omniauth-citadele 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c50abe4891bbc8de59fda34ef6363d6512781131ba01f190df835659f1ba941f
+  data.tar.gz: eced906c16eacd3a47d348e8bf36924b85b319b1be0e6be79333e4c6cb635cc1
+SHA512:
+  metadata.gz: 8e082a3f0960abc213a177f35ce487841573540f9551262faea4d7b72b8e6cfb05a05977ee91dd1e00a40a25f04a93df56646ab897dd46fca0ebc7018d7b7982
+  data.tar.gz: d3bb5d584cffe000098228e7cca7efcbe94b785b85e1e8794d9645235a70c916c1e45f8b3a1019438c8dc22ae98661ea08d88025688c0dd4e3bcdef78d44863a

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.ruby-gemset
+.ruby-version

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+script: bundle exec rspec

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in omniauth-citadele.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2017 MAK IT, Jānis Kiršteins
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+# Omniauth Citadele
+
+Omniauth strategy for using Citadele as an authentication service provider.
+
+[![Build Status](https://travis-ci.org/mak-it/omniauth-citadele.svg?branch=master)](https://travis-ci.org/mak-it/omniauth-citadele)
+
+Supported Ruby versions: 2.3+
+
+## Related projects
+
+- [omniauth-dnb](https://github.com/mak-it/omniauth-dnb) - strategy for authenticating with DNB
+- [omniauth-nordea](https://github.com/mak-it/omniauth-nordea) - strategy for authenticating with Nordea
+- [omniauth-seb-elink](https://github.com/mak-it/omniauth-seb-elink) - strategy for authenticating with SEB
+- [omniauth-swedbank](https://github.com/mak-it/omniauth-swedbank) - strategy for authenticating with Swedbank
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-citadele'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-citadele
+
+## Usage
+
+Here's a quick example, adding the middleware to a Rails app
+in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :citadele,
+    File.read('path/to/private.key'),
+    File.read('path/to/private.crt'),
+    File.read('path/to/bank.crt'),
+    ENV['CITADELE_FROM'], site: ENV['CITADELE_SITE']
+end
+```
+
+## Auth Hash
+
+Here's an example Auth Hash available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  provider: 'citadele',
+  uid: '000000-00000',
+  info: {
+    full_name: 'TestDP AŠĶŪO'
+  },
+  extra: {
+    raw_info: {
+      xmldata: '<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<FIDAVISTA xmlns=\"http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2 http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2/fidavista.xsd\"><Header><Timestamp>20170502142652000</Timestamp><From>10000</From><Extension><Amai xmlns=\"http://online.citadele.lv/XMLSchemas/amai/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://online.citadele.lv/XMLSchemas/amai/ http://online.citadele.lv/XMLSchemas/amai/amai.xsd\"><Request>AUTHRESP</Request><RequestUID>258e4526-8129-468f-832a-493807346f96</RequestUID><Version>5.0</Version><Language>LV</Language><PersonCode>00000000000</PersonCode><Person>TestDP AŠĶŪO</Person><Code>100</Code><SignatureData><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference URI=\"\"><Transforms><Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>E3FoLc7qCoWppsPn5BPdY5GJg6CGj3BEOfoaKLsrbqI=</DigestValue></Reference></SignedInfo><SignatureValue>...</SignatureValue><KeyInfo><X509Data><X509SubjectName>...</X509SubjectName><X509Certificate>...</X509Certificate></X509Data></KeyInfo></Signature></SignatureData></Amai></Extension></Header></FIDAVISTA>'
+    }
+  }
+}
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/lib/omniauth/citadele/version.rb

@@ -0,0 +1,5 @@
+module Omniauth
+  module Citadele
+    VERSION = '0.0.1'
+  end
+end

data/lib/omniauth/citadele.rb

@@ -0,0 +1,2 @@
+require 'omniauth/citadele/version'
+require 'omniauth/strategies/citadele'

data/lib/omniauth/locales/omniauth.en.yml

@@ -0,0 +1,5 @@
+en:
+  omniauth:
+    citadele:
+      please_wait: Please wait...
+      click_here_if_not_redirected: Click here, if not redirected automatically

data/lib/omniauth/locales/omniauth.lv.yml

@@ -0,0 +1,5 @@
+lv:
+  omniauth:
+    citadele:
+      please_wait: Lūdzu uzgaidiet...
+      click_here_if_not_redirected: Spiediet šeit, ja pāradresācija nenotiek automātiski

