Browse code
Sifrovanie a desifrovanie sprav v historii
Cinan Rakosnik authored on 26/05/2013 at 22:05:29Showing 4 changed files
- app/controllers/ws_chat_controller.rb
- app/controllers/ws_roster_controller.rb
- app/libs/security.rb
- config/initializers/secret_token.rb
| ... | ... |
@@ -131,8 +131,8 @@ class WsChatController < WsController |
| 131 | 131 |
stripped_me = client.jid.strip.to_s |
| 132 | 132 |
stripped_to = Jabber::JID.new(message[:to]).strip!.to_s |
| 133 | 133 |
if can_save_conversation?(stripped_me, stripped_to, chat_id) |
| 134 |
- Rails.logger.debug ['saving send message', stripped_me] |
|
| 135 |
- History.save_message(stripped_me, stripped_me, message[:message], stripped_to, chat_id) |
|
| 134 |
+ Rails.logger.debug ['saving sent message', stripped_me] |
|
| 135 |
+ save_encrypted_message(message[:message], stripped_me, stripped_to, chat_id) |
|
| 136 | 136 |
end |
| 137 | 137 |
|
| 138 | 138 |
trigger_success message[:message] |
| ... | ... |
@@ -237,9 +237,19 @@ class WsChatController < WsController |
| 237 | 237 |
page = message[:step] |
| 238 | 238 |
per_page = 10 |
| 239 | 239 |
|
| 240 |
- trigger_failure unless find_client(me) |
|
| 240 |
+ client = find_client(me) |
|
| 241 |
+ trigger_failure unless client |
|
| 241 | 242 |
|
| 242 | 243 |
history = History.page_history(me, attendant || chat_id, page, per_page) |
| 244 |
+ |
|
| 245 |
+ credentials = User.crendentials_for_token(session[:token]) |
|
| 246 |
+ found_account = credentials.detect do |c| c['jid'] == client.jid.strip.to_s end |
|
| 247 |
+ user_pass = Security::decrypt(found_account['pass'], connection_store[:cipher_key], connection_store[:cipher_iv]) |
|
| 248 |
+ |
|
| 249 |
+ history.each do |record| |
|
| 250 |
+ record['message'] = Security::decrypt(record['message'], Security::create_key_from_pass(user_pass), Rails.application.config.aes_iv) |
|
| 251 |
+ end |
|
| 252 |
+ |
|
| 243 | 253 |
trigger_success history: history |
| 244 | 254 |
end |
| 245 | 255 |
|
| ... | ... |
@@ -251,7 +261,7 @@ class WsChatController < WsController |
| 251 | 251 |
|
| 252 | 252 |
if can_save_conversation?(stripped_me, stripped_from, chat_id) |
| 253 | 253 |
Rails.logger.debug ['saving received message', stripped_me, chat_id] |
| 254 |
- History.save_message(stripped_me, stripped_from, body, stripped_from, chat_id) |
|
| 254 |
+ save_encrypted_message(body, stripped_me, stripped_from, chat_id) |
|
| 255 | 255 |
end |
| 256 | 256 |
|
| 257 | 257 |
send_message 'app.chat.messageReceived', |
| ... | ... |
@@ -293,4 +303,12 @@ class WsChatController < WsController |
| 293 | 293 |
contact =~ /^#{kick_stripped}/
|
| 294 | 294 |
end |
| 295 | 295 |
end |
| 296 |
+ |
|
| 297 |
+ def save_encrypted_message(message, stripped_me, stripped_to, chat_id) |
|
| 298 |
+ credentials = User.crendentials_for_token(session[:token]) |
|
| 299 |
+ found_account = credentials.detect do |c| c['jid'] == stripped_me end |
|
| 300 |
+ user_pass = Security::decrypt(found_account['pass'], connection_store[:cipher_key], connection_store[:cipher_iv]) |
