mobile_id 0.0.1 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4fe6d1fd810346d147526247e6caff4a425668840b1926efaae177151ffac96d
-  data.tar.gz: d3030278e561fa6959e92cf1fb4b928d3381a4a604e79e5e4b3ac0d95ed98525
+  metadata.gz: 7b5200abc2bfce7f9f1e41ecb8e5ac4f7e75767e97b755faf3d5293270e03b29
+  data.tar.gz: bb97dfa048f527f417159dbca7222973d56404f632fcffc2090369ed99002390
 SHA512:
-  metadata.gz: 1ab4acaef19ceaea34fd9c28e55984a9b07bc220304dc1b92ba8c7f647a73f283256f0d4c7a30128ba1894fd56d8ed435a1c22cd92022a3add06995ac243be82
-  data.tar.gz: 60acfeb6677a3da2534ec390b2b991b1826ce0780c3d6334774619a2dd3b63b441eeed436d465f558b2f064151953a707ec0ec26a7285572d05fb0293029db55
+  metadata.gz: 4f79d3dc6c37f22273b6fe502fe5d6898042455dac704c04f7de0463b69cf8485dfca344898b444d14003f922d7023ff5ce7ea2617e52563b6c917aaeca718f9
+  data.tar.gz: f499e7ebb0a3962038186c511305264d34926a733efac2c21706dc9b113215cfdbc4bfbb54f1a9c21ae5f45540cde23d7aa49097ca50d2c6b9b6f9654247e240

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+Release 0.0.6
+* Cert path fix
+
+Release 0.0.5
+* Added user certificate validation 
+
+Release 0.0.4
+* Refactored MobileId to MobileId::Auth
+
+Release 0.0.3
+* Gemspec update
+
+Release 0.0.2
+* Readme update
+
+Release 0.0.1
+* Init

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2019-2020, Priit Tark, priit@gitlab.eu
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,133 @@
+# MobileId::Ruby::Gem
+
+Estonia Mobile ID authentication, more info at https://www.id.ee/en/
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'mobile_id'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install mobile_id
+
+## Test usage
+
+Execute irb:
+
+    $ bundle exec irb
+    irb(main):001:0> require 'mobile_id'
+    => true
+    irb(main):002:0> @mid = MobileId::Auth.new(live: false)
+    => #<MobileId::Auth:0x000055ac4cb25630 @url="https://tsp.demo.sk.ee/mid-api", @uuid="00000000-0000-0000-0000-000000000000", @name="DEMO", @hash="two+e7UMoFCAXHo8q9AnWqSC58Hhil74RowY8Gg9xQY=">
+    irb(main):003:0> auth = @mid.authenticate!(phone: '00000766', personal_code: '60001019906')
+    => {"session_id"=>"34e7eff0-691b-4fad-9798-8db680587b18", "phone"=>"00000766", "phone_calling_code"=>"+372"}
+    irb(main):004:0> verify = @mid.verify!(auth)
+    => {"personal_code"=>"60001019906", "first_name"=>"MARY ÄNN", "last_name"=>"O’CONNEŽ-ŠUSLIK TESTNUMBER", "phone"=>"00000766", "phone_calling_code"=>"+372", "auth_provider"=>"mobileid"}
+
+You get verified attributes: personal_code, first_name, last_name, phone, phone_calling_code, auth_provider
+
+
+## Live usage
+
+For live usage, add your relyingPartyUUID (RPUUID) and relyingPartyName what you get from https://www.sk.ee
+
+```ruby
+    @mid = MobileId::Auth.new(live: true, uuid: "39e7eff0-241b-4fad-2798-9db680587b20", name: 'My service name')
+```
+
+Rails with Devise example controller:
+
+```ruby
+class MobileSessionsController < ApplicationController
+  include Devise::Controllers::Helpers
+  skip_authorization_check only: [:new, :show, :create, :update]
+  before_action :init_mobile_id, only: [:create, :update]
+  
+  def new
+    @user = User.new
+  end
+
+  # makes Mobile ID authentication
+  def create
+    session[:auth] = @mid.authenticate!(phone: params[:phone], personal_code: params[:personal_code])
+    render :show, locals: { verification_code: @mid.verification_code }
+  rescue MobileId::Error => e
+    render :error, locals: { message: e }
+  end
+
+  # verifices Mobile ID user
+  def update
+    session[:auth] = @mid.verify!(session[:auth])
+    find_or_create_user_and_redirect(personal_code: @mid.personal_code)
+  rescue MobileId::Error => e
+    render :error, locals: { message: e }
+  end
+
+  private
+
+  def init_mobile_id
+    @mid = MobileId.new(live: true, uuid: ENV['sk_mid_uuid'], name: ENV['sk_mid_name'])
+  end
+
+  # It's pure your system business logic what to do here with validated user attributes, example code:
+  def find_or_create_user_and_redirect(personal_code:)
+    @user = User.find_by(personal_code: personal_code)
+
+    # bind currently present email only account with mobile-id
+    if @user.nil? && current_user&.confirmed_email_only_account?
+      @user = current_user 
+      @user.personal_code = personal_code
+      @user.save!
+    end
+
+    return redirect_to new_omniuser_url, notice: t(:finish_setup) if @user.nil? || @user.new_record?
+    return redirect_to root_url, alert: t(:unlock_info) if @user.access_locked?
+
+    if @user.valid? && @user.confirmed_at
+      # overwrite name changes
+      @user.first_name = session[:auth]['first_name'] if session[:auth]['first_name'].present?
+      @user.last_name  = session[:auth]['last_name']  if session[:auth]['last_name'].present?
+      @user.save! if @user.changed?
+
+      sign_in_and_redirect(@user, notice: t('devise.sessions.signed_in'))
+    else
+      redirect_to edit_omniuser_url(@user), notice: t('devise.failure.unconfirmed')
+    end
+  end
+end
+```
+
+## Development
+
+After checking out the repo, run `bundle` to install dependencies. For testing code, run `rspec`
+
+## Contributors
+
+* Priit Tark
+* Andri Möll for pointing out user signature issue
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/gitlabeu/mobile_id
+
+## Roadmap
+
+* Auth signature validation
+* Document sign
+* Rails generators
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Sponsors
+
+Gem development and testing is sponsored by [GiTLAB](https://gitlab.eu).