data/lib/omniauth/strategies/citadele.rb

@@ -0,0 +1,185 @@
+require 'omniauth'
+require 'base64'
+require 'xmldsig'
+
+module OmniAuth
+  module Strategies
+    class Citadele
+      include OmniAuth::Strategy
+
+      PRODUCTION_ENDPOINT = 'https://online.citadele.lv/amai/start.htm'
+      TEST_ENDPOINT = 'https://astra.citadele.lv/amai/start.htm'
+
+      AUTH_REQUEST = 'AUTHREQ'
+      AUTH_VERSION = '5.0'
+
+      args [:private_key, :private_crt, :public_crt, :from]
+
+      option :private_key, nil
+      option :private_crt, nil
+      option :public_crt, nil
+      option :from, nil
+
+      option :name, 'citadele'
+      option :site, PRODUCTION_ENDPOINT
+
+      def timestamp
+        @timestamp ||= Time.now.strftime("%Y%m%d%H%M%S%3N")
+      end
+
+      def request_uid
+        @request_uid ||= SecureRandom.uuid
+      end
+
+      def return_signed_request_xml(request_data, priv_key)
+        unsigned_xml = <<~XML
+        <?xml version="1.0" encoding="UTF-8"?>
+        <FIDAVISTA xmlns="http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1 http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-1/fidavista.xsd">
+          <Header>
+            <Timestamp>#{request_data[:timestamp]}</Timestamp>
+            <From>#{request_data[:from]}</From>
+            <Extension>
+              <Amai xmlns="http://online.citadele.lv/XMLSchemas/amai/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://online.citadele.lv/XMLSchemas/amai/ http://online.citadele.lv/XMLSchemas/amai/amai.xsd">
+                <Request>#{request_data[:request]}</Request>
+                <RequestUID>#{request_data[:request_uid]}</RequestUID>
+                <Version>#{request_data[:version]}</Version>
+                <Language>#{request_data[:language]}</Language>
+                <ReturnURL>#{request_data[:return_url]}</ReturnURL>
+                <SignatureData>
+                  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+                    <SignedInfo>
+                      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+                      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+                      <Reference URI="">
+                        <Transforms>
+                          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+                        </Transforms>
+                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+                        <DigestValue></DigestValue>
+                      </Reference>
+                    </SignedInfo>
+                    <SignatureValue></SignatureValue>
+                    <KeyInfo>
+                      <X509Data>
+                        <X509SubjectName>#{request_data[:x509_subject_name]}</X509SubjectName>
+                        <X509Certificate>#{request_data[:x509_certificate]}</X509Certificate>
+                      </X509Data>
+                    </KeyInfo>
+                  </Signature>
+                </SignatureData>
+              </Amai>
+            </Extension>
+          </Header>
+        </FIDAVISTA>
+        XML
+        unsigned_xml.gsub!('\n', '')
+        unsigned_document = Xmldsig::SignedDocument.new(unsigned_xml)
+        unsigned_document.sign(priv_key)
+      end
+
+      def parse_response(xml)
+        doc = Nokogiri::XML(xml) do |config|
+          config.strict.nonet
+        end
+        doc.remove_namespaces!
+        {
+          timestamp: doc.xpath("//Timestamp").text,
+          from: doc.xpath("//From").text,
+          request: doc.xpath("//Request").text,
+          request_uid: doc.xpath("//RequestUID").text,
+          version: doc.xpath("//Version").text,
+          language: doc.xpath("//Language").text,
+          person_code: doc.xpath("//PersonCode").text,
+          person: doc.xpath("//Person").text,
+          code: doc.xpath("//Code").text,
+          message: doc.xpath("//Message").text
+        }
+      end
+
+      def response_data
+        @response_data ||= parse_response(request.params['xmldata'])
+      end
+
+      uid do
+        response_data[:person_code].dup.insert(6, "-")
+      end
+
+      info do
+        {
+          full_name: response_data[:person]
+        }
+      end
+
+      extra do
+        { raw_info: request.params }
+      end
+
+      def callback_phase
+        begin
+          pub_crt = OpenSSL::X509::Certificate.new(options.public_crt).public_key
+        rescue => e
+          return fail!(:public_crt_load_err, e)
+        end
+
+        # Code = 100 -> success, 200, 300, 400 -> failure
+        case response_data[:code]
+        when '200'
+          return fail!(:authentication_cancelled_error)
+        when '300'
+          return fail!(response_data[:message])
+        end
+
+        if response_data[:request] != 'AUTHRESP'
+          return fail!(:unsupported_response_request)
+        end
+
+        xmldsig = Xmldsig::SignedDocument.new(request.params['xmldata'])
+        if !xmldsig.validate(pub_crt)
+          return fail!(:invalid_response_signature_err)
+        end
+
+        super
+      end
+
+      def request_phase
+        begin
+          priv_key = OpenSSL::PKey::RSA.new(options.private_key)
+        rescue => e
+          return fail!(:private_key_load_err, e)
+        end
+
+        begin
+          private_crt = OpenSSL::X509::Certificate.new(options.private_crt)
+        rescue => e
+          return fail!(:private_crt_load_err, e)
+        end
+
+        x509_subject_name = private_crt.subject.to_s
+        x509_certificate = private_crt.to_s.gsub(/[-]{5}(BEGIN|END).*?[-]{5}/, '').gsub('\n', '')
+
+        request_data = {
+          timestamp: timestamp, # '20170905175959000'
+          from: options.from,
+          request: AUTH_REQUEST,
+          request_uid: request_uid, # '7387bf5b-fa27-4fdd-add6-a6bfb2599f77'
+          version: AUTH_VERSION,
+          language: 'LV',
+          return_url: callback_url,
+          x509_subject_name: x509_subject_name,
+          x509_certificate: x509_certificate
+        }
+        field_value = return_signed_request_xml(request_data, priv_key)
+        field_value.gsub!('"', '&quot;')
+
+        form = OmniAuth::Form.new(title: I18n.t('omniauth.citadele.please_wait'), url: options.site)
+        form.html "<input id=\"xmldata\" name=\"xmldata\" type=\"hidden\" value=\"#{field_value}\" />"
+        form.button I18n.t('omniauth.citadele.click_here_if_not_redirected')
+
+        form.instance_variable_set('@html',
+          form.to_html.gsub('</form>', '</form><script type="text/javascript">document.forms[0].submit();</script>'))
+        form.to_response
+      end
+    end
+  end
+end

