+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'request_error'
+
class Blob
extend DbCurrentTime
# locator_hash +A blob_signature @ timestamp
# where the timestamp is a Unix time expressed as a hexadecimal value,
# and the blob_signature is the signed locator_hash + API token + timestamp.
- #
- class InvalidSignatureError < StandardError
+ #
+ class InvalidSignatureError < RequestError
end
# Blob.sign_locator: return a signed and timestamped blob locator.
timestamp = opts[:expire]
else
timestamp = db_current_time.to_i +
- (opts[:ttl] || Rails.configuration.blob_signature_ttl)
+ (opts[:ttl] || Rails.configuration.Collections.BlobSigningTTL)
end
timestamp_hex = timestamp.to_s(16)
# => "53163cb4"
- blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_s(16)
# Generate a signature.
signature =
- generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
+ generate_signature((opts[:key] or Rails.configuration.Collections.BlobSigningKey),
blob_hash, opts[:api_token], timestamp_hex, blob_signature_ttl)
blob_locator + '+A' + signature + '@' + timestamp_hex
# Return value: true if the locator has a valid signature, false otherwise
# Arguments: signed_blob_locator, opts
#
- def self.verify_signature *args
+ def self.verify_signature(*args)
begin
- self.verify_signature! *args
+ self.verify_signature!(*args)
true
rescue Blob::InvalidSignatureError
false
if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
- blob_signature_ttl = Rails.configuration.blob_signature_ttl.to_s(16)
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_s(16)
my_signature =
- generate_signature((opts[:key] or Rails.configuration.blob_signing_key),
+ generate_signature((opts[:key] or Rails.configuration.Collections.BlobSigningKey),
blob_hash, opts[:api_token], timestamp, blob_signature_ttl)
if my_signature != given_signature