aadhaar_auth 0.0.1

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aadhaar_auth.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Manish Kasera
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 manishk
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,62 @@
+# AadhaarAuth
+
+Aadhaar Auth API v.1.6 ruby port
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'aadhaar_auth'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install aadhaar_auth
+
+## Usage
+```ruby
+c = AadhaarAuth::Client.new(:aadhaar_no => '999999990019', :name => 'Shivshankar Choudhury')
+c.valid? #true/false
+```
+there is also a verbose mode which prints the request/response on STDOUT
+```ruby
+c.verbose = true
+```
+## Configuration
+
+By default test credentials are used, if you want to deploy it to production, use the confugurator as below
+
+options available
+* api_version
+* asa_licence_key
+* public_certificate_path
+* digital_signature_path
+* digital_signature_pwd
+* ac
+* lk
+* sa
+* tid
+* udc
+
+set them as
+```ruby
+AadhaarAuth::Config.asa_licence_key = "hfjsfdGJgGJghJGHJGJGHGFBJIG"
+AadhaarAuth::Config.public_certificate_path = "/tmp/Auth_Staging.cer"
+AadhaarAuth::Config.digital_signature_path = "/tmp/public-may2012.p12"
+```
+
+## API Doc
+Aadhaar api documentation is available [here](https://developer.uidai.gov.in/site/book/export/html/18)
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/aadhaar_auth/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/aadhaar_auth.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aadhaar_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "aadhaar_auth"
+  spec.version       = AadhaarAuth::VERSION
+  spec.authors       = ["Manish Kasera"]
+  spec.email         = ["manishgkasera@gmail.com"]
+  spec.summary       = %q{Aadhaar auth api: ruby port}
+  spec.description   = %q{Aadhaar auth api v1.6: ruby port}
+  spec.homepage = 'https://github.com/manishgkasera/aadhaar_auth'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+
+  spec.add_runtime_dependency "xmldsig", "0.2.8"
+  spec.add_runtime_dependency "nokogiri", ">= 1.5.2"
+  spec.add_runtime_dependency "curb", ">= 0.8.6"
+end

data/keys/Auth_Staging.cer

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIECmnOfzANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJJ
+TjESMBAGA1UECBMJS0FSTkFUQUtBMRIwEAYDVQQHEwlCYW5nYWxvcmUxDjAMBgNV
+BAoTBVVJREFJMRQwEgYDVQQLEwtUZWNoIENlbnRlcjEZMBcGA1UEAxMQQXV0aCBU
+ZXN0IFNlcnZlcjAeFw0xMTA5MjIwMDAwMDBaFw0xNTA5MjIwMDAwMDBaMHYxCzAJ
+BgNVBAYTAklOMRIwEAYDVQQIEwlLQVJOQVRBS0ExEjAQBgNVBAcTCUJhbmdhbG9y
+ZTEOMAwGA1UEChMFVUlEQUkxFDASBgNVBAsTC1RlY2ggQ2VudGVyMRkwFwYDVQQD
+ExBBdXRoIFRlc3QgU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAxgVhHZZwTbiBMbu6zPzpNRfVp7ldubZvqPuKWT77UhR8pUUiBW7f19P+Ox6E
+r6K6F/hoMWzz2k8geVEqFoRbVUVTfxxoxBkisQ82WCpbG0KkPNGyZ9i/56Aslq/b
+wfSbyH6rfpAqLjFu9BXw4W+SY1zTKIjkxCjTh4FbqgzpFkGVlV3Al98ODrlS7uuy
+X+qeqjvDZ3HQ+MzejrbNn6TQRBLaaqCVlkSzrzejXyEqaqliwVOVqNI3YPde7Mjl
+4p6yGJ9T5Z4SGXSQXXP542kbxblcWn+inQvEmLCs3na841KflFRnFcMw27NDH1KQ
+L8IZZByu56KE6BOIidcqoFF2aQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBaAwDQYJ
+KoZIhvcNAQEFBQADggEBAIFZ3r5wdZoKb8EOoP/hDnGotyxXJYgmUSmx4PNUPj0W
+78eV4PTC8f9DPL2/DJUM7fvfsrO1M3R6fiTB+umrphEX9a6yX6K66KSWd8yaGouO
+tX+ExkUNkEzmlS1ktKnhdSVwi0fkt8LBMjposZcz/0cPpjNFUyAyeyvSYbD2HusE
+sbuMzHnSTFia5P5d32LtqD9tK7L3fS5d7NXa4Aod36JECqbKYyWInnWs3R3jFtKW
+PGIA/V82oDQTvg9ey4fAvBrAUKfO3/UxF844k9cfCo1xrNxWv37wFuzuYbjA9w6Y
+xiYWElRfRaEwChu+/2A2jYJ76lAOvbAyfILYNTtditM=
+-----END CERTIFICATE-----

