoded string without padding
-  def short_urlsafe_encode64(bytes)
-    Base64.urlsafe_encode64(bytes).delete('=')
-  end
-
-  #
-  # short_urlsafe_decode64
-  # @return [Binary]
-  def short_urlsafe_decode64(str)
-    Base64.urlsafe_decode64(str + '=' * (-1 * str.size & 3))
-  end
 end

data/lib/credify/signing.rb

@@ -1,6 +1,8 @@
 require "ed25519"
 require "base64"
+require 'json'
 require 'openssl_pkcs8_pure'
+require 'credify'
 
 class Signing
   attr_reader :signing_key
@@ -31,7 +33,7 @@ class Signing
       raise Exception.new 'Please pass signing key'
     end
     signature = @signing_key.sign(message)
-    short_urlsafe_encode64(signature)
+    Credify::Helpers.short_urlsafe_encode64(signature)
   end
 
   #
@@ -43,7 +45,7 @@ class Signing
     if @signing_key.nil?
       raise Exception.new 'Please pass signing key'
     end
-    raw_sign = short_urlsafe_decode64(signature)
+    raw_sign = Credify::Helpers.short_urlsafe_decode64(signature)
     @signing_key.verify_key.verify raw_sign, message
   end
 
@@ -57,21 +59,134 @@ class Signing
     Base64.encode64(@signing_key.seed)
   end
 
-  protected
+  #
+  # generate_jwt
+  # @param [Hash] payload
+  # @return [String]
+  def generate_jwt(payload)
+    if payload.empty?
+      raise Exception.new 'Invalid payload'
+    end
+    header = {
+      alg: 'EdDSA',
+      typ: 'JWT'
+    }
+    message = compose_message(header, payload)
+    signature = sign(message)
+    message << '.' << signature
+  end
+
+  #
+  # parse_jwt
+  # @param [String] jwt
+  # @return [Hash] - { header: '', payload: {}, signature: '' }
+  def parse_jwt(jwt)
+    components = jwt.split('.')
+    unless components.length == 3
+      raise Exception 'JST is invalid'
+    end
+
+    header = JSON.parse(Credify::Helpers.short_urlsafe_decode64(components[0]))
+    payload = JSON.parse(Credify::Helpers.short_urlsafe_decode64(components[1]))
+    { header: header, payload: payload, signature: components[2] }
+  end
+
+  #
+  # verify_jwt
+  # @param [Hash] jwt - { header: '', payload: {}, signature: '' }
+  # @return [Boolean]
+  def verify_jwt(jwt)
+    message = compose_message(jwt[:header], jwt[:payload])
+    verify(jwt[:signature], message)
+  end
 
   #
-  # short_urlsafe_encode64
-  # @param [Binary] - str
-  # @return [String] - Base64 URL encoded string without padding
-  def short_urlsafe_encode64(bytes)
-    Base64.urlsafe_encode64(bytes).delete('=')
+  # generate_approval_token
+  # @param [String] client_id
+  # @param [String] entity_id
+  # @param [String[]] approved_scopes
+  # @param [String | nil] offer_code
+  # @return [String]
+  def generate_approval_token(client_id, entity_id, approved_scopes, offer_code = nil)
+    # minus 60 just in case this timestamp could collide one in the server side.
+    now = Time.now.to_i - 60
+    payload = {
+      client_id: client_id,
+      iat: now,
+      iss: entity_id,
+      scopes: approved_scopes.join(' ')
+    }
+    unless offer_code.nil?
+      payload[:offer_code] = offer_code
+    end
+    generate_jwt(payload)
+  end
+
+  #
+  # generate_claim_token
+  # @param [String] provider_id
+  # @param [String] entity_id
+  # @param [String] scope_name
+  # @param [Hash] claim
+  # @return [Hash]
+  def generate_claim_token(provider_id, entity_id, scope_name, claim)
+    # minus 60 just in case this timestamp could collide one in the server side.
+    now = Time.now.to_i - 60
+    commitment = Credify::Helpers.generate_commitment
+    data = claim[:"#{scope_name}:commitment"] = commitment
+    scope_hash = Credify::Helpers.sha256(data)
+    puts scope_hash
+    payload = {
+      iat: now,
+      iss: provider_id,
+      user_id: entity_id,
+      scope_name: scope_name,
+      scope_hash: scope_hash
+    }
+    token = generate_jwt(payload)
+    { token: token, commitment: commitment }
   end
 
   #
-  # short_urlsafe_decode64
-  # @return [Binary]
-  def short_urlsafe_decode64(str)
-    Base64.urlsafe_decode64(str + '=' * (-1 * str.size & 3))
+  # generate_request_token
+  # @param [String] client_id
+  # @param [String] encryption_public_key - Encryption public key in Base64 URL
+  # @param [String[]] scopes
+  # @param [String | nil] offer_code
+  # @return [String]
+  def generate_request_token(client_id, encryption_public_key, scopes, offer_code = nil)
+    unless scopes.include?('openid')
+      raise Exception 'scopes need to contain openid'
+    end
+    # minus 60 just in case this timestamp could collide one in the server side.
+    now = Time.now.to_i - 60
+    payload = {
+      iat: now,
+      iss: client_id,
+      encryption_public_key: encryption_public_key,
+      scopes: scopes.join(' ')
+    }
+    unless offer_code.nil?
+      payload[:offer_code] = offer_code
+    end
+    generate_jwt(payload)
+  end
+
+  protected
+
+
+  # compose_message
+  # @param [Hash] header
+  # @param [Hash] payload
+  # @return [String]
+  def compose_message(header, payload)
+    encoded_header = header.to_json
+    h = Credify::Helpers.short_urlsafe_encode64(encoded_header)
+
+    encoded_payload = payload.to_json
+    p = Credify::Helpers.short_urlsafe_encode64(encoded_payload)
+
+    h << '.' << p
   end
 
 end

data/lib/credify/version.rb

@@ -1,3 +1,3 @@
 module Credify
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: credify
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - credify-pte-ltd