module OpenID::Nonce
Constants
- DEFAULT_SKEW
- TIME_FMT
- TIME_STR_LEN
- TIME_VALIDATOR
Public Class Methods
check_timestamp(nonce_str, allowed_skew=nil, now=nil)
click to toggle source
Is the timestamp that is part of the specified nonce string within the allowed clock-skew of the current time?
# File lib/openid/store/nonce.rb, line 37 def Nonce.check_timestamp(nonce_str, allowed_skew=nil, now=nil) allowed_skew = skew if allowed_skew.nil? begin stamp, _ = split_nonce(nonce_str) rescue ArgumentError # bad timestamp return false end now = Time.now.to_i unless now # times before this are too old past = now - allowed_skew # times newer than this are too far in the future future = now + allowed_skew return (past <= stamp and stamp <= future) end
mk_nonce(time = nil)
click to toggle source
generate a nonce with the specified timestamp (defaults to now)
# File lib/openid/store/nonce.rb, line 56 def Nonce.mk_nonce(time = nil) salt = CryptUtil::random_string(6, @@NONCE_CHRS) if time.nil? t = Time.now.getutc else t = Time.at(time).getutc end time_str = t.strftime(TIME_FMT) return time_str + salt end
skew()
click to toggle source
The allowed nonce time skew in seconds. Defaults to 5 hours. Used for checking nonce validity, and by stores' cleanup methods.
# File lib/openid/store/nonce.rb, line 17 def Nonce.skew @skew end
skew=(new_skew)
click to toggle source
# File lib/openid/store/nonce.rb, line 21 def Nonce.skew=(new_skew) @skew = new_skew end
split_nonce(nonce_str)
click to toggle source
Extract timestamp from a nonce string
# File lib/openid/store/nonce.rb, line 26 def Nonce.split_nonce(nonce_str) timestamp_str = nonce_str[0...TIME_STR_LEN] raise ArgumentError if timestamp_str.size < TIME_STR_LEN raise ArgumentError unless timestamp_str.match(TIME_VALIDATOR) ts = Time.parse(timestamp_str).to_i raise ArgumentError if ts < 0 return ts, nonce_str[TIME_STR_LEN..-1] end