|
| 301 |
+ encrypted_msg = Security::encrypt(message, user_pass, Rails.application.config.aes_iv) |
|
| 302 |
+ History.save_message(stripped_me, stripped_me, encrypted_msg, stripped_to, chat_id) |
|
| 303 |
+ end |
|
| 296 | 304 |
end |
| 297 | 305 |
\ No newline at end of file |
| ... | ... |
@@ -26,8 +26,8 @@ class WsRosterController < WsController |
| 26 | 26 |
initialize_storage() |
| 27 | 27 |
|
| 28 | 28 |
cookies = env['rack.request.cookie_hash'] # TODO: nahlasit bug na websocket-rails, lebo sa neda pristupit ku `cookies' |
| 29 |
- cipher_key = cookies['key'] |
|
| 30 |
- cipher_iv = cookies['iv'] |
|
| 29 |
+ connection_store[:cipher_key] = cipher_key = cookies['key'] |
|
| 30 |
+ connection_store[:cipher_iv] = cipher_iv = cookies['iv'] |
|
| 31 | 31 |
|
| 32 | 32 |
credentials = User.crendentials_for_token(session[:token]) |
| 33 | 33 |
|
| ... | ... |
@@ -3,13 +3,13 @@ require 'bcrypt' |
| 3 | 3 |
module Security |
| 4 | 4 |
mattr_reader :cipher_iv, :cipher_key |
| 5 | 5 |
|
| 6 |
- def self.encrypt(unencrypted_message, password = nil) |
|
| 6 |
+ def self.encrypt(unencrypted_message, password = nil, iv = nil) |
|
| 7 | 7 |
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
| 8 | 8 |
cipher.encrypt() |
| 9 | 9 |
|
| 10 | 10 |
pass = password ? password : generate_token() |
| 11 |
- cipher.key = @@cipher_key = Digest::SHA1.hexdigest(pass) |
|
| 12 |
- cipher.iv = @@cipher_iv = cipher.random_iv |
|
| 11 |
+ cipher.key = @@cipher_key = create_key_from_pass(pass) |
|
| 12 |
+ cipher.iv = @@cipher_iv = iv || cipher.random_iv |
|
| 13 | 13 |
|
| 14 | 14 |
encrypted = cipher.update(unencrypted_message) |
| 15 | 15 |
encrypted << cipher.final |
| ... | ... |
@@ -42,4 +42,8 @@ module Security |
| 42 | 42 |
cookies[:key] = @@cipher_key |
| 43 | 43 |
cookies[:iv] = @@cipher_iv |
| 44 | 44 |
end |
| 45 |
+ |
|
| 46 |
+ def self.create_key_from_pass(pass) |
|
| 47 |
+ Digest::SHA1.hexdigest(pass) |
|
| 48 |
+ end |
|
| 45 | 49 |
end |
| 46 | 50 |
\ No newline at end of file |
| ... | ... |
@@ -7,8 +7,12 @@ |
| 7 | 7 |
|
| 8 | 8 |
if Rails.env == 'development' |
| 9 | 9 |
Xmpp::Application.config.secret_token = '48c49768f9ec3134de5f76e352f13bf8fd66258941sa5d489g4fhj8k4uk8499075975aaaef1c32be9d596120302e8e3f7b6200c207835463ecdbb6c1610705c2' |
| 10 |
+ Xmpp::Application.config.aes_iv = "L\x18nm\\@0Wz/\x1C\xDB.gl\xA5" |
|
| 11 |
+ |
|
| 10 | 12 |
elsif Rails.env == 'test' |
| 11 | 13 |
Xmpp::Application.config.secret_token = '48c49768f9ec3134de5f76e352f13bf8fd66252d67f6d285c1c6de8457f0499075975aaaesdjfdsaf84dasf4das89f47d44hgf7yuuy35463ecdbb6c1610705c2' |
| 14 |
+ Xmpp::Application.config.aes_iv = "\e\x90\xC6b\x1D\x96TO:\xD8\r(\xCB>\x01m" |
|
| 12 | 15 |
else |
| 13 | 16 |
Xmpp::Application.config.secret_token = '8as5dg8fd4s5f76e352f13bf8fd66289dsa41s4tyijk8uy494j4e8457f0499075975aaaef89asd4302e8e3f7b6200c207835463ecdbb6cugsadbfy31610705c2' |
| 17 |
+ Xmpp::Application.config.aes_iv = "\xDC\au\x80E\x04:\xA8\x10\xF4\x12.~o\x9F\a" |
|
| 14 | 18 |
end |