RubyGems - ruby-paseto - Versions diffs - 0.1.0 - Mend

ruby-paseto 0.1.0

Files changed (116) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +8 -0
data/CODE_OF_CONDUCT.md +84 -0
data/LICENSE.txt +21 -0
data/README.md +549 -0
data/lib/paseto/asn1/algorithm_identifier.rb +17 -0
data/lib/paseto/asn1/curve_private_key.rb +22 -0
data/lib/paseto/asn1/ec_private_key.rb +27 -0
data/lib/paseto/asn1/ecdsa_full_r.rb +26 -0
data/lib/paseto/asn1/ecdsa_sig_value.rb +23 -0
data/lib/paseto/asn1/ecdsa_signature.rb +49 -0
data/lib/paseto/asn1/ed25519_identifier.rb +15 -0
data/lib/paseto/asn1/named_curve.rb +17 -0
data/lib/paseto/asn1/one_asymmetric_key.rb +32 -0
data/lib/paseto/asn1/private_key.rb +17 -0
data/lib/paseto/asn1/private_key_algorithm_identifier.rb +17 -0
data/lib/paseto/asn1/public_key.rb +17 -0
data/lib/paseto/asn1/subject_public_key_info.rb +28 -0
data/lib/paseto/asn1.rb +101 -0
data/lib/paseto/asymmetric_key.rb +100 -0
data/lib/paseto/configuration/box.rb +23 -0
data/lib/paseto/configuration/decode_configuration.rb +68 -0
data/lib/paseto/configuration.rb +18 -0
data/lib/paseto/interface/i_d.rb +23 -0
data/lib/paseto/interface/key.rb +113 -0
data/lib/paseto/interface/pbkd.rb +83 -0
data/lib/paseto/interface/pie.rb +59 -0
data/lib/paseto/interface/pke.rb +86 -0
data/lib/paseto/interface/serializer.rb +19 -0
data/lib/paseto/interface/version.rb +161 -0
data/lib/paseto/interface/wrapper.rb +20 -0
data/lib/paseto/operations/i_d.rb +48 -0
data/lib/paseto/operations/id/i_dv3.rb +20 -0
data/lib/paseto/operations/id/i_dv4.rb +20 -0
data/lib/paseto/operations/pbkd/p_b_k_dv3.rb +85 -0
data/lib/paseto/operations/pbkd/p_b_k_dv4.rb +94 -0
data/lib/paseto/operations/pbkw.rb +73 -0
data/lib/paseto/operations/pke/p_k_ev3.rb +97 -0
data/lib/paseto/operations/pke/p_k_ev4.rb +95 -0
data/lib/paseto/operations/pke.rb +57 -0
data/lib/paseto/operations/wrap.rb +29 -0
data/lib/paseto/paserk.rb +55 -0
data/lib/paseto/paserk_types.rb +46 -0
data/lib/paseto/protocol/version3.rb +100 -0
data/lib/paseto/protocol/version4.rb +99 -0
data/lib/paseto/result.rb +9 -0
data/lib/paseto/serializer/optional_json.rb +30 -0
data/lib/paseto/serializer/raw.rb +23 -0
data/lib/paseto/sodium/curve_25519.rb +46 -0
data/lib/paseto/sodium/safe_ed25519_loader.rb +19 -0
data/lib/paseto/sodium/stream/base.rb +82 -0
data/lib/paseto/sodium/stream/x_cha_cha20_xor.rb +31 -0
data/lib/paseto/sodium.rb +5 -0
data/lib/paseto/symmetric_key.rb +119 -0
data/lib/paseto/token.rb +127 -0
data/lib/paseto/token_types.rb +29 -0
data/lib/paseto/util.rb +105 -0
data/lib/paseto/v3/local.rb +63 -0
