eligible 2.6.3 → 2.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog +11 -1
- data/lib/eligible.rb +1 -1
- data/lib/eligible/encryptor.rb +66 -60
- data/lib/eligible/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6375643cb7a472ceb059f519b423e5979f62e8d8
|
4
|
+
data.tar.gz: 1ebb17780d0ef179c9d8cd0962a1f6b1e5c28915
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76402c20fee5b41d80793066c6c4d62a0d79192ffbcd26af31bc22ee4e12a9ecc9570c02cdd9179b908e005ba3b88ad668385622053900494cd7402d1700d60d
|
7
|
+
data.tar.gz: 66877c68f4b1f6727e2677b31f12e885f764c584bd9129bdbe3d44441c98f5ef9ad1e1f720b167af59e11d492551a97beee7847e6e4ccb647b67f31ebb8afd51
|
data/ChangeLog
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
2016-12-14 Eligible <support@eligible.com>
|
2
|
+
|
3
|
+
* 2.7.0
|
4
|
+
- Changed default content type to application/json
|
5
|
+
|
6
|
+
2016-11-18 Eligible <support@eligible.com>
|
7
|
+
|
8
|
+
* 2.6.3
|
9
|
+
- Added a new certificate fingerprint
|
10
|
+
|
1
11
|
2016-08-31 Eligible <support@eligible.com>
|
2
12
|
* 2.6.2
|
3
13
|
- New APIs added in testing mode, no public-facing changes
|
@@ -10,7 +20,7 @@
|
|
10
20
|
- Documentation updates for the endpoints
|
11
21
|
|
12
22
|
2016-02-23 Eligible <support@eligible.com>
|
13
|
-
|
23
|
+
|
14
24
|
* 2.6.0
|
15
25
|
- Added new endpoints customer, original signature pdf and payer.
|
16
26
|
- Added specs
|
data/lib/eligible.rb
CHANGED
@@ -152,7 +152,7 @@ module Eligible
|
|
152
152
|
headers = {
|
153
153
|
user_agent: "eligible-ruby/#{Eligible::VERSION}",
|
154
154
|
authorization: "Bearer #{api_key}",
|
155
|
-
content_type: 'application/
|
155
|
+
content_type: 'application/json'
|
156
156
|
}.merge(headers)
|
157
157
|
|
158
158
|
headers[:eligible_version] = api_version if api_version
|
data/lib/eligible/encryptor.rb
CHANGED
@@ -3,9 +3,7 @@ require 'openssl'
|
|
3
3
|
module Eligible
|
4
4
|
# A simple wrapper for the standard OpenSSL library
|
5
5
|
module Encryptor
|
6
|
-
|
7
6
|
extend self
|
8
|
-
|
9
7
|
# The default options to use when calling the <tt>encrypt</tt> and <tt>decrypt</tt> methods
|
10
8
|
#
|
11
9
|
# Defaults to { algorithm: 'aes-256-gcm',
|
@@ -16,11 +14,13 @@ module Eligible
|
|
16
14
|
#
|
17
15
|
# Run 'openssl list-cipher-commands' in your terminal to view a list all cipher algorithms that are supported on your platform
|
18
16
|
def default_options
|
19
|
-
@default_options ||= {
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
17
|
+
@default_options ||= {
|
18
|
+
algorithm: 'aes-256-cbc',
|
19
|
+
auth_data: '',
|
20
|
+
insecure_mode: false,
|
21
|
+
hmac_iterations: 2000,
|
22
|
+
v2_gcm_iv: false
|
23
|
+
}
|
24
24
|
end
|
25
25
|
|
26
26
|
# Encrypts a <tt>:value</tt> with a specified <tt>:key</tt> and <tt>:iv</tt>.
|
@@ -51,65 +51,71 @@ module Eligible
|
|
51
51
|
|
52
52
|
protected
|
53
53
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
# per-column basis, for example). This is the preferred (and more
|
76
|
-
# secure) mode of operation.
|
77
|
-
cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(options[:key], options[:salt], options[:hmac_iterations], cipher.key_len)
|
78
|
-
end
|
79
|
-
cipher.iv = options[:iv] unless options[:v2_gcm_iv]
|
54
|
+
def crypt(cipher_method, *args) #:nodoc:
|
55
|
+
options = default_options.merge(value: args.first).merge(args.last.is_a?(Hash) ? args.last : {})
|
56
|
+
raise ArgumentError.new('must specify a key') if options[:key].to_s.empty?
