module OpenID::Nonce

Constants

DEFAULT_SKEW
TIME_FMT
TIME_STR_LEN
TIME_VALIDATOR

Public Class Methods

check_timestamp(nonce_str, allowed_skew=nil, now=nil) click to toggle source

Is the timestamp that is part of the specified nonce string within the allowed clock-skew of the current time?

# File lib/openid/store/nonce.rb, line 37
def Nonce.check_timestamp(nonce_str, allowed_skew=nil, now=nil)
  allowed_skew = skew if allowed_skew.nil?
  begin
    stamp, _ = split_nonce(nonce_str)
  rescue ArgumentError # bad timestamp
    return false
  end
  now = Time.now.to_i unless now

  # times before this are too old
  past = now - allowed_skew

  # times newer than this are too far in the future
  future = now + allowed_skew

  return (past <= stamp and stamp <= future)
end
mk_nonce(time = nil) click to toggle source

generate a nonce with the specified timestamp (defaults to now)

# File lib/openid/store/nonce.rb, line 56
def Nonce.mk_nonce(time = nil)
  salt = CryptUtil::random_string(6, @@NONCE_CHRS)
  if time.nil?
    t = Time.now.getutc
  else
    t = Time.at(time).getutc
  end
  time_str = t.strftime(TIME_FMT)
  return time_str + salt
end
skew() click to toggle source

The allowed nonce time skew in seconds. Defaults to 5 hours. Used for checking nonce validity, and by stores' cleanup methods.

# File lib/openid/store/nonce.rb, line 17
def Nonce.skew
  @skew
end
skew=(new_skew) click to toggle source
# File lib/openid/store/nonce.rb, line 21
def Nonce.skew=(new_skew)
  @skew = new_skew
end
split_nonce(nonce_str) click to toggle source

Extract timestamp from a nonce string

# File lib/openid/store/nonce.rb, line 26
def Nonce.split_nonce(nonce_str)
  timestamp_str = nonce_str[0...TIME_STR_LEN]
  raise ArgumentError if timestamp_str.size < TIME_STR_LEN
  raise ArgumentError unless timestamp_str.match(TIME_VALIDATOR)
  ts = Time.parse(timestamp_str).to_i
  raise ArgumentError if ts < 0
  return ts, nonce_str[TIME_STR_LEN..-1]
end