data/lib/mobile_id.rb

@@ -11,151 +11,11 @@ else
   I18n.load_path << Dir[File.expand_path("lib/mobile_id/locales") + "/*.yml"]
 end
 
-class MobileId
+module MobileId
   class Error < StandardError; end
 
-  # API documentation https://github.com/SK-EID/MID
-  LIVE_URL = "https://mid.sk.ee/mid-api"
-  TEST_URL = "https://tsp.demo.sk.ee/mid-api"
-
-  TEST_UUID  = "00000000-0000-0000-0000-000000000000"
-  TEST_NAME  = "DEMO"
-
-  attr_accessor :url, :uuid, :name, :hash, :cert, :cert_subject
-
-  def initialize(live:, uuid: nil, name: nil)
-    self.url = live == true ? LIVE_URL : TEST_URL
-    self.uuid = live == true ? uuid : TEST_UUID
-    self.name = live == true ? name : TEST_NAME
-    self.hash = Digest::SHA256.base64digest(SecureRandom.uuid)
-  end
-
-  def authenticate!(phone_calling_code: nil, phone:, personal_code:, language: nil, display_text: nil)
-    phone_calling_code ||= '+372'
-    full_phone = "#{phone_calling_code}#{phone}"
-    language ||= 
-      case I18n.locale
-      when :et
-        display_text ||= 'Autentimine' 
-        'EST'
-      when :ru
-        display_text ||= 'Аутентификация' 
-        'RUS'
-      else
-        display_text ||= 'Authentication' 
-        'ENG'
-      end
-    
-    options = {
-      headers: {
-        "Content-Type": "application/json"
-      },
-      query: {},
-      body: {
-        relyingPartyUUID: uuid,
-        relyingPartyName: name,
-        phoneNumber: full_phone.to_s.strip,
-        nationalIdentityNumber: personal_code.to_s.strip,
-        hash: hash,
-        hashType: 'SHA256',
-        language: language,
-        displayText: display_text,
-        displayTextFormat: 'GSM-7' # or "UCS-2”
-      }.to_json
-    }
-
-    response = HTTParty.post(url + '/authentication', options)
-    raise Error, "#{I18n.t('mobile_id.some_error')} #{response}" unless response.code == 200
-
-    ActiveSupport::HashWithIndifferentAccess.new(
-      session_id: response['sessionID'],
-      phone: phone,
-      phone_calling_code: phone_calling_code
-    )
-  end
-
-  def verify!(auth)
-    long_poll!(session_id: auth['session_id'])
-
-    ActiveSupport::HashWithIndifferentAccess.new(
-      personal_code: personal_code,
-      first_name: first_name,
-      last_name: last_name,
-      phone: auth['phone'],
-      phone_calling_code: auth['phone_calling_code'],
-      auth_provider: 'mobileid' # User::MOBILEID
-    )
-  end
-
-  def long_poll!(session_id:)
-    response = HTTParty.get(url + "/authentication/session/#{session_id}")
-    raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response.code != 200
-
-    if response['state'] == 'COMPLETE' && response['result'] != 'OK'
-      message = 
-        case response['result']
-        when "TIMEOUT"
-          I18n.t('mobile_id.timeout')
-        when "NOT_MID_CLIENT"
-          I18n.t('mobile_id.user_is_not_mobile_id_client')
-        when "USER_CANCELLED"
-          I18n.t('mobile_id.user_cancelled')
-        when "SIGNATURE_HASH_MISMATCH"
-          I18n.t('mobile_id.signature_hash_mismatch')
-        when "PHONE_ABSENT"
-          I18n.t('mobile_id.phone_absent')
-        when "DELIVERY_ERROR"
-          I18n.t('mobile_id.delivery_error')
-        when "SIM_ERROR"
-          I18n.t('mobile_id.sim_error')
-        end
-      raise Error, message
-    end
-
-    self.cert = OpenSSL::X509::Certificate.new(Base64.decode64(response['cert']))
-    self.cert_subject = build_cert_subject
-    cert
-  end
-
-  def verification_code
-    format("%04d", (Digest::SHA2.new(256).digest(Base64.decode64(hash))[-2..-1].unpack1('n') % 10000))
-  end
-
-  def given_name
-    cert_subject["GN"].tr(",", " ")
-  end
-  alias first_name given_name
-
-  def surname
-    cert_subject["SN"].tr(",", " ")
-  end
-  alias last_name surname
-  
-  def country
-    cert_subject["C"].tr(",", " ")
-  end
-
-  def common_name
-    cert_subject["CN"]
-  end
-
-  def organizational_unit
-    cert_subject["OU"]
-  end
-
-  def serial_number
-    cert_subject["serialNumber"]
-  end
-  alias personal_code serial_number
-
-  private
-
-  def build_cert_subject
-    self.cert_subject = cert.subject.to_utf8.split(/(?<!\\)\,+/).each_with_object({}) do |c, result|
-      next unless c.include?("=")
-
-      key, val = c.split("=")
-      result[key] = val
-    end
-  end
+  LOCALES = [:en, :et, :ru]
 end
+
+require 'mobile_id/cert'
+require 'mobile_id/auth'