data/lib/paseto/v3/public.rb +204 -0
data/lib/paseto/v4/local.rb +56 -0
data/lib/paseto/v4/public.rb +169 -0
data/lib/paseto/validator.rb +154 -0
data/lib/paseto/verifiers/footer.rb +30 -0
data/lib/paseto/verifiers/payload.rb +42 -0
data/lib/paseto/verify.rb +48 -0
data/lib/paseto/version.rb +6 -0
data/lib/paseto/versions.rb +25 -0
data/lib/paseto/wrappers/pie/pie_v3.rb +72 -0
data/lib/paseto/wrappers/pie/pie_v4.rb +72 -0
data/lib/paseto/wrappers/pie.rb +71 -0
data/lib/paseto.rb +99 -0
data/paseto.gemspec +58 -0
data/sorbet/config +3 -0
data/sorbet/rbi/annotations/rainbow.rbi +269 -0
data/sorbet/rbi/gems/ast@2.4.2.rbi +584 -0
data/sorbet/rbi/gems/diff-lcs@1.5.0.rbi +1083 -0
data/sorbet/rbi/gems/docile@1.4.0.rbi +376 -0
data/sorbet/rbi/gems/ffi@1.15.5.rbi +1994 -0
data/sorbet/rbi/gems/io-console@0.5.11.rbi +8 -0
data/sorbet/rbi/gems/irb@1.5.1.rbi +342 -0
data/sorbet/rbi/gems/json@2.6.3.rbi +1541 -0
data/sorbet/rbi/gems/multi_json@1.15.0.rbi +267 -0
data/sorbet/rbi/gems/netrc@0.11.0.rbi +158 -0
data/sorbet/rbi/gems/oj@3.13.23.rbi +603 -0
data/sorbet/rbi/gems/openssl@3.0.1.rbi +1735 -0
data/sorbet/rbi/gems/parallel@1.22.1.rbi +277 -0
data/sorbet/rbi/gems/rainbow@3.1.1.rbi +407 -0
data/sorbet/rbi/gems/rake@13.0.6.rbi +3021 -0
data/sorbet/rbi/gems/rbnacl@7.1.1.rbi +3218 -0
data/sorbet/rbi/gems/regexp_parser@2.6.1.rbi +3481 -0
data/sorbet/rbi/gems/reline@0.3.1.rbi +8 -0
data/sorbet/rbi/gems/rexml@3.2.5.rbi +4717 -0
data/sorbet/rbi/gems/rspec-core@3.12.0.rbi +10887 -0
data/sorbet/rbi/gems/rspec-expectations@3.12.0.rbi +8090 -0
data/sorbet/rbi/gems/rspec-mocks@3.12.0.rbi +5300 -0
data/sorbet/rbi/gems/rspec-support@3.12.0.rbi +1617 -0
data/sorbet/rbi/gems/rspec@3.12.0.rbi +88 -0
data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +1239 -0
data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +219 -0
data/sorbet/rbi/gems/simplecov@0.21.2.rbi +2135 -0
data/sorbet/rbi/gems/simplecov_json_formatter@0.1.4.rbi +8 -0
data/sorbet/rbi/gems/thor@1.2.1.rbi +3956 -0
data/sorbet/rbi/gems/timecop@0.9.6.rbi +350 -0
data/sorbet/rbi/gems/unicode-display_width@2.3.0.rbi +48 -0
data/sorbet/rbi/gems/webrick@1.7.0.rbi +2555 -0
data/sorbet/rbi/gems/yard-sorbet@0.7.0.rbi +391 -0
data/sorbet/rbi/gems/yard@0.9.28.rbi +17816 -0
data/sorbet/rbi/gems/zeitwerk@2.6.6.rbi +950 -0
data/sorbet/rbi/shims/multi_json.rbi +19 -0
data/sorbet/rbi/shims/openssl.rbi +111 -0
data/sorbet/rbi/shims/rbnacl.rbi +65 -0
data/sorbet/rbi/shims/zeitwerk.rbi +6 -0
data/sorbet/rbi/todo.rbi +7 -0
data/sorbet/tapioca/config.yml +30 -0
data/sorbet/tapioca/require.rb +12 -0
metadata +376 -0

