RubyGems - ruby-paseto - Versions diffs - 0.1.0 - Mend

ruby-paseto 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +8 -0
data/CODE_OF_CONDUCT.md +84 -0
data/LICENSE.txt +21 -0
data/README.md +549 -0
data/lib/paseto/asn1/algorithm_identifier.rb +17 -0
data/lib/paseto/asn1/curve_private_key.rb +22 -0
data/lib/paseto/asn1/ec_private_key.rb +27 -0
data/lib/paseto/asn1/ecdsa_full_r.rb +26 -0
data/lib/paseto/asn1/ecdsa_sig_value.rb +23 -0
data/lib/paseto/asn1/ecdsa_signature.rb +49 -0
data/lib/paseto/asn1/ed25519_identifier.rb +15 -0
data/lib/paseto/asn1/named_curve.rb +17 -0
data/lib/paseto/asn1/one_asymmetric_key.rb +32 -0
data/lib/paseto/asn1/private_key.rb +17 -0
data/lib/paseto/asn1/private_key_algorithm_identifier.rb +17 -0
data/lib/paseto/asn1/public_key.rb +17 -0
data/lib/paseto/asn1/subject_public_key_info.rb +28 -0
data/lib/paseto/asn1.rb +101 -0
data/lib/paseto/asymmetric_key.rb +100 -0
data/lib/paseto/configuration/box.rb +23 -0
data/lib/paseto/configuration/decode_configuration.rb +68 -0
data/lib/paseto/configuration.rb +18 -0
data/lib/paseto/interface/i_d.rb +23 -0
data/lib/paseto/interface/key.rb +113 -0
data/lib/paseto/interface/pbkd.rb +83 -0
data/lib/paseto/interface/pie.rb +59 -0
data/lib/paseto/interface/pke.rb +86 -0
data/lib/paseto/interface/serializer.rb +19 -0
data/lib/paseto/interface/version.rb +161 -0
data/lib/paseto/interface/wrapper.rb +20 -0
data/lib/paseto/operations/i_d.rb +48 -0
data/lib/paseto/operations/id/i_dv3.rb +20 -0
data/lib/paseto/operations/id/i_dv4.rb +20 -0
data/lib/paseto/operations/pbkd/p_b_k_dv3.rb +85 -0
data/lib/paseto/operations/pbkd/p_b_k_dv4.rb +94 -0
data/lib/paseto/operations/pbkw.rb +73 -0
data/lib/paseto/operations/pke/p_k_ev3.rb +97 -0
data/lib/paseto/operations/pke/p_k_ev4.rb +95 -0
data/lib/paseto/operations/pke.rb +57 -0
data/lib/paseto/operations/wrap.rb +29 -0
data/lib/paseto/paserk.rb +55 -0
data/lib/paseto/paserk_types.rb +46 -0
data/lib/paseto/protocol/version3.rb +100 -0
data/lib/paseto/protocol/version4.rb +99 -0
data/lib/paseto/result.rb +9 -0
data/lib/paseto/serializer/optional_json.rb +30 -0
data/lib/paseto/serializer/raw.rb +23 -0
data/lib/paseto/sodium/curve_25519.rb +46 -0
data/lib/paseto/sodium/safe_ed25519_loader.rb +19 -0
data/lib/paseto/sodium/stream/base.rb +82 -0
data/lib/paseto/sodium/stream/x_cha_cha20_xor.rb +31 -0
data/lib/paseto/sodium.rb +5 -0
data/lib/paseto/symmetric_key.rb +119 -0
data/lib/paseto/token.rb +127 -0
data/lib/paseto/token_types.rb +29 -0
data/lib/paseto/util.rb +105 -0
data/lib/paseto/v3/local.rb +63 -0
data/lib/paseto/v3/public.rb +204 -0
data/lib/paseto/v4/local.rb +56 -0
data/lib/paseto/v4/public.rb +169 -0
data/lib/paseto/validator.rb +154 -0
data/lib/paseto/verifiers/footer.rb +30 -0
data/lib/paseto/verifiers/payload.rb +42 -0
data/lib/paseto/verify.rb +48 -0
data/lib/paseto/version.rb +6 -0
data/lib/paseto/versions.rb +25 -0
data/lib/paseto/wrappers/pie/pie_v3.rb +72 -0
data/lib/paseto/wrappers/pie/pie_v4.rb +72 -0
data/lib/paseto/wrappers/pie.rb +71 -0
data/lib/paseto.rb +99 -0
data/paseto.gemspec +58 -0
data/sorbet/config +3 -0
data/sorbet/rbi/annotations/rainbow.rbi +269 -0
data/sorbet/rbi/gems/ast@2.4.2.rbi +584 -0
data/sorbet/rbi/gems/diff-lcs@1.5.0.rbi +1083 -0
data/sorbet/rbi/gems/docile@1.4.0.rbi +376 -0
data/sorbet/rbi/gems/ffi@1.15.5.rbi +1994 -0
data/sorbet/rbi/gems/io-console@0.5.11.rbi +8 -0
data/sorbet/rbi/gems/irb@1.5.1.rbi +342 -0
data/sorbet/rbi/gems/json@2.6.3.rbi +1541 -0
data/sorbet/rbi/gems/multi_json@1.15.0.rbi +267 -0
data/sorbet/rbi/gems/netrc@0.11.0.rbi +158 -0
data/sorbet/rbi/gems/oj@3.13.23.rbi +603 -0
data/sorbet/rbi/gems/openssl@3.0.1.rbi +1735 -0
data/sorbet/rbi/gems/parallel@1.22.1.rbi +277 -0
data/sorbet/rbi/gems/rainbow@3.1.1.rbi +407 -0
data/sorbet/rbi/gems/rake@13.0.6.rbi +3021 -0
data/sorbet/rbi/gems/rbnacl@7.1.1.rbi +3218 -0
data/sorbet/rbi/gems/regexp_parser@2.6.1.rbi +3481 -0
data/sorbet/rbi/gems/reline@0.3.1.rbi +8 -0
data/sorbet/rbi/gems/rexml@3.2.5.rbi +4717 -0
data/sorbet/rbi/gems/rspec-core@3.12.0.rbi +10887 -0
data/sorbet/rbi/gems/rspec-expectations@3.12.0.rbi +8090 -0
data/sorbet/rbi/gems/rspec-mocks@3.12.0.rbi +5300 -0
data/sorbet/rbi/gems/rspec-support@3.12.0.rbi +1617 -0
data/sorbet/rbi/gems/rspec@3.12.0.rbi +88 -0
data/sorbet/rbi/gems/ruby-progressbar@1.11.0.rbi +1239 -0
data/sorbet/rbi/gems/simplecov-html@0.12.3.rbi +219 -0
data/sorbet/rbi/gems/simplecov@0.21.2.rbi +2135 -0
data/sorbet/rbi/gems/simplecov_json_formatter@0.1.4.rbi +8 -0
data/sorbet/rbi/gems/thor@1.2.1.rbi +3956 -0
data/sorbet/rbi/gems/timecop@0.9.6.rbi +350 -0
data/sorbet/rbi/gems/unicode-display_width@2.3.0.rbi +48 -0
data/sorbet/rbi/gems/webrick@1.7.0.rbi +2555 -0
data/sorbet/rbi/gems/yard-sorbet@0.7.0.rbi +391 -0
data/sorbet/rbi/gems/yard@0.9.28.rbi +17816 -0
data/sorbet/rbi/gems/zeitwerk@2.6.6.rbi +950 -0
data/sorbet/rbi/shims/multi_json.rbi +19 -0
data/sorbet/rbi/shims/openssl.rbi +111 -0
data/sorbet/rbi/shims/rbnacl.rbi +65 -0
data/sorbet/rbi/shims/zeitwerk.rbi +6 -0
data/sorbet/rbi/todo.rbi +7 -0
data/sorbet/tapioca/config.yml +30 -0
data/sorbet/tapioca/require.rb +12 -0
metadata +376 -0

