Class: Mpp::Challenge

Inherits:

Data

• Object
• Data
• Mpp::Challenge

Defined in:

lib/mpp/challenge.rb

Instance Attribute Summary

• #description ⇒ Object readonly

  Returns the value of attribute description.

• #digest ⇒ Object readonly

  Returns the value of attribute digest.

• #expires ⇒ Object readonly

  Returns the value of attribute expires.

• #id ⇒ Object readonly

  Returns the value of attribute id.

• #intent ⇒ Object readonly

  Returns the value of attribute intent.

• #method ⇒ Object readonly

  Returns the value of attribute method.

• #opaque ⇒ Object readonly

  Returns the value of attribute opaque.

• #realm ⇒ Object readonly

  Returns the value of attribute realm.

• #request ⇒ Object readonly

  Returns the value of attribute request.

• #request_b64 ⇒ Object readonly

  Returns the value of attribute request_b64.

Class Method Summary

• .create(secret_key:, realm:, method:, intent:, request:, expires: nil, digest: nil, description: nil, meta: nil) ⇒ Object

  Create a Challenge with an HMAC-bound ID.

• .from_www_authenticate(header) ⇒ Object

  Parse a Challenge from a WWW-Authenticate header value.

• .from_www_authenticate_list(header) ⇒ Object

  Parse multiple Payment challenges from a merged WWW-Authenticate header.

Instance Method Summary

• #initialize(id:, method:, intent:, request:, realm: "", request_b64: "", digest: nil, expires: nil, description: nil, opaque: nil) ⇒ Challenge constructor

  A new instance of Challenge.

• #to_echo ⇒ Object

  Create a ChallengeEcho for use in credentials.

• #to_www_authenticate(realm) ⇒ Object

  Serialize to a WWW-Authenticate header value.

• #verify(secret_key, realm) ⇒ Object

  Verify the challenge ID matches the expected HMAC.

Constructor Details

#initialize(id:, method:, intent:, request:, realm: "", request_b64: "", digest: nil, expires: nil, description: nil, opaque: nil) ⇒ Challenge

Returns a new instance of Challenge.

# File 'lib/mpp/challenge.rb', line 21

def initialize(id:, method:, intent:, request:, realm: "", request_b64: "", digest: nil, expires: nil,
  description: nil, opaque: nil)
  super
end

Instance Attribute Details

#description ⇒ Object (readonly)

Returns the value of attribute description

Returns:

• (Object) —

  the current value of description

# File 'lib/mpp/challenge.rb', line 9

def description
  @description
end

#digest ⇒ Object (readonly)

Returns the value of attribute digest

Returns:

• (Object) —

  the current value of digest

# File 'lib/mpp/challenge.rb', line 9

def digest
  @digest
end

#expires ⇒ Object (readonly)

Returns the value of attribute expires

Returns:

• (Object) —

  the current value of expires

# File 'lib/mpp/challenge.rb', line 9

def expires
  @expires
end

#id ⇒ Object (readonly)

Returns the value of attribute id

Returns:

• (Object) —

  the current value of id

# File 'lib/mpp/challenge.rb', line 9

def id
  @id
end

#intent ⇒ Object (readonly)

Returns the value of attribute intent

Returns:

• (Object) —

  the current value of intent

# File 'lib/mpp/challenge.rb', line 9

def intent
  @intent
end

#method ⇒ Object (readonly)

Returns the value of attribute method

Returns:

• (Object) —

  the current value of method

# File 'lib/mpp/challenge.rb', line 9

def method
  @method
end

#opaque ⇒ Object (readonly)

Returns the value of attribute opaque

Returns:

• (Object) —

  the current value of opaque

# File 'lib/mpp/challenge.rb', line 9

def opaque
  @opaque
end

#realm ⇒ Object (readonly)

Returns the value of attribute realm

Returns:

• (Object) —

  the current value of realm

# File 'lib/mpp/challenge.rb', line 9

def realm
  @realm
end

#request ⇒ Object (readonly)

Returns the value of attribute request

Returns:

• (Object) —

  the current value of request

# File 'lib/mpp/challenge.rb', line 9

def request
  @request
end

#request_b64 ⇒ Object (readonly)

Returns the value of attribute request_b64

Returns:

• (Object) —

  the current value of request_b64

# File 'lib/mpp/challenge.rb', line 9

def request_b64
  @request_b64
end

Class Method Details

.create(secret_key:, realm:, method:, intent:, request:, expires: nil, digest: nil, description: nil, meta: nil) ⇒ Object

Create a Challenge with an HMAC-bound ID.

# File 'lib/mpp/challenge.rb', line 27

def self.create(secret_key:, realm:, method:, intent:, request:, expires: nil, digest: nil, description: nil,
  meta: nil)
  challenge_id = Mpp.generate_challenge_id(
    secret_key: secret_key,
    realm: realm,
    method: method,
    intent: intent,
    request: request,
    expires: expires,
    digest: digest,
    opaque: meta
  )
  request_json = Mpp::Json.compact_encode(request)
  request_b64 = Mpp.b64url_encode(request_json)

  new(
    id: challenge_id,
    method: method,
    intent: intent,
    request: request,
    realm: realm,
    request_b64: request_b64,
    digest: digest,
    expires: expires,
    description: description,
    opaque: meta
  )
end

.from_www_authenticate(header) ⇒ Object

Parse a Challenge from a WWW-Authenticate header value.

# File 'lib/mpp/challenge.rb', line 57

def self.from_www_authenticate(header)
  Mpp::Parsing.parse_www_authenticate(header)
end

.from_www_authenticate_list(header) ⇒ Object

Parse multiple Payment challenges from a merged WWW-Authenticate header. Handles RFC 9110 §11.6.1 comma-separated authentication schemes.

# File 'lib/mpp/challenge.rb', line 63

def self.from_www_authenticate_list(header)
  indices = []
  header.scan(/Payment\s+/i) { indices << T.must(Regexp.last_match).begin(0) }
  return [] if indices.empty?

  indices.each_with_index.map do |start_idx, i|
    end_idx = (i + 1 < indices.length) ? indices[i + 1] : header.length
    chunk = T.must(header[start_idx...end_idx]).sub(/,\s*$/, "")
    from_www_authenticate(chunk)
  end
end

Instance Method Details

#to_echo ⇒ Object

Create a ChallengeEcho for use in credentials.

# File 'lib/mpp/challenge.rb', line 96

def to_echo
  opaque_b64 = nil
  if opaque
    opaque_json = Mpp::Json.compact_encode(opaque)
    opaque_b64 = Mpp.b64url_encode(opaque_json)
  end

  ChallengeEcho.new(
    id: id,
    realm: realm,
    method: method,
    intent: intent,
    request: request_b64,
    expires: expires,
    digest: digest,
    opaque: opaque_b64
  )
end

#to_www_authenticate(realm) ⇒ Object

Serialize to a WWW-Authenticate header value.

# File 'lib/mpp/challenge.rb', line 76

def to_www_authenticate(realm)
  Mpp::Parsing.format_www_authenticate(self, realm)
end

#verify(secret_key, realm) ⇒ Object

Verify the challenge ID matches the expected HMAC.

# File 'lib/mpp/challenge.rb', line 81

def verify(secret_key, realm)
  expected_id = Mpp.generate_challenge_id(
    secret_key: secret_key,
    realm: realm,
    method: method,
    intent: intent,
    request: request,
    expires: expires,
    digest: digest,
    opaque: opaque
  )
  Mpp.secure_compare(id, expected_id)
end