mobile_id 0.0.3 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d38624f18a2ecc7fc1118e8f4cbe3d02276d13a1e04a2cd224c65b63eecab66
-  data.tar.gz: 3fe078951586eca758a792918c705306f2a2058f2f63385cfe4eb18cd1455a16
+  metadata.gz: 99c9c1d9c44d00d271fa3b42aba146322950aa8bec19a149557530cbe4fc2cf8
+  data.tar.gz: 4502fa084cad790ee395600599e3babb4ae1e10d538141106bb049c855f2be6e
 SHA512:
-  metadata.gz: 68b5151f552cdc6ef5730ef3a9ed21cffed2cf18a839deb32f91039cbbabf73b47bd0aad4f2046f57b9452c395b41f23c525d35aa6935adca7f80139a32ff805
-  data.tar.gz: 8eff21fe89c9a3f6c3328e326cae799ad4c727d3545255d41c643a53702058b544ba811e2083635ba303077e57bbc7c493f1fdf1e94ba9b6dcfdf39b83fffc3c
+  metadata.gz: a032c0f18198697d25f81aec5adbddff64ecd72f4b010dabae52556ae23a379d4f35b2a469851dc1e10a9f798b378e4cd2f3e662cac7a0d3017ad68314c9403c
+  data.tar.gz: 34ec448de3a9f6c9f620ba10de1f88be4f012b4878ae55fac6f9dd74023f4d9615cd083f117bd40db860673167fda83869c3bacfb0ba95656fecca0b4d48282c

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+Release 0.0.7
+* Release cleanup
+*
+Release 0.0.7
+* Cert cleanup
+
+Release 0.0.6
+* Cert path fix
+
+Release 0.0.5
+* Added user certificate validation 
+
+Release 0.0.4
+* Refactored MobileId to MobileId::Auth
+
 Release 0.0.3
 * Gemspec update
 

data/README.md

@@ -25,8 +25,8 @@ Execute irb:
     $ bundle exec irb
     irb(main):001:0> require 'mobile_id'
     => true
-    irb(main):002:0> @mid = MobileId.new(live: false)
-    => #<MobileId:0x000055ac4cb25630 @url="https://tsp.demo.sk.ee/mid-api", @uuid="00000000-0000-0000-0000-000000000000", @name="DEMO", @hash="two+e7UMoFCAXHo8q9AnWqSC58Hhil74RowY8Gg9xQY=">
+    irb(main):002:0> @mid = MobileId::Auth.new(live: false)
+    => #<MobileId::Auth:0x000055ac4cb25630 @url="https://tsp.demo.sk.ee/mid-api", @uuid="00000000-0000-0000-0000-000000000000", @name="DEMO", @hash="two+e7UMoFCAXHo8q9AnWqSC58Hhil74RowY8Gg9xQY=">
     irb(main):003:0> auth = @mid.authenticate!(phone: '00000766', personal_code: '60001019906')
     => {"session_id"=>"34e7eff0-691b-4fad-9798-8db680587b18", "phone"=>"00000766", "phone_calling_code"=>"+372"}
     irb(main):004:0> verify = @mid.verify!(auth)
@@ -40,7 +40,7 @@ You get verified attributes: personal_code, first_name, last_name, phone, phone_
 For live usage, add your relyingPartyUUID (RPUUID) and relyingPartyName what you get from https://www.sk.ee
 
 ```ruby
-    @mid = MobileId.new(live: true, uuid: "39e7eff0-241b-4fad-2798-9db680587b20", name: 'My service name')
+    @mid = MobileId::Auth.new(live: true, uuid: "39e7eff0-241b-4fad-2798-9db680587b20", name: 'My service name')
 ```
 
 Rails with Devise example controller:
@@ -109,12 +109,18 @@ end
 
 After checking out the repo, run `bundle` to install dependencies. For testing code, run `rspec`
 
+## Contributors
+
+* Priit Tark
+* Andri Möll for pointing out user signature issue
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/gitlabeu/mobile_id
 
 ## Roadmap
 
+* Auth signature validation
 * Document sign
 * Rails generators
 

data/lib/mobile_id.rb

@@ -11,151 +11,11 @@ else
   I18n.load_path << Dir[File.expand_path("lib/mobile_id/locales") + "/*.yml"]
 end
 