data/lib/paseto/asn1/algorithm_identifier.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class AlgorithmIdentifier < T::Struct
+      extend T::Sig
+      const :algorithm, NamedCurve
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(algorithm.build)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/curve_private_key.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class CurvePrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, String
+      sig { returns(OpenSSL::ASN1::OctetString) }
+      def build
+        OpenSSL::ASN1::OctetString.new(private_key)
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ec_private_key.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECPrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, String
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(1),
+            OpenSSL::ASN1::OctetString.new(private_key)
+          ]
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_full_r.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSAFullR < T::Struct
+      extend T::Sig
+      const :r, OpenSSL::PKey::EC::Point
+      const :s, OpenSSL::BN
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        # Unsupported by OpenSSL 3.0
+        # :nocov:
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::OctetString.new(r.to_octet_string(:compressed)),
+            OpenSSL::ASN1::Integer.new(s)
+          ]
+        )
+        # :nocov:
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_sig_value.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSASigValue < T::Struct
+      extend T::Sig
+      const :r, OpenSSL::BN
+      const :s, OpenSSL::BN
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(r),
+            OpenSSL::ASN1::Integer.new(s)
+          ]
+        )
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_signature.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSASignature < T::Struct
+      extend T::Sig
+      const :signature, T.any(ECDSASigValue, ECDSAFullR)
+      sig { params(bytes: String, part_len: Integer).returns(ECDSASignature) }
+      def self.from_rs(bytes, part_len)
+        r = OpenSSL::BN.new(T.must(bytes[0, part_len]), 2)
+        s = OpenSSL::BN.new(T.must(bytes[-part_len, part_len]), 2)
+        new(signature: ECDSASigValue.new(r: r, s: s))
+      end
+      sig { params(sig: String).returns(ECDSASignature) }
+      def self.from_asn1(sig)
+        r, s = OpenSSL::ASN1.decode(sig).value.map(&:value)
+        new(signature: ECDSASigValue.new(r: r, s: s))
+      end
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        signature.build
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+      sig { params(part_len: Integer).returns(String) }
+      def to_rs(part_len)
+        case signature
+        when ECDSASigValue
+          r = T.cast(signature.r, OpenSSL::BN).to_s(2).rjust(part_len, "\x00")
+        when ECDSAFullR
+          # :nocov:
+          r = T.cast(signature.r, OpenSSL::PKey::EC::Point).to_octet_string(:compressed).rjust(part_len, "\x00")
+          # :nocov:
+        end
+        s = signature.s.to_s(2).rjust(part_len, "\x00")
+        [r, s].join
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ed25519_identifier.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class Ed25519Identifier < T::Struct
+      extend T::Sig
+      sig { returns([OpenSSL::ASN1::ObjectId]) }
+      def build
+        [OpenSSL::ASN1::ObjectId('ED25519')]
+      end
+    end
+  end
+end

data/lib/paseto/asn1/named_curve.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class NamedCurve < T::Struct
+      extend T::Sig
+      const :curve_name, String
+      sig { returns([OpenSSL::ASN1::ObjectId, OpenSSL::ASN1::ObjectId]) }
+      def build
+        [OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve_name)]
+      end
+    end
+  end
+end

