selfsdk 0.0.132 → 0.0.137

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 588e5cd4c23df24315565cc2cc3716c03479606080cd57396e543c319b2563b7
-  data.tar.gz: 1db12416f426287d711b744c4de4aa3ef99b6be93ec7bdc05cbe9c4f88267b28
+  metadata.gz: b4b5f44ffce4a1ad4c61c20b752e97173f2cc0c96091138683ddb56c2dca2f73
+  data.tar.gz: 841ad78f32bcb7434126eac7bdea3e3eb9d7abf4cc35fd41d0d243fa7f05fffa
 SHA512:
-  metadata.gz: b77bfb0b0e30b9d20b8e9592e9cf6abc92b005eba4ae375cf48b8f3881144ce80d49cedc0376e4aeac611703a2e772f25e8d1eab7bf4d81c9f21daa2f3d01c0b
-  data.tar.gz: '062289d4c389dfa3636e674cafaedd6bfd498ce269f7b2a3b30eab26ebd0ba319e4cd41fcd5d75615a61835cca348c3987d417179141b17894df3a0ad6d3ac77'
+  metadata.gz: 04f00c82b5f64dc8f23597e28fc11eee64db02deacfbeedb328d3f766048e40d3a625c3ae25b7a5a888969272883650e63ce9425d5056f2ed98f5beae1712987
+  data.tar.gz: 2dfa4e9f4e3796393adfda66d994ef39fa2de8f37b08b2274b4fcdaa1ccd752e7aafdec5f7eb80b1b4f336ecaeb74350a42464c785c5026eb82e8ffd3458761f

data/lib/client.rb

@@ -65,6 +65,22 @@ module SelfSDK
       i[:public_keys]
     end
 
+    def post(endpoint, body)
+      p HTTParty.post("#{@self_url}#{endpoint}",
+                    headers: {
+                        'Content-Type' => 'application/json',
+                        'Authorization' => "Bearer #{@jwt.auth_token}"
+                    },
+                    body: body)
+    end
+
+    def get(endpoint)
+      HTTParty.get("#{@self_url}#{endpoint}", headers: {
+          'Content-Type' => 'application/json',
+          'Authorization' => "Bearer #{@jwt.auth_token}"
+      })
+    end
+
     # Lists all public keys stored on self for the given ID
     #
     # @param id [string] identity id
@@ -86,20 +102,6 @@ module SelfSDK
       body
     end
 
-    def get(endpoint)
-      HTTParty.get("#{@self_url}#{endpoint}", headers: {
-                     'Content-Type' => 'application/json',
-                     'Authorization' => "Bearer #{@jwt.auth_token}"
-                   })
-    end
 
-    def post(endpoint, body)
-      HTTParty.post("#{@self_url}#{endpoint}",
-                    headers: {
-                      'Content-Type' => 'application/json',
-                      'Authorization' => "Bearer #{@jwt.auth_token}"
-                    },
-                    body: body)
-    end
   end
 end

data/lib/crypto.rb

@@ -0,0 +1,102 @@
+require 'self_crypto'
+
+module SelfSDK
+  class Crypto
+    def initialize(client, device, storage_folder, storage_key)
+      @client = client
+      @device = device
+      @storage_key = storage_key
+      @storage_folder = storage_folder
+
+      if File.exist?('account.pickle')
+        # 1a) if alice's account file exists load the pickle from the file
+        @account = SelfCrypto::Account.from_pickle(File.read('account.pickle'), @storage_key)
+      else
+        # 1b-i) if create a new account for alice if one doesn't exist already
+        @account = SelfCrypto::Account.from_seed(@client.jwt.key)
+
+        # 1b-ii) generate some keys for alice and publish them
+        @account.gen_otk(100)
+
+        # 1b-iii) convert those keys to json
+        keys = @account.otk['curve25519'].map{|k,v| {id: k, key: v}}.to_json
+
+        # 1b-iv) post those keys to POST /v1/identities/<selfid>/devices/1/pre_keys/
+        @client.post("/v1/apps/#{@client.jwt.id}/devices/#{@device}/pre_keys", keys)
+
+        # 1b-v) store the account to a file
+        File.write('account.pickle', @account.to_pickle(storage_key))
+      end
+    end
+
+    def encrypt(message, recipient, recipient_device)
+      session_file_name = "#{recipient}:#{recipient_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 2a) if bob's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 2b-i) if you have not previously sent or recevied a message to/from bob,
+        #       you must get his identity key from GET /v1/identities/bob/
+        ed25519_identity_key = @client.public_keys(recipient).first[:key]
+
+        # 2b-ii) get a one time key for bob
+        res = @client.get("/v1/identities/#{recipient}/devices/#{recipient_device}/pre_keys")
+
+        if res.code != 200
+          Selfid.logger.error "identity response : #{res.body[:message]}"
+          raise "could not get identity pre_keys"
+        end
+
+        one_time_key = JSON.parse(res.body)["key"]
+
+        # 2b-iii) convert bobs ed25519 identity key to a curve25519 key
+        curve25519_identity_key = SelfCrypto::Util.ed25519_pk_to_curve25519(ed25519_identity_key)
+
+        # 2b-iv) create the session with bob
+        session_with_bob = @account.outbound_session(curve25519_identity_key, one_time_key)
+
+        # 2b-v) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 3) create a group session and set the identity of the account youre using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 4) add all recipients and their sessions
+      gs.add_participant("#{recipient}:#{recipient_device}", session_with_bob)
+
+      # 5) encrypt a message
+      gs.encrypt(message).to_s
+    end
+
+    def decrypt(message, sender, sender_device)
+      session_file_name = "#{sender}:#{sender_device}-session.pickle"
+
+      if File.exist?(session_file_name)
+        # 7a) if carol's session file exists load the pickle from the file
+        session_with_bob = SelfCrypto::Session.from_pickle(File.read(session_file_name), @storage_key)
+      else
+        # 7b-i) if you have not previously sent or received a message to/from bob,
+        #       you should extract the initial message from the group message intended
+        #       for your account id.
+        m = SelfCrypto::GroupMessage.new(message.to_s).get_message("#{@client.jwt.id}:#{@device}")
+
+        # 7b-ii) use the initial message to create a session for bob or carol
+        session_with_bob = @account.inbound_session(m)
+
+        # 7b-iii) store the session to a file
+        File.write(session_file_name, session_with_bob.to_pickle(@storage_key))
+      end
+
+      # 8) create a group session and set the identity of the account you're using
+      gs = SelfCrypto::GroupSession.new("#{@client.jwt.id}:#{@device}")
+
+      # 9) add all recipients and their sessions
+      gs.add_participant("#{sender}:#{sender_device}", session_with_bob)
+
+      # 10) decrypt the message ciphertext
+      gs.decrypt("#{sender}:#{sender_device}", message).to_s
+    end
+  end
+end