-class MobileId
+module MobileId
   class Error < StandardError; end
 
-  # API documentation https://github.com/SK-EID/MID
-  LIVE_URL = "https://mid.sk.ee/mid-api"
-  TEST_URL = "https://tsp.demo.sk.ee/mid-api"
-
-  TEST_UUID  = "00000000-0000-0000-0000-000000000000"
-  TEST_NAME  = "DEMO"
-
-  attr_accessor :url, :uuid, :name, :hash, :cert, :cert_subject
-
-  def initialize(live:, uuid: nil, name: nil)
-    self.url = live == true ? LIVE_URL : TEST_URL
-    self.uuid = live == true ? uuid : TEST_UUID
-    self.name = live == true ? name : TEST_NAME
-    self.hash = Digest::SHA256.base64digest(SecureRandom.uuid)
-  end
-
-  def authenticate!(phone_calling_code: nil, phone:, personal_code:, language: nil, display_text: nil)
-    phone_calling_code ||= '+372'
-    full_phone = "#{phone_calling_code}#{phone}"
-    language ||= 
-      case I18n.locale
-      when :et
-        display_text ||= 'Autentimine' 
-        'EST'
-      when :ru
-        display_text ||= 'Аутентификация' 
-        'RUS'
-      else
-        display_text ||= 'Authentication' 
-        'ENG'
-      end
-    
-    options = {
-      headers: {
-        "Content-Type": "application/json"
-      },
-      query: {},
-      body: {
-        relyingPartyUUID: uuid,
-        relyingPartyName: name,
-        phoneNumber: full_phone.to_s.strip,
-        nationalIdentityNumber: personal_code.to_s.strip,
-        hash: hash,
-        hashType: 'SHA256',
-        language: language,
-        displayText: display_text,
-        displayTextFormat: 'GSM-7' # or "UCS-2”
-      }.to_json
-    }
-
-    response = HTTParty.post(url + '/authentication', options)
-    raise Error, "#{I18n.t('mobile_id.some_error')} #{response}" unless response.code == 200
-
-    ActiveSupport::HashWithIndifferentAccess.new(
-      session_id: response['sessionID'],
-      phone: phone,
-      phone_calling_code: phone_calling_code
-    )
-  end
-
-  def verify!(auth)
-    long_poll!(session_id: auth['session_id'])
-
-    ActiveSupport::HashWithIndifferentAccess.new(
-      personal_code: personal_code,
-      first_name: first_name,
-      last_name: last_name,
-      phone: auth['phone'],
-      phone_calling_code: auth['phone_calling_code'],
-      auth_provider: 'mobileid' # User::MOBILEID
-    )
-  end
-
-  def long_poll!(session_id:)
-    response = HTTParty.get(url + "/authentication/session/#{session_id}")
-    raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response.code != 200
-
-    if response['state'] == 'COMPLETE' && response['result'] != 'OK'
-      message = 
-        case response['result']
-        when "TIMEOUT"
-          I18n.t('mobile_id.timeout')
-        when "NOT_MID_CLIENT"
-          I18n.t('mobile_id.user_is_not_mobile_id_client')
-        when "USER_CANCELLED"
-          I18n.t('mobile_id.user_cancelled')
-        when "SIGNATURE_HASH_MISMATCH"
-          I18n.t('mobile_id.signature_hash_mismatch')
-        when "PHONE_ABSENT"
-          I18n.t('mobile_id.phone_absent')
-        when "DELIVERY_ERROR"
-          I18n.t('mobile_id.delivery_error')
-        when "SIM_ERROR"
-          I18n.t('mobile_id.sim_error')
-        end
-      raise Error, message
-    end
-
-    self.cert = OpenSSL::X509::Certificate.new(Base64.decode64(response['cert']))
-    self.cert_subject = build_cert_subject
-    cert
-  end
-
-  def verification_code
-    format("%04d", (Digest::SHA2.new(256).digest(Base64.decode64(hash))[-2..-1].unpack1('n') % 10000))
-  end
-
-  def given_name
-    cert_subject["GN"].tr(",", " ")
-  end
-  alias first_name given_name
-
-  def surname
-    cert_subject["SN"].tr(",", " ")
-  end
-  alias last_name surname
-  
-  def country
-    cert_subject["C"].tr(",", " ")
-  end
-
-  def common_name
-    cert_subject["CN"]
-  end
-
-  def organizational_unit
-    cert_subject["OU"]
-  end
-
-  def serial_number
-    cert_subject["serialNumber"]
-  end
-  alias personal_code serial_number
-
-  private
-
-  def build_cert_subject
-    self.cert_subject = cert.subject.to_utf8.split(/(?<!\\)\,+/).each_with_object({}) do |c, result|
-      next unless c.include?("=")
-
-      key, val = c.split("=")
-      result[key] = val
-    end
-  end
+  LOCALES = [:en, :et, :ru]
 end
+
+require 'mobile_id/cert'
+require 'mobile_id/auth'