data/lib/paseto/asn1/algorithm_identifier.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class AlgorithmIdentifier < T::Struct
+      extend T::Sig
+      const :algorithm, NamedCurve
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(algorithm.build)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/curve_private_key.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class CurvePrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, String
+      sig { returns(OpenSSL::ASN1::OctetString) }
+      def build
+        OpenSSL::ASN1::OctetString.new(private_key)
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ec_private_key.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECPrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, String
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(1),
+            OpenSSL::ASN1::OctetString.new(private_key)
+          ]
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_full_r.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSAFullR < T::Struct
+      extend T::Sig
+      const :r, OpenSSL::PKey::EC::Point
+      const :s, OpenSSL::BN
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        # Unsupported by OpenSSL 3.0
+        # :nocov:
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::OctetString.new(r.to_octet_string(:compressed)),
+            OpenSSL::ASN1::Integer.new(s)
+          ]
+        )
+        # :nocov:
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_sig_value.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSASigValue < T::Struct
+      extend T::Sig
+      const :r, OpenSSL::BN
+      const :s, OpenSSL::BN
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(r),
+            OpenSSL::ASN1::Integer.new(s)
+          ]
+        )
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ecdsa_signature.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class ECDSASignature < T::Struct
+      extend T::Sig
+      const :signature, T.any(ECDSASigValue, ECDSAFullR)
+      sig { params(bytes: String, part_len: Integer).returns(ECDSASignature) }
+      def self.from_rs(bytes, part_len)
+        r = OpenSSL::BN.new(T.must(bytes[0, part_len]), 2)
+        s = OpenSSL::BN.new(T.must(bytes[-part_len, part_len]), 2)
+        new(signature: ECDSASigValue.new(r: r, s: s))
+      end
+      sig { params(sig: String).returns(ECDSASignature) }
+      def self.from_asn1(sig)
+        r, s = OpenSSL::ASN1.decode(sig).value.map(&:value)
+        new(signature: ECDSASigValue.new(r: r, s: s))
+      end
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        signature.build
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+      sig { params(part_len: Integer).returns(String) }
+      def to_rs(part_len)
+        case signature
+        when ECDSASigValue
+          r = T.cast(signature.r, OpenSSL::BN).to_s(2).rjust(part_len, "\x00")
+        when ECDSAFullR
+          # :nocov:
+          r = T.cast(signature.r, OpenSSL::PKey::EC::Point).to_octet_string(:compressed).rjust(part_len, "\x00")
+          # :nocov:
+        end
+        s = signature.s.to_s(2).rjust(part_len, "\x00")
+        [r, s].join
+      end
+    end
+  end
+end

