mobile_id 0.0.11 → 0.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc57a99a52d432526c2e74e8ced2ebd7c0aaf3917e6b992cc9776ee0d881e84d
-  data.tar.gz: 364768cc2e109000fff79db3fc8df4e2595c94bf643318586c1137044af85304
+  metadata.gz: 23c0f87295e5303fe359317d68393e1c9cb50f8ba1d51030edb01f6d9aed12c9
+  data.tar.gz: 02efb290beb29fcc719fe2b9a291fbd5590426f681835949630ae977e2167055
 SHA512:
-  metadata.gz: 854a34133201695dad18b9bed17e6cebb86e0744f12502848352b440105b215e6dfce163b4a6eaa62500cfd641a35819ded5008f0bec7bf7147d45446479432d
-  data.tar.gz: 80ea7cf8136347623e7de3ad002f785e3f8f1624910af4dc27d1a615bbe2a2ed085132063c272aedf813e9e38e6926bcf2f3039debd4139068c0be7f5f165f1e
+  metadata.gz: f4223ca81fabe81ad3bacad29f1a7ea9026f797f619fb2bdd7f1ae4d1c15f931e61cb47e6dc6eb49f18b2b4293760b5fb324cddefb6c35b4b659ca2d05926e6f
+  data.tar.gz: f21c96ae471cfeff68341e19b3a83bed6ae4ba6b62262a8cb174e5f65f59bc4aeff114beb14638fad093a7ef59af0d983a42bdb29ac0bff061dae32fc95d85f2

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+Release 0.0.13
+* More test friendly init
+* More precise sert check
+
+Release 0.0.12
+* Supports session RUNNING state
+* Validate auth signature
+
 Release 0.0.11
 * Add more live SK certs
 

data/README.md

@@ -112,7 +112,8 @@ After checking out the repo, run `bundle` to install dependencies. For testing c
 ## Contributors
 
 * Priit Tark
-* Andri Möll for pointing out user signature issue
+* Andri Möll for pointing out user signature issue and cert date check
+* Juri Linkov for pointing out unpack method issue and test friendly init
 
 ## Contributing
 
@@ -120,7 +121,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/gitlab
 
 ## Roadmap
 
-* Auth signature validation
 * Document sign
 * Rails generators
 

data/lib/mobile_id/auth.rb

@@ -11,12 +11,12 @@ module MobileId
 
     attr_accessor :url, :uuid, :name, :doc, :hash, :user_cert, :live
 
-    def initialize(live:, uuid: nil, name: nil)
+    def initialize(live:, uuid: nil, name: nil, doc: nil)
       self.url = live == true ? LIVE_URL : TEST_URL
       self.uuid = live == true ? uuid : TEST_UUID
       self.name = live == true ? name : TEST_NAME
       self.live = live
-      init_doc(SecureRandom.hex(40))
+      init_doc(doc || SecureRandom.hex(40))
     end
 
     def init_doc(doc)
@@ -82,11 +82,24 @@ module MobileId
       )
     end
 
-    def long_poll!(session_id:, doc:)
+    def session_request(session_id)
       response = HTTParty.get(url + "/authentication/session/#{session_id}")
       raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response.code != 200
+      response
+    end
+
+    def long_poll!(session_id:, doc:)
+      response = nil
+
+      # Retries until RUNNING state turns to COMPLETE 
+      30.times do |i|
+        response = session_request(session_id)
+        break if response['state'] == 'COMPLETE'
+        sleep 1
+      end
+      raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response['state'] != 'COMPLETE'
 
-      if response['state'] == 'COMPLETE' && response['result'] != 'OK'
+      if response['result'] != 'OK'
         message = 
           case response['result']
           when "TIMEOUT"
@@ -104,7 +117,7 @@ module MobileId
           when "SIM_ERROR"
             I18n.t('mobile_id.sim_error')
           end
-        raise Error, message
+          raise Error, message
       end
 
       @user_cert = MobileId::Cert.new(response['cert'], live: live)

data/lib/mobile_id/cert.rb

@@ -56,7 +56,7 @@ module MobileId
       end
 
       raise Error, 'User certificate is not valid [check_key]' unless cert.public_key.check_key
-      raise Error, 'User certificate is expired' unless (cert.not_before..cert.not_after) === Time.now
+      raise Error, 'User certificate is expired' unless (cert.not_before...cert.not_after) === Time.now
 
       true
     end
@@ -65,10 +65,23 @@ module MobileId
       signature = Base64.decode64(signature_base64)
       digest = OpenSSL::Digest::SHA256.new(doc)
 
-      # cert.public_key.verify(digest, signature, doc)
+      valid =
+        begin
+          cert.public_key.verify(digest, signature, doc)
+        rescue OpenSSL::PKey::PKeyError
+          der_signature = cvc_to_der(signature) # Probably signature is CVC encoded
+          cert.public_key.verify(digest, der_signature, doc)
+        end
 
-      # TODO OpenSSL does not parse signature correctly
-      # OpenSSL::PKey::PKeyError: EVP_VerifyFinal: nested asn1 error
+      raise Error, 'We could not verify user signature' unless valid
+    end
+
+    def cvc_to_der(cvc)
+      sign_hex = cvc.unpack('H*').first
+      half = sign_hex.size / 2
+      i = [OpenSSL::ASN1::Integer.new(sign_hex[0...half].to_i(16)), OpenSSL::ASN1::Integer.new(sign_hex[half..sign_hex.size].to_i(16))]
+      seq = OpenSSL::ASN1::Sequence.new(i)
+      seq.to_der
     end
 
     def given_name

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mobile_id
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.13
 platform: ruby
 authors:
 - Priit Tark
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-22 00:00:00.000000000 Z
+date: 2020-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -143,7 +143,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: Estonia Mobile ID authentication