data/lib/aadhaar_auth.rb

@@ -0,0 +1,9 @@
+require 'openssl'
+require 'base64'
+require "aadhaar_auth/version"
+require "aadhaar_auth/config"
+require "aadhaar_auth/client"
+
+module AadhaarAuth
+  # Your code goes here...
+end

data/lib/aadhaar_auth/client.rb

@@ -0,0 +1,135 @@
+require 'curb'
+require 'aadhaar_auth/encrypter'
+require 'aadhaar_auth/digital_signer'
+
+module AadhaarAuth
+  class Client
+    attr_accessor :verbose
+    attr_reader :aadhaar_no, :name, :email, :phone, :gender, :time,
+             :encrypter, :digital_signer, :raw_response, :error_code
+
+    def initialize(person_data)
+      @aadhaar_no = person_data[:aadhaar_no].to_s
+      @name = person_data[:name]
+      @email = person_data[:email]
+      @phone = person_data[:phone]
+      @gender = person_data[:gender]
+      @time = Time.now
+      @encrypter = Encrypter.new
+      @digital_signer = DigitalSigner.new
+      @raw_response = nil
+    end
+
+    def valid?
+      # should be exactly 12 digits
+      if aadhaar_no !~ /^\d{12}$/
+        return(false)
+      end
+
+      @raw_response = Curl::Easy.http_post(url, raw_request).body_str
+
+      if verbose
+        puts "URL: \n#{url}"
+        puts "PID XML: \n#{pid_block()}"
+        puts "Signed request: \n#{raw_request}"
+        puts "Response: \n#{@raw_response}"
+      end
+
+      digital_signer.verify_signature(@raw_response) if Config.verify_response_signature
+
+      auth_res = Nokogiri::XML(@raw_response).children.find{|c| c.name == 'AuthRes'}
+      @error_code = auth_res.attributes['err'] ? auth_res.attributes['err'].value : nil
+
+      ret = auth_res.attributes['ret'] ? auth_res.attributes['ret'].value : nil
+      if ret && ret != ''
+        return ret == 'y'
+      end
+
+      raise ResponseError.new(["Error :#{@error_code}", pid_block, raw_request, @raw_response].join("\n\n"))
+    end
+
+    def url
+      @url ||= url = "http://auth.uidai.gov.in/#{Config.api_version}/public/#{aadhaar_no[0]}/#{aadhaar_no[1]}/#{Config.asa_licence_key}"
+    end
+
+    def raw_request
+      @raw_request ||= digital_signer.sign(req_xml)
+    end
+
+    def req_xml
+      nok = Nokogiri::XML::Builder.new(:encoding => 'UTF-8') do |x|
+        x.Auth(
+                'uid' => aadhaar_no,
+                'ac' => Config.ac,
+                'lk' => Config.lk,
+                'sa'=> Config.sa,
+                'tid'=> Config.tid,
+                'txn'=>"AuthDemoClient:public:#{time.to_i}",
+                'ver'=> Config.api_version,
+                'xmlns:ds'=>"http://www.w3.org/2000/09/xmldsig#",
