fido_metadata 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +8 -0
  3. data/.rubocop.yml +196 -0
  4. data/.travis.yml +7 -0
  5. data/CHANGELOG.md +31 -0
  6. data/CODE_OF_CONDUCT.md +74 -0
  7. data/Gemfile +8 -0
  8. data/Gemfile.lock +75 -0
  9. data/LICENSE.txt +21 -0
  10. data/README.md +86 -0
  11. data/Rakefile +12 -0
  12. data/bin/console +24 -0
  13. data/bin/rspec +29 -0
  14. data/bin/rubocop +29 -0
  15. data/bin/setup +8 -0
  16. data/fido_metadata.gemspec +41 -0
  17. data/lib/Root.cer +15 -0
  18. data/lib/fido_metadata.rb +19 -0
  19. data/lib/fido_metadata/attributes.rb +37 -0
  20. data/lib/fido_metadata/biometric_accuracy_descriptor.rb +15 -0
  21. data/lib/fido_metadata/biometric_status_report.rb +18 -0
  22. data/lib/fido_metadata/client.rb +110 -0
  23. data/lib/fido_metadata/code_accuracy_descriptor.rb +14 -0
  24. data/lib/fido_metadata/coercer/assumed_value.rb +19 -0
  25. data/lib/fido_metadata/coercer/bit_field.rb +22 -0
  26. data/lib/fido_metadata/coercer/certificates.rb +16 -0
  27. data/lib/fido_metadata/coercer/date.rb +15 -0
  28. data/lib/fido_metadata/coercer/escaped_uri.rb +17 -0
  29. data/lib/fido_metadata/coercer/magic_number.rb +24 -0
  30. data/lib/fido_metadata/coercer/objects.rb +18 -0
  31. data/lib/fido_metadata/coercer/user_verification_details.rb +36 -0
  32. data/lib/fido_metadata/constants.rb +91 -0
  33. data/lib/fido_metadata/entry.rb +25 -0
  34. data/lib/fido_metadata/pattern_accuracy_descriptor.rb +13 -0
  35. data/lib/fido_metadata/refinement/fixed_length_secure_compare.rb +23 -0
  36. data/lib/fido_metadata/statement.rb +65 -0
  37. data/lib/fido_metadata/status_report.rb +20 -0
  38. data/lib/fido_metadata/store.rb +82 -0
  39. data/lib/fido_metadata/table_of_contents.rb +17 -0
  40. data/lib/fido_metadata/test_cache_store.rb +26 -0
  41. data/lib/fido_metadata/verification_method_descriptor.rb +20 -0
  42. data/lib/fido_metadata/version.rb +5 -0
  43. data/lib/fido_metadata/x5c_key_finder.rb +50 -0
  44. metadata +186 -0
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ # A very simple cache story for the test suite that mimics the ActiveSupport::Cache::Store interface
4
+ module FidoMetadata
5
+ class TestCacheStore
6
+ def initialize
7
+ @store = {}
8
+ end
9
+
10
+ def read(name, _options = nil)
11
+ @store[name]
12
+ end
13
+
14
+ def write(name, value, _options = nil)
15
+ @store[name] = value
16
+ end
17
+
18
+ def delete(name, _options = nil)
19
+ @store.delete(name)
20
+ end
21
+
22
+ def clear(_options = nil)
23
+ @store.clear
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "fido_metadata/attributes"
4
+ require "fido_metadata/biometric_accuracy_descriptor"
5
+ require "fido_metadata/constants"
6
+ require "fido_metadata/code_accuracy_descriptor"
7
+ require "fido_metadata/pattern_accuracy_descriptor"
8
+ require "fido_metadata/coercer/magic_number"
9
+ require "fido_metadata/coercer/objects"
10
+
11
+ module FidoMetadata
12
+ class VerificationMethodDescriptor
13
+ extend Attributes
14
+
15
+ json_accessor("userVerification", Coercer::MagicNumber.new(Constants::USER_VERIFICATION_METHODS))
16
+ json_accessor("caDesc")
17
+ json_accessor("baDesc")
18
+ json_accessor("paDesc")
19
+ end
20
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ module FidoMetadata
4
+ VERSION = "0.3.0"
5
+ end
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "base64"
4
+ require "jwt/error"
5
+
6
+ module FidoMetadata
7
+ class VerificationError < StandardError; end
8
+
9
+ # If the x5c header certificate chain can be validated by trusted root
10
+ # certificates, and none of the certificates are revoked, returns the public
11
+ # key from the first certificate.
12
+ # See https://tools.ietf.org/html/rfc7515#section-4.1.6
13
+ class X5cKeyFinder
14
+ def self.from(x5c_header_or_certificates, trusted_certificates, crls)
15
+ store = build_store(trusted_certificates, crls)
16
+ signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
17
+ store_context = OpenSSL::X509::StoreContext.new(store, signing_certificate, certificate_chain)
18
+
19
+ if store_context.verify
20
+ signing_certificate.public_key
21
+ else
22
+ error = "Certificate verification failed: #{store_context.error_string}."