data/lib/paseto/asn1/ed25519_identifier.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class Ed25519Identifier < T::Struct
+      extend T::Sig
+      sig { returns([OpenSSL::ASN1::ObjectId]) }
+      def build
+        [OpenSSL::ASN1::ObjectId('ED25519')]
+      end
+    end
+  end
+end

data/lib/paseto/asn1/named_curve.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class NamedCurve < T::Struct
+      extend T::Sig
+      const :curve_name, String
+      sig { returns([OpenSSL::ASN1::ObjectId, OpenSSL::ASN1::ObjectId]) }
+      def build
+        [OpenSSL::ASN1::ObjectId('id-ecPublicKey'), OpenSSL::ASN1::ObjectId(curve_name)]
+      end
+    end
+  end
+end

data/lib/paseto/asn1/one_asymmetric_key.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class OneAsymmetricKey < T::Struct
+      extend T::Sig
+      const :version, OpenSSL::BN
+      const :algorithm, PrivateKeyAlgorithmIdentifier
+      const :private_key, PrivateKey
+      const :public_key, T.nilable(PublicKey)
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            OpenSSL::ASN1::Integer.new(version),
+            algorithm.build,
+            private_key.build
+            # public_key&.build
+          ].compact
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1/private_key.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PrivateKey < T::Struct
+      extend T::Sig
+      const :private_key, T.any(ECPrivateKey, CurvePrivateKey)
+      sig { returns(OpenSSL::ASN1::OctetString) }
+      def build
+        OpenSSL::ASN1::OctetString.new(private_key.to_der)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/private_key_algorithm_identifier.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PrivateKeyAlgorithmIdentifier < T::Struct
+      extend T::Sig
+      const :parameters, T.any(Ed25519Identifier, NamedCurve)
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(parameters.build)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/public_key.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class PublicKey < T::Struct
+      extend T::Sig
+      const :public_key, String
+      sig { returns(OpenSSL::ASN1::BitString) }
+      def build
+        OpenSSL::ASN1::BitString.new(public_key)
+      end
+    end
+  end
+end