data/lib/omniauth-citadele.rb

@@ -0,0 +1,4 @@
+require 'omniauth/citadele'
+require 'i18n'
+
+I18n.load_path += Dir[File.join(File.dirname(__FILE__), 'omniauth', 'locales', '*.yml')]

data/omniauth-citadele.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/citadele/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'omniauth-citadele'
+  spec.version       = Omniauth::Citadele::VERSION
+  spec.authors       = ['MAK IT']
+  spec.email         = ['admin@makit.lv' ]
+  spec.description   = %q{OmniAuth strategy for Citadele Banklink}
+  spec.summary       = %q{OmniAuth strategy for Citadele Banklink}
+  spec.homepage      = 'https://github.com/mak-it/omniauth-citadele'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 2.3.0'
+
+  spec.add_runtime_dependency 'omniauth', '~> 1.0'
+  spec.add_runtime_dependency 'i18n'
+
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+
+  spec.add_dependency 'xmldsig'
+  spec.add_dependency 'nokogiri'
+end

data/spec/certs/request.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIJAJ5auG0KG8WMMA0GCSqGSIb3DQEBCwUAMB8xEDAOBgNV
+BAMTB0ROQlRFU1QxCzAJBgNVBAYTAkxWMB4XDTE3MDQwMzEwMDQzM1oXDTM3MDMy
+OTEwMDQzM1owHzEQMA4GA1UEAxMHRE5CVEVTVDELMAkGA1UEBhMCTFYwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRYJ0rKoiMbUDxiiXT0xaf8yOMu59
+m5DFe1A5I/1X9IZCaVEMXcd7ZJoovupOU340n2Kq5ez8zeS3mLY3WK+78MFIysc9
+nM7/MrTB2KYVaEnpzgN0c9MkiUq8G7LTtcLCbK/eEYmXf4vQIAXwHr6JnP7+sPd7
+XZhgTNbeugxyqL9Nj1zzLUBOH2v1/PzFH2KnSe/srCSb/PQs+YPpNvx8nWu4FY9E
+S09idp59hKnWS1M5SRWKYrc3YhLYDinV3Tjwe0uSGJIC4DNijP/QgkZ6TSIiSOua
+TIQofTkFxT9r32SCTjm8oLzK6w8dvPmx2e9Q9urfD99jmiLh7N7hII7TAgMBAAGj
+gYAwfjAdBgNVHQ4EFgQU3vSU9SHIDGRYCE/bfS9Y27kPKuowTwYDVR0jBEgwRoAU
+3vSU9SHIDGRYCE/bfS9Y27kPKuqhI6QhMB8xEDAOBgNVBAMTB0ROQlRFU1QxCzAJ
+BgNVBAYTAkxWggkAnlq4bQobxYwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAQEApoS7dHifbvMluHL9ypLgJ+SVr/RaAYy8WYE9lfK7CBX0cLzn4pxZm69W
+pWqp3qB4FxEQS2PNt6TAwexNUeWkKUrMxdnSRRw5gnMM0ELNpWd/xWvu3MHZfR0w
+hfyQyweipttgcaCOMQoRH/DS2HeS3GcRk5ljHzRhavqqgnLY8WZ/YGtnBqFlanMz
+F2dfWQqld/73S0v9ygwKaC+SwVHIQ8XwgZkwxM3MxyXOuE4sx5p+KaQ7n/aRRseb
+EZhMUzYXd0+ekN8cNjefBmCJlkV+VxeZwo7s97A4qYMku6Ac3Zji8SUi+Qz9RD0q
+E8Sjrn8obEY8rDfkGoPZf+ygH4MkOA==
+-----END CERTIFICATE-----

