RubyGems - omniauth-openid-connector - Versions diffs - 1.1.2 → 1.1.3 - Mend

omniauth-openid-connector 1.1.2 → 1.1.3

Files changed (15) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.travis.yml +0 -6
data/README.md +19 -23
data/Rakefile +1 -1
data/lib/{omniauth-openid-connect.rb → omniauth-openid-reconnect.rb} +0 -0
data/lib/omniauth/openid_connect/version.rb +1 -1
data/lib/omniauth/strategies/openid_connect.rb +27 -161
data/omniauth-openid-connector.gemspec +19 -18
data/test/lib/omniauth/strategies/openid_connect_test.rb +14 -269
data/test/test_helper.rb +3 -3
metadata +110 -47
data/test/fixtures/id_token.txt +0 -1
data/test/fixtures/jwks.json +0 -8
data/test/fixtures/test.crt +0 -19

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 67ab07bdc7de6392ea111c03ce898b0d4f9309de
-  data.tar.gz: 0351d132a18e0259a8bb4632766878cc794dde03
+  metadata.gz: a69bcc57174002bc9f39a4bd117a3d80468acc63
+  data.tar.gz: f5ab0cfe2a4946aeabfc9a97b1248ff5f274dd4a
 SHA512:
-  metadata.gz: 8d2e5d1d3ea9aa808f32280471f019bebeef2d85c9a631aadbbf6571c5a034b8f6f661ee340d5993b6f8b6448ceb40e172417d2530070883583da6f429664234
-  data.tar.gz: 77e63ee5d19773c83c888f911b39b1a0eb2c299465c66edbad4810f3c1f9c03258c9d750b24e52755c39d25235732b777b821920ac02f9d9122e2d52d391fec6
+  metadata.gz: 50fa8b71d81a966b190e4be4e351e0a757fdfb220993f8c03cde5fbe8396a52acf0efa850c9168ae6f168f17d4a4bb0634da19835e626255b99c13fd242a6a1d
+  data.tar.gz: c5943ab8d31d47641dfc7a1e943f3b0abf9ece5410fb0765947bfe93ce25d454d9a96917a42821cc804f1502a84863560a93e9a3de996abebf835b9e513aecb4

data/.gitignore CHANGED

@@ -3,6 +3,7 @@
 .bundle
 .config
 .yardoc
+Gemfile.lock
 InstalledFiles
 _yardoc
 coverage

data/.travis.yml CHANGED

@@ -1,10 +1,4 @@
-before_install:
-  - gem update bundler
 rvm:
   - 1.9.3
   - 2.0.0
   - 2.1.0
-  - 2.2.0
-  - 2.3.0
-  - 2.3.3
-  - rbx