data/lib/paseto/asn1/subject_public_key_info.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    class SubjectPublicKeyInfo < T::Struct
+      extend T::Sig
+      const :algorithm_identifier, AlgorithmIdentifier
+      const :public_key, PublicKey
+      sig { returns(OpenSSL::ASN1::Sequence) }
+      def build
+        OpenSSL::ASN1::Sequence.new(
+          [
+            algorithm_identifier.build,
+            public_key.build
+          ]
+        )
+      end
+      sig { returns(String) }
+      def to_der
+        build.to_der
+      end
+    end
+  end
+end

data/lib/paseto/asn1.rb ADDED Viewed

@@ -0,0 +1,101 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module ASN1
+    # References:
+    #   https://www.rfc-editor.org/rfc/rfc5208  PKCS #8: Private-Key Information Syntax Specification Version 1.2
+    #   https://www.rfc-editor.org/rfc/rfc5480  Elliptic Curve Cryptography Subject Public Key Information
+    #   https://www.rfc-editor.org/rfc/rfc5915  Elliptic Curve Private Key Structure
+    #   https://www.rfc-editor.org/rfc/rfc5958  Asymmetric Key Packages (obsoletes PKCS#8)
+    #   https://www.rfc-editor.org/rfc/rfc8018  PKCS #5: Password-Based Cryptography Specification Version 2.1
+    #   https://www.secg.org/sec1-v2.pdf
+    extend T::Sig
+    sig { params(bytes: String).returns(String) }
+    def self.p384_scalar_bytes_to_oak_der(bytes)
+      OneAsymmetricKey.new(
+        version: OpenSSL::BN.new(1),
+        algorithm: PrivateKeyAlgorithmIdentifier.new(
+          parameters: NamedCurve.new(curve_name: 'secp384r1')
+        ),
+        private_key: PrivateKey.new(
+          private_key: ECPrivateKey.new(
+            private_key: bytes
+          )
+        )
+      ).to_der
+    end
+    sig { params(bytes: String).returns(String) }
+    def self.p384_public_bytes_to_spki_der(bytes)
+      SubjectPublicKeyInfo.new(
+        algorithm_identifier: AlgorithmIdentifier.new(
+          algorithm: NamedCurve.new(curve_name: 'secp384r1')
+        ),
+        public_key: PublicKey.new(
+          public_key: bytes
+        )
+      ).to_der
+    end
+    # RbNaCl::SigningKey.keypair_bytes returns the 32-byte private scalar and group element
+    # as (s || g), so we repack that into an ASN1 structure and then Base64 the resulting DER
+    # to get a PEM.
+    sig { params(bytes: String).returns(String) }
+    def self.ed25519_rs_to_oak_der(bytes)
+      OneAsymmetricKey.new(
+        version: OpenSSL::BN.new(0),
+        algorithm: PrivateKeyAlgorithmIdentifier.new(
+          parameters: Ed25519Identifier.new
+        ),
+        private_key: PrivateKey.new(
+          private_key: CurvePrivateKey.new(
+            private_key: T.must(bytes.byteslice(0, 32))
+          )
+        )
+      ).to_der
+    end
+    sig { params(bytes: String).returns(String) }
+    def self.ed25519_rs_to_oak_pem(bytes)
+      der_to_private_pem(ed25519_rs_to_oak_der(bytes))
+    end
+    sig { params(verify_key: String).returns(String) }
+    def self.ed25519_pubkey_nacl_to_der(verify_key)
+      OpenSSL::ASN1::Sequence.new(
+        [
+          OpenSSL::ASN1::Sequence.new(
+            [OpenSSL::ASN1::ObjectId.new('ED25519')]
+          ),
+          OpenSSL::ASN1::BitString.new(verify_key)
+        ]
+      ).to_der
+    end
+    sig { params(verify_key: String).returns(String) }
+    def self.ed25519_pubkey_nacl_to_pem(verify_key)
+      der_to_public_pem(ed25519_pubkey_nacl_to_der(verify_key))
+    end
+    sig { params(der: String).returns(String) }
+    def self.der_to_public_pem(der)
+      <<~PEM
+        -----BEGIN PUBLIC KEY-----
+        #{Base64.strict_encode64(der)}
+        -----END PUBLIC KEY-----
+      PEM
+    end
+    sig { params(der: String).returns(String) }
+    def self.der_to_private_pem(der)
+      <<~PEM
+        -----BEGIN PRIVATE KEY-----
+        #{Base64.strict_encode64(der)}
+        -----END PRIVATE KEY-----
+      PEM
+    end
+  end
+end