data/lib/mobile_id/auth.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+module MobileId
+  class Auth
+    # API documentation https://github.com/SK-EID/MID
+    LIVE_URL = "https://mid.sk.ee/mid-api"
+    TEST_URL = "https://tsp.demo.sk.ee/mid-api"
+
+    TEST_UUID  = "00000000-0000-0000-0000-000000000000"
+    TEST_NAME  = "DEMO"
+
+    attr_accessor :url, :uuid, :name, :doc, :hash, :user_cert, :live
+
+    def initialize(live:, uuid: nil, name: nil)
+      self.url = live == true ? LIVE_URL : TEST_URL
+      self.uuid = live == true ? uuid : TEST_UUID
+      self.name = live == true ? name : TEST_NAME
+      self.live = live
+      init_doc(SecureRandom.uuid)
+    end
+
+    def init_doc(doc)
+      self.doc = doc
+
+      self.hash = Digest::SHA256.base64digest(self.doc)
+    end
+
+    def authenticate!(phone_calling_code: nil, phone:, personal_code:, language: nil, display_text: nil)
+      phone_calling_code ||= '+372'
+      full_phone = "#{phone_calling_code}#{phone}"
+      language ||= 
+        case I18n.locale
+        when :et
+          display_text ||= 'Autentimine' 
+          'EST'
+        when :ru
+          display_text ||= 'Аутентификация' 
+          'RUS'
+        else
+          display_text ||= 'Authentication' 
+          'ENG'
+        end
+      
+      options = {
+        headers: {
+          "Content-Type": "application/json"
+        },
+        query: {},
+        body: {
+          relyingPartyUUID: uuid,
+          relyingPartyName: name,
+          phoneNumber: full_phone.to_s.strip,
+          nationalIdentityNumber: personal_code.to_s.strip,
+          hash: hash,
+          hashType: 'SHA256',
+          language: language,
+          displayText: display_text,
+          displayTextFormat: 'GSM-7' # or "UCS-2”
+        }.to_json
+      }
+
+      response = HTTParty.post(url + '/authentication', options)
+      raise Error, "#{I18n.t('mobile_id.some_error')} #{response}" unless response.code == 200
+
+      ActiveSupport::HashWithIndifferentAccess.new(
+        session_id: response['sessionID'],
+        phone: phone,
+        phone_calling_code: phone_calling_code,
+        doc: doc
+      )
+    end
+
+    def verify!(auth)
+      long_poll!(session_id: auth['session_id'], doc: auth['doc'])
+
+      ActiveSupport::HashWithIndifferentAccess.new(
+        personal_code: personal_code,
+        first_name: first_name,
+        last_name: last_name,
+        phone: auth['phone'],
+        phone_calling_code: auth['phone_calling_code'],
+        auth_provider: 'mobileid' # User::MOBILEID
+      )
+    end
+
+    def long_poll!(session_id:, doc:)
+      response = HTTParty.get(url + "/authentication/session/#{session_id}")
+      raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response.code != 200
+
+      if response['state'] == 'COMPLETE' && response['result'] != 'OK'
+        message = 
+          case response['result']
+          when "TIMEOUT"
+            I18n.t('mobile_id.timeout')
+          when "NOT_MID_CLIENT"
+            I18n.t('mobile_id.user_is_not_mobile_id_client')
+          when "USER_CANCELLED"
+            I18n.t('mobile_id.user_cancelled')
+          when "SIGNATURE_HASH_MISMATCH"
+            I18n.t('mobile_id.signature_hash_mismatch')
+          when "PHONE_ABSENT"
+            I18n.t('mobile_id.phone_absent')
+          when "DELIVERY_ERROR"
+            I18n.t('mobile_id.delivery_error')
+          when "SIM_ERROR"
+            I18n.t('mobile_id.sim_error')
+          end
+        raise Error, message
+      end
+
+      @user_cert = MobileId::Cert.new(response['cert'], live: live)
+      @user_cert.verify_signature!(response['signature']['value'], doc)
+      self.user_cert = @user_cert
+    end
+
+    def verification_code
+      format("%04d", (Digest::SHA2.new(256).digest(Base64.decode64(hash))[-2..-1].unpack1('n') % 10000))
+    end
+
+    def given_name
+      user_cert.given_name
+    end
+    alias first_name given_name
+
+    def surname
+      user_cert.surname
+    end
+    alias last_name surname
+    
+    def country
+      user_cert.country
+    end
+
+    def common_name
+      user_cert.common_name
+    end
+
+    def organizational_unit
+      user_cert.organizational_unit
+    end
+
+    def serial_number
+      user_cert.serial_number
+    end
+    alias personal_code serial_number
+  end
+end

