RubyGems - blueauth - Versions diffs - 0.0.12 → 0.0.13 - Mend

blueauth 0.0.12 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/blueauth.rb +19 -8
data/lib/blueauth/certificates.rb +50 -0
data/lib/blueauth/version.rb +1 -1
metadata +4 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9ca129d26799f295938146285368b1e7fa5ae6b1
-  data.tar.gz: 573f817a1663f6958ef0a0560cb6d6440e62c513
+  metadata.gz: 42384f862714ea89a02cec943c4daa7c97e32e1f
+  data.tar.gz: 345d289fe0308256b7ee8d279f16cfa75ff64a1e
 SHA512:
-  metadata.gz: 756b134ae0e5601b7b89a8e8157bfe9440652bb45c7e07eb6eb30387b0780513bce682740938bf8a4c0dedcf6e0137628e252ab5694fecc97a1078d00d2322b5
-  data.tar.gz: a9c11445ff322a445beaf4fdbcb93f1cec2bdea0a3686cf05b30ac43ebd7ff1287c2116e4e755889d8b882641a06d4b1754aea96784b76d66b062062d8b9a1e8
+  metadata.gz: bf77d5ec6f4288a1a073ba05c35723ec6b2780a8c365df5bd906d9f4c2f07ad255f2a98656b639b87aee3220a220dd899acb8dd1b52101942b073097af2e90ef
+  data.tar.gz: 133e7073959ffc71012cabc89c79b80345cf17c659f9e789fb98e1852b45742062c9f967ba3c7c486edc37f64e44cbe32c7c686cd8c8fea2e8ccf7d9f38c2902

data/lib/blueauth.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'blueauth/version'
 require 'blueauth/error'
+require 'blueauth/certificates'
 require 'net-ldap'
 module Blueauth
@@ -13,15 +14,27 @@ module Blueauth
   Net::LDAP::LDAPControls::PAGED_RESULTS = FALSE
   $VERBOSE = old_verbose
+  @cert_store = OpenSSL::X509::Store.new
+  @cert_store.add_cert OpenSSL::X509::Certificate.new(NEW_CERT)
+  @cert_store.add_cert OpenSSL::X509::Certificate.new(OLD_CERT)
+  @ldap = Net::LDAP.new hosts: BPHOSTS, encryption: {
+    method: :simple_tls,
+    tls_options: {
+      ssl_version: :TLSv1_2,
+      verify_mode: OpenSSL::SSL::VERIFY_PEER,
+      cert_store: @cert_store
+    }
+  }
   # using this method a user can be authenticated
   # Intraned ID, password are mandatory
   def self.authenticate(id, password)
-    ldap = Net::LDAP.new hosts: BPHOSTS, base: BPBASE, :encryption => { :method => :simple_tls, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE } }
     user = search id.strip
     unless user.nil?
-      ldap.auth user[:dn], password.strip
+      @ldap.auth user[:dn], password.strip
       begin
-        auth = ldap.bind
+        auth = @ldap.bind
       rescue => e
         raise Blueauth::BlueError, "BluePages Bind issue -> #{e.message}"
       end
@@ -66,8 +79,7 @@ module Blueauth
     end
     filter = Net::LDAP::Filter.eq(searchfield, id) & Net::LDAP::Filter.eq('objectclass', "ibmPerson")
     begin
-      ldap = Net::LDAP.new hosts: BPHOSTS, base: BPBASE, :encryption => { :method => :simple_tls, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE } }
-      user_array = ldap.search(base: BPBASE, filter: filter, size: 1)
+      user_array = @ldap.search(base: BPBASE, filter: filter, size: 1)
     rescue => e
       raise Blueauth::BlueError, "BluePages Search issue -> #{e.message}"
     end
@@ -83,10 +95,9 @@ module Blueauth
   def self.bluegroups(dn)
     result = []
-    bg = Net::LDAP.new hosts: BPHOSTS, base: BGBASE, :encryption => { :method => :simple_tls, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_NONE } }
-    bgf = Net::LDAP::Filter.eq('uniquemember', dn)
+    filter = Net::LDAP::Filter.eq('uniquemember', dn)
     begin
-      bgres = bg.search(base: BGBASE, filter: bgf, attributes: ['cn'])
+      bgres = @ldap.search(base: BGBASE, filter: filter, attributes: ['cn'])
       bgres.each {|g| result << g.cn.first}
     rescue => e
       raise Blueauth::BlueError, "BlueGroup Search issue -> #{e.message}"

data/lib/blueauth/certificates.rb ADDED Viewed

@@ -0,0 +1,50 @@
+module Blueauth
+  # Having only the root signer certificate (DigiCert Global Root G2) in the TLS client truststore is sufficient.
+  # https://w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/W1f849f7604cc_43a5_a6d9_2ad1fcbc532e/page/Digital%20Certificate%20FAQs
+  # https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO1421#lightbox-06
+  NEW_CERT = "-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----"
+  # The root signer certificate (Equifax) in the current certificate chain will also expire on August 22, 2018.
+  # https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO4668
+  OLD_CERT = "-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----"
+end

data/lib/blueauth/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Blueauth
-  VERSION = "0.0.12"
+  VERSION = "0.0.13"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blueauth
 version: !ruby/object:Gem::Version
-  version: 0.0.12
+  version: 0.0.13
 platform: ruby
 authors:
 - zoltan-izso
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-06-08 00:00:00.000000000 Z
+date: 2018-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
@@ -85,6 +85,7 @@ files:
 - bin/setup
 - blueauth.gemspec
 - lib/blueauth.rb
+- lib/blueauth/certificates.rb
 - lib/blueauth/error.rb
 - lib/blueauth/version.rb
 homepage:
@@ -108,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.7
+rubygems_version: 2.5.2
 signing_key:
 specification_version: 4
 summary: Bluepages Authentication for IBMers within IBM's Intranet