+                'xmlns'=>"http://www.uidai.gov.in/authentication/uid-auth-request/1.0") do
+          x.Uses('bio'=>'n', 'otp'=>"n", 'pa'=>"n", 'pfa'=>"n", 'pi'=>"y", 'pin'=>"n")
+          x.Meta('fdc'=>"NA", 'idc'=>"NA", 'lot'=>"P", 'lov' => "560094", 'pip' => "NA", 'udc'=> Config.udc)
+          x.Skey('ci'=> skey_ci) do
+            x.text(encrypter.encrypted_session_key)
+          end
+          x.Data('type' => "X") do
+            x.text(encrypted_data)
+          end
+          x.Hmac(encrypter.calculate_hmac(pid_block))
+          x['ds'].Signature do
+            x['ds'].SignedInfo do
+              x['ds'].CanonicalizationMethod('Algorithm' => "http://www.w3.org/2001/10/xml-exc-c14n#")
+              x['ds'].SignatureMethod('Algorithm' => "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")
+              x['ds'].Reference('URI' => "") do
+                x['ds'].Transforms do
+                  x['ds'].Transform('Algorithm'=>"http://www.w3.org/2000/09/xmldsig#enveloped-signature")
+                end
+                x['ds'].DigestMethod('Algorithm'=>"http://www.w3.org/2001/04/xmlenc#sha256")
+                x['ds'].DigestValue('')
+              end
+            end
+            x['ds'].SignatureValue('')
+            x['ds'].KeyInfo do
+              x['ds'].X509Data do
+                x['ds'].X509SubjectName(DigitalSigner.private_key_cert.subject.to_s)
+                x['ds'].X509Certificate(DigitalSigner.private_key_cert_val)
+              end
+            end
+          end
+        end
+      end
+      nok.to_xml
+    end
+
+    def pid_block
+      @pid_block ||= begin
+        xml = Nokogiri::XML('<?xml version="1.0" encoding="UTF-8" standalone="yes"?>')
+        Nokogiri::XML::Builder.with(xml) do |x|
+          x.Pid('ts' => time.strftime("%Y-%m-%dT%H:%M:%S"), 'xmlns:ns2' => 'http://www.uidai.gov.in/authentication/uid-auth-request-data/1.0') do
+            x.parent.namespace = x.parent.namespace_definitions.find{|ns| ns.prefix == "ns2"}
+            x.Demo do
+              info = {'ms' => "E", 'mv' => "100", 'name' => name}
+              info.merge!('gender' => gender) if gender
+              info.merge!('phone' => phone) if phone
+              info.merge!('email' => email) if email
+              x.Pi(info)
+            end
+          end
+        end.to_xml
+      end
+    end
+
+    def encrypted_data
+      @encrypted_data ||= begin
+        Base64.encode64(encrypter.encrypt_using_session_key(pid_block))
+      end
+    end
+
+    def skey_ci
+      encrypter.public_cert.not_after.strftime('%Y%m%d')
+    end
+
+    class ResponseError < Exception; end
+  end
+end

