RubyGems - secure_token - Versions diffs - 0.0.1 - Mend

secure_token 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1c42b95c82d58f115e0d710dae4d9d5b41f06401
+  data.tar.gz: 0ffeaf8544d0312ceca94c09d066f7e7adcac077
+SHA512:
+  metadata.gz: dbfa21e93912bc288c1ab588beced4c5954cbb2405faa8aec13e66c1fd762aff35a30a9778cd7b1e187cd5f21419c076224ba117681d1fcacdcd9c5a89d22d62
+  data.tar.gz: 7e9e4cc07258a3d2dd259c6ebb04b4cccd7b1efbbfbc59ffd600e9f34c0a7bec5e806ba9b822f408193bb5ab201a3403534687c8bf160ce6c8cb6f92ebd4d3ba

data/.gitignore ADDED

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in secure_token.gemspec
+gemspec

data/LICENSE.txt ADDED

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ivan Kasatenko
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED

@@ -0,0 +1,56 @@
+# SecureToken
+Gem that provides JWT token like solution. You can convert any hash into
+a string that is suitable for storage at the client-side. It is
+URL-safe, encrypted and digitally signed.
+## Installation
+Add this line to your application's Gemfile:
+    gem 'secure_token'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install secure_token
+## Usage
+```ruby
+    require 'secure_token'
+    data = SecureToken::SecureTokenHash.new
+    data.merge!({
+      key: 'value',
+      another: {
+        place: 1,
+        subdata: [ 4, 5, 6 ]
+      }
+    })
+    key = SecureToken::KeyPair.new('s3cret', 'service')
+    encrypted = data.to_token(key)
+    # encrypted is url-safe
+    # looks like "0qaai-mRZZY0WMJci13QST11UI80NiSc9YXb4ABW-pgauFH2wDtDpbH7Vm408BOP5xlq2jO3Srz_WqDlehi1AYP3VtFoUdtNtjuvObess0Lh35Yml1opZ2QOlJ2brwmjNxNWsEoC6JMsdzMUSuF-1JrQwvarPC5B"
+    decrypted = SecureToken::SecureTokenHash.from_token(encrypted, key)
+    # assert(decrypted == data)
+    invalid_key = SecureToken::KeyPair.new('secret', 'serv1ce')
+    not_decrypted = SecureToken::SecureTokenHash.from_token(encrypted, invalid_key)
+    # assert(not_decrypted == nil)
+```
+## Contributing
+1. Fork it ( http://github.com/skywriter/secure_token/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile ADDED

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/lib/secure_token.rb ADDED

@@ -0,0 +1,145 @@
+require 'pry'
+require 'base64'
+require 'openssl'
+require 'json'
+require 'securerandom'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/hash_with_indifferent_access'
+module SecureToken
+  class KeyPair < Struct.new(:encryption_key, :signing_key)
+    def initialize(*args)
+      super
+      freeze
+    end
+  end
+  class SecureTokenHash < HashWithIndifferentAccess
+    class << self
+      def from_token(token, key_pair)
+        decryptor = SecureTokenService::Decryptor.new(SecureTokenService::JSONSerializer.new)
+        decrypted_token = decryptor.decrypt_and_verify(token, key_pair)
+        decrypted_token ? new.merge(decrypted_token) : nil
+      end
+    end
+    def to_token(key_pair)
+      encryptor = SecureTokenService::Encryptor.new(SecureTokenService::JSONSerializer.new)
+      encryptor.encrypt_and_sign(self, key_pair)
+    end
+  end
+  module SecureTokenService
+    HASH_ALGO = 'sha256'
+    SIGNATURE_LENGTH = OpenSSL::HMAC.digest(OpenSSL::Digest.new(HASH_ALGO), 'key', 'data').size
+    CRYPT_ALGO = 'AES-128-CBC'
+    class JSONSerializer
+      def serialize(object)
+        object.to_json
+      end
+      def deserialize(data)
+        begin
+          JSON.parse(data)
+        rescue JSON::ParserError
+          nil
+        end
+      end
+    end
+    class Encryptor
+      def initialize(serializer)
+        @salt = SecureRandom.random_bytes(8)
+        @serializer = serializer
+      end
+      def encrypt_and_sign(data, key_pair)
+        serialized = @serializer.serialize(data)
+        encrypted = encrypt(serialized, key_pair.encryption_key)
+        signed = sign(encrypted, key_pair.signing_key)
+        Base64.urlsafe_encode64(signed)
+      end
+      private
+      def sign(data, key)
+        signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(HASH_ALGO), key, data)
+        "#{signature.force_encoding('ascii-8bit')}#{data.force_encoding('ascii-8bit')}"
+      end
+      def encrypt(data, key)
+        encrypter = OpenSSL::Cipher::Cipher.new CRYPT_ALGO
+        encrypter.encrypt
+        encrypter.pkcs5_keyivgen key, @salt
+        encrypted = encrypter.update data
+        encrypted << encrypter.final
+        "#{@salt}#{encrypted}"
+      end
+    end
+    class Decryptor
+      def initialize(serializer)
+        @serializer = serializer
+      end
+      def decrypt_and_verify(message, key_pair)
+        begin
+          message = Base64.urlsafe_decode64(message)
+        rescue ArgumentError
+          return nil
+        end
+        verified = verify(message, key_pair.signing_key)
+        return nil unless verified
+        begin
+          decrypted = decrypt(verified, key_pair.encryption_key).force_encoding('utf-8')
+        rescue OpenSSL::Cipher::CipherError
+          return nil
+        end
+        @serializer.deserialize(decrypted)
+      end
+      private
+      def verify(message, key)
+        signature, payload = message[0, SIGNATURE_LENGTH], message[SIGNATURE_LENGTH..-1]
+        valid_signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new(HASH_ALGO), key, payload)
+        signature == valid_signature ? payload : nil
+      end
+      def decrypt(data, key)
+        salt, data = data[0, 8], data[8..-1]
+        decrypter = OpenSSL::Cipher::Cipher.new CRYPT_ALGO
+        decrypter.decrypt
+        decrypter.pkcs5_keyivgen key, salt
+        decrypted = decrypter.update data
+        decrypted << decrypter.final
+        decrypted
+      end
+    end
+  end
+end

data/lib/secure_token/version.rb ADDED

@@ -0,0 +1,3 @@
+module SecureToken
+  VERSION = "0.0.1"
+end

data/secure_token.gemspec ADDED

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secure_token/version'
+Gem::Specification.new do |spec|
+  spec.name          = "secure_token"
+  spec.version       = SecureToken::VERSION
+  spec.authors       = ["Ivan Kasatenko"]
+  spec.email         = ["sky.31338@gmail.com"]
+  spec.summary       = %q{JWT-like solution, that enables you to store encrypted and signed Hash'es on the client side, decrypt and verify them upon retreival}
+  spec.homepage      = "https://github.com/SkyWriter/secure_token"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_runtime_dependency 'activesupport'
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+end

metadata ADDED

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: secure_token
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ivan Kasatenko
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+- sky.31338@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/secure_token.rb
+- lib/secure_token/version.rb
+- secure_token.gemspec
+homepage: https://github.com/SkyWriter/secure_token
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.1
+signing_key:
+specification_version: 4
+summary: JWT-like solution, that enables you to store encrypted and signed Hash'es
+  on the client side, decrypt and verify them upon retreival
+test_files: []