nemid 0.1.0

data/lib/nemid/authentication/response.rb

@@ -0,0 +1,93 @@
+module NemID
+  module Authentication
+    class Response
+      PID_REGEX = /\APID:([0-9-]+)\Z/.freeze
+      RID_REGEX = /\ARID:([0-9-]+)\Z/.freeze
+
+      def initialize(string)
+        if string.match?(/\A[A-Za-z0-9+\/\r\n]+={0,2}\z/)
+          decoded_string = Base64.decode64(string)
+          if decoded_string.start_with? '<?xml'
+            @doc = NemID::XMLDSig::Document.new(decoded_string)
+          else
+            raise error(decoded_string)
+          end
+        elsif string.start_with? '<?xml'
+          @doc = NemID::XMLDSig::Document.new(string)
+        else
+          raise NemID::Errors::ResponseError
+        end
+      end
+
+      def extract_pid
+        if has_pid?
+          serial_number.match(PID_REGEX)[1]
+        end
+      end
+
+      def extract_rid
+        if has_rid?
+          serial_number.match(RID_REGEX)[1]
+        end
+      end
+
+      def extract_pid_or_rid
+        serial_number
+      end
+
+      def has_pid?
+        serial_number.match?(PID_REGEX)
+      end
+
+      def has_rid?
+        serial_number.match?(RID_REGEX)
+      end
+
+      def user_certificate_expired?
+        @doc.user_certificate_expired?
+      end
+
+      def user_certificate_revoked?
+        @doc.user_certificate_revoked?
+      end
+
+      def valid_certificate_chain?
+        @doc.validate_certificate_chain
+      end
+
+      def validate_response
+        raise NemID::Errors::InvalidSignature if not valid_signature?
+        raise NemID::Errors::InvalidCertificateChain if not valid_certificate_chain?
+        raise NemID::Errors::UserCertificateExpired if user_certificate_expired?
+        raise NemID::Errors::UserCertificateRevoked if user_certificate_revoked?
+
+        true
+      end
+      
+      def valid_signature?
+        @doc.validate_signature
+      end
+
+      private
+      def class_exists?(class_name)
+        klass = Module.const_get(class_name)
+        return klass.is_a?(Class)
+      rescue NameError
+        return false
+      end
+
+      def error(str)
+        klass = "NemID::Errors::#{str}Error"
+        if class_exists?(klass)
+          return eval(klass) 
+        else
+          return NemID::Errors::ResponseError
+        end
+      end
+
+      def serial_number
+        @serial_number ||= @doc.extract_pid_or_rid
+      end
+    end
+  end
+end

data/lib/nemid/crypto.rb

@@ -0,0 +1,53 @@
+require 'openssl'
+
+module NemID
+ class Crypto
+
+  def initialize(certificate, pass)
+    certificate = read_file(certificate)
+    @pkcs12 = read_pkcs12(certificate, pass)
+    @rsa_instance = rsa_keypair(@pkcs12, pass)
+  end
+
+  def base64_encoded_der_representation
+    Base64.strict_encode64(@pkcs12.certificate.to_der)
+  end
+
+  def base64_encoded_digest_representation(data)
+    Base64.strict_encode64(digest(data))
+  end
+
+  def base64_encoded_rsa_signature(data)
+    Base64.strict_encode64(sign(data))
+  end
+
+  def get_certificate
+    @pkcs12.certificate
+  end
+
+  def get_key
+    @pkcs12.key
+  end
+  
+  private
+  def digest(data)
+    OpenSSL::Digest::SHA256.new.digest(data)
+  end
+
+  def read_file(certificate)
+    File.read(certificate)
+  end
+
+  def read_pkcs12(certificate, pass)
+    OpenSSL::PKCS12::new(certificate, pass)
+  end
+
+  def rsa_keypair(pkcs12, passphrase)
+    OpenSSL::PKey::RSA.new(pkcs12.key, passphrase)
+  end
+
+  def sign(data)
+    @rsa_instance.sign(OpenSSL::Digest::SHA256.new, data)
+  end
+ end
+end

