nemid 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +52 -13
- data/lib/nemid/authentication/params.rb +2 -2
- data/lib/nemid/crypto.rb +10 -11
- data/lib/nemid/pid_cpr.rb +3 -9
- data/lib/nemid/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cfaf481277e75ca6856da3dc36e6659565bb1d8e6c7b4b7e508cae97674c989a
|
|
4
|
+
data.tar.gz: 9310faf0c65697c0ff198bf01a026d717086df156fe27f15e119ee81d45d12e6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d9a69c8e17494a32537d6341084f27b5c9a2c3011756124235198c27ff3b8f7371b83b89ffd10a9fc51ea97ad874fb29b0b85009008da7cc07f43b1ba359500
|
|
7
|
+
data.tar.gz: e5c36741e8853791830acf1e1a3e4ed29dcace861b0afdff211d589fd2a4c0e699ae3c04963c6b8242b8958c9d1d997518bc4b07df9a45a9fb4a4276556177ca
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -28,14 +28,14 @@ This gem implements the following modules:
|
|
|
28
28
|
|
|
29
29
|
- `OCSP:` use this if you want to manually perform an OCSP request.
|
|
30
30
|
|
|
31
|
-
### Authentication::
|
|
31
|
+
### Authentication::Params
|
|
32
32
|
|
|
33
|
-
Generate client initialization parameters
|
|
33
|
+
Generate client initialization parameters. See [here](https://github.com/davideluque/nemid#exporting-certificate-and-private-key) if you do not know how to get your certificate and private key in pem format.
|
|
34
34
|
|
|
35
35
|
```ruby
|
|
36
|
-
nemid = NemID::Authentication::
|
|
37
|
-
'
|
|
38
|
-
'
|
|
36
|
+
nemid = NemID::Authentication::Params.new(
|
|
37
|
+
cert: 'your_voces_certificate_in_pem_format',
|
|
38
|
+
key: 'your_private_key_in_pem_format',
|
|
39
39
|
)
|
|
40
40
|
|
|
41
41
|
nemid.client_initialization_parameters # ruby hash with signed parameters
|
|
@@ -43,7 +43,7 @@ nemid.client_initialization_parameters # ruby hash with signed parameters
|
|
|
43
43
|
|
|
44
44
|
### Authentication::Response
|
|
45
45
|
|
|
46
|
-
Parse and validate NemID response, then
|
|
46
|
+
Parse and validate NemID response, then export user information from certificate. As of this version, it is only possible to export the PID (or RID).
|
|
47
47
|
|
|
48
48
|
```ruby
|
|
49
49
|
response = NemID::Authentication::Response.new(base64_str) # Base64 string from NemID
|
|
@@ -60,7 +60,9 @@ rescue NemID::Errors::ResponseValidationError => e
|
|
|
60
60
|
puts e # Developer-friendly message, example: Signature is invalid.
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
-
# Note that response.validate_response raises exceptions instead of returning true or false, the exceptions are
|
|
63
|
+
# Note that response.validate_response raises exceptions instead of returning true or false, the exceptions are
|
|
64
|
+
# raised according to the order that the methods are invoked. The following methods perform the same validations
|
|
65
|
+
# and do not raise exceptions:
|
|
64
66
|
|
|
65
67
|
response.valid_signature? # true
|
|
66
68
|
response.valid_certificate_chain? # true
|
|
@@ -91,18 +93,18 @@ Match a PID to a CPR number.
|
|
|
91
93
|
|
|
92
94
|
```ruby
|
|
93
95
|
pid_cpr = NemID::PIDCPR.new(
|
|
94
|
-
'
|
|
95
|
-
'
|
|
96
|
-
'
|
|
96
|
+
cert: 'your_voces_certificate_in_pem_format',
|
|
97
|
+
key: 'your_private_key_in_pem_format',
|
|
98
|
+
spid: 'your_service_provider_id'
|
|
97
99
|
)
|
|
98
100
|
|
|
99
101
|
pid_cpr.match(pid: '9208-2002-2-316380231171', cpr: '2205943423')
|
|
100
102
|
|
|
101
103
|
# Expected result - success
|
|
102
|
-
|
|
104
|
+
{:cpr=>"2205943423", :pid=>"9208-2002-2-316380231171", :id=>nil, :redir_url=>nil, :status_code=>"0", :status_text_dk=>"OK", :status_text_uk=>"OK"}
|
|
103
105
|
|
|
104
|
-
# Expected result - failure
|
|
105
|
-
|
|
106
|
+
# Expected result - failure ( status_code and status_text varies on error occuring )
|
|
107
|
+
{:cpr=>"123", :pid=>"9208-2002-2-316380231171", :id=>nil, :redir_url=>nil, :status_code=>"1", :status_text_dk=>"CPR svarer ikke til PID", :status_text_uk=>"CPR does not match PID"}
|
|
106
108
|
|
|
107
109
|
# To complete:
|
|
108
110
|
# - how is the error going to be handled? raising a class error?
|
|
@@ -154,6 +156,43 @@ rescue NemID::OCSP::NonceError => e
|
|
|
154
156
|
end
|
|
155
157
|
```
|
|
156
158
|
|
|
159
|
+
## Exporting Certificate and Private Key
|
|
160
|
+
|
|
161
|
+
To be able to export the certificate and the key, you will be prompted the password that NemID used to encrypt the p12 archive. It should have been sent to you together with the p12 file.
