blob: 25c050820d6c50ede056c2903129d03b16c110eb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# frozen_string_literal: true
module TokenAuthenticatableStrategies
class EncryptionHelper
DYNAMIC_NONCE_IDENTIFIER = "|"
NONCE_SIZE = 12
def self.encrypt_token(plaintext_token)
Gitlab::CryptoHelper.aes256_gcm_encrypt(plaintext_token)
end
def self.decrypt_token(token)
return unless token
# The pattern of the token is "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv_of_12_characters}"
if token.start_with?(DYNAMIC_NONCE_IDENTIFIER) && token.size > NONCE_SIZE + DYNAMIC_NONCE_IDENTIFIER.size
token_to_decrypt = token[1...-NONCE_SIZE]
iv = token[-NONCE_SIZE..-1]
Gitlab::CryptoHelper.aes256_gcm_decrypt(token_to_decrypt, nonce: iv)
else
Gitlab::CryptoHelper.aes256_gcm_decrypt(token)
end
end
end
end
|