data/spec/certs/request.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAzEWCdKyqIjG1A8Yol09MWn/MjjLufZuQxXtQOSP9V/SGQmlR
+DF3He2SaKL7qTlN+NJ9iquXs/M3kt5i2N1ivu/DBSMrHPZzO/zK0wdimFWhJ6c4D
+dHPTJIlKvBuy07XCwmyv3hGJl3+L0CAF8B6+iZz+/rD3e12YYEzW3roMcqi/TY9c
+8y1ATh9r9fz8xR9ip0nv7Kwkm/z0LPmD6Tb8fJ1ruBWPREtPYnaefYSp1ktTOUkV
+imK3N2IS2A4p1d048HtLkhiSAuAzYoz/0IJGek0iIkjrmkyEKH05BcU/a99kgk45
+vKC8yusPHbz5sdnvUPbq3w/fY5oi4eze4SCO0wIDAQABAoIBAQCUmpi+QoJ+38R9
+G2KaOREl4UUxybGgZVTbpcsF1r3Oh9BIbg+NPIgLp3NS4xjXpHvy0mTYSO6wNyUF
+v64H85fc1Nf4GbT6iKI6G2xOfUrN1hG3aq0uwbhAIzTgRhJBXEB0atdCaWW8dgiD
+f1hyiBs7R6BmLt3LvJpGrH/Ahn7ZxcVSwTNb485fl4bAmR1uc3QRi1RUVA/d6BuQ
+Swm9ahBzgCl66uXDTCwjjOv+JTU1Bn8iMZws4e0A4sfbT/Fs5eoSLEnMQUWjIyQ/
+/+3YTyohi97sbliA3VNbyHqPOyvgQSrNppdxl75KgBhDXVLBvijBokQWJmPGNEDr
+efXquhABAoGBAPqCLttuFDFU0pwcZd2JKXCOiylSeywMvozC14c3qG+fPVOTkRWT
+tGBoe83THAh1d1thwXQCjwU+voTP3HA9gd58SVjElFneAKKjhLg/4QcdlJ8JFdRw
+itV4pqSzvxkzH+OTvZWa+yxmg2BTP1dDa7RjlNf2LnmhGvs5gW98QlbTAoGBANC/
+2e4vyXRqwIREyXtopsJns3lHSj50PEkurcaLo4NsFOwBVbAC+qBC+NCS8s0KnhGO
+1YCaNMEXuVAyXfnlNUtzfWJce8YSqqhyP36d5zQzXBiAj3IVSKHHMN12/oYqlqsl
+ya+SoUkCXKOZOmcb8f/iwF5ZM6W6dr2ECAyxtegBAoGAUa5LCv9clC09MuvLhy2n
+Fm1UENg1E0rggtMxJYTPZf39KBgwsWFk6h6HZ7hTJqrujRxV0LbY3XP0+ScxkGNt
+yhaqb8hBOwA5Is7AgrdJb2GEyUpUFN3RVwOtCn0VbWkPF8xff7118qdGZQ0f1RtF
+rh7eNICv7LbMLmg0vR4+H0MCgYEAjvCP/fVi8QCYSvn/LS3/4ma4EneqcxGMpl/8
+RlQf50H/IYvYbOndTBgP4GJ/N7/pdQRlVeZB8WaZUjzq9M7qq3utg8joSD1H9ogk
+ykK9qpTwnyaJEwlX7s9CuqNcrepDuXXqoPq6zg9799pYj3onP5y5NOHH59fCrwrV
+qDuX4AECgYEAt/mpBWRilnnnYYoSyiBW9N4MS3t6N88rfR3a0sftfhXEEFBwIIjX
+gB4xAcbZ/EhghKrnKXh3tTbWkf/46Kscl+BvPLRAVUykAEtRlG/Kt/jvyJtKjfzy
+9iWKuayWsllLm9q0Os9E8z4g4n8VbtLnCbyN07P+ghRZTB17tk8qJ2Y=
+-----END RSA PRIVATE KEY-----