data/lib/nemid/errors.rb

@@ -0,0 +1,17 @@
+module NemID
+  module Errors
+    class ResponseError < StandardError
+      attr_reader :da, :en
+    end
+  end
+end
+
+require_relative "errors/app"
+require_relative "errors/auth"
+require_relative "errors/can"
+require_relative "errors/capp"
+require_relative "errors/lib"
+require_relative "errors/lock"
+require_relative "errors/oces"
+require_relative "errors/srv"
+require_relative "errors/validation"

data/lib/nemid/errors/app.rb

@@ -0,0 +1,49 @@
+module NemID
+  module Errors
+    class APPError < ResponseError
+      def initialize(msg='', sp='support')
+        @da = "Der er opstået en teknisk fejl. Forsøg igen. Kontakt #{sp}, hvis " \
+        "problemet fortsætter."
+        @en = "A technical error has occurred. Please try again. Contact #{sp} if " \
+        "the problem persists"
+        super(msg)
+      end
+    end
+    
+    class APP001Error < APPError
+      def initialize(msg="Fix the integration issue. [JS Client: See tool at " \
+        "/developers/validateparameters.jsp]")
+        super
+      end
+    end
+
+    class APP002Error < APPError
+      def initialize(msg="Correct the sign text. [JS Client: See tool at " \
+        "/developers/signtextviewer.jsp]")
+        super
+      end
+    end
+
+    class APP003Error < APPError; end 
+
+    class APP004Error < APPError; end
+
+    class APP007Error < APPError
+      def initialize(msg="Fix the integration issue. [JS Client: See tool at " \
+        "/developers/validateparameters.jsp]")
+        super
+      end
+    end      
+
+    class APP008Error < APPError
+      def initialize(msg="Fix the integration issue. [JS Client: See tool at " \
+        "/developers/validateparameters.jsp]")
+        super
+      end
+    end
+
+    class APP009Error < APPError; end
+
+    class APP010Error < APPError; end
+  end
+end