data/lib/mobile_id/auth.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+module MobileId
+  class Auth
+    # API documentation https://github.com/SK-EID/MID
+    LIVE_URL = "https://mid.sk.ee/mid-api"
+    TEST_URL = "https://tsp.demo.sk.ee/mid-api"
+
+    TEST_UUID  = "00000000-0000-0000-0000-000000000000"
+    TEST_NAME  = "DEMO"
+
+    attr_accessor :url, :uuid, :name, :doc, :hash, :user_cert, :live
+
+    def initialize(live:, uuid: nil, name: nil)
+      self.url = live == true ? LIVE_URL : TEST_URL
+      self.uuid = live == true ? uuid : TEST_UUID
+      self.name = live == true ? name : TEST_NAME
+      self.live = live
+      init_doc(SecureRandom.uuid)
+    end
+
+    def init_doc(doc)
+      self.doc = doc
+
+      self.hash = Digest::SHA256.base64digest(self.doc)
+    end
+
+    def authenticate!(phone_calling_code: nil, phone:, personal_code:, language: nil, display_text: nil)
+      phone_calling_code ||= '+372'
+      full_phone = "#{phone_calling_code}#{phone}"
+      language ||= 
+        case I18n.locale
+        when :et
+          display_text ||= 'Autentimine' 
+          'EST'
+        when :ru
+          display_text ||= 'Аутентификация' 
+          'RUS'
+        else
+          display_text ||= 'Authentication' 
+          'ENG'
+        end
+      
+      options = {
+        headers: {
+          "Content-Type": "application/json"
+        },
+        query: {},
+        body: {
+          relyingPartyUUID: uuid,
+          relyingPartyName: name,
+          phoneNumber: full_phone.to_s.strip,
+          nationalIdentityNumber: personal_code.to_s.strip,
+          hash: hash,
+          hashType: 'SHA256',
+          language: language,
+          displayText: display_text,
+          displayTextFormat: 'GSM-7' # or "UCS-2”
+        }.to_json
+      }
+
+      response = HTTParty.post(url + '/authentication', options)
+      raise Error, "#{I18n.t('mobile_id.some_error')} #{response}" unless response.code == 200
+
+      ActiveSupport::HashWithIndifferentAccess.new(
+        session_id: response['sessionID'],
+        phone: phone,
+        phone_calling_code: phone_calling_code,
+        doc: doc
+      )
+    end
+
+    def verify!(auth)
+      long_poll!(session_id: auth['session_id'], doc: auth['doc'])
+
+      ActiveSupport::HashWithIndifferentAccess.new(
+        personal_code: personal_code,
+        first_name: first_name,
+        last_name: last_name,
+        phone: auth['phone'],
+        phone_calling_code: auth['phone_calling_code'],
+        auth_provider: 'mobileid' # User::MOBILEID
+      )
+    end
+
+    def long_poll!(session_id:, doc:)
+      response = HTTParty.get(url + "/authentication/session/#{session_id}")
+      raise Error, "#{I18n.t('mobile_id.some_error')} #{response.code} #{response}" if response.code != 200
+
+      if response['state'] == 'COMPLETE' && response['result'] != 'OK'
+        message = 
+          case response['result']
+          when "TIMEOUT"
+            I18n.t('mobile_id.timeout')
+          when "NOT_MID_CLIENT"
+            I18n.t('mobile_id.user_is_not_mobile_id_client')
+          when "USER_CANCELLED"
+            I18n.t('mobile_id.user_cancelled')
+          when "SIGNATURE_HASH_MISMATCH"
+            I18n.t('mobile_id.signature_hash_mismatch')
+          when "PHONE_ABSENT"
+            I18n.t('mobile_id.phone_absent')
+          when "DELIVERY_ERROR"
+            I18n.t('mobile_id.delivery_error')
+          when "SIM_ERROR"
+            I18n.t('mobile_id.sim_error')
+          end
+        raise Error, message
+      end
+
+      @user_cert = MobileId::Cert.new(response['cert'], live: live)
+      @user_cert.verify_signature!(response['signature']['value'], doc)
+      self.user_cert = @user_cert
+    end
+
+    def verification_code
+      format("%04d", (Digest::SHA2.new(256).digest(Base64.decode64(hash))[-2..-1].unpack1('n') % 10000))
+    end
+
+    def given_name
+      user_cert.given_name
+    end
+    alias first_name given_name
+
+    def surname
+      user_cert.surname
+    end
+    alias last_name surname
+    
+    def country
+      user_cert.country
+    end
+
+    def common_name
+      user_cert.common_name
+    end
+
+    def organizational_unit
+      user_cert.organizational_unit
+    end
+
+    def serial_number
+      user_cert.serial_number
+    end
+    alias personal_code serial_number
+  end
+end