|
57
|
+
cipher = OpenSSL::Cipher.new(options[:algorithm])
|
58
|
+
cipher.send(cipher_method)
|
59
|
+
|
60
|
+
unless options[:insecure_mode]
|
61
|
+
raise ArgumentError.new("key must be #{cipher.key_len} bytes or longer") if options[:key].bytesize < cipher.key_len
|
62
|
+
raise ArgumentError.new('must specify an iv') if options[:iv].to_s.empty?
|
63
|
+
raise ArgumentError.new("iv must be #{cipher.iv_len} bytes or longer") if options[:iv].bytesize < cipher.iv_len
|
64
|
+
end
|
65
|
+
|
66
|
+
if options[:iv]
|
67
|
+
# This is here for backwards compatibility for Encryptor v2.0.0.
|
68
|
+
cipher.iv = options[:iv] if options[:v2_gcm_iv]
|
69
|
+
if options[:salt].nil?
|
70
|
+
# Use a non-salted cipher.
|
71
|
+
# This behaviour is retained for backwards compatibility. This mode
|
72
|
+
# is not secure and new deployments should use the :salt options
|
73
|
+
# wherever possible.
|
74
|
+
cipher.key = options[:key]
|
80
75
|
else
|
81
|
-
#
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
value = options[:value]
|
86
|
-
if cipher.authenticated?
|
87
|
-
if encryption?(cipher_method)
|
88
|
-
cipher.auth_data = options[:auth_data]
|
89
|
-
else
|
90
|
-
value = extract_cipher_text(options[:value])
|
91
|
-
cipher.auth_tag = extract_auth_tag(options[:value])
|
92
|
-
# auth_data must be set after auth_tag has been set when decrypting
|
93
|
-
# See http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-auth_data-3D
|
94
|
-
cipher.auth_data = options[:auth_data]
|
95
|
-
end
|
76
|
+
# Use an explicit salt (which can be persisted into a database on a
|
77
|
+
# per-column basis, for example). This is the preferred (and more
|
78
|
+
# secure) mode of operation.
|
79
|
+
cipher.key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(options[:key], options[:salt], options[:hmac_iterations], cipher.key_len)
|
96
80
|
end
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
81
|
+
cipher.iv = options[:iv] unless options[:v2_gcm_iv]
|
82
|
+
else
|
83
|
+
# This is deprecated and needs to be changed.
|
84
|
+
cipher.pkcs5_keyivgen(options[:key])
|
101
85
|
end
|
102
86
|
|
103
|
-
|
104
|
-
cipher_method == :encrypt
|
105
|
-
end
|
87
|
+
yield cipher, options if block_given?
|
106
88
|
|
107
|
-
|
108
|
-
value[0..-17]
|
109
|
-
end
|
89
|
+
value = options[:value]
|
110
90
|
|
111
|
-
|
112
|
-
|
91
|
+
if cipher.authenticated?
|
92
|
+
if encryption?(cipher_method)
|
93
|
+
cipher.auth_data = options[:auth_data]
|
94
|
+
else
|
95
|
+
value = extract_cipher_text(options[:value])
|
96
|
+
cipher.auth_tag = extract_auth_tag(options[:value])
|
97
|
+
# auth_data must be set after auth_tag has been set when decrypting
|
98
|
+
# See http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#method-i-auth_data-3D
|
99
|
+
cipher.auth_data = options[:auth_data]
|
100
|
+
end
|
113
101
|
end
|
102
|
+
|
103
|
+
result = cipher.update(value)
|
104
|
+
result << cipher.final
|
105
|
+
result << cipher.auth_tag if cipher.authenticated? && encryption?(cipher_method)
|
106
|
+
result
|
107
|
+
end
|
108
|
+
|
109
|
+
def encryption?(cipher_method)
|
110
|
+
cipher_method == :encrypt
|
111
|
+
end
|
112
|
+
|
113
|
+
def extract_cipher_text(value)
|
114
|
+
value[0..-17]
|
115
|
+
end
|
116
|
+
|
117
|
+
def extract_auth_tag(value)
|
118
|
+
value[-16..-1]
|
119
|
+
end
|
114
120
|
end
|
115
121
|
end
|
data/lib/eligible/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: eligible
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Katelyn Gleaon
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2016-
|
13
|
+
date: 2016-12-14 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rest-client
|
@@ -167,7 +167,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
167
167
|
version: '0'
|
168
168
|
requirements: []
|
169
169
|
rubyforge_project:
|
170
|
-
rubygems_version: 2.
|
170
|
+
rubygems_version: 2.6.8
|
171
171
|
signing_key:
|
172
172
|
specification_version: 4
|
173
173
|
summary: Ruby wrapper for the Eligible API
|