data/lib/nemid/errors/auth.rb

@@ -0,0 +1,180 @@
+module NemID
+  module Errors
+    class AUTHError < ResponseError
+      DA_SUPPORT_URL = '[https://www.nemid.nu/dk-da/support/faa_hjaelp_til_nemid/kontakt/]'
+      EN_SUPPORT_URL = '[https://www.nemid.nu/dk-en/support/contact/]'
+      
+      def initialize(msg="The service provider is recommended to refer the user " \
+        "to NemID support.")  
+        super(msg)
+      end
+    end
+    
+    class AUTH001Error < AUTHError
+      def initialize
+        @da = "Dit NemID er spærret. Kontakt NemID support " \
+        "#{DA_SUPPORT_URL}."
+        @en = "Your NemID is blocked. Please contact NemID support. " \
+        "#{EN_SUPPORT_URL}"
+        super
+      end
+    end
+
+    class AUTH003Error < AUTHError
+      def initialize(msg='')
+        @da = "Login er gennemført korrekt, men du har ikke en bankaftale. " \
+        "Kontakt din bank for at høre nærmere."
+        @en = "Login succeeded but you have no bank agreement. Please contact " \
+        "your bank for more details"
+        super
+      end
+    end
+
+    class AUTH004Error < AUTHError
+      def initialize
+        @da = "Dit NemID er midlertidigt låst i 8 timer og du kan ikke logge på " \
+        "før spærringen er ophævet"
+        @en = "Your NemID is temporarily locked and you cannot log on until the " \
+        "8 hour time lock has been lifted."
+        super
+      end
+    end
+
+    class AUTH005Error < AUTHError
+      def initialize
+        @da = "Dit NemID er spærret. Kontakt NemID support " \
+        "#{DA_SUPPORT_URL}."
+        @en = "Your NemID has been blocked. Please contact NemID support. " \
+        "#{EN_SUPPORT_URL}"
+        super
+      end
+    end
+    
+    class AUTH006Error < AUTHError
+      def initialize
+        @da =  "Du har brugt alle nøgler på nøglekortet. " \
+        "Du kan bestille et nyt på siden Mistet nøglekort. " \
+        "[https://service.nemid.nu/dk-da/nemid/noeglekort/mistet_noeglekort/]"
+        @en = "You have used all the codes on your code card. " \
+        "You can order a new code card on the Lost code card page. " \
+        "[https://service.nemid.nu/dk-en/nemid/code_cards/lost_code_card/]"
+        super
+      end
+    end      
+
+    class AUTH007Error < AUTHError
+      def initialize
+        @da = "Din NemID-adgangskode er spærret på grund af for mange fejlede forsøg. " \
+        "Kontakt NemID support #{DA_SUPPORT_URL}."
+        @en = "Your NemID password is blocked due to too many failed password attempts. " \
+        "Please contact NemID support. #{EN_SUPPORT_URL}"
+        super
+      end
+    end
+
+    class AUTH008Error < AUTHError
+      def initialize
+        @da = "Dit NemID er ikke aktivt og du skal bestille en ny midlertidig " \
+        "adgangskode til aktivering hos support. Ring til NemID support " \
+        "#{DA_SUPPORT_URL}."
+        @en = "Your NemID is not active and you need support to issue a new " \
+        "activation password to activate. Please call NemID support. " \
+        "#{EN_SUPPORT_URL}"
+        super
+      end
+    end
+
+    class AUTH009Error < AUTHError
+      def initialize(msg="The service provider is advised to perform a reload of " \
+        "the client so the user can re-authenticate and try again. Also, if the " \
+        "problem persists, refer to Support")
+        @da = "Der er opstået en teknisk fejl. Forsøg igen."
+        @en = "A technical error has occurred. Please try again."
+        super(msg)
+      end
+    end
+
+    class AUTH010Error < AUTHError
+      def initialize(msg="The service provider is advised to perform a reload of " \
+        "the client so the user can re-authenticate and try again.")
+        @da = "Der er opstået en teknisk fejl. Tjek at kun ét NemID login er " \
+        "aktivt og forsøg igen."
+        @en = "A technical error has occurred. Please try again, and ensure that " \
+        "only one NemID login is running."
+        super(msg)
+      end
+    end
+
+    class AUTH011Error < AUTHError
+      def initialize(msg='')
+        @da = "NemID på mobil understøtter ikke brug af midlertidig adgangskode. " \
+        "Kontakt NemID support for atfå en ny kode udstedt. " \
+        "#{DA_SUPPORT_URL}" \
+        "Prøv derefter igen."
+        @en = "NemID login on mobile does not support authentication using a " \
+        "temporary password. Please contact NemID support to have a new temporary " \
+        "password issued. #{EN_SUPPORT_URL} " \
+        "Thereafter, please try again."
+        super
+      end
+    end
+
+    class AUTH012Error < AUTHError
+      def initialize(msg="The service provider is advised to perform a reload of " \
+        "the client so the user can re-authenticate and try again")
+        @da = "Der er opstået en teknisk fejl. Forsøg igen."
+        @en = "A technical error has occurred. Please try again."
+        super
+      end
+    end
+
+    class AUTH013Error < AUTHError
+      def initialize(msg="The service provider is advised to perform a reload of " \
+        "the client so the user can re-authenticate using regular 2-factor authentication.")
+        @da = "Der er opstået en teknisk fejl. Forsøg igen."
+        @en = "A technical error has occurred. Please try again."
+        super
+      end
+    end
+
+    class AUTH017Error < AUTHError
+      def initialize(msg="Consider displaying information suggesting how to avoid " \
+        "known environmental problems.")
+        @da = "En teknisk fejl i browseren gør at NemID ikke kan starte. Forsøg " \
+        "at slå unødige plug-ins fra, eller prøv igen med en anden browser."
+        @en = "Something in the browser environment has caused NemID to stop " \
+        "working. This could be because of an incompatible plug-in, too " \
+        "restrictive privacy settings or other environment factors. " \
+        "Please try deactivating plugins, resetting your browser settings " \
+        "or try using a different browser."
+        super
+      end
+    end
+
+    class AUTH018Error < AUTHError
+      def initialize(msg='')
+        @da = "Din nøgleapp er spærret. For at bruge den igen skal den genaktiveres."
+        @en = "Your code app is revoked. To use it again please reactivate it."
+        super
+      end
+    end
+
+    class AUTH019Error < AUTHError
+      def initialize(msg='')
+        @da = "Det er ikke muligt at logge ind med nøglekort, brug anden løsning " \
+        "nøgleapp eller nøgleviser."
+        @en = "It is not possible to login with a code card, please use a code app " \
+        "or code token."
+        super
+      end
+    end
+
+    class AUTH020Error < AUTHError
+      def initialize(msg='Retry with 2-factor login for user.')
+        @da = "Kunne ikke logge ind med 1-faktor, prøv med 2-faktor login."
+        @en = "Unable to login with 1-factor, please try with 2-factor login"
+        super
+      end
+    end
+  end
+end

