civic_sip_sdk 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8f25482aa5c37b9879c21c1a76ef9967337b9385832b6a24d03584f2561552d8
+  data.tar.gz: 071fe7ee8420f5c1fdf9fff5f026a33d8d316e5c400bbf2a6fb80a81a60a2b65
+SHA512:
+  metadata.gz: d06a3a0612b446b09e7a3cc725b7ec6c38d768824ff3f61caca8ccca03c0fe87424ebe3e64215a5fe7ea584372c235b82e608b2c78466163f4dd60e0f41a2337
+  data.tar.gz: 9dda8d41853a87394f17c178d8386a65e5cc8f813aafd83dbfb4eb268994bade0b6f30c027de2b55b7a60ce89aa90c39086c940824e6c75bc4f81116442a2a7e

data/lib/civic_sip_sdk/app_config.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module CivicSIPSdk
+  class AppConfig
+    attr_reader :id, :env, :private_key, :secret
+
+    VALID_ENVS = %i[dev prod].freeze
+    REQUIRED_KEYS = [
+      { name: :id, error: 'Civic application id is missing!' },
+      { name: :private_key, error: 'Civic application private signing key is missing!' },
+      { name: :secret, error: 'Civic application secret is missing!' }
+    ].freeze
+
+    # Creates a new instance of <tt>CivicSIPSdk::AppConfig</tt>.
+    # This is used to configure the SDK connection parameters to the Civic SIP service.
+    #
+    # It raises an ArgumentError if any argument is nil.
+    #
+    # Args:
+    #   * <tt>id</tt> - The application id.
+    #   * <tt>env</tt> - The application environment. Defaults to +:prod+ if the value is incorrect.
+    #   * <tt>private_key</tt> - The application's private signing key.
+    #   * <tt>secret</tt> - The application secret
+    def initialize(id:, env:, private_key:, secret:)
+      @id = id
+      @env = VALID_ENVS.include?(env.to_sym) ? env.to_sym : VALID_ENVS.last
+      @private_key = private_key
+      @secret = secret
+
+      validate
+    end
+
+    private
+
+    def validate
+      validation_errors = REQUIRED_KEYS.map { |rk| instance_variable_get("@#{rk[:name]}").nil? ? rk[:error] : nil }
+                                       .compact
+
+      raise ArgumentError.new(validation_errors.join("\n")) unless validation_errors.empty?
+    end
+  end
+end

data/lib/civic_sip_sdk/client.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'httparty'
+require 'civic_sip_sdk/app_config'
+require 'civic_sip_sdk/user_data'
+require 'civic_sip_sdk/crypto'
+
+module CivicSIPSdk
+  class Client
+    BASE_URL = 'https://api.civic.com/sip'
+    AUTH_CODE_PATH = 'scopeRequest/authCode'
+    PUBLIC_HEX = '049a45998638cfb3c4b211d72030d9ae8329a242db63bfb0076a54e7647370a8ac5708b57af6065805d5a6be72332620932dbb35e8d318fce18e7c980a0eb26aa1'
+    MIMETYPE_JSON = 'application/json'
+
+    ENV_VAR = 'ENVIRONMENT'
+    RAILS_ENV = 'RAILS_ENV'
+    PRODUCTION_ENV = 'production'
+
+    HTTP_REQUEST_METHOD = :POST
+
+    # Creates a client
+    #
+    # Args:
+    #   * <tt>config</tt> - an instance of CivicSIPSdk::AppConfig
+    def initialize(config:)
+      @config = config
+    end
+
+    # Exchange authorization code in the form of a JWT Token for the user data
+    # requested in the scope request.
+    #
+    # Args:
+    #   * <tt>jwt_token</tt> - a JWT token that contains the authorization code
+    def exchange_code(jwt_token:)
+      json_body_str = JSON.generate('authToken' => jwt_token)
+
+      response = HTTParty.post(
+        "#{BASE_URL}/#{@config.env}/#{AUTH_CODE_PATH}",
+        headers: {
+          'Content-Type' => MIMETYPE_JSON,
+          'Accept' => MIMETYPE_JSON,
+          'Content-Length' => json_body_str.size.to_s,
+          'Authorization' => authorization_header(target_path: AUTH_CODE_PATH, body: json_body_str)
+        },
+        body: json_body_str,
+        debug_output: ENV[ENV_VAR] == PRODUCTION_ENV || ENV[RAILS_ENV] == PRODUCTION_ENV ? nil : STDOUT
+      )
+
+      unless response.code == 200
+        raise StandardError.new(
+          "Failed to exchange JWT token. HTTP status: #{response.code}, response body: #{response.body}"
+        )
+      end
+
+      res_payload = JSON.parse(response.body)
+      extract_user_data(response: res_payload)
+    end
+
+    private
+
+    def authorization_header(target_path:, body:)
+      jwt_token = Crypto.jwt_token(
+        app_id: @config.id,
+        sip_base_url: BASE_URL,
+        data: {
+          method: HTTP_REQUEST_METHOD,
+          path: target_path
+        },
+        private_key: @config.private_key
+      )
+
+      civic_extension = Crypto.civic_extension(secret: @config.secret, body: body)
+
+      "Civic #{jwt_token}.#{civic_extension}"
+    end
+
+    def extract_user_data(response:)
+      # only verify the token if it's in production (test is using an expired token)
+      decoded_token = Crypto.decode_jwt_token(
+        token: response['data'],
+        public_hex_key: PUBLIC_HEX,
+        should_verify: ENV[ENV_VAR] == PRODUCTION_ENV || ENV[RAILS_ENV] == PRODUCTION_ENV
+      )
+      data_text = if response['encrypted']
+                    # decrypt the data attr
+                    Crypto.decrypt(
+                      text: decoded_token['data'],
+                      secret: @config.secret
+                    )
+                  else
+                    decoded_data['data']
+                  end
+
+      UserData.new(
+        user_id: response['userId'],
+        data_items: JSON.parse(data_text)
+      )
+    end
+  end
+end