23
+ error = "#{error} Certificate subject: #{store_context.current_cert.subject}." if store_context.current_cert
24
+
25
+ raise JWT::VerificationError, error
26
+ end
27
+ end
28
+
29
+ def self.parse_certificates(x5c_header_or_certificates)
30
+ if x5c_header_or_certificates.all? { |obj| obj.is_a?(OpenSSL::X509::Certificate) }
31
+ x5c_header_or_certificates
32
+ else
33
+ x5c_header_or_certificates.map do |encoded|
34
+ OpenSSL::X509::Certificate.new(::Base64.strict_decode64(encoded))
35
+ end
36
+ end
37
+ end
38
+ private_class_method :parse_certificates
39
+
40
+ def self.build_store(trusted_certificates, crls)
41
+ store = OpenSSL::X509::Store.new
42
+ store.purpose = OpenSSL::X509::PURPOSE_ANY
43
+ store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
44
+ trusted_certificates.each { |certificate| store.add_cert(certificate) }
45
+ crls && crls.each { |crl| store.add_crl(crl) }
46
+ store
47
+ end
48
+ private_class_method :build_store
49
+ end
50
+ end
metadata ADDED
@@ -0,0 +1,186 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fido_metadata
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.3.0
5
+ platform: ruby
6
+ authors:
7
+ - Bart de Water
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2019-11-24 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.17'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.17'
41
+ - !ruby/object:Gem::Dependency
42
+ name: pry-byebug
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '3.8'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '3.8'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rubocop
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - '='
88
+ - !ruby/object:Gem::Version
89
+ version: 0.75.0
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '='
95
+ - !ruby/object:Gem::Version
96
+ version: 0.75.0
97
+ - !ruby/object:Gem::Dependency
98
+ name: webmock
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '3.6'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '3.6'
111
+ description: Client for looking up metadata about FIDO authenticators, for use by
112
+ WebAuthn relying parties
113
+ email:
114
+ executables: []
115
+ extensions: []
116
+ extra_rdoc_files: []
117
+ files:
118
+ - ".gitignore"
119
+ - ".rubocop.yml"
120
+ - ".travis.yml"
121
+ - CHANGELOG.md
122
+ - CODE_OF_CONDUCT.md
123
+ - Gemfile
124
+ - Gemfile.lock
125
+ - LICENSE.txt
126
+ - README.md
127
+ - Rakefile
128
+ - bin/console
129
+ - bin/rspec
130
+ - bin/rubocop
131
+ - bin/setup
132
+ - fido_metadata.gemspec
133
+ - lib/Root.cer
134
+ - lib/fido_metadata.rb
135
+ - lib/fido_metadata/attributes.rb
136
+ - lib/fido_metadata/biometric_accuracy_descriptor.rb
137
+ - lib/fido_metadata/biometric_status_report.rb
138
+ - lib/fido_metadata/client.rb
139
+ - lib/fido_metadata/code_accuracy_descriptor.rb
140
+ - lib/fido_metadata/coercer/assumed_value.rb
141
+ - lib/fido_metadata/coercer/bit_field.rb
142
+ - lib/fido_metadata/coercer/certificates.rb
143
+ - lib/fido_metadata/coercer/date.rb
144
+ - lib/fido_metadata/coercer/escaped_uri.rb
145
+ - lib/fido_metadata/coercer/magic_number.rb
146
+ - lib/fido_metadata/coercer/objects.rb
147
+ - lib/fido_metadata/coercer/user_verification_details.rb
148
+ - lib/fido_metadata/constants.rb
149
+ - lib/fido_metadata/entry.rb
150
+ - lib/fido_metadata/pattern_accuracy_descriptor.rb
151
+ - lib/fido_metadata/refinement/fixed_length_secure_compare.rb
152
+ - lib/fido_metadata/statement.rb
153
+ - lib/fido_metadata/status_report.rb
154
+ - lib/fido_metadata/store.rb
155
+ - lib/fido_metadata/table_of_contents.rb
156
+ - lib/fido_metadata/test_cache_store.rb
157
+ - lib/fido_metadata/verification_method_descriptor.rb
158
+ - lib/fido_metadata/version.rb
159
+ - lib/fido_metadata/x5c_key_finder.rb
160
+ homepage: https://github.com/bdewater/fido_metadata
161
+ licenses:
162
+ - MIT
163
+ metadata:
164
+ homepage_uri: https://github.com/bdewater/fido_metadata
165
+ source_code_uri: https://github.com/bdewater/fido_metadata
166
+ changelog_uri: https://github.com/bdewater/fido_metadata/blob/master/CHANGELOG.md
167
+ post_install_message:
168
+ rdoc_options: []
169
+ require_paths:
170
+ - lib
171
+ required_ruby_version: !ruby/object:Gem::Requirement
172
+ requirements:
173
+ - - ">="
174
+ - !ruby/object:Gem::Version
175
+ version: '2.3'
176
+ required_rubygems_version: !ruby/object:Gem::Requirement
177
+ requirements:
178
+ - - ">="
179
+ - !ruby/object:Gem::Version
180
+ version: '0'
181
+ requirements: []
182
+ rubygems_version: 3.0.3
183
+ signing_key:
184
+ specification_version: 4
185
+ summary: FIDO Alliance Metadata Service client
186
+ test_files: []