lib/global_session/session/v1.rb in global_session-3.2.10 vs lib/global_session/session/v1.rb in global_session-3.3.0

@@ -37,10 +37,13 @@
   # Limitations of V1 include the following:
   # * Compressing the JSON usually INCREASES the size of the compressed data
   # * The sign and verify algorithms, while safe, do not comply fully with PKCS7; they rely on the
   #   OpenSSL low-level crypto API instead of using the higher-level EVP (envelope) API.
   class V1 < Abstract
+    # Pattern that matches strings that are probably a V1 session cookie.
+    HEADER = /^eN/
+
     # Utility method to decode a cookie; good for console debugging. This performs no
     # validation or security check of any sort.
     #
     # === Parameters
     # cookie(String):: well-formed global session cookie
@@ -231,19 +234,19 @@
       signature = hash.delete('s')
 
       #Check signature
       expected = canonical_digest(hash)
       signer = @directory.authorities[authority]
-      raise SecurityError, "Unknown signing authority #{authority}" unless signer
+      raise GlobalSession::InvalidSignature, "Unknown signing authority #{authority}" unless signer
       got = signer.public_decrypt(GlobalSession::Encoding::Base64Cookie.load(signature))
       unless (got == expected)
-        raise SecurityError, "Signature mismatch on global session cookie; tampering suspected"
+        raise GlobalSession::InvalidSignature, "Global session integrity failure; tampering suspected"
       end
 
       #Check trust in signing authority
       unless @directory.trusted_authority?(authority)
-        raise SecurityError, "Global sessions signed by #{authority} are not trusted"
+        raise GlobalSession::InvalidSignature, "Global sessions signed by #{authority} are not trusted"
       end
 
       #Check expiration
       unless expired_at > Time.now.utc
         raise GlobalSession::ExpiredSession, "Session expired at #{expired_at}"
@@ -264,25 +267,14 @@
       @signature = signature
       @cookie = cookie
     end
 
     def create_from_scratch # :nodoc:
-      authority_check
-
       @signed = {}
       @insecure = {}
       @created_at = Time.now.utc
       @authority = @directory.local_authority_name
       @id = RightSupport::Data::UUID.generate
       renew!
-    end
-
-    def create_invalid # :nodoc:
-      @id = nil
-      @created_at = Time.now.utc
-      @expired_at = created_at
-      @signed = {}
-      @insecure = {}
-      @authority = nil
     end
   end
 end