data/lib/messages/authentication_req.rb

@@ -44,7 +44,7 @@ module SelfSDK
                               sender: "#{@jwt.id}:#{@messaging.device_id}",
                               id: @id,
                               recipient: "#{@to}:#{@to_device}",
-                              ciphertext: @jwt.prepare(body))
+                              ciphertext: encrypt_message(@jwt.prepare(body), @to, @to_device))
       end
 
     end

data/lib/messages/base.rb

@@ -26,6 +26,10 @@ module SelfSDK
         res
       end
 
+      def encrypt_message(message, recipient, recipient_device)
+        @messaging.encryption_client.encrypt(message, recipient, recipient_device)
+      end
+
       def unauthorized?
         status == "unauthorized"
       end

data/lib/messages/fact_request.rb

@@ -93,19 +93,20 @@ module SelfSDK
                   end
         @to_device = devices.first
 
-        recipient = if @intermediary.nil?
-                      "#{@to}:#{@to_device}"
-                    else
-                      "#{@intermediary}:#{@to_device}"
-                    end
+        if @intermediary.nil?
+          recipient = "#{@to}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @to, @to_device)
+        else
+          recipient = "#{@intermediary}:#{@to_device}"
+          ciphertext = encrypt_message(@jwt.prepare(body), @intermediary, @to_device)
+        end
 
         Msgproto::Message.new(
           type: Msgproto::MsgType::MSG,
           id: @id,
           sender: "#{@jwt.id}:#{@messaging.device_id}",
           recipient: recipient,
-          ciphertext: @jwt.prepare(body),
-        )
+          ciphertext: ciphertext )
       end
     end
   end

data/lib/messages/message.rb

@@ -11,7 +11,8 @@ module SelfSDK
       body = if input.is_a? String
                input
              else
-               input.ciphertext
+               issuer = input.recipient.split(":")
+               messaging.encryption_client.decrypt(input.ciphertext, issuer.first, issuer.last)
              end
 
       jwt = JSON.parse(body, symbolize_names: true)

data/lib/messaging.rb

@@ -4,6 +4,7 @@ require 'json'
 require 'monitor'
 require 'faye/websocket'
 require 'fileutils'
+require_relative 'crypto'
 require_relative 'messages/message'
 require_relative 'proto/auth_pb'
 require_relative 'proto/message_pb'
@@ -18,16 +19,18 @@ module SelfSDK
     DEFAULT_STORAGE_DIR="./.self_storage"
     ON_DEMAND_CLOSE_CODE=3999
 
-    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer, :encryption_client
 
     # RestClient initializer
     #
     # @param url [string] self-messaging url
     # @params client [Object] SelfSDK::Client object
     # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @params storage_key [String] seed to encrypt messaging
+    # @params storage_folder [String] folder to perist messaging encryption
     # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
     # @option opts [String] :device_id The device id to be used by the app defaults to "1".
-    def initialize(url, client, options = {})
+    def initialize(url, client, storage_key, storage_folder, options = {})
       @mon = Monitor.new
       @url = url
       @messages = {}
@@ -45,6 +48,9 @@ module SelfSDK
       @offset = read_offset
 
       FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
+      unless options.include? :no_crypto
+        @encryption_client = Crypto.new(@client, @device_id, storage_folder, storage_key)
+      end
 
       if options.include? :ws
         @ws = options[:ws]
@@ -367,6 +373,8 @@ module SelfSDK
 
     def process_incomming_message(input)
       message = SelfSDK::Messages.parse(input, self)
+      @offset = input.offset
+      write_offset(@offset)
 
       if @messages.include? message.id
         message.validate! @messages[message.id][:original_message]
@@ -378,8 +386,6 @@ module SelfSDK
         notify_observer(message)
       end
 
-      @offset = input.offset
-      write_offset(@offset)
     rescue StandardError => e
       p "Error processing incoming message #{input.to_json}"
       SelfSDK.logger.info e
@@ -434,6 +440,7 @@ module SelfSDK
 
     def write_offset(offset)
       File.open(@offset_file, 'wb') do |f|
+        f.flock(File::LOCK_EX)
         f.write([offset].pack('q'))
       end
     end

data/lib/selfsdk.rb

@@ -53,6 +53,7 @@ module SelfSDK
       unless messaging_url.nil?
         @messaging_client = MessagingClient.new(messaging_url,
                                                 @client,
+                                                storage_key,
                                                 storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
                                                 auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
                                                 device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))
@@ -61,12 +62,12 @@ module SelfSDK
 
     # Provides access to SelfSDK::Services::Facts service
     def facts
-      @facts ||= SelfSDK::Services::Facts.new(@messaging_client, @client)
+      @facts ||= SelfSDK::Services::Facts.new(messaging, @client)
     end
 
     # Provides access to SelfSDK::Services::Authentication service
     def authentication
-      @authentication ||= SelfSDK::Services::Authentication.new(@messaging_client, @client)
+      @authentication ||= SelfSDK::Services::Authentication.new(messaging, @client)
     end
 
     # Provides access to SelfSDK::Services::Identity service

data/lib/services/auth.rb

@@ -15,7 +15,8 @@ module SelfSDK
       #
       # @return [SelfSDK::Services::Authentication] authentication service.
       def initialize(messaging, client)
-        @messaging = messaging
+        @messaging = messaging.client
+        @messaging_service = messaging
         @client = client
       end
 
@@ -38,6 +39,7 @@ module SelfSDK
       #  @return [String, String] conversation id or encoded body.
       def request(selfid, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
+        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
 
         req = SelfSDK::Messages::AuthenticationReq.new(@messaging)
         req.populate(selfid, opts)
@@ -82,11 +84,11 @@ module SelfSDK
         body = @client.jwt.encode(request(selfid, opts))
 
         if @client.env.empty?
-          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app"
+          return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app"
         elsif @client.env == 'development'
-          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.dev"
+          return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.dev"
         end
-        "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.#{@client.env}"
+        "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.#{@client.env}"
       end
 
       # Adds an observer for an authentication response

data/lib/services/facts.rb

@@ -17,7 +17,8 @@ module SelfSDK
       #
       # @return [SelfSDK::Services::Facts] facts service.
       def initialize(messaging, client)
-        @messaging = messaging
+        @messaging = messaging.client
+        @messaging_service = messaging
         @client = client
       end
 
@@ -40,6 +41,7 @@ module SelfSDK
       #  @return [Object] SelfSDK:::Messages::FactRequest
       def request(selfid, facts, opts = {}, &block)
         SelfSDK.logger.info "authenticating #{selfid}"
+        raise "You're not permitting connections from #{selfid}" unless @messaging_service.is_permitted?(selfid)
 
         req = SelfSDK::Messages::FactRequest.new(@messaging)
         req.populate(selfid, prepare_facts(facts), opts)
@@ -108,11 +110,11 @@ module SelfSDK
         body = @client.jwt.encode(request(selfid, facts, opts))
 
         if @client.env.empty?
-          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app"
+          return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app"
         elsif @client.env == 'development'
-          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.dev"
+          return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.dev"
         end
-        "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.#{@client.env}"
+        "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.#{@client.env}"
       end
 
       private

data/lib/services/messaging.rb

@@ -44,6 +44,15 @@ module SelfSDK
         acl.list
       end
 
+      # Checks if you're permitting messages from a specific self identifier
+      # @return [Boolean] yes|no
+      def is_permitted?(id)
+        conns = allowed_connections
+        return true if conns.include? "*"
+        return true if conns.include? id
+        return false
+      end
+
       # Revokes incoming messages from the given identity.
       #
       # @param [String] selfid to be denied

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: selfsdk
 version: !ruby/object:Gem::Version
-  version: 0.0.132
+  version: 0.0.137
 platform: ruby
 authors:
 - Aldgate Ventures
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2011-09-29 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: self_crypto
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: async
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +313,7 @@ files:
 - lib/acl.rb
 - lib/authenticated.rb
 - lib/client.rb
+- lib/crypto.rb
 - lib/jwt_service.rb
 - lib/log.rb
 - lib/messages/attestation.rb