DGNum/demarches-normaliennes
11
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #3250 from betagouv/kill-libsodium

Browse source 
Refactor SignatureService to remove RbNaCl
This commit is contained in:
Pierre de La Morinerie 2019-01-03 17:56:34 +01:00 committed by GitHub
commit 24e3b92897
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -57,7 +57,6 @@ gem 'activestorage-openstack', git: 'https://github.com/fredZen/activestorage-op
gem 'pg' gem 'pg'
gem 'rbnacl-libsodium'
gem 'bcrypt' gem 'bcrypt'
gem 'rgeo-geojson' gem 'rgeo-geojson'

5
Gemfile.lock
View file

@ -463,10 +463,6 @@ GEM
rb-fsevent (0.10.3) rb-fsevent (0.10.3)
rb-inotify (0.9.10) rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2) ffi (>= 0.5.0, < 2)
rbnacl (5.0.0)
ffi
rbnacl-libsodium (1.0.16)
rbnacl (>= 3.0.1)
regexp_parser (1.3.0) regexp_parser (1.3.0)
request_store (1.4.1) request_store (1.4.1)
rack (>= 1.4) rack (>= 1.4)
@ -720,7 +716,6 @@ DEPENDENCIES
rails-controller-testing rails-controller-testing
rails-i18n rails-i18n
rake-progressbar rake-progressbar
rbnacl-libsodium
rest-client rest-client
rgeo-geojson rgeo-geojson
rspec-rails rspec-rails

18
app/services/signature_service.rb
View file

@ -1,28 +1,22 @@
class SignatureService class SignatureService
class << self class << self
def generate
RbNaCl::Util.bin2hex(RbNaCl::SigningKey.generate)
end
def verify(signature, message) def verify(signature, message)
message = Base64.urlsafe_encode64(message)
begin begin
signing_key.verify_key decoded_message = verifier.verify(signature)
.verify(RbNaCl::Util.hex2bin(signature), message) return message == decoded_message
rescue RbNaCl::BadSignatureError, RbNaCl::LengthError rescue ActiveSupport::MessageVerifier::InvalidSignature
return false return false
end end
end end
def sign(message) def sign(message)
message = Base64.urlsafe_encode64(message) verifier.generate(message)
RbNaCl::Util.bin2hex(signing_key.sign(message))
end end
private private
def signing_key def verifier
@@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(Rails.application.secrets.signing_key)) @@verifier ||= ActiveSupport::MessageVerifier.new(Rails.application.secrets.signing_key)
end end
end end
end end

20
spec/services/signature_service_spec.rb
View file

@ -3,14 +3,22 @@ require 'spec_helper'
describe SignatureService do describe SignatureService do
let(:service) { SignatureService } let(:service) { SignatureService }
let(:message) { { hello: 'World!' }.to_json } let(:message) { { hello: 'World!' }.to_json }
let(:message2) { { hello: 'World' }.to_json } let(:tampered_message) { { hello: 'Tampered' }.to_json }
it "sign and verify" do it 'sign and verify' do
signature = service.sign(message) signature = service.sign(message)
signature2 = service.sign(message2)
expect(service.verify(signature, message)).to eq(true) expect(service.verify(signature, message)).to eq(true)
expect(service.verify(signature2, message)).to eq(false) end
expect(service.verify(signature, message2)).to eq(false)
it 'fails the verification if the message changed' do
signature = service.sign(message)
expect(service.verify(signature, tampered_message)).to eq(false)
end
it 'fails the verification if the signature changed' do
other_signature = service.sign(tampered_message)
expect(service.verify(nil, message)).to eq(false)
expect(service.verify('', message)).to eq(false)
expect(service.verify(other_signature, message)).to eq(false)
end end
end end