data/lib/mobile_id/cert.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+module MobileId
+  class Cert
+    class << self
+      def root_path
+        @root_path ||= File.expand_path('certs', __dir__)
+      end
+
+      def live_store
+        @live_store ||= 
+          build_store([
+            File.join(root_path, 'EE_Certification_Centre_Root_CA.pem.crt'),
+            File.join(root_path, 'ESTEID-SK_2015.pem.crt')
+          ])
+      end
+
+      def test_store
+        @test_store ||= 
+          build_store([
+            File.join(root_path, 'TEST_of_EE_Certification_Centre_Root_CA.pem.crt'),
+            File.join(root_path, 'TEST_of_ESTEID-SK_2015.pem.crt')
+          ])
+      end
+
+      def build_store(paths)
+        store = OpenSSL::X509::Store.new
+        paths.each { |path| cert = OpenSSL::X509::Certificate.new(File.read(path)); store.add_cert(cert) }
+        store
+      end
+    end
+
+    attr_accessor :cert, :subject
+
+    def initialize(base64_cert, live:)
+      self.cert = OpenSSL::X509::Certificate.new(Base64.decode64(base64_cert))
+      verify!(self.cert, live: live)
+      build_cert_subject
+    end
+
+    def verify!(cert, live:)
+      store = live == true ? self.class.live_store : self.class.test_store
+      raise Error, 'User certificate is not valid' unless store.verify(cert)
+      raise Error, 'User certificate is not valid' unless cert.public_key.check_key
+      raise Error, 'User certificate is expired' unless (cert.not_before..cert.not_after) === Time.now
+
+      true
+    end
+
+    def verify_signature!(signature, doc)
+      # TODO OpenSSL does not parse signature
+      # cert.public_key.verify(OpenSSL::Digest::SHA256.new, signature, doc)
+    end
+
+    def given_name
+      subject["GN"].tr(",", " ")
+    end
+    alias first_name given_name
+
+    def surname
+      subject["SN"].tr(",", " ")
+    end
+    alias last_name surname
+    
+    def country
+      subject["C"].tr(",", " ")
+    end
+
+    def common_name
+      subject["CN"]
+    end
+
+    def organizational_unit
+      subject["OU"]
+    end
+
+    def serial_number
+      subject["serialNumber"]
+    end
+    alias personal_code serial_number
+
+    private
+
+    def build_cert_subject
+      self.subject = cert.subject.to_utf8.split(/(?<!\\)\,+/).each_with_object({}) do |c, result|
+        next unless c.include?("=")
+
+        key, val = c.split("=")
+        result[key] = val
+      end
+    end
+  end
+end

data/lib/mobile_id/certs/EE_Certification_Centre_Root_CA.pem.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG
+CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy
+MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl
+ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS
+b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy
+euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO
+bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw
+WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d
+MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE
+1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/
+zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF
+BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV
+v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG
+E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
+uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW
+iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v
+GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0=
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/ESTEID-SK_2015.pem.crt