data/lib/civic_sip_sdk/crypto.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'securerandom'
+require 'openssl'
+require 'jwt'
+
+module CivicSIPSdk
+  module Crypto
+    CIPHER_ALGO = 'AES-128-CBC'
+    IV_STRING_LENGTH = 32
+    # "prime256v1" is another name for "secp256r1"
+    ECDSA_CURVE = 'prime256v1'
+    JWT_ALGO = 'ES256'
+    HMAC_DIGEST = 'SHA256'
+
+    # Create encrypted text using AES-128-CBC with a IV of 16 bytes
+    #
+    # Args:
+    #   * <tt>text</tt> - the plain text to be encrypted
+    #   * <tt>secret</tt> - the Civic application secret in HEX format
+    def self.encrypt(text:, secret:)
+      cipher = OpenSSL::Cipher.new(CIPHER_ALGO)
+      cipher.encrypt
+      cipher.key = hex_to_string(hex: secret)
+      iv = cipher.random_iv
+      cipher.iv = iv
+
+      encrypted_text = "#{cipher.update(text)}#{cipher.final}"
+      "#{string_to_hex(str: iv)}#{Base64.encode64(encrypted_text)}"
+    end
+
+    # Decrypt the encrypted text using AES-128-CBC with a IV of 32 bytes
+    #
+    # Args:
+    #   * <tt>text</tt> - the encrypted text to be decrypted
+    #   * <tt>secret</tt> - the Civic application secret in HEX format
+    def self.decrypt(text:, secret:)
+      cipher = OpenSSL::Cipher.new(CIPHER_ALGO)
+      cipher.decrypt
+      cipher.key = hex_to_string(hex: secret)
+      iv_hex = text[0..(IV_STRING_LENGTH - 1)]
+      cipher.iv = hex_to_string(hex: iv_hex)
+      encrypted_text = Base64.decode64(text[IV_STRING_LENGTH..-1])
+
+      "#{cipher.update(encrypted_text)}#{cipher.final}"
+    end
+
+    def self.jwt_token(app_id:, sip_base_url:, data:, private_key:)
+      now = Time.now.to_i
+
+      payload = {
+        iat: now,
+        exp: now + 60 * 3,
+        iss: app_id,
+        aud: sip_base_url,
+        sub: app_id,
+        jti: SecureRandom.uuid,
+        data: data
+      }
+
+      JWT.encode(
+        payload,
+        private_signing_key(private_hex_key: private_key),
+        JWT_ALGO
+      )
+    end
+
+    def self.decode_jwt_token(token:, public_hex_key:, should_verify:)
+      public_key = public_signing_key(public_hex_key: public_hex_key)
+      data, = JWT.decode(token, public_key, should_verify, algorithm: JWT_ALGO)
+
+      data
+    end
+
+    def self.civic_extension(secret:, body:)
+      hmac = OpenSSL::HMAC.digest(HMAC_DIGEST, secret, JSON.generate(body))
+      Base64.encode64(hmac)
+    end
+
+    class << self
+      private
+
+      def private_signing_key(private_hex_key:)
+        key = OpenSSL::PKey::EC.new(ECDSA_CURVE)
+        key.private_key = OpenSSL::BN.new(private_hex_key.to_i(16))
+
+        key
+      end
+
+      def public_signing_key(public_hex_key:)
+        group = OpenSSL::PKey::EC::Group.new(ECDSA_CURVE)
+        point = OpenSSL::PKey::EC::Point.new(
+          group,
+          OpenSSL::BN.new(public_hex_key.to_i(16))
+        )
+        key = OpenSSL::PKey::EC.new(ECDSA_CURVE)
+        key.public_key = point
+
+        key
+      end
+
+      def string_to_hex(str:)
+        str.unpack1('H*')
+      end
+
+      def hex_to_string(hex:)
+        hex.scan(/../).map(&:hex).pack('c*')
+      end
+    end
+  end
+end

