fido_metadata 0.3.0

data/lib/fido_metadata/test_cache_store.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# A very simple cache story for the test suite that mimics the ActiveSupport::Cache::Store interface
+module FidoMetadata
+  class TestCacheStore
+    def initialize
+      @store = {}
+    end
+
+    def read(name, _options = nil)
+      @store[name]
+    end
+
+    def write(name, value, _options = nil)
+      @store[name] = value
+    end
+
+    def delete(name, _options = nil)
+      @store.delete(name)
+    end
+
+    def clear(_options = nil)
+      @store.clear
+    end
+  end
+end

data/lib/fido_metadata/verification_method_descriptor.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "fido_metadata/attributes"
+require "fido_metadata/biometric_accuracy_descriptor"
+require "fido_metadata/constants"
+require "fido_metadata/code_accuracy_descriptor"
+require "fido_metadata/pattern_accuracy_descriptor"
+require "fido_metadata/coercer/magic_number"
+require "fido_metadata/coercer/objects"
+
+module FidoMetadata
+  class VerificationMethodDescriptor
+    extend Attributes
+
+    json_accessor("userVerification", Coercer::MagicNumber.new(Constants::USER_VERIFICATION_METHODS))
+    json_accessor("caDesc")
+    json_accessor("baDesc")
+    json_accessor("paDesc")
+  end
+end

data/lib/fido_metadata/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module FidoMetadata
+  VERSION = "0.3.0"
+end

data/lib/fido_metadata/x5c_key_finder.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "base64"
+require "jwt/error"
+
+module FidoMetadata
+  class VerificationError < StandardError; end
+
+  # If the x5c header certificate chain can be validated by trusted root
+  # certificates, and none of the certificates are revoked, returns the public
+  # key from the first certificate.
+  # See https://tools.ietf.org/html/rfc7515#section-4.1.6
+  class X5cKeyFinder
+    def self.from(x5c_header_or_certificates, trusted_certificates, crls)
+      store = build_store(trusted_certificates, crls)
+      signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
+      store_context = OpenSSL::X509::StoreContext.new(store, signing_certificate, certificate_chain)
+
+      if store_context.verify
+        signing_certificate.public_key
+      else
+        error = "Certificate verification failed: #{store_context.error_string}."
+        error = "#{error} Certificate subject: #{store_context.current_cert.subject}." if store_context.current_cert
+
+        raise JWT::VerificationError, error
+      end
+    end
+
+    def self.parse_certificates(x5c_header_or_certificates)
+      if x5c_header_or_certificates.all? { |obj| obj.is_a?(OpenSSL::X509::Certificate) }
+        x5c_header_or_certificates
+      else
+        x5c_header_or_certificates.map do |encoded|
+          OpenSSL::X509::Certificate.new(::Base64.strict_decode64(encoded))
+        end
+      end
+    end
+    private_class_method :parse_certificates
+
+    def self.build_store(trusted_certificates, crls)
+      store = OpenSSL::X509::Store.new
+      store.purpose = OpenSSL::X509::PURPOSE_ANY
+      store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      trusted_certificates.each { |certificate| store.add_cert(certificate) }
+      crls && crls.each { |crl| store.add_crl(crl) }
+      store
+    end
+    private_class_method :build_store
+  end
+end

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: fido_metadata
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Bart de Water
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-11-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.75.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.75.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+description: Client for looking up metadata about FIDO authenticators, for use by
+  WebAuthn relying parties
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/rspec
+- bin/rubocop
+- bin/setup
+- fido_metadata.gemspec
+- lib/Root.cer
+- lib/fido_metadata.rb
+- lib/fido_metadata/attributes.rb
+- lib/fido_metadata/biometric_accuracy_descriptor.rb
+- lib/fido_metadata/biometric_status_report.rb
+- lib/fido_metadata/client.rb
+- lib/fido_metadata/code_accuracy_descriptor.rb
+- lib/fido_metadata/coercer/assumed_value.rb
+- lib/fido_metadata/coercer/bit_field.rb
+- lib/fido_metadata/coercer/certificates.rb
+- lib/fido_metadata/coercer/date.rb
+- lib/fido_metadata/coercer/escaped_uri.rb
+- lib/fido_metadata/coercer/magic_number.rb
+- lib/fido_metadata/coercer/objects.rb
+- lib/fido_metadata/coercer/user_verification_details.rb
+- lib/fido_metadata/constants.rb
+- lib/fido_metadata/entry.rb
+- lib/fido_metadata/pattern_accuracy_descriptor.rb
+- lib/fido_metadata/refinement/fixed_length_secure_compare.rb
+- lib/fido_metadata/statement.rb
+- lib/fido_metadata/status_report.rb
+- lib/fido_metadata/store.rb
+- lib/fido_metadata/table_of_contents.rb
+- lib/fido_metadata/test_cache_store.rb
+- lib/fido_metadata/verification_method_descriptor.rb
+- lib/fido_metadata/version.rb
+- lib/fido_metadata/x5c_key_finder.rb
+homepage: https://github.com/bdewater/fido_metadata
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/bdewater/fido_metadata
+  source_code_uri: https://github.com/bdewater/fido_metadata
+  changelog_uri: https://github.com/bdewater/fido_metadata/blob/master/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: FIDO Alliance Metadata Service client
+test_files: []