data/lib/paseto/asymmetric_key.rb ADDED Viewed

@@ -0,0 +1,100 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  class AsymmetricKey < Interface::Key
+    extend T::Sig
+    extend T::Helpers
+    abstract!
+    sig(:final) { override.returns(String) }
+    attr_reader :id, :paserk
+    sig(:final) { returns(String) }
+    attr_reader :pid, :public_paserk
+    sig { params(_key: T.untyped).void }
+    def initialize(_key)
+      @public_paserk = T.let("#{paserk_version}.public.#{Util.encode64(public_bytes)}".freeze, String)
+      @pid = T.let(Operations::ID.pid(self).freeze, String)
+      if private?
+        @paserk = T.let("#{paserk_version}.secret.#{Util.encode64(to_bytes)}".freeze, String)
+        @id = T.let(Operations::ID.sid(self).freeze, String)
+      else
+        @paserk = @public_paserk
+        @id = T.let(@pid, String)
+      end
+    end
+    sig { abstract.params(message: String, footer: String, implicit_assertion: String).returns(Token) }
+    def sign(message:, footer: '', implicit_assertion: ''); end
+    sig { abstract.params(token: Token, implicit_assertion: String).returns(String) }
+    def verify(token:, implicit_assertion: ''); end
+    sig { abstract.returns(String) }
+    def public_to_pem; end
+    sig { abstract.returns(String) }
+    def private_to_pem; end
+    sig { abstract.returns(T::Boolean) }
+    def private?; end
+    sig { abstract.returns(String) }
+    def public_bytes; end
+    sig { abstract.params(other: T.untyped).returns(String) }
+    def ecdh(other); end
+    sig(:final) do
+      override.params(
+        payload: T::Hash[String, T.untyped],
+        footer: String,
+        implicit_assertion: String,
+        options: T.nilable(T.any(String, Integer, Symbol, T::Boolean))
+      ).returns(String)
+    end
+    def encode!(payload, footer: '', implicit_assertion: '', **options)
+      MultiJson.dump(payload, options)
+               .then { |json| sign(message: json, footer: footer, implicit_assertion: implicit_assertion) }
+               .then(&:to_s)
+    end
+    sig(:final) do
+      override.params(
+        payload: String,
+        implicit_assertion: String,
+        options: T.nilable(T.any(Proc, String, Integer, Symbol, T::Boolean))
+      ).returns(Result)
+    end
+    def decode!(payload, implicit_assertion: '', **options)
+      token = Token.parse(payload)
+      verify(token: token, implicit_assertion: implicit_assertion)
+        .then { |json| MultiJson.load(json, **options) }
+        .then { |claims| Result.new(claims: claims, footer: token.footer) }
+    end
+    sig(:final) { override.returns(String) }
+    def pbkw_header = protocol.pbkd_secret_header
+    sig(:final) { override.returns(String) }
+    def purpose = 'public'
+    sig(:final) { returns(Interface::PKE) }
+    def pke = protocol.pke(self)
+    sig(:final) { returns(String) }
+    def sid = @sid ||= T.let(Operations::ID.sid(self), T.nilable(String))
+    sig(:final) { params(other: SymmetricKey).returns(String) }
+    def seal(other) = Paserk.seal(sealing_key: self, key: other)
+    sig(:final) { params(paserk: String).returns(SymmetricKey) }
+    def unseal(paserk) = Paserk.from_paserk(paserk: paserk, unsealing_key: self)
+  end
+end