data/spec/certs/response.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqDCCAZACCQDrOEbPOMyFeDANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtl
+eGFtcGxlLm9yZzAeFw0xOTAyMTQwNzQ2MDVaFw0zOTAyMDkwNzQ2MDVaMBYxFDAS
+BgNVBAMMC2V4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAq4dDTvosvN7VKd+qxRV14Ah+Nvyw+K97jXpxeAuMeJzKTAbjqag5nyR0BbOQ
+1htWbSdLeFkHVDfw5WVSYZh0GUldycyHRZeOaBdnVLWN0eM6661U4NDTmgB+BE4H
+lwOlt7zFLVCIp7mlOY4ACN6ddBUk/noFte8ynbEG5DVtNT8C7aClqkEFTPLrwlF2
+2aNqn+orxj23x7meJrvTp7v7nGFfpGkxsfnSBRiokkZwSgqm6xrym/tQxW9ILgyW
+r+3GXh65DLcJG7vWH5KFdC/cx/sO0axe6tHcgnf0V7zZ8F9IgFWND7KvlxORYDYJ
+0vlarOSeIPY/DcslskHErGlymQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAhxjtR
+11H1aUJcZYy2uOMvQ7W0pDzlsv6G/Bb+x8u+lOoirrEHCzqkyA0xD1mjRhnAG3DG
+4sIFlZvCIDP/fmQzDpY427KXD+TiQ2ry500ZkjYC0ivwdhmoZnGcL92V5ZcYTTJ3
+Rju2pGFzV+O5vqin4jsTM8LOnrxZkSlGEFv6nDte2OgVZtXWWS1xuBHS7I7CCxlX
+CgY2XtP7y7403s4Uv89xxAfVk1cSdt0Qp6S2i+ie5YJYWWRlvik9VJ8uacVz8XmV
+rjqpUCx/9XWVATNw01gwe+gTj2vjU0505I6NmShEkO3EaWIZQUKXncSldrMljXTl
+BOZS0kfU+R0dnYFG
+-----END CERTIFICATE-----

data/spec/certs/response.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrh0NO+iy83tUp
+36rFFXXgCH42/LD4r3uNenF4C4x4nMpMBuOpqDmfJHQFs5DWG1ZtJ0t4WQdUN/Dl
+ZVJhmHQZSV3JzIdFl45oF2dUtY3R4zrrrVTg0NOaAH4ETgeXA6W3vMUtUIinuaU5
+jgAI3p10FST+egW17zKdsQbkNW01PwLtoKWqQQVM8uvCUXbZo2qf6ivGPbfHuZ4m
+u9Onu/ucYV+kaTGx+dIFGKiSRnBKCqbrGvKb+1DFb0guDJav7cZeHrkMtwkbu9Yf
+koV0L9zH+w7RrF7q0dyCd/RXvNnwX0iAVY0Psq+XE5FgNgnS+Vqs5J4g9j8NyyWy
+QcSsaXKZAgMBAAECggEAVOF/tmJopyIiHDGZwSOIjE/HnZBYRwgXvQA9jGkynzD/
+jrXODVO5B/6zB2s/niQzFZrfZvOvg8aXB/2m0bLuqOC8b7MtsYt5JhuGv82EG7w1
+mRDSMtpEDC54LcsrSFi+tfjNHkp/BXkBwUR60ejPw/T+tItPriNrScujnGSv4Su4
+4PZiGylX0cGBnN/Pdf30ILp0k9brpyZhFw9LZJouX6e6J4lNRDTxxq60pU8HRdiA
+vUiK7ilexGTfzQvcB1OoQmr3dy6Fqjwhb6sRrltpeb6xx130wDV2DGrnq+nl3/2J
++2h4b3kdHQJuWeLF82WUN+lM6Upowk0Vr5CfQsBxjQKBgQDXGbzu5ruWufT+ilRj
+pN5NXqddZkpYxt0g6vHI69pOz9qnEdJlPLzHqVzJ/GqnzTVcikMOoEMhZ1TJNbXa
+g69kok2zo3nkIbZ6a2qtmBO4u+9QE3Dz0Uef5D4UiLArc16XT3XRlTZMFTDlbr92
+djD7eB7WTqH1xbJBNn7JEUU7XwKBgQDMJJmvuec2C/fITgpJUaJHTJd4q7fbVAtu
+V7TF1K3QTlZJb3Vk55WrvV30q/qsp87iV1xcUyXEA+/SObF68B63MKgwI29jkUwM
+efeiPBKbR6ZUsOTU5cF5iNmwZJM3HO7ufFuPz6F18Cns0aKHaPlpFc0ztzZAGoMw
+XkCs4R8NBwKBgEzpzR73rhgFQk9KE0bWCw9LSzkgfHEmGqfMmswnWZZYyGx4+Oxu
+PWp/ashm05RQ0kXWwoeWUqq9EhoodHBAKhUn2/Th/ZHPZDp98lVETbj+qmHNsdPc
+/2ly6afaAHRo+mfMZ+qbGiE2apd/dELdnEIu/4fN8ie5mzWqUMeAv2qtAoGBAJuf
+902AcmPAYefgnnTgd87U89A5UFMy0fgPgq8iAFOBtMQM5TjEV1Rya3L/vHzs/ImO
+QcncVTkGK0hfVQ68iR3sSPtRuDP2azxDquWR2DlqOMHtjLVEZecpzZJsSdJFC1zh
+jsemaJdJPBzef4GtJB3ZUfLv47qgu4we/j0M7af3AoGAMscCLCdTsIDpmY5QDCrO
+eLE+wME6tn/oMJTGHwldf5WEZhVLl/OfsZwrRwtw/8O5okhcXvI2TJVKqg/UU02I
+IIhz8MH/7p4wN6470of0aBxSloXxV/z2lEAHBYF2jS3fYKbig2JvGKkiR4wGQZMU
+9NwpfwIXMFncwTcJZzKFoxs=
+-----END PRIVATE KEY-----