data/lib/mobile_id/cert.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module MobileId
+  class Cert
+    class << self
+      def root_path
+        @root_path ||= File.expand_path('certs', __dir__)
+      end
+
+      def live_store
+        @live_store ||= 
+          build_store([
+            File.join(root_path, 'EE_Certification_Centre_Root_CA.pem.crt'),
+            File.join(root_path, 'ESTEID-SK_2015.pem.crt')
+          ])
+      end
+
+      def test_store
+        binding.pry
+        @test_store ||= 
+          build_store([
+            File.join(root_path, 'TEST_of_EE_Certification_Centre_Root_CA.pem.crt'),
+            File.join(root_path, 'TEST_of_ESTEID-SK_2015.pem.crt')
+          ])
+      end
+
+      def build_store(paths)
+        store = OpenSSL::X509::Store.new
+        paths.each { |path| cert = OpenSSL::X509::Certificate.new(File.read(path)); store.add_cert(cert) }
+        store
+      end
+    end
+
+    attr_accessor :cert, :subject
+
+    def initialize(base64_cert, live:)
+      self.cert = OpenSSL::X509::Certificate.new(Base64.decode64(base64_cert))
+      verify!(self.cert, live: live)
+      build_cert_subject
+    end
+
+    def verify!(cert, live:)
+      store = live == true ? self.class.live_store : self.class.test_store
+      raise Error, 'User certificate is not valid' unless store.verify(cert)
+      raise Error, 'User certificate is not valid' unless cert.public_key.check_key
+      raise Error, 'User certificate is expired' unless (cert.not_before..cert.not_after) === Time.now
+
+      true
+    end
+
+    def verify_signature!(signature, doc)
+      # TODO OpenSSL does not parse signature
+      # cert.public_key.verify(OpenSSL::Digest::SHA256.new, signature, doc)
+    end
+
+    def given_name
+      subject["GN"].tr(",", " ")
+    end
+    alias first_name given_name
+
+    def surname
+      subject["SN"].tr(",", " ")
+    end
+    alias last_name surname
+    
+    def country
+      subject["C"].tr(",", " ")
+    end
+
+    def common_name
+      subject["CN"]
+    end
+
+    def organizational_unit
+      subject["OU"]
+    end
+
+    def serial_number
+      subject["serialNumber"]
+    end
+    alias personal_code serial_number
+
+    private
+
+    def build_cert_subject
+      self.subject = cert.subject.to_utf8.split(/(?<!\\)\,+/).each_with_object({}) do |c, result|
+        next unless c.include?("=")
+
+        key, val = c.split("=")
+        result[key] = val
+      end
+    end
+  end
+end

data/lib/mobile_id/certs/EE_Certification_Centre_Root_CA.pem.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG
+CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy
+MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl
+ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS
+b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy
+euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO
+bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw
+WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d
+MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE
+1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/
+zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF
+BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV
+v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG
+E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
+uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW
+iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v
+GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0=
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/ESTEID-SK_2015.pem.crt