data/lib/paseto/configuration/box.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    class Box
+      extend T::Sig
+      sig { returns(DecodeConfiguration) }
+      attr_accessor :decode
+      sig { void }
+      def initialize
+        @decode = T.let(DecodeConfiguration.new, DecodeConfiguration)
+      end
+      sig { void }
+      def reset!
+        @decode = DecodeConfiguration.new
+      end
+    end
+  end
+end

data/lib/paseto/configuration/decode_configuration.rb ADDED Viewed

@@ -0,0 +1,68 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    class DecodeConfiguration
+      extend T::Sig
+      sig { returns(Interface::Serializer) }
+      attr_accessor :footer_serializer
+      sig { returns(T::Boolean) }
+      attr_accessor :verify_exp, :verify_nbf, :verify_iat
+      sig { returns(T.any(FalseClass, String)) }
+      attr_accessor :verify_sub
+      sig { returns(T.any(FalseClass, T::Array[String])) }
+      attr_accessor :verify_aud
+      sig { returns(T.any(T::Array[T.any(String, Regexp, T.proc.params(issuer: String).returns(T::Boolean))], FalseClass)) }
+      attr_accessor :verify_iss
+      sig do
+        returns(T.any(
+                  T::Boolean,
+                  T.proc.params(jti: String).returns(T::Boolean)
+                ))
+      end
+      attr_accessor :verify_jti
+      sig { void }
+      def initialize # rubocop:disable Metrics/AbcSize
+        @footer_serializer = T.let(Serializer::OptionalJson, Interface::Serializer)
+        @verify_exp = T.let(true, T::Boolean)
+        @verify_nbf = T.let(true, T::Boolean)
+        @verify_iat = T.let(true, T::Boolean)
+        @verify_iss = T.let(false, T.any(FalseClass,
+                                         T::Array[
+                                          T.any(String, Regexp, T.proc.params(issuer: String).returns(T::Boolean))
+                                          ]))
+        @verify_aud = T.let(false, T.any(FalseClass, T::Array[String]))
+        @verify_sub = T.let(false, T.any(FalseClass, String))
+        @verify_jti = T.let(false, T.any(
+                                     T::Boolean,
+                                     T.proc.params(jti: String).returns(T::Boolean)
+                                   ))
+      end
+      sig { returns(T::Hash[Symbol, T.untyped]) }
+      def to_h
+        {
+          verify_exp: verify_exp,
+          verify_nbf: verify_nbf,
+          verify_iss: verify_iss,
+          verify_iat: verify_iat,
+          verify_jti: verify_jti,
+          verify_aud: verify_aud,
+          verify_sub: verify_sub
+        }
+      end
+    end
+  end
+end

data/lib/paseto/configuration.rb ADDED Viewed

@@ -0,0 +1,18 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Configuration
+    extend T::Sig
+    sig { params(blk: T.proc.params(config: Paseto::Configuration::Box).void).void }
+    def configure(&blk) # rubocop:disable Lint/UnusedMethodArgument
+      yield(config)
+    end
+    sig { returns(Paseto::Configuration::Box) }
+    def config
+      @config ||= T.let(Configuration::Box.new, T.nilable(Paseto::Configuration::Box))
+    end
+  end
+end

data/lib/paseto/interface/i_d.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# typed: strict
+# frozen_string_literal: true
+module Paseto
+  module Interface
+    module ID
+      extend T::Sig
+      extend T::Helpers
+      abstract!
+      sig(:final) { params(type: String, paserk: String).returns(String) }
+      def encode(type, paserk)
+        header = "#{protocol.paserk_version}.#{type}."
+        d = protocol.digest("#{header}#{paserk}", digest_size: 33)
+        "#{header}#{Util.encode64(d)}"
+      end
+      sig { abstract.returns(Interface::Version) }
+      def protocol; end
+    end
+  end
+end