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGcDCCBVigAwIBAgIQRUgJC4ec7yFWcqzT3mwbWzANBgkqhkiG9w0BAQwFADB1
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG
+CSqGSIb3DQEJARYJcGtpQHNrLmVlMCAXDTE1MTIxNzEyMzg0M1oYDzIwMzAxMjE3
+MjM1OTU5WjBjMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVy
+aW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxFzAVBgNVBAMMDkVT
+VEVJRC1TSyAyMDE1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0oH6
+1NDxbdW9k8nLA1qGaL4B7vydod2Ewp/STBZB3wEtIJCLdkpEsS8pXfFiRqwDVsgG
+Gbu+Q99trlb5LI7yi7rIkRov5NftBdSNPSU5rAhYPQhvZZQgOwRaHa5Ey+BaLJHm
+LqYQS9hQvQsCYyws+xVvNFUpK0pGD64iycqdMuBl/nWq3fLuZppwBh0VFltm4nhr
+/1S0R9TRJpqFUGbGr4OK/DwebQ5PjhdS40gCUNwmC7fPQ4vIH+x+TCk2aG+u3MoA
+z0IrpVWqiwzG/vxreuPPAkgXeFCeYf6fXLsGz4WivsZFbph2pMjELu6sltlBXfAG
+3fGv43t91VXicyzR/eT5dsB+zFsW1sHV+1ONPr+qzgDxCH2cmuqoZNfIIq+buob3
+eA8ee+XpJKJQr+1qGrmhggjvAhc7m6cU4x/QfxwRYhIVNhJf+sKVThkQhbJ9XxuK
+k3c18wymwL1mpDD0PIGJqlssMeiuJ4IzagFbgESGNDUd4icm0hQT8CmQeUm1GbWe
+BYseqPhMQX97QFBLXJLVy2SCyoAz7Bq1qA43++EcibN+yBc1nQs2Zoq8ck9MK0bC
+xDMeUkQUz6VeQGp69ImOQrsw46qTz0mtdQrMSbnkXCuLan5dPm284J9HmaqiYi6j
+6KLcZ2NkUnDQFesBVlMEm+fHa2iR6lnAFYZ06UECAwEAAaOCAgowggIGMB8GA1Ud
+IwQYMBaAFBLyWj7qVhy/zQas8fElyalL1BSZMB0GA1UdDgQWBBSzq4i8mdVipIUq
+CM20HXI7g3JHUTAOBgNVHQ8BAf8EBAMCAQYwdwYDVR0gBHAwbjAIBgYEAI96AQIw
+CQYHBACL7EABAjAwBgkrBgEEAc4fAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93
+d3cuc2suZWUvQ1BTMAsGCSsGAQQBzh8BAjALBgkrBgEEAc4fAQMwCwYJKwYBBAHO
+HwEEMBIGA1UdEwEB/wQIMAYBAf8CAQAwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAA
+AAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCcGA1Ud
+JQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEE
+cDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcw
+AoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRy
+ZV9Sb290X0NBLmRlci5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3d3dy5z
+ay5lZS9yZXBvc2l0b3J5L2NybHMvZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQEMBQAD
+ggEBAHRWDGI3P00r2sOnlvLHKk9eE7X93eT+4e5TeaQsOpE5zQRUTtshxN8Bnx2T
+oQ9rgi18q+MwXm2f0mrGakYYG0bix7ZgDQvCMD/kuRYmwLGdfsTXwh8KuL6uSHF+
+U/ZTss6qG7mxCHG9YvebkN5Yj/rYRvZ9/uJ9rieByxw4wo7b19p22PXkAkXP5y3+
+qK/Oet98lqwI97kJhiS2zxFYRk+dXbazmoVHnozYKmsZaSUvoYNNH19tpS7BLdsg
+i9KpbvQLb5ywIMq9ut3+b2Xvzq8yzmHMFtLIJ6Afu1jJpqD82BUAFcvi5vhnP8M7
+b974R18WCOpgNQvXDI+2/8ZINeU=
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/TEST_of_EE_Certification_Centre_Root_CA.pem.crt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCAvugAwIBAgIQc/jtqiMEFERMtVvsSsH7sjANBgkqhkiG9w0BAQUFADB9
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290
+IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIhgPMjAxMDEwMDcxMjM0NTZa
+GA8yMDMwMTIxNzIzNTk1OVowfTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNl
+cnRpZml0c2VlcmltaXNrZXNrdXMxMDAuBgNVBAMMJ1RFU1Qgb2YgRUUgQ2VydGlm
+aWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gGpqCtDmNNEHUjC8LXq
+xRdC1kpjDgkzOTxQynzDxw/xCjy5hhyG3xX4RPrW9Z6k5ZNTNS+xzrZgQ9m5U6uM
+ywYpx3F3DVgbdQLd8DsLmuVOz02k/TwoRt1uP6xtV9qG0HsGvN81q3HvPR/zKtA7
+MmNZuwuDFQwsguKgDR2Jfk44eKmLfyzvh+Xe6Cr5+zRnsVYwMA9bgBaOZMv1TwTT
+VNi9H1ltK32Z+IhUX8W5f2qVP33R1wWCKapK1qTX/baXFsBJj++F8I8R6+gSyC3D
+kV5N/pOlWPzZYx+kHRkRe/oddURA9InJwojbnsH+zJOa2VrNKakNv2HnuYCIonzu
+pwIDAQABo4GKMIGHMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBS1NAqdpS8QxechDr7EsWVHGwN2/jBFBgNVHSUEPjA8BggrBgEFBQcD
+AgYIKwYBBQUHAwEGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUF
+BwMJMA0GCSqGSIb3DQEBBQUAA4IBAQAj72VtxIw6p5lqeNmWoQ48j8HnUBM+6mI0
+I+VkQr0EfQhfmQ5KFaZwnIqxWrEPaxRjYwV0xKa1AixVpFOb1j+XuVmgf7khxXTy
+Bmd8JRLwl7teCkD1SDnU/yHmwY7MV9FbFBd+5XK4teHVvEVRsJ1oFwgcxVhyoviR
+SnbIPaOvk+0nxKClrlS6NW5TWZ+yG55z8OCESHaL6JcimkLFjRjSsQDWIEtDvP4S
+tH3vIMUPPiKdiNkGjVLSdChwkW3z+m0EvAjyD9rnGCmjeEm5diLFu7VMNVqupsbZ
+SfDzzBLc5+6TqgQTOG7GaZk2diMkn03iLdHGFrh8ML+mXG9SjEPI
+-----END CERTIFICATE-----