data/spec/omniauth/strategies/citadele_spec.rb

@@ -0,0 +1,194 @@
+require 'spec_helper'
+
+describe OmniAuth::Strategies::Citadele do
+  PRIVATE_KEY = File.read(File.join(RSpec.configuration.cert_folder, 'request.key'))
+  PRIVATE_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'request.crt'))
+  PUBLIC_CRT = File.read(File.join(RSpec.configuration.cert_folder, 'response.crt'))
+
+  let(:app){ Rack::Builder.new do |b|
+    b.use Rack::Session::Cookie, {secret: 'abc123'}
+    b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM')
+    b.run lambda{|env| [404, {}, ['Not Found']]}
+  end.to_app }
+
+  let(:last_response_xmldata) { last_response.body.match(/name="xmldata" type="hidden" value="([^"]*)"/)[1] }
+
+  context 'request phase' do
+    let!(:timestamp) { '20170905175959000' }
+    let!(:request_uid) { '7387bf5b-fa27-4fdd-add6-a6bfb2599f77' }
+
+    it 'displays a single form' do
+      get '/auth/citadele'
+      expect(last_response.status).to eq(200)
+      expect(last_response.body.scan('<form').size).to eq(1)
+    end
+
+    it 'has JavaScript code to submit the form after it is created' do
+      get '/auth/citadele'
+      expect(last_response.body).to be_include('</form><script type="text/javascript">document.forms[0].submit();</script>')
+    end
+
+    it 'has hidden input field xmldata with required data' do
+      allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:timestamp).and_return(timestamp)
+      allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:request_uid).and_return(request_uid)
+      get '/auth/citadele'
+
+      priv_key = OpenSSL::PKey::RSA.new(PRIVATE_KEY)
+      priv_crt = OpenSSL::X509::Certificate.new(PRIVATE_CRT)
+      x509_subject_name = priv_crt.subject.to_s
+      x509_certificate = priv_crt.to_s.gsub(/[-]{5}(BEGIN|END).*?[-]{5}/, '').gsub('\n', '')
+      doc = Nokogiri::XML(last_response_xmldata.gsub!('&quot;','"'))
+      doc.remove_namespaces!
+      sent_values = {
+        timestamp: doc.xpath("//Timestamp").text, # Verify
+        from: doc.xpath("//From").text,
+        request: doc.xpath("//Request").text,
+        request_uid: doc.xpath("//RequestUID").text, # Verify
+        version: doc.xpath("//Version").text,
+        language: doc.xpath("//Language").text,
+        return_url: doc.xpath("//ReturnURL").text,
+        x509_subject_name: doc.xpath("//X509SubjectName").text,
+        x509_certificate: doc.xpath("//X509Certificate").text
+      }
+
+      expect(sent_values[:timestamp]).to eq timestamp
+      expect(sent_values[:from]).to eq 'MY_FROM'
+      expect(sent_values[:request]).to eq 'AUTHREQ'
+      expect(sent_values[:request_uid]).to eq request_uid
+      expect(sent_values[:version]).to eq '5.0'
+      expect(sent_values[:language]).to eq 'LV'
+      expect(sent_values[:return_url]).to eq 'http://example.org/auth/citadele/callback'
+      expect(sent_values[:x509_subject_name]).to eq x509_subject_name
+      expect(sent_values[:x509_certificate]).to eq x509_certificate
+    end
+
+    it 'xmldata has a correct signature' do
+      allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:timestamp).and_return(timestamp)
+      allow_any_instance_of(OmniAuth::Strategies::Citadele).to receive(:request_uid).and_return(request_uid)
+      get '/auth/citadele'
+
+      signed_xml = <<~XML
+        #{last_response_xmldata.gsub('&quot;','"')}
+      XML
+      pub_crt = OpenSSL::X509::Certificate.new(PRIVATE_CRT).public_key
+      xmldsig = Xmldsig::SignedDocument.new(signed_xml)
+      expect(xmldsig.validate(pub_crt)).to be_truthy
+    end
+
+    context 'with default options' do
+      it 'has the default action tag value' do
+        get '/auth/citadele'
+        expect(last_response.body).to be_include("action='https://online.citadele.lv/amai/start.htm'")
+      end
+    end
+
+    context 'with custom options' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {secret: 'abc123'}
+        b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM',