data/lib/nemid/errors/can.rb

@@ -0,0 +1,97 @@
+module NemID
+  module Errors
+    class CANError < ResponseError
+      def initialize(msg='') 
+        super(msg)
+      end
+    end
+
+    class CAN001Error < CANError
+      def initialize(msg="Redirect the user to a sensible place, taking into " \
+        "account where the user is in the flow.")
+        @da = "Du har afbrudt aktiveringen efter du har brugt den midlertidige adgangskode. " \
+        "Din midlertidige adgangskode er ikke længere gyldig, og du skal bestille " \
+        "en ny midlertidig adgangskode, før du kan aktivere og bruge NemID. " \
+        "Den nye, midlertidige adgangskode kan du bestille via NemID-support " \
+        "[https://www.nemid.nu/dk-da/support/faa_hjaelp_til_nemid/kontakt/]."
+        @en = "You have cancelled the activation of NemID after submitting the activation password. " \
+        "Your activation password is no longer valid, and you must request a new " \
+        "activation password before you can activate and use NemID. " \
+        "You can order your new activation password via NemID Support " \
+        "[https://www.nemid.nu/dk-en/support/contact/]"
+        super
+      end
+    end
+
+    class CAN002Error < CANError
+      def initialize(msg="The service provider must send the user to a sensible " \
+        "place, taking into account where the user is in the flow.")
+        @da = "Du har afbrudt login."
+        @en = "You have cancelled login."
+        super
+      end
+    end
+
+    class CAN003Error < CANError
+      def initialize
+        @da = "Forbindelsen til applikationen er timet ud eller er blevet " \
+        "afbrudt af en anden app. Forsøg igen."
+        @en = "The connection to the application has timed out or has been " \
+        "interrupted by another app. Please try again."
+        super
+      end
+    end
+
+    class CAN004Error < CANError
+      def initialize
+        @da = "Sessionen er afbrudt. Forsøg igen."
+        @en = "The session is cancelled. Please try again."
+        super
+      end
+    end
+
+    class CAN005Error < CANError
+      def initialize
+        @da = "Det tog for lang tid, før du godkendte den anmodning, du havde " \
+        "sendt til din nøgleapp"
+        @en = "You took too long to authenticate the request you had sent to " \
+        "your code app."
+        super
+      end
+    end
+
+    class CAN006Error < CANError
+      def initialize
+        @da = "Du kan højst have ##MAXACTIVENMAS## aktive nøgleapps ad gangen. " \
+        "Hvis du vil aktivere en ny nøgleapp, skal du først spærre en af dine " \
+        "nuværende på nemid.nu eller ved at kontakte NemID support eller din bank"
+        @en = "The maximum number of active code apps you can have at any time " \
+        "is ##MAXACTIVENMAS##. If you wish to activate another code app, you must " \
+        "first block one of your current code apps at nemid.nu or by contacting NemID " \
+        "Support or your bank."
+        super
+      end
+    end
+
+    class CAN007Error < CANError
+      def initialize
+        @da = "Du har afvist din anmodning om godkendelse i din nøgleapp. Hvis " \
+        "det var en fejl, kan du sende en ny anmodning, når du har afsluttet ved " \
+        "at klikke på \"Ok\"."
+        @en = "You rejected your code app authentication request. If this was " \
+        "incorrect, you can submit a new request after clicking \"OK\" to finish."
+        super
+      end
+    end
+
+    class CAN008Error < CANError
+      def initialize(msg="User should be notified and could have a choice to restart transaction")
+        @da = "Du har sendt en ny anmodning til godkendelse i din nøgleapp, som " \
+        "overskriver en eksisterende."
+        @en = "You sent a new authentication request to your code app overwriting " \
+        "an existing one."
+        super
+      end
+    end
+  end
+end