data/lib/paseto/asn1/one_asymmetric_key.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class OneAsymmetricKey < T::Struct
+      extend T::Sig
+      const :version, OpenSSL::BN
+      const :algorithm, PrivateKeyAlgorithmIdentifier
+      const :private_key, PrivateKey
+      const :public_key, T.nilable(PublicKey)
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(version),
+            algorithm.build,
+            private_key.build
+            # public_key&.build
+          ].compact
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/private_key.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, T.any(ECPrivateKey, CurvePrivateKey)
+      sig { returns(OpenSSL::ASN1::OctetString) }
+      def build
+        OpenSSL::ASN1::OctetString.new(private_key.to_der)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/private_key_algorithm_identifier.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PrivateKeyAlgorithmIdentifier < T::Struct
+      extend T::Sig
+      const :parameters, T.any(Ed25519Identifier, NamedCurve)
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(parameters.build)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/public_key.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PublicKey < T::Struct
+      extend T::Sig
+      const :public_key, String
+      sig { returns(OpenSSL::ASN1::BitString) }
+      def build
+        OpenSSL::ASN1::BitString.new(public_key)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/subject_public_key_info.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class SubjectPublicKeyInfo < T::Struct
+      extend T::Sig
+      const :algorithm_identifier, AlgorithmIdentifier
+      const :public_key, PublicKey
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            algorithm_identifier.build,
+            public_key.build
+          ]
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1.rb ADDED Viewed

@@ -0,0 +1,101 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    # References:
+    #   https://www.rfc-editor.org/rfc/rfc5208  PKCS #8: Private-Key Information Syntax Specification Version 1.2
+    #   https://www.rfc-editor.org/rfc/rfc5480  Elliptic Curve Cryptography Subject Public Key Information
+    #   https://www.rfc-editor.org/rfc/rfc5915  Elliptic Curve Private Key Structure
+    #   https://www.rfc-editor.org/rfc/rfc5958  Asymmetric Key Packages (obsoletes PKCS#8)
+    #   https://www.rfc-editor.org/rfc/rfc8018  PKCS #5: Password-Based Cryptography Specification Version 2.1
+    #   https://www.secg.org/sec1-v2.pdf
+    extend T::Sig
+    sig { params(bytes: String).returns(String) }
+    def self.p384_scalar_bytes_to_oak_der(bytes)
+      OneAsymmetricKey.new(
+        version: OpenSSL::BN.new(1),
+        algorithm: PrivateKeyAlgorithmIdentifier.new(
+          parameters: NamedCurve.new(curve_name: 'secp384r1')
+        ),
+        private_key: PrivateKey.new(
+          private_key: ECPrivateKey.new(
+            private_key: bytes
+          )
+        )
+      ).to_der
+    end
+    sig { params(bytes: String).returns(String) }
+    def self.p384_public_bytes_to_spki_der(bytes)
+      SubjectPublicKeyInfo.new(
+        algorithm_identifier: AlgorithmIdentifier.new(
+          algorithm: NamedCurve.new(curve_name: 'secp384r1')
+        ),
+        public_key: PublicKey.new(
+          public_key: bytes
+        )
+      ).to_der
+    end
+    # RbNaCl::SigningKey.keypair_bytes returns the 32-byte private scalar and group element
+    # as (s || g), so we repack that into an ASN1 structure and then Base64 the resulting DER
+    # to get a PEM.
+    sig { params(bytes: String).returns(String) }
+    def self.ed25519_rs_to_oak_der(bytes)
+      OneAsymmetricKey.new(
+        version: OpenSSL::BN.new(0),
+        algorithm: PrivateKeyAlgorithmIdentifier.new(
+          parameters: Ed25519Identifier.new
+        ),
+        private_key: PrivateKey.new(
+          private_key: CurvePrivateKey.new(
+            private_key: T.must(bytes.byteslice(0, 32))
+          )
+        )
+      ).to_der
+    end
+    sig { params(bytes: String).returns(String) }
+    def self.ed25519_rs_to_oak_pem(bytes)
+      der_to_private_pem(ed25519_rs_to_oak_der(bytes))
+    end
+    sig { params(verify_key: String).returns(String) }
+    def self.ed25519_pubkey_nacl_to_der(verify_key)
+      OpenSSL::ASN1::Sequence.new(
+        [
+          OpenSSL::ASN1::Sequence.new(
+            [OpenSSL::ASN1::ObjectId.new('ED25519')]
+          ),
+          OpenSSL::ASN1::BitString.new(verify_key)
+        ]
+      ).to_der
+    end
+    sig { params(verify_key: String).returns(String) }
+    def self.ed25519_pubkey_nacl_to_pem(verify_key)
+      der_to_public_pem(ed25519_pubkey_nacl_to_der(verify_key))
+    end
+    sig { params(der: String).returns(String) }
+    def self.der_to_public_pem(der)
+      <<~PEM
+        -----BEGIN PUBLIC KEY-----
+        #{Base64.strict_encode64(der)}
+        -----END PUBLIC KEY-----
+      PEM
+    end
+    sig { params(der: String).returns(String) }
+    def self.der_to_private_pem(der)
+      <<~PEM
+        -----BEGIN PRIVATE KEY-----
+        #{Base64.strict_encode64(der)}
+        -----END PRIVATE KEY-----
+      PEM
+    end
+  end
+end