data/lib/mobile_id/certs/TEST_of_ESTEID-SK_2015.pem.crt

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290
+IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgP
+MjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0
+aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0G
+A1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E
+8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pL
+z8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF95
+5vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4e
+zs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh
+46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M
+3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7
+J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZ
+h5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxV
+ot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp
+6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMB
+AAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNV
+HQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1Ud
+IARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5z
+ay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8D
+AQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAA
+AAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0l
+BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEE
+fTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsG
+AQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlm
+aWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+Mmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2Eu
+Y3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPx
+AH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+
+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiR
+yPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiR
+WFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxv
+PKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T
+-----END CERTIFICATE-----

data/lib/mobile_id/railtie.rb

@@ -4,8 +4,8 @@ module MobileId
   class Railtie < ::Rails::Railtie #:nodoc:
     initializer 'mobile_id' do |app|
       DeviseI18n::Railtie.instance_eval do
-        app.config.i18n.available_locales.each do |loc|
-          I18n.load_path << Dir[File.expand_path("lib/mobile_id/locales") + "/#{loc}.yml"]
+        (app.config.i18n.available_locales & MobileId::LOCALES).each do |loc|
+          I18n.load_path << File.expand_path("locales/#{loc}.yml", __dir__)
         end
       end
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mobile_id
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.8
 platform: ruby
 authors:
 - Priit Tark
@@ -104,6 +104,12 @@ files:
 - MIT-LICENSE
 - README.md
 - lib/mobile_id.rb
+- lib/mobile_id/auth.rb
+- lib/mobile_id/cert.rb
+- lib/mobile_id/certs/EE_Certification_Centre_Root_CA.pem.crt
+- lib/mobile_id/certs/ESTEID-SK_2015.pem.crt
+- lib/mobile_id/certs/TEST_of_EE_Certification_Centre_Root_CA.pem.crt
+- lib/mobile_id/certs/TEST_of_ESTEID-SK_2015.pem.crt
 - lib/mobile_id/locales/en.yml
 - lib/mobile_id/locales/et.yml
 - lib/mobile_id/locales/ru.yml