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGcDCCBVigAwIBAgIQRUgJC4ec7yFWcqzT3mwbWzANBgkqhkiG9w0BAQwFADB1
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG
+CSqGSIb3DQEJARYJcGtpQHNrLmVlMCAXDTE1MTIxNzEyMzg0M1oYDzIwMzAxMjE3
+MjM1OTU5WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVy
+aW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMMDkVT
+VEVJRC1TSyAyMDE1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oH6
+1NDxbdW9k8nLA1qGaL4B7vydod2Ewp/STBZB3wEtIJCLdkpEsS8pXfFiRqwDVsgG
+Gbu+Q99trlb5LI7yi7rIkRov5NftBdSNPSU5rAhYPQhvZZQgOwRaHa5Ey+BaLJHm
+LqYQS9hQvQsCYyws+xVvNFUpK0pGD64iycqdMuBl/nWq3fLuZppwBh0VFltm4nhr
+/1S0R9TRJpqFUGbGr4OK/DwebQ5PjhdS40gCUNwmC7fPQ4vIH+x+TCk2aG+u3MoA
+z0IrpVWqiwzG/vxreuPPAkgXeFCeYf6fXLsGz4WivsZFbph2pMjELu6sltlBXfAG
+3fGv43t91VXicyzR/eT5dsB+zFsW1sHV+1ONPr+qzgDxCH2cmuqoZNfIIq+buob3
+eA8ee+XpJKJQr+1qGrmhggjvAhc7m6cU4x/QfxwRYhIVNhJf+sKVThkQhbJ9XxuK
+k3c18wymwL1mpDD0PIGJqlssMeiuJ4IzagFbgESGNDUd4icm0hQT8CmQeUm1GbWe
+BYseqPhMQX97QFBLXJLVy2SCyoAz7Bq1qA43++EcibN+yBc1nQs2Zoq8ck9MK0bC
+xDMeUkQUz6VeQGp69ImOQrsw46qTz0mtdQrMSbnkXCuLan5dPm284J9HmaqiYi6j
+6KLcZ2NkUnDQFesBVlMEm+fHa2iR6lnAFYZ06UECAwEAAaOCAgowggIGMB8GA1Ud
+IwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMB0GA1UdDgQWBBSzq4i8mdVipIUq
+CM20HXI7g3JHUTAOBgNVHQ8BAf8EBAMCAQYwdwYDVR0gBHAwbjAIBgYEAI96AQIw
+CQYHBACL7EABAjAwBgkrBgEEAc4fAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93
+d3cuc2suZWUvQ1BTMAsGCSsGAQQBzh8BAjALBgkrBgEEAc4fAQMwCwYJKwYBBAHO
+HwEEMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAA
+AAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCcGA1Ud
+JQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEE
+cDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcw
+AoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRy
+ZV9Sb290X0NBLmRlci5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5z
+ay5lZS9yZXBvc2l0b3J5L2NybHMvZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQEMBQAD
+ggEBAHRWDGI3P00r2sOnlvLHKk9eE7X93eT+4e5TeaQsOpE5zQRUTtshxN8Bnx2T
+oQ9rgi18q+MwXm2f0mrGakYYG0bix7ZgDQvCMD/kuRYmwLGdfsTXwh8KuL6uSHF+
+U/ZTss6qG7mxCHG9YvebkN5Yj/rYRvZ9/uJ9rieByxw4wo7b19p22PXkAkXP5y3+
+qK/Oet98lqwI97kJhiS2zxFYRk+dXbazmoVHnozYKmsZaSUvoYNNH19tpS7BLdsg
+i9KpbvQLb5ywIMq9ut3+b2Xvzq8yzmHMFtLIJ6Afu1jJpqD82BUAFcvi5vhnP8M7
+b974R18WCOpgNQvXDI+2/8ZINeU=
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/TEST_of_EE_Certification_Centre_Root_CA.pem.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCAvugAwIBAgIQc/jtqiMEFERMtVvsSsH7sjANBgkqhkiG9w0BAQUFADB9
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290
+IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIhgPMjAxMDEwMDcxMjM0NTZa
+GA8yMDMwMTIxNzIzNTk1OVowfTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNl
+cnRpZml0c2VlcmltaXNrZXNrdXMxMDAuBgNVBAMMJ1RFU1Qgb2YgRUUgQ2VydGlm
+aWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gGpqCtDmNNEHUjC8LXq
+xRdC1kpjDgkzOTxQynzDxw/xCjy5hhyG3xX4RPrW9Z6k5ZNTNS+xzrZgQ9m5U6uM
+ywYpx3F3DVgbdQLd8DsLmuVOz02k/TwoRt1uP6xtV9qG0HsGvN81q3HvPR/zKtA7
+MmNZuwuDFQwsguKgDR2Jfk44eKmLfyzvh+Xe6Cr5+zRnsVYwMA9bgBaOZMv1TwTT
+VNi9H1ltK32Z+IhUX8W5f2qVP33R1wWCKapK1qTX/baXFsBJj++F8I8R6+gSyC3D
+kV5N/pOlWPzZYx+kHRkRe/oddURA9InJwojbnsH+zJOa2VrNKakNv2HnuYCIonzu
+pwIDAQABo4GKMIGHMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBS1NAqdpS8QxechDr7EsWVHGwN2/jBFBgNVHSUEPjA8BggrBgEFBQcD
+AgYIKwYBBQUHAwEGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUF
+BwMJMA0GCSqGSIb3DQEBBQUAA4IBAQAj72VtxIw6p5lqeNmWoQ48j8HnUBM+6mI0
+I+VkQr0EfQhfmQ5KFaZwnIqxWrEPaxRjYwV0xKa1AixVpFOb1j+XuVmgf7khxXTy
+Bmd8JRLwl7teCkD1SDnU/yHmwY7MV9FbFBd+5XK4teHVvEVRsJ1oFwgcxVhyoviR
+SnbIPaOvk+0nxKClrlS6NW5TWZ+yG55z8OCESHaL6JcimkLFjRjSsQDWIEtDvP4S
+tH3vIMUPPiKdiNkGjVLSdChwkW3z+m0EvAjyD9rnGCmjeEm5diLFu7VMNVqupsbZ
+SfDzzBLc5+6TqgQTOG7GaZk2diMkn03iLdHGFrh8ML+mXG9SjEPI
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/TEST_of_ESTEID-SK_2015.pem.crt