data/lib/paseto/asymmetric_key.rb ADDED Viewed

@@ -0,0 +1,100 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  class AsymmetricKey < Interface::Key
+    extend T::Sig
+    extend T::Helpers
+    abstract!
+    sig(:final) { override.returns(String) }
+    attr_reader :id, :paserk
+    sig(:final) { returns(String) }
+    attr_reader :pid, :public_paserk
+    sig { params(_key: T.untyped).void }
+    def initialize(_key)
+      @public_paserk = T.let("#{paserk_version}.public.#{Util.encode64(public_bytes)}".freeze, String)
+      @pid = T.let(Operations::ID.pid(self).freeze, String)
+      if private?
+        @paserk = T.let("#{paserk_version}.secret.#{Util.encode64(to_bytes)}".freeze, String)
+        @id = T.let(Operations::ID.sid(self).freeze, String)
+      else
+        @paserk = @public_paserk
+        @id = T.let(@pid, String)
+      end
+    end
+    sig { abstract.params(message: String, footer: String, implicit_assertion: String).returns(Token) }
+    def sign(message:, footer: '', implicit_assertion: ''); end
+    sig { abstract.params(token: Token, implicit_assertion: String).returns(String) }
+    def verify(token:, implicit_assertion: ''); end
+    sig { abstract.returns(String) }
+    def public_to_pem; end
+    sig { abstract.returns(String) }
+    def private_to_pem; end
+    sig { abstract.returns(T::Boolean) }
+    def private?; end
+    sig { abstract.returns(String) }
+    def public_bytes; end
+    sig { abstract.params(other: T.untyped).returns(String) }
+    def ecdh(other); end
+    sig(:final) do
+      override.params(
+        payload: T::Hash[String, T.untyped],
+        footer: String,
+        implicit_assertion: String,
+        options: T.nilable(T.any(String, Integer, Symbol, T::Boolean))
+      ).returns(String)
+    end
+    def encode!(payload, footer: '', implicit_assertion: '', **options)
+      MultiJson.dump(payload, options)
+               .then { |json| sign(message: json, footer: footer, implicit_assertion: implicit_assertion) }
+               .then(&:to_s)
+    end
+    sig(:final) do
+      override.params(
+        payload: String,
+        implicit_assertion: String,
+        options: T.nilable(T.any(Proc, String, Integer, Symbol, T::Boolean))
+      ).returns(Result)
+    end
+    def decode!(payload, implicit_assertion: '', **options)
+      token = Token.parse(payload)
+      verify(token: token, implicit_assertion: implicit_assertion)
+        .then { |json| MultiJson.load(json, **options) }
+        .then { |claims| Result.new(claims: claims, footer: token.footer) }
+    end
+    sig(:final) { override.returns(String) }
+    def pbkw_header = protocol.pbkd_secret_header
+    sig(:final) { override.returns(String) }
+    def purpose = 'public'
+    sig(:final) { returns(Interface::PKE) }
+    def pke = protocol.pke(self)
+    sig(:final) { returns(String) }
+    def sid = @sid ||= T.let(Operations::ID.sid(self), T.nilable(String))
+    sig(:final) { params(other: SymmetricKey).returns(String) }
+    def seal(other) = Paserk.seal(sealing_key: self, key: other)
+    sig(:final) { params(paserk: String).returns(SymmetricKey) }
+    def unseal(paserk) = Paserk.from_paserk(paserk: paserk, unsealing_key: self)
+  end
+end