data/lib/aadhaar_auth/config.rb

@@ -0,0 +1,32 @@
+module AadhaarAuth
+  class Config
+    class << self
+      attr_accessor :api_version,
+                    :asa_licence_key,
+                    :public_certificate_path,
+                    :digital_signature_path,
+                    :digital_signature_pwd,
+                    :ac, :lk, :sa, :tid, :udc,
+                    :verify_response_signature
+
+
+    end
+
+    Config.api_version = '1.6'
+    Config.asa_licence_key = 'MLTbKYcsgYMq1zgL3WMZYrnyvsarlljxpom2A-QTPc0Zud23shpnqPk'
+    Config.lk = 'MKHmkuz-MgLYvA54PbwZdo9eC3D5y7SVozWwpNgEPysVqLs_aJgAVOI'
+
+    keys_path = File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'keys'))
+    Config.public_certificate_path = File.join(keys_path, 'Auth_Staging.cer')
+
+    Config.digital_signature_path = File.join(keys_path, 'public-may2012.p12')
+    Config.digital_signature_pwd = 'public'
+
+    Config.verify_response_signature = true
+
+    Config.ac = 'public'
+    Config.sa = 'public'
+    Config.tid = 'public'
+    Config.udc = '1122'
+  end
+end

data/lib/aadhaar_auth/digital_signer.rb

@@ -0,0 +1,36 @@
+require 'xmldsig'
+
+module AadhaarAuth
+  class DigitalSigner
+
+    def sign(xml)
+      Xmldsig::SignedDocument.new(xml).sign(self.class.private_key)
+    end
+
+    def verify_signature(xml)
+      if !Xmldsig::SignedDocument.new(xml).validate(Encrypter.public_cert)
+        raise InvalidSignature.new("Invalid response signature")
+      end
+    end
+
+    class << self
+      def pkcs12
+        @pkcs12 ||= OpenSSL::PKCS12.new(File.read(Config.digital_signature_path), Config.digital_signature_pwd)
+      end
+
+      def private_key
+        @private_key ||= OpenSSL::PKey::RSA.new(pkcs12.key.to_s)
+      end
+
+      def private_key_cert
+        @private_key_cert ||= OpenSSL::X509::Certificate.new(pkcs12.certificate.to_s)
+      end
+
+      def private_key_cert_val
+        @private_key_cert_val ||= private_key_cert.to_s.sub(/^-----BEGIN CERTIFICATE-----\n/, '').sub(/-----END CERTIFICATE-----\n$/, '')
+      end
+    end
+
+    class InvalidSignature < Exception; end
+  end
+end

data/lib/aadhaar_auth/encrypter.rb

@@ -0,0 +1,41 @@
+module AadhaarAuth
+  class Encrypter
+    ENC_ALGO = 'AES-256-ECB'
+
+    def session_key
+      @session_key ||= begin
+        aes = OpenSSL::Cipher.new(ENC_ALGO)
+        aes.encrypt
+        aes.random_key
+      end
+    end
+
+    def encrypted_session_key
+      @encrypted_session_key ||= begin
+        public_key = public_cert.public_key
+        Base64.encode64(public_key.public_encrypt(session_key))
+      end
+    end
+
+    def encrypt_using_session_key(data)
+      aes = OpenSSL::Cipher.new(ENC_ALGO)
+      aes.encrypt
+      aes.key = session_key
+      (aes.update(data) + aes.final)
+    end
+
+    def calculate_hmac(data)
+      Base64.encode64(encrypt_using_session_key(Digest::SHA256.digest(data)))
+    end
+
+    def public_cert
+      self.class.public_cert
+    end
+
+    class << self
+      def public_cert
+        @public_cert ||= OpenSSL::X509::Certificate.new(File.read(Config.public_certificate_path))
+      end
+    end
+  end
+end

data/lib/aadhaar_auth/version.rb

@@ -0,0 +1,3 @@
+module AadhaarAuth
+  VERSION = "0.0.1"
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification 
+name: aadhaar_auth
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Manish Kasera
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2015-05-22 00:00:00 +05:30
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 1
+        - 7
+        version: "1.7"
+  prerelease: false
+  type: :development
+  requirement: *id001
+  name: bundler
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 35
+        segments: 
+        - 10
+        - 0
+        version: "10.0"
+  prerelease: false
+  type: :development
+  requirement: *id002
+  name: rake
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 0
+        - 2
+        - 8
+        version: 0.2.8
+  prerelease: false
+  type: :runtime
+  requirement: *id003
+  name: xmldsig
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 5
+        - 2
+        version: 1.5.2
+  prerelease: false
+  type: :runtime
+  requirement: *id004
+  name: nokogiri
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 51
+        segments: 
+        - 0
+        - 8
+        - 6
+        version: 0.8.6
+  prerelease: false
+  type: :runtime
+  requirement: *id005
+  name: curb
+description: "Aadhaar auth api v1.6: ruby port"
+email: 
+- manishgkasera@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- LICENSE
+- LICENSE.txt
+- README.md
+- Rakefile
+- aadhaar_auth.gemspec
+- keys/Auth_Staging.cer
+- keys/public-may2012.p12
+- lib/aadhaar_auth.rb
+- lib/aadhaar_auth/client.rb
+- lib/aadhaar_auth/config.rb
+- lib/aadhaar_auth/digital_signer.rb
+- lib/aadhaar_auth/encrypter.rb
+- lib/aadhaar_auth/version.rb
+has_rdoc: true
+homepage: https://github.com/manishgkasera/aadhaar_auth
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: "Aadhaar auth api: ruby port"
+test_files: []
+