Skip to content
This repository
Browse code

Use an options hash to specify digest/cipher algorithm and a serializ…

…er for MessageVerifier and MessageEncryptor.
  • Loading branch information...
commit 41fea0334232824d5d509a6924e8c8487d53494b 1 parent 2d30d4c
Willem van Bergen authored September 15, 2011
17  activesupport/lib/active_support/message_encryptor.rb
@@ -13,12 +13,15 @@ class MessageEncryptor
13 13
     class InvalidMessage < StandardError; end
14 14
     OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
15 15
 
16  
-    attr_accessor :serializer
17  
-
18  
-    def initialize(secret, cipher = 'aes-256-cbc', serializer = Marshal)
  16
+    def initialize(secret, options = {})
  17
+      unless options.is_a?(Hash)
  18
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to sepcify the cipher algorithm."
  19
+        options = { :cipher => options }
  20
+      end
  21
+      
19 22
       @secret = secret
20  
-      @cipher = cipher
21  
-      @serializer = serializer
  23
+      @cipher = options[:cipher] || 'aes-256-cbc'
  24
+      @serializer = options[:serializer] || Marshal
22 25
     end
23 26
 
24 27
     def encrypt(value)
@@ -30,7 +33,7 @@ def encrypt(value)
30 33
       cipher.key = @secret
31 34
       cipher.iv  = iv
32 35
 
33  
-      encrypted_data = cipher.update(serializer.dump(value))
  36
+      encrypted_data = cipher.update(@serializer.dump(value))
34 37
       encrypted_data << cipher.final
35 38
 
36 39
       [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@@ -47,7 +50,7 @@ def decrypt(encrypted_message)
47 50
       decrypted_data = cipher.update(encrypted_data)
48 51
       decrypted_data << cipher.final
49 52
 
50  
-      serializer.load(decrypted_data)
  53
+      @serializer.load(decrypted_data)
51 54
     rescue OpenSSLCipherError, TypeError
52 55
       raise InvalidMessage
53 56
     end
17  activesupport/lib/active_support/message_verifier.rb
@@ -26,12 +26,15 @@ module ActiveSupport
26 26
   class MessageVerifier
27 27
     class InvalidSignature < StandardError; end
28 28
 
29  
-    attr_accessor :serializer
30  
-    
31  
-    def initialize(secret, digest = 'SHA1', serializer = Marshal)
  29
+    def initialize(secret, options = {})
  30
+      unless options.is_a?(Hash)
  31
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to sepcify the digest algorithm."
  32
+        options = { :digest => options }
  33
+      end
  34
+
32 35
       @secret = secret
33  
-      @digest = digest
34  
-      @serializer = serializer
  36
+      @digest = options[:digest] || 'SHA1'
  37
+      @serializer = options[:serializer] || Marshal
35 38
     end
36 39
 
37 40
     def verify(signed_message)
@@ -39,14 +42,14 @@ def verify(signed_message)
39 42
 
40 43
       data, digest = signed_message.split("--")
41 44
       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
42  
-        serializer.load(ActiveSupport::Base64.decode64(data))
  45
+        @serializer.load(ActiveSupport::Base64.decode64(data))
43 46
       else
44 47
         raise InvalidSignature
45 48
       end
46 49
     end
47 50
 
48 51
     def generate(value)
49  
-      data = ActiveSupport::Base64.encode64s(serializer.dump(value))
  52
+      data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
50 53
       "#{data}--#{generate_digest(data)}"
51 54
     end
52 55
 
6  activesupport/test/message_encryptor_test.rb
@@ -52,9 +52,9 @@ def test_signed_round_tripping
52 52
   end
53 53
   
54 54
   def test_alternative_serialization_method
55  
-    @encryptor.serializer = JSONSerializer.new
56  
-    message = @encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
57  
-    assert_equal @encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
  55
+    encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64), :serializer => JSONSerializer.new)
  56
+    message = encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
  57
+    assert_equal encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
58 58
   end
59 59
 
60 60
   private
6  activesupport/test/message_verifier_test.rb
@@ -45,9 +45,9 @@ def test_tampered_data_raises
45 45
   end
46 46
   
47 47
   def test_alternative_serialization_method
48  
-    @verifier.serializer = JSONSerializer.new
49  
-    message = @verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
50  
-    assert_equal @verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
  48
+    verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!", :serializer => JSONSerializer.new)
  49
+    message = verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
  50
+    assert_equal verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
51 51
   end
52 52
 
53 53
   def assert_not_verified(message)

0 notes on commit 41fea03

Please sign in to comment.
Something went wrong with that request. Please try again.