data/README.md CHANGED

@@ -1,16 +1,26 @@
 # OmniAuth::OpenIDConnect
 OpenID Connect strategy for OmniAuth
-[![Gem Version](https://badge.fury.io/rb/omniauth-openid-connector.png)](http://badge.fury.io/rb/omniauth-openid-connector)
-[![Build Status](https://travis-ci.org/jjbohn/omniauth-openid-connector.png?branch=master)](https://travis-ci.org/doberg/omniauth-openid-connector)
-[![Coverage Status](https://coveralls.io/repos/doberg/omniauth-openid-connector/badge.png?branch=master)](https://coveralls.io/r/doberg/omniauth-openid-connector?branch=master)
-[![Code Climate](https://codeclimate.com/github/doberg/omniauth-openid-connector.png)](https://codeclimate.com/github/doberg/omniauth-openid-connector)
+[![Gem Version](https://badge.fury.io/rb/omniauth-openid-reconnect.png)](http://badge.fury.io/rb/omniauth-openid-reconnect)
+[![Build Status](https://travis-ci.org/thinkthroughmath/omniauth-openid-reconnect.svg?branch=master)](https://travis-ci.org/thinkthroughmath/omniauth-openid-reconnect)
+[![Coverage Status](https://coveralls.io/repos/thinkthroughmath/omniauth-openid-reconnect/badge.png?branch=master)](https://coveralls.io/r/thinkthroughmath/omniauth-openid-reconnect?branch=master)
+[![Code Climate](https://codeclimate.com/github/thinkthroughmath/omniauth-openid-reconnect.png)](https://codeclimate.com/github/thinkthroughmath/omniauth-openid-reconnect)
+## Background
+This is derrived work from `jjbohn/omniauth-openid-connect` which appears to be abandoned at this point. I have continued to merge PR's placed against that repo. But I have added enough of my own changes that it is diverged enough to re-release. @ThinkThroughMath actively utilizes this strategy and we will do our best to maintain it.
+### Whats different.
+- Using Addressable 2.2.8 - In 2.3+ `addressable` decided that the way that Rails 3 handles param[] items was too hard to handle and removed the feature. This breaking change within a semantic version makes using addressable > 2.3 difficult in existing applications. There is no impact on the auth strategy though.
+- Better devise support be returning a default `name` options parameter
+- Partial integration of google `nonce` requirement.
+- Inclusing of aging PRs from the parent gem this replaces.
 ## Installation
 Add this line to your application's Gemfile:
-    gem 'omniauth-openid-connector'
+    gem 'omniauth-openid-reconnect'
 And then execute:
@@ -18,14 +28,13 @@ And then execute:
 Or install it yourself as:
-    $ gem install omniauth-openid-connector
+    $ gem install omniauth-openid-reconnect
 ## Usage
 Example configuration
 ```ruby
 config.omniauth :openid_connect, {
-  name: :my_provider,
   scope: [:openid, :email, :profile, :address],
   response_type: :code,
   client_options: {
@@ -40,31 +49,18 @@ config.omniauth :openid_connect, {
 ```
 Configuration details:
-  * `name` is arbitrary, I recommend using the name of your provider. The name
-  configuration exists because you could be using multiple OpenID Connect
-  providers in a single app.
+  * `name` is an optional requirement as of `omniauth-1.2` but it does have an effect with dealing with devise and is the base for which devise uses to create routes identified with `devise_for`. The default is set to the expected camelization of `openid_connect`. If you need to override it you can pass the `name` parameter to the config hash. **Be aware** that what you set this to will be the provider for your devise routes.
   * Although `response_type` is an available option, currently, only `:code`
   is valid. There are plans to bring in implicit flow and hybrid flow at some
   point, but it hasn't come up yet for me. Those flows aren't best practive for
   server side web apps anyway and are designed more for native/mobile apps.
-  * If you want to pass `state` paramete by yourself. You can set Proc Object.
-  e.g. `state: Proc.new{ SecureRandom.hex(32) }`
-  * `nonce` is optional. If don't want to pass "nonce" parameter to provider, You should specify
-  `false` to `send_nonce` option. (default true)
-  * Support for other client authentication methods. If don't specified
-  `:client_auth_method` option, automatically set `:basic`.
-  * Use "OpenID Connect Discovery", You should specify `true` to `discovery` option. (default false)
-  * In "OpenID Connect Discovery", generally provider should have Webfinger endpoint.
-  If provider does not have Webfinger endpoint, You can specify "Issuer" to option.
-  e.g. `issuer: "https://myprovider.com"`
-  It means to get configuration from "https://myprovider.com/.well-known/openid-configuration".
 For the full low down on OpenID Connect, please check out
 [the spec](http://openid.net/specs/openid-connect-core-1_0.html).
 ## Contributing
-1. Fork it ( http://github.com/jjbohn/omniauth-openid-connector/fork )
+1. Fork it ( http://github.com/thinkthroughmath/omniauth-openid-reconnect/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/Rakefile CHANGED

@@ -2,7 +2,7 @@ require 'bundler/gem_tasks'
 require 'rake/testtask'
 Rake::TestTask.new do |t|
-  t.libs << 'lib/omniauth-openid-connect'
+  t.libs << 'lib/omniauth-openid-connector'
   t.test_files = FileList['test/lib/omniauth/**/*_test.rb']
   t.verbose = true
 end

data/lib/{omniauth-openid-connect.rb → omniauth-openid-reconnect.rb} RENAMED

File without changes

data/lib/omniauth/openid_connect/version.rb CHANGED

@@ -1,5 +1,5 @@
 module OmniAuth
   module OpenIDConnect
-    VERSION = "1.1.2"
+    VERSION = "1.1.3"
   end
 end