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290
+IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgP
+MjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0
+aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0G
+A1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E
+8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pL
+z8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF95
+5vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4e
+zs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh
+46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M
+3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7
+J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZ
+h5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxV
+ot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp
+6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMB
+AAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNV
+HQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1Ud
+IARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5z
+ay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8D
+AQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAA
+AAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0l
+BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEE
+fTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsG
+AQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlm
+aWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+Mmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2Eu
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPx
+AH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+
+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiR
+yPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiR
+WFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxv
+PKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T
+-----END CERTIFICATE-----

data/lib/mobile_id/locales/en.yml

@@ -0,0 +1,10 @@
+en:
+  mobile_id:
+    some_error: There was some error
+    timeout: "Mobile-ID session got timeout"
+    user_is_not_mobile_id_client: User is not Mobile-ID client.
+    user_cancelled: User cancelled the Mobile ID operation
+    signature_hash_mismatch: "Mobile-ID has signiture issue. User needs to contact his/her mobile operator."
+    phone_absent: Mobile-ID SIM not available
+    delivery_error: Mobile-ID SMS sending error.
+    sim_error: Invalid response from Mobile-ID SIM card

data/lib/mobile_id/locales/et.yml

@@ -0,0 +1,10 @@
+et:
+  mobile_id:
+    some_error: Tekkis viga
+    timeout: "Mobiil-ID sisselogimine aegus"
+    user_is_not_mobile_id_client: Kasutaja ei ole Mobiil-ID klient
+    user_cancelled: Kasutaja katkestas Mobiil-ID sisselogimise.
+    signature_hash_mismatch: "Mobiil-ID digiallkiri on vigane. Palun pöörduge oma mobiilioperaatori poole."
+    phone_absent: Kasutaja telefon ei asu levipiirkonnas või on välja lülitatud.
+    delivery_error: Mobiil-ID SMS saatmisel tekkis viga.
+    sim_error: Mobiil-ID telefoni SIM viga.

data/lib/mobile_id/locales/ru.yml

@@ -0,0 +1,10 @@
+ru:
+  mobile_id:
+    some_error: Была некоторая ошибка
+    timeout: "Mobile-ID session got timeout"
+    user_is_not_mobile_id_client: User is not Mobile-ID client.
+    user_cancelled: User cancelled the Mobile ID operation
+    signature_hash_mismatch: "Mobile-ID has signiture issue. User needs to contact his/her mobile operator."
+    phone_absent: Mobile-ID SIM not available
+    delivery_error: Mobile-ID SMS sending error.
+    sim_error: Invalid response from Mobile-ID SIM card

data/lib/mobile_id/railtie.rb

@@ -0,0 +1,13 @@
+require 'rails'
+
+module MobileId
+  class Railtie < ::Rails::Railtie #:nodoc:
+    initializer 'mobile_id' do |app|
+      DeviseI18n::Railtie.instance_eval do
+        (app.config.i18n.available_locales & MobileId::LOCALES).each do |loc|
+          I18n.load_path << File.expand_path("locales/#{loc}.yml", __dir__)
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mobile_id
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.6
 platform: ruby
 authors:
 - Priit Tark
@@ -94,13 +94,26 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Estonia Mobile ID authentication, more info at https://www.id.ee/en/
+description: Estonia Mobile ID authentication
 email: priit@gitlab.eu
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- MIT-LICENSE
+- README.md
 - lib/mobile_id.rb
+- lib/mobile_id/auth.rb
+- lib/mobile_id/cert.rb
+- lib/mobile_id/certs/EE_Certification_Centre_Root_CA.pem.crt
+- lib/mobile_id/certs/ESTEID-SK_2015.pem.crt
+- lib/mobile_id/certs/TEST_of_EE_Certification_Centre_Root_CA.pem.crt
+- lib/mobile_id/certs/TEST_of_ESTEID-SK_2015.pem.crt
+- lib/mobile_id/locales/en.yml
+- lib/mobile_id/locales/et.yml
+- lib/mobile_id/locales/ru.yml
+- lib/mobile_id/railtie.rb
 homepage: https://github.com/gitlabeu/mobile_id
 licenses:
 - MIT