data/lib/civic_sip_sdk/user_data.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'civic_sip_sdk/user_data_item'
+
+module CivicSIPSdk
+  class UserData
+    attr_reader :user_id, :data_items
+
+    # Creates a UserData insteance, which creates a list of UserDataItem instances from
+    # +data_items+.
+    #
+    # Args:
+    #   * <tt>user_id</tt> - user id
+    #   * <tt>data_items</tt> - a list of Hash that contains the key-value pairs for
+    #                           instantiating CivicSIPSdk::UserDataItem instances
+    def initialize(user_id:, data_items:)
+      @user_id = user_id
+      @data_items = data_items
+      @indexed_data_items = index_data_items
+    end
+
+    # Returns a +UserDataItem+ instance by matching the value of +label+, or +nil+
+    # if the label doesn't exist
+    def by_label(label:)
+      @indexed_data_items.fetch(label, nil)
+    end
+
+    private
+
+    def index_data_items
+      @data_items.each_with_object({}) do |data_item, memo|
+        memo[data_item['label']] = UserDataItem.new(
+          label: data_item['label'],
+          value: data_item['value'],
+          is_valid: data_item['isValid'],
+          is_owner: data_item['isOwner']
+        )
+      end
+    end
+  end
+end

data/lib/civic_sip_sdk/user_data_item.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module CivicSIPSdk
+  class UserDataItem
+    attr_reader :label, :value, :is_valid, :is_owner
+
+    # Creates an instance of UserDataItem.
+    #
+    # Args:
+    #   * <tt>label</tt> - Descriptive value identifier.
+    #   * <tt>value</tt> - Item value of requested user data.
+    #   * <tt>is_valid</tt> - Indicates whether or not the data is still considered valid on the blockchain.
+    #   * <tt>is_owner</tt> - Civic SIP service challenges the user during scope request approval to ensure
+    #                         the user is in control of the private key originally used in the issuance of the data attestation.
+    def initialize(label:, value:, is_valid:, is_owner:)
+      @label = label
+      @value = value
+      @is_valid = is_valid
+      @is_owner = is_owner
+    end
+  end
+end

data/lib/civic_sip_sdk/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CivicSIPSdk
+  VERSION = '0.1.0'
+end

data/lib/civic_sip_sdk.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift('lib')
+
+require 'civic_sip_sdk/app_config'
+require 'civic_sip_sdk/client'
+
+module CivicSIPSdk
+  module_function
+
+  def new_client(id, env, private_key, secret)
+    app_config = AppConfig.new(
+      id: id,
+      env: env,
+      private_key: private_key,
+      secret: secret
+    )
+
+    Client.new(config: app_config)
+  end
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: civic_sip_sdk
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Han Wang
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-11-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.22
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.22
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+description: A ruby SDK for Civic SIP integration
+email:
+- han@binarystorms.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/civic_sip_sdk.rb
+- lib/civic_sip_sdk/app_config.rb
+- lib/civic_sip_sdk/client.rb
+- lib/civic_sip_sdk/crypto.rb
+- lib/civic_sip_sdk/user_data.rb
+- lib/civic_sip_sdk/user_data_item.rb
+- lib/civic_sip_sdk/version.rb
+homepage: https://github.com/BinaryStorms/civic-sip-ruby-sdk
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: A ruby SDK for Civic SIP integration
+test_files: []