mobile_id 0.0.5 → 0.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/lib/mobile_id/auth.rb +5 -5
- data/lib/mobile_id/cert.rb +20 -11
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 767c9aaf0c78977780884eddd2fbe57198997c3db605953bf1b908f520ae4629
|
4
|
+
data.tar.gz: babe39c29111e4b2255e35f2687692ce4c9c4d7a13c4d80f6ebd85962f80165d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ee9c28389f3b3c06de013c6dc637a3a3bbd5411303dd65dbe92fdf2b0bd468b3a8403b5734338ce78879f13b73262497315945b9f443c09eb15c55679ac8c595
|
7
|
+
data.tar.gz: e76de10eac908181f628d30728f24378306df13aff38a4da086735c2f84e78f2d8373c20b55a5f74fe3f6c8ca6adca2bfd4ab3e638de50f313b40a6d08c8108b
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
Release 0.0.10
|
2
|
+
* Allow live certs verification in test env
|
3
|
+
|
4
|
+
Release 0.0.9
|
5
|
+
* Fixed verification code
|
6
|
+
|
7
|
+
Release 0.0.8
|
8
|
+
* Release cleanup
|
9
|
+
|
10
|
+
Release 0.0.7
|
11
|
+
* Cert cleanup
|
12
|
+
|
13
|
+
Release 0.0.6
|
14
|
+
* Cert path fix
|
15
|
+
|
1
16
|
Release 0.0.5
|
2
17
|
* Added user certificate validation
|
3
18
|
|
data/lib/mobile_id/auth.rb
CHANGED
@@ -16,13 +16,12 @@ module MobileId
|
|
16
16
|
self.uuid = live == true ? uuid : TEST_UUID
|
17
17
|
self.name = live == true ? name : TEST_NAME
|
18
18
|
self.live = live
|
19
|
-
init_doc(SecureRandom.
|
19
|
+
init_doc(SecureRandom.hex(40))
|
20
20
|
end
|
21
21
|
|
22
22
|
def init_doc(doc)
|
23
23
|
self.doc = doc
|
24
|
-
|
25
|
-
self.hash = Digest::SHA256.base64digest(self.doc)
|
24
|
+
self.hash = Digest::SHA256.digest(doc)
|
26
25
|
end
|
27
26
|
|
28
27
|
def authenticate!(phone_calling_code: nil, phone:, personal_code:, language: nil, display_text: nil)
|
@@ -51,7 +50,7 @@ module MobileId
|
|
51
50
|
relyingPartyName: name,
|
52
51
|
phoneNumber: full_phone.to_s.strip,
|
53
52
|
nationalIdentityNumber: personal_code.to_s.strip,
|
54
|
-
hash: hash,
|
53
|
+
hash: Base64.strict_encode64(hash),
|
55
54
|
hashType: 'SHA256',
|
56
55
|
language: language,
|
57
56
|
displayText: display_text,
|
@@ -114,7 +113,8 @@ module MobileId
|
|
114
113
|
end
|
115
114
|
|
116
115
|
def verification_code
|
117
|
-
|
116
|
+
binary = hash.unpack('B*').first
|
117
|
+
"%04d" % (binary[0...6] + binary[-7..-1]).to_i(2)
|
118
118
|
end
|
119
119
|
|
120
120
|
def given_name
|
data/lib/mobile_id/cert.rb
CHANGED
@@ -4,22 +4,22 @@ module MobileId
|
|
4
4
|
class Cert
|
5
5
|
class << self
|
6
6
|
def root_path
|
7
|
-
@root_path ||=
|
7
|
+
@root_path ||= File.expand_path('certs', __dir__)
|
8
8
|
end
|
9
9
|
|
10
10
|
def live_store
|
11
11
|
@live_store ||=
|
12
12
|
build_store([
|
13
|
-
root_path
|
14
|
-
root_path
|
13
|
+
File.join(root_path, 'EE_Certification_Centre_Root_CA.pem.crt'),
|
14
|
+
File.join(root_path, 'ESTEID-SK_2015.pem.crt')
|
15
15
|
])
|
16
16
|
end
|
17
17
|
|
18
18
|
def test_store
|
19
19
|
@test_store ||=
|
20
20
|
build_store([
|
21
|
-
root_path
|
22
|
-
root_path
|
21
|
+
File.join(root_path, 'TEST_of_EE_Certification_Centre_Root_CA.pem.crt'),
|
22
|
+
File.join(root_path, 'TEST_of_ESTEID-SK_2015.pem.crt')
|
23
23
|
])
|
24
24
|
end
|
25
25
|
|
@@ -39,17 +39,26 @@ module MobileId
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def verify!(cert, live:)
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
if live == true
|
43
|
+
raise Error, 'User certificate is not valid' unless self.class.live_store.verify(cert)
|
44
|
+
else
|
45
|
+
raise Error, 'User certificate is not valid' unless self.class.test_store.verify(cert) || self.class.live_store.verify(cert)
|
46
|
+
end
|
47
|
+
|
48
|
+
raise Error, 'User certificate is not valid [check_key]' unless cert.public_key.check_key
|
45
49
|
raise Error, 'User certificate is expired' unless (cert.not_before..cert.not_after) === Time.now
|
46
50
|
|
47
51
|
true
|
48
52
|
end
|
49
53
|
|
50
|
-
def verify_signature!(
|
51
|
-
|
52
|
-
|
54
|
+
def verify_signature!(signature_base64, doc)
|
55
|
+
signature = Base64.decode64(signature_base64)
|
56
|
+
digest = OpenSSL::Digest::SHA256.new(doc)
|
57
|
+
|
58
|
+
# cert.public_key.verify(digest, signature, doc)
|
59
|
+
|
60
|
+
# TODO OpenSSL does not parse signature correctly
|
61
|
+
# OpenSSL::PKey::PKeyError: EVP_VerifyFinal: nested asn1 error
|
53
62
|
end
|
54
63
|
|
55
64
|
def given_name
|