+          site: 'https://test.lv/banklink')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'has the custom action tag value' do
+        get '/auth/citadele'
+        expect(last_response.body).to be_include("action='https://test.lv/banklink'")
+      end
+    end
+
+    context 'with non-existant private key file' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {secret: 'abc123'}
+        b.use(OmniAuth::Strategies::Citadele, 'missing-private-key-file.pem', PRIVATE_CRT, PUBLIC_CRT, 'MY_FROM')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'redirects to /auth/failure with appropriate query params' do
+        get '/auth/citadele'
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=private_key_load_err&strategy=citadele')
+      end
+    end
+
+    context 'with non-existant private certificate file' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {secret: 'abc123'}
+        b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, 'missing-private-crt-file.pem', PUBLIC_CRT, 'MY_FROM')
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'redirects to /auth/failure with appropriate query params' do
+        get '/auth/citadele'
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=private_crt_load_err&strategy=citadele')
+      end
+    end
+  end
+
+  context 'callback phase' do
+    let(:auth_hash){ last_request.env['omniauth.auth'] }
+    let(:response_xmldata) do
+      <<~XML
+      <?xml version="1.0" encoding="UTF-8"?><FIDAVISTA xmlns="http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2 http://ivis.eps.gov.lv/XMLSchemas/100017/fidavista/v1-2/fidavista.xsd"><Header><Timestamp>20170502115836000</Timestamp><From>10000</From><Extension><Amai xmlns="http://online.citadele.lv/XMLSchemas/amai/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://online.citadele.lv/XMLSchemas/amai/ http://online.citadele.lv/XMLSchemas/amai/amai.xsd"><Request>AUTHRESP</Request><RequestUID>9209d453-6486-407f-9a5a-522b00e59ced</RequestUID><Version>5.0</Version><Language>LV</Language><PersonCode>00000000000</PersonCode><Person>TestDP AŠĶŪO</Person><Code>100</Code><SignatureData><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>TXvVCF+1mt4MzkKoPSN4fG5/CpDXG1ME5BABCVs7Izg=</DigestValue></Reference></SignedInfo><SignatureValue>oZlsB8TLPni8w7KYtvsXUHpQySU1S1FbGdKrcKHMHOHLcBdz7bpETmLUjmrX4/JcRpZNvSHcq26xQgR+iacdaHDTxf9WzT3yFj9yLN7+XfKScc0H88dNBc3Hhv1IVCbt1GhkPJH7/w8B9yqfndS9vK2pRAyly/ZWvOvpRVuxst9ak75qFFO3k9XmTLQ2t4T8SCCW3EmgPOkV53utUtYo1SMIu2FF/CY1w5cjlZNFWRk0oCPMLAqXYMkVICuWnZJm9QTkHAblMtWneMO/uXsk6i2EgYkvaFWgtG5yiv3oqzFDaMYujgsgthPVs/DJmlWVFby+sqBtHc99VbDqbtP7+Q==</SignatureValue><KeyInfo><X509Data><X509SubjectName>/CN=DNBTEST/C=LV</X509SubjectName><X509Certificate>MIIDQjCCAiqgAwIBAgIJAJ5auG0KG8WMMA0GCSqGSIb3DQEBCwUAMB8xEDAOBgNVBAMTB0ROQlRFU1QxCzAJBgNVBAYTAkxWMB4XDTE3MDQwMzEwMDQzM1oXDTM3MDMyOTEwMDQzM1owHzEQMA4GA1UEAxMHRE5CVEVTVDELMAkGA1UEBhMCTFYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRYJ0rKoiMbUDxiiXT0xaf8yOMu59m5DFe1A5I/1X9IZCaVEMXcd7ZJoovupOU340n2Kq5ez8zeS3mLY3WK+78MFIysc9nM7/MrTB2KYVaEnpzgN0c9MkiUq8G7LTtcLCbK/eEYmXf4vQIAXwHr6JnP7+sPd7XZhgTNbeugxyqL9Nj1zzLUBOH2v1/PzFH2KnSe/srCSb/PQs+YPpNvx8nWu4FY9ES09idp59hKnWS1M5SRWKYrc3YhLYDinV3Tjwe0uSGJIC4DNijP/QgkZ6TSIiSOuaTIQofTkFxT9r32SCTjm8oLzK6w8dvPmx2e9Q9urfD99jmiLh7N7hII7TAgMBAAGjgYAwfjAdBgNVHQ4EFgQU3vSU9SHIDGRYCE/bfS9Y27kPKuowTwYDVR0jBEgwRoAU3vSU9SHIDGRYCE/bfS9Y27kPKuqhI6QhMB8xEDAOBgNVBAMTB0ROQlRFU1QxCzAJBgNVBAYTAkxWggkAnlq4bQobxYwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApoS7dHifbvMluHL9ypLgJ+SVr/RaAYy8WYE9lfK7CBX0cLzn4pxZm69WpWqp3qB4FxEQS2PNt6TAwexNUeWkKUrMxdnSRRw5gnMM0ELNpWd/xWvu3MHZfR0whfyQyweipttgcaCOMQoRH/DS2HeS3GcRk5ljHzRhavqqgnLY8WZ/YGtnBqFlanMzF2dfWQqld/73S0v9ygwKaC+SwVHIQ8XwgZkwxM3MxyXOuE4sx5p+KaQ7n/aRRsebEZhMUzYXd0+ekN8cNjefBmCJlkV+VxeZwo7s97A4qYMku6Ac3Zji8SUi+Qz9RD0qE8Sjrn8obEY8rDfkGoPZf+ygH4MkOA==</X509Certificate></X509Data></KeyInfo></Signature></SignatureData></Amai></Extension></Header></FIDAVISTA>
+      XML
+    end
+
+    context 'with valid response' do
+      before do
+        post '/auth/citadele/callback', xmldata: response_xmldata
