Class: ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar

Inherits:
AbstractCookieJar show all
Includes:
SerializedCookieJars
Defined in:
actionpack/lib/action_dispatch/middleware/cookies.rb

Overview

:nodoc:

Constant Summary

Constants included from SerializedCookieJars

SerializedCookieJars::MARSHAL_SIGNATURE, SerializedCookieJars::SERIALIZER

Instance Method Summary collapse

Methods inherited from AbstractCookieJar

#[], #[]=

Methods included from ChainedCookieJars

#encrypted, #permanent, #signed, #signed_or_encrypted

Constructor Details

#initialize(parent_jar) ⇒ EncryptedKeyRotatingCookieJar


623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 623

def initialize(parent_jar)
  super

  if request.use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, key_len)
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
  end

  request.cookies_rotations.encrypted.each do |(*secrets)|
    options = secrets.extract_options!
    @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
  end

  if upgrade_legacy_hmac_aes_cbc_cookies?
    legacy_cipher = "aes-256-cbc"
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(legacy_cipher))
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)

    @encryptor.rotate(secret, sign_secret, cipher: legacy_cipher, digest: digest, serializer: SERIALIZER)
  elsif prepare_upgrade_legacy_hmac_aes_cbc_cookies?
    future_cipher = encrypted_cookie_cipher
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(future_cipher))

    @encryptor.rotate(secret, nil, cipher: future_cipher, serializer: SERIALIZER)
  end
end