Class: ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar

Inherits:
AbstractCookieJar show all
Includes:
SerializedCookieJars
Defined in:
lib/action_dispatch/middleware/cookies.rb

Overview

:nodoc:

Constant Summary

Constants included from SerializedCookieJars

SerializedCookieJars::MARSHAL_SIGNATURE, SerializedCookieJars::SERIALIZER

Instance Method Summary collapse

Methods inherited from AbstractCookieJar

#[], #[]=

Methods included from ChainedCookieJars

#encrypted, #permanent, #signed, #signed_or_encrypted

Constructor Details

#initialize(parent_jar) ⇒ EncryptedKeyRotatingCookieJar

Returns a new instance of EncryptedKeyRotatingCookieJar.



648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
# File 'lib/action_dispatch/middleware/cookies.rb', line 648

def initialize(parent_jar)
  super

  if request.use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, key_len)
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
  end

  request.cookies_rotations.encrypted.each do |(*secrets)|
    options = secrets.extract_options!
    @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
  end

  if upgrade_legacy_hmac_aes_cbc_cookies?
    legacy_cipher = "aes-256-cbc"
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(legacy_cipher))
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)

    @encryptor.rotate(secret, sign_secret, cipher: legacy_cipher, digest: digest, serializer: SERIALIZER)
  elsif prepare_upgrade_legacy_hmac_aes_cbc_cookies?
    future_cipher = encrypted_cookie_cipher
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(future_cipher))

    @encryptor.rotate(secret, nil, cipher: future_cipher, serializer: SERIALIZER)
  end
end