+      end
+
+      it 'sets the correct uid value in the auth hash' do
+        expect(auth_hash.uid).to eq('000000-00000')
+      end
+
+      it 'sets the correct info.full_name value in the auth hash' do
+        expect(auth_hash.info.full_name).to eq('TestDP AŠĶŪO')
+      end
+    end
+
+    context 'with non-existant public key file' do
+      let(:app){ Rack::Builder.new do |b|
+        b.use Rack::Session::Cookie, {secret: 'abc123'}
+        b.use(OmniAuth::Strategies::Citadele, PRIVATE_KEY, PRIVATE_CRT, 'missing-public-key-file.pem' )
+        b.run lambda{|env| [404, {}, ['Not Found']]}
+      end.to_app }
+
+      it 'redirects to /auth/failure with appropriate query params' do
+        post '/auth/citadele/callback' # Params are not important, because we're testing public key loading
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=public_crt_load_err&strategy=citadele')
+      end
+    end
+
+    context 'with invalid response' do
+      it 'detects code 200' do
+        post '/auth/citadele/callback', xmldata: response_xmldata.gsub('<Code>100</Code', '<Code>200</Code')
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=authentication_cancelled_error&strategy=citadele')
+      end
+
+      it 'detects code 300' do
+        error_msg = 'system_error_300'
+        xmldata = response_xmldata.gsub('<Code>100</Code', "<Code>300</Code><Message>#{error_msg}</Message>")
+        post '/auth/citadele/callback', xmldata: xmldata
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq("/auth/failure?message=#{error_msg}&strategy=citadele")
+      end
+
+      it 'detects unsupported response request' do
+        xmldata = response_xmldata.gsub('<Request>AUTHRESP</Request', '<Request>AUTHRESP1</Request')
+        post '/auth/citadele/callback', xmldata: xmldata
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=unsupported_response_request&strategy=citadele')
+      end
+
+      it 'detects invalid response signature err' do
+        xmldata = response_xmldata.gsub(/<SignatureValue>.{6}/, '<SignatureValue>xxyyzz')
+        post '/auth/citadele/callback', xmldata: xmldata
+        expect(last_response.status).to eq(302)
+        expect(last_response.headers['Location']).to eq('/auth/failure?message=invalid_response_signature_err&strategy=citadele')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,19 @@
+$:.unshift File.expand_path('..', __FILE__)
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'rspec'
+require 'rack/test'
+require 'omniauth'
+require 'omniauth-citadele'
+
+RSpec.configure do |config|
+  config.add_setting('cert_folder')
+  config.cert_folder = File.expand_path('../certs', __FILE__)
+
+  config.include Rack::Test::Methods
+  config.extend  OmniAuth::Test::StrategyMacros, :type => :strategy
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end
+
+I18n.enforce_available_locales = false

metadata

@@ -0,0 +1,180 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-citadele
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- MAK IT
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-02-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: xmldsig
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for Citadele Banklink
+email:
+- admin@makit.lv
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-citadele.rb
+- lib/omniauth/citadele.rb
+- lib/omniauth/citadele/version.rb
+- lib/omniauth/locales/omniauth.en.yml
+- lib/omniauth/locales/omniauth.lv.yml
+- lib/omniauth/strategies/citadele.rb
+- omniauth-citadele.gemspec
+- spec/certs/request.crt
+- spec/certs/request.key
+- spec/certs/response.crt
+- spec/certs/response.key
+- spec/omniauth/strategies/citadele_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/mak-it/omniauth-citadele
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for Citadele Banklink
+test_files:
+- spec/certs/request.crt
+- spec/certs/request.key
+- spec/certs/response.crt
+- spec/certs/response.key
+- spec/omniauth/strategies/citadele_spec.rb
+- spec/spec_helper.rb