ig-identity-rp-validator 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/ig-identity-rp-validator.rb +41 -0
  3. metadata +58 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: ca4c4b510af010481e7e8364a16da941fe7c79ce
4
+ data.tar.gz: baf415ab58106517502f5fe67aef029980e42cac
5
+ SHA512:
6
+ metadata.gz: bff52fcfc07458bd3ada7a533aab4f0df0e7c7a05e636b77d3b74dfa01b6f16b8bce3b0987bc5ff317b6a0336e39515170506e733669a041e929c17d03cf6680
7
+ data.tar.gz: a13085b8f32a8b6cd44a37b0a98dad2f4c9c1e865d67b00e8f9db34c8d7750f5694daf49f98740f1720cc352cbe5b458e5f5f15ff0a1703e1f60326d33281c44
data/lib/ig-identity-rp-validator.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'ig-crypto-utils'
2
+ require 'base64'
3
+ require 'json'
4
+
5
+ module IgIdentity
6
+
7
+ module RelyingParty
8
+
9
+ class AuthValidator
10
+
11
+ # 1. decrypt the auth payload using shared AES key + iv
12
+ # 2. validate the signature using ecdsa_secret_key
13
+ # 3. parse the username and role (and ip address if present) from the payload
14
+ # 4. parse the expiry date from the payload and check if expired
15
+ # 5. if all valid, generate response of the form {:valid => true, :auth => {...}}
16
+ def validate_auth(auth, iv, aes_key, ecdsa_public_key)
17
+
18
+ begin
19
+ decrypted_result = Base64.decode64 CryptoUtils::AesUtil.new.decrypt(auth, aes_key, iv)
20
+ parsed_result = JSON.parse(decrypted_result, :symbolize_names => true)
21
+
22
+ token = parsed_result[:token]
23
+ signature = parsed_result[:signature]
24
+
25
+ # validate the signature
26
+ return {:valid => true, :auth => parsed_result} if
27
+ CryptoUtils::EcdsaUtil.new.validate_signature(token, signature, ecdsa_public_key)
28
+
29
+ {:valid => false, auth: nil}
30
+
31
+ rescue
32
+ {:valid => false, auth: nil}
33
+ end
34
+
35
+ end
36
+
37
+ end
38
+
39
+ end
40
+
41
+ end
metadata ADDED
@@ -0,0 +1,58 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ig-identity-rp-validator
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Infinity-G
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-02-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ig-crypto-utils
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - '='
18
+ - !ruby/object:Gem::Version
19
+ version: 0.0.1
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '='
25
+ - !ruby/object:Gem::Version
26
+ version: 0.0.1
27
+ description: Relying party validator for payloads generated by the id-io API
28
+ email: developer@infinity-g.com
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - lib/ig-identity-rp-validator.rb
34
+ homepage: ''
35
+ licenses:
36
+ - MIT
37
+ metadata: {}
38
+ post_install_message:
39
+ rdoc_options: []
40
+ require_paths:
41
+ - lib
42
+ required_ruby_version: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - '>='
50
+ - !ruby/object:Gem::Version
51
+ version: '0'
52
+ requirements: []
53
+ rubyforge_project:
54
+ rubygems_version: 2.4.2
55
+ signing_key:
56
+ specification_version: 4
57
+ summary: Auth validator
58
+ test_files: []