|
|
162
|
+
|
|
163
|
+
Exporting the certificate:
|
|
164
|
+
|
|
165
|
+
```bash
|
|
166
|
+
# Replace <filename.p12> with the file name of the p12 that NemID sent to you
|
|
167
|
+
$ openssl pkcs12 -in <filename.p12> -clcerts -nokeys | openssl x509 -out cert.cer
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
Exporting the key:
|
|
171
|
+
|
|
172
|
+
```bash
|
|
173
|
+
# Replace <filename.p12> with the file name of the p12 that NemID sent to you
|
|
174
|
+
$ openssl pkcs12 -in <filename.p12> -nocerts -nodes | openssl pkcs8 -nocrypt -out private_key.key
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
After you export both files, you will need to manually replace the newlines with `\n`, in both.
|
|
178
|
+
|
|
179
|
+
|
|
180
|
+
If everything went well, you should have two one-line strings that look like this (but longer):
|
|
181
|
+
|
|
182
|
+
```
|
|
183
|
+
-----BEGIN CERTIFICATE-----\nMIIGETCCBPmgAwIBAgIEX(a-lot-of-alphanumeric-characters-and-\n)wIBAgIE\n-----END CERTIFICATE-----\n
|
|
184
|
+
|
|
185
|
+
and
|
|
186
|
+
|
|
187
|
+
-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8fX6t4Hkhxl+FM=\n-----END PRIVATE KEY-----\n
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
**Notice the trailing \n, it is very important that you include it**.
|
|
191
|
+
|
|
192
|
+
If you get an error like `(nested asn1 error)`, it means that you have done something wrong when editing the file. Try exporting again and carefully replace the newlines with \n.
|
|
193
|
+
|
|
194
|
+
Keep these files private to you, use environment variables!
|
|
195
|
+
|
|
157
196
|
## Development
|
|
158
197
|
|
|
159
198
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -3,8 +3,8 @@ require 'date'
|
|
|
3
3
|
module NemID
|
|
4
4
|
module Authentication
|
|
5
5
|
class Params
|
|
6
|
-
def initialize(
|
|
7
|
-
@nemid_crypto = NemID::Crypto.new(
|
|
6
|
+
def initialize(cert:, key:)
|
|
7
|
+
@nemid_crypto = NemID::Crypto.new(cert: cert, key: key)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def client_initialization_parameters
|
data/lib/nemid/crypto.rb
CHANGED
|
@@ -3,14 +3,13 @@ require 'openssl'
|
|
|
3
3
|
module NemID
|
|
4
4
|
class Crypto
|
|
5
5
|
|
|
6
|
-
def initialize(
|
|
7
|
-
certificate =
|
|
8
|
-
@
|
|
9
|
-
@rsa_instance = rsa_keypair(@pkcs12, pass)
|
|
6
|
+
def initialize(cert:, key:)
|
|
7
|
+
@certificate = read_x509(cert)
|
|
8
|
+
@rsa_instance = rsa_keypair(key)
|
|
10
9
|
end
|
|
11
10
|
|
|
12
11
|
def base64_encoded_der_representation
|
|
13
|
-
Base64.strict_encode64(@
|
|
12
|
+
Base64.strict_encode64(@certificate.to_der)
|
|
14
13
|
end
|
|
15
14
|
|
|
16
15
|
def base64_encoded_digest_representation(data)
|
|
@@ -22,11 +21,11 @@ module NemID
|
|
|
22
21
|
end
|
|
23
22
|
|
|
24
23
|
def get_certificate
|
|
25
|
-
@
|
|
24
|
+
@certificate
|
|
26
25
|
end
|
|
27
26
|
|
|
28
27
|
def get_key
|
|
29
|
-
@
|
|
28
|
+
@rsa_instance
|
|
30
29
|
end
|
|
31
30
|
|
|
32
31
|
private
|
|
@@ -38,12 +37,12 @@ module NemID
|
|
|
38
37
|
File.read(certificate)
|
|
39
38
|
end
|
|
40
39
|
|
|
41
|
-
def
|
|
42
|
-
OpenSSL::
|
|
40
|
+
def read_x509(raw)
|
|
41
|
+
OpenSSL::X509::Certificate.new(raw)
|
|
43
42
|
end
|
|
44
43
|
|
|
45
|
-
def rsa_keypair(
|
|
46
|
-
OpenSSL::PKey::RSA.new(
|
|
44
|
+
def rsa_keypair(raw)
|
|
45
|
+
OpenSSL::PKey::RSA.new(raw)
|
|
47
46
|
end
|
|
48
47
|
|
|
49
48
|
def sign(data)
|
data/lib/nemid/pid_cpr.rb
CHANGED
|
@@ -4,8 +4,8 @@ module NemID
|
|
|
4
4
|
class PIDCPR
|
|
5
5
|
PID_SERVICE_URL = 'https://pidws.pp.certifikat.dk/pid_serviceprovider_server/pidws'
|
|
6
6
|
|
|
7
|
-
def initialize(
|
|
8
|
-
@crypto = NemID::Crypto.new(cert,
|
|
7
|
+
def initialize(cert:, key:, spid:)
|
|
8
|
+
@crypto = NemID::Crypto.new(cert: cert, key: key)
|
|
9
9
|
@spid = spid
|
|
10
10
|
end
|
|
11
11
|
|
|
@@ -30,13 +30,7 @@ module NemID
|
|
|
30
30
|
message: build_soap_message(pid: pid, cpr: cpr)
|
|
31
31
|
)
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
if result[:status_code] == "0"
|
|
36
|
-
true
|
|
37
|
-
else
|
|
38
|
-
false
|
|
39
|
-
end
|
|
33
|
+
response.to_hash[:pid_response][:result][:pid_reply]
|
|
40
34
|
end
|
|
41
35
|
|
|
42
36
|
private
|
data/lib/nemid/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nemid
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Cabeza
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-10-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: openssl
|