data/lib/paseto/configuration/box.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    class Box
+      extend T::Sig
+      sig { returns(DecodeConfiguration) }
+      attr_accessor :decode
+      sig { void }
+      def initialize
+        @decode = T.let(DecodeConfiguration.new, DecodeConfiguration)
+      end
+      sig { void }
+      def reset!
+        @decode = DecodeConfiguration.new
+      end
+    end
+  end
+end

data/lib/paseto/configuration/decode_configuration.rb ADDED Viewed

@@ -0,0 +1,68 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    class DecodeConfiguration
+      extend T::Sig
+      sig { returns(Interface::Serializer) }
+      attr_accessor :footer_serializer
+      sig { returns(T::Boolean) }
+      attr_accessor :verify_exp, :verify_nbf, :verify_iat
+      sig { returns(T.any(FalseClass, String)) }
+      attr_accessor :verify_sub
+      sig { returns(T.any(FalseClass, T::Array[String])) }
+      attr_accessor :verify_aud
+      sig { returns(T.any(T::Array[T.any(String, Regexp, T.proc.params(issuer: String).returns(T::Boolean))], FalseClass)) }
+      attr_accessor :verify_iss
+      sig do
+        returns(T.any(
+                  T::Boolean,
+                  T.proc.params(jti: String).returns(T::Boolean)
+                ))
+      end
+      attr_accessor :verify_jti
+      sig { void }
+      def initialize # rubocop:disable Metrics/AbcSize
+        @footer_serializer = T.let(Serializer::OptionalJson, Interface::Serializer)
+        @verify_exp = T.let(true, T::Boolean)
+        @verify_nbf = T.let(true, T::Boolean)
+        @verify_iat = T.let(true, T::Boolean)
+        @verify_iss = T.let(false, T.any(FalseClass,
+                                         T::Array[
+                                          T.any(String, Regexp, T.proc.params(issuer: String).returns(T::Boolean))
+                                          ]))
+        @verify_aud = T.let(false, T.any(FalseClass, T::Array[String]))
+        @verify_sub = T.let(false, T.any(FalseClass, String))
+        @verify_jti = T.let(false, T.any(
+                                     T::Boolean,
+                                     T.proc.params(jti: String).returns(T::Boolean)
+                                   ))
+      end
+      sig { returns(T::Hash[Symbol, T.untyped]) }
+      def to_h
+        {
+          verify_exp: verify_exp,
+          verify_nbf: verify_nbf,
+          verify_iss: verify_iss,
+          verify_iat: verify_iat,
+          verify_jti: verify_jti,
+          verify_aud: verify_aud,
+          verify_sub: verify_sub
+        }
+      end
+    end
+  end
+end

data/lib/paseto/configuration.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    extend T::Sig
+    sig { params(blk: T.proc.params(config: Paseto::Configuration::Box).void).void }
+    def configure(&blk) # rubocop:disable Lint/UnusedMethodArgument
+      yield(config)
+    end
+    sig { returns(Paseto::Configuration::Box) }
+    def config
+      @config ||= T.let(Configuration::Box.new, T.nilable(Paseto::Configuration::Box))
+    end
+  end
+end

data/lib/paseto/interface/i_d.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Interface
+    module ID
+      extend T::Sig
+      extend T::Helpers
+      abstract!
+      sig(:final) { params(type: String, paserk: String).returns(String) }
+      def encode(type, paserk)
+        header = "#{protocol.paserk_version}.#{type}."
+        d = protocol.digest("#{header}#{paserk}", digest_size: 33)
+        "#{header}#{Util.encode64(d)}"
+      end
+      sig { abstract.returns(Interface::Version) }
+      def protocol; end
+    end
+  end
+end