ig-identity-rp-validator 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/ig-identity-rp-validator.rb +41 -0
- metadata +58 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: ca4c4b510af010481e7e8364a16da941fe7c79ce
|
|
4
|
+
data.tar.gz: baf415ab58106517502f5fe67aef029980e42cac
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: bff52fcfc07458bd3ada7a533aab4f0df0e7c7a05e636b77d3b74dfa01b6f16b8bce3b0987bc5ff317b6a0336e39515170506e733669a041e929c17d03cf6680
|
|
7
|
+
data.tar.gz: a13085b8f32a8b6cd44a37b0a98dad2f4c9c1e865d67b00e8f9db34c8d7750f5694daf49f98740f1720cc352cbe5b458e5f5f15ff0a1703e1f60326d33281c44
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'ig-crypto-utils'
|
|
2
|
+
require 'base64'
|
|
3
|
+
require 'json'
|
|
4
|
+
|
|
5
|
+
module IgIdentity
|
|
6
|
+
|
|
7
|
+
module RelyingParty
|
|
8
|
+
|
|
9
|
+
class AuthValidator
|
|
10
|
+
|
|
11
|
+
# 1. decrypt the auth payload using shared AES key + iv
|
|
12
|
+
# 2. validate the signature using ecdsa_secret_key
|
|
13
|
+
# 3. parse the username and role (and ip address if present) from the payload
|
|
14
|
+
# 4. parse the expiry date from the payload and check if expired
|
|
15
|
+
# 5. if all valid, generate response of the form {:valid => true, :auth => {...}}
|
|
16
|
+
def validate_auth(auth, iv, aes_key, ecdsa_public_key)
|
|
17
|
+
|
|
18
|
+
begin
|
|
19
|
+
decrypted_result = Base64.decode64 CryptoUtils::AesUtil.new.decrypt(auth, aes_key, iv)
|
|
20
|
+
parsed_result = JSON.parse(decrypted_result, :symbolize_names => true)
|
|
21
|
+
|
|
22
|
+
token = parsed_result[:token]
|
|
23
|
+
signature = parsed_result[:signature]
|
|
24
|
+
|
|
25
|
+
# validate the signature
|
|
26
|
+
return {:valid => true, :auth => parsed_result} if
|
|
27
|
+
CryptoUtils::EcdsaUtil.new.validate_signature(token, signature, ecdsa_public_key)
|
|
28
|
+
|
|
29
|
+
{:valid => false, auth: nil}
|
|
30
|
+
|
|
31
|
+
rescue
|
|
32
|
+
{:valid => false, auth: nil}
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: ig-identity-rp-validator
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Infinity-G
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-02-18 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: ig-crypto-utils
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - '='
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 0.0.1
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - '='
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 0.0.1
|
|
27
|
+
description: Relying party validator for payloads generated by the id-io API
|
|
28
|
+
email: developer@infinity-g.com
|
|
29
|
+
executables: []
|
|
30
|
+
extensions: []
|
|
31
|
+
extra_rdoc_files: []
|
|
32
|
+
files:
|
|
33
|
+
- lib/ig-identity-rp-validator.rb
|
|
34
|
+
homepage: ''
|
|
35
|
+
licenses:
|
|
36
|
+
- MIT
|
|
37
|
+
metadata: {}
|
|
38
|
+
post_install_message:
|
|
39
|
+
rdoc_options: []
|
|
40
|
+
require_paths:
|
|
41
|
+
- lib
|
|
42
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - '>='
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '0'
|
|
47
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
48
|
+
requirements:
|
|
49
|
+
- - '>='
|
|
50
|
+
- !ruby/object:Gem::Version
|
|
51
|
+
version: '0'
|
|
52
|
+
requirements: []
|
|
53
|
+
rubyforge_project:
|
|
54
|
+
rubygems_version: 2.4.2
|
|
55
|
+
signing_key:
|
|
56
|
+
specification_version: 4
|
|
57
|
+
summary: Auth validator
|
|
58
|
+
test_files: []
|