data/lib/omniauth/strategies/openid_connect.rb CHANGED

@@ -1,9 +1,7 @@
 require 'addressable/uri'
-require 'timeout'
-require 'net/http'
-require 'open-uri'
+require "net/http"
 require 'omniauth'
-require 'openid_connect'
+require "openid_connect"
 module OmniAuth
   module Strategies
@@ -19,28 +17,20 @@ module OmniAuth
         port: 443,
         authorization_endpoint: "/authorize",
         token_endpoint: "/token",
-        userinfo_endpoint: "/userinfo",
-        jwks_uri: '/jwk'
+        userinfo_endpoint: "/userinfo"
       }
-      option :issuer
-      option :discovery, false
-      option :client_signing_alg
-      option :client_jwk_signing_key
-      option :client_x509_signing_key
+      option :name, 'openid_connect'
       option :scope, [:openid]
       option :response_type, "code"
       option :state
       option :response_mode
-      option :display, nil #, [:page, :popup, :touch, :wap]
-      option :prompt, nil #, [:none, :login, :consent, :select_account]
-      option :hd, nil
+      option :display, nil#, [:page, :popup, :touch, :wap]
+      option :prompt, nil#, [:none, :login, :consent, :select_account]
       option :max_age
       option :ui_locales
       option :id_token_hint
       option :login_hint
       option :acr_values
-      option :send_nonce, true
-      option :send_scope_to_token_endpoint, true
       option :client_auth_method
       uid { user_info.sub }
@@ -60,57 +50,31 @@ module OmniAuth
       end
       extra do
-        {raw_info: user_info.raw_attributes}
+        { raw_info: user_info.raw_attributes }
       end
       credentials do
-        {
-            id_token: access_token.id_token,
-            token: access_token.access_token,
-            refresh_token: access_token.refresh_token,
-            expires_in: access_token.expires_in,
-            scope: access_token.scope
-        }
+        { token: access_token.access_token }
       end
       def client
         @client ||= ::OpenIDConnect::Client.new(client_options)
       end
-      def config
-        @config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
-      end
       def request_phase
-        options.issuer = issuer if options.issuer.blank?
-        discover! if options.discovery
         redirect authorize_uri
       end
       def callback_phase
-        error = request.params['error_reason'] || request.params['error']
-        if error
-          raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
-        elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state
-          return Rack::Response.new(['401 Unauthorized'], 401).finish
-        elsif !request.params["code"]
+        if !request.params["code"]
           return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
-        else
-          options.issuer = issuer if options.issuer.blank?
-          discover! if options.discovery
-          client.redirect_uri = client_options.redirect_uri
-          client.authorization_code = authorization_code
-          access_token
-          super
         end
-      rescue CallbackError => e
-        fail!(:invalid_credentials, e)
-      rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
-        fail!(:timeout, e)
-      rescue ::SocketError => e
-        fail!(:failed_to_connect, e)
-      end
+        client.redirect_uri = client_options.redirect_uri
+        client.authorization_code = authorization_code
+        access_token
+        super
+      end
       def authorization_code
         request.params["code"]
@@ -118,132 +82,34 @@ module OmniAuth
       def authorize_uri
         client.redirect_uri = client_options.redirect_uri
-        opts = {
-            response_type: options.response_type,
-            scope: options.scope,
-            state: new_state,
-            nonce: (new_nonce if options.send_nonce),
-            hd: options.hd,
-        }
-        client.authorization_uri(opts.reject{|k,v| v.nil?})
-      end
-      def public_key
-        if options.discovery
-          config.jwks
-        else
-          key_or_secret
-        end
+        client.authorization_uri(
+          response_type: options.response_type,
+          scope: options.scope#,
+          # nonce: nonce
+        )
       end
       private
-      def issuer
-        resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
-        ::OpenIDConnect::Discovery::Provider.discover!(resource).issuer
-      end
-      def discover!
-        client_options.authorization_endpoint = config.authorization_endpoint
-        client_options.token_endpoint = config.token_endpoint
-        client_options.userinfo_endpoint = config.userinfo_endpoint
-        client_options.jwks_uri = config.jwks_uri
-      end
       def user_info
         @user_info ||= access_token.userinfo!
       end
       def access_token
-        @access_token ||= lambda {
-          _access_token = client.access_token!(
-          scope: (options.scope if options.send_scope_to_token_endpoint),
-          client_auth_method: options.client_auth_method
-          )
-          _id_token = decode_id_token _access_token.id_token
-          _id_token.verify!(
-              issuer: options.issuer,
-              client_id: client_options.identifier,
-              nonce: stored_nonce
-          )
-          _access_token
-        }.call()
-      end
-      def decode_id_token(id_token)
-        ::OpenIDConnect::ResponseObject::IdToken.decode(id_token, public_key)
+        @access_token ||= client.access_token!(:client_auth_method => options.client_auth_method)
       end
       def client_options
         options.client_options
       end
-      def new_state
-        state = options.state.call if options.state.respond_to? :call
-        session['omniauth.state'] = state || SecureRandom.hex(16)
-      end
-      def stored_state
-        session.delete('omniauth.state')
-      end
-      def new_nonce
-        session['omniauth.nonce'] = SecureRandom.hex(16)
-      end
-      def stored_nonce
-        session.delete('omniauth.nonce')
-      end
-      def session
-        @env.nil? ? {} : super
-      end
-      def key_or_secret
-        case options.client_signing_alg
-          when :HS256, :HS384, :HS512
-            return client_options.secret
-          when :RS256, :RS384, :RS512
-            if options.client_jwk_signing_key
-              return parse_jwk_key(options.client_jwk_signing_key)
-            elsif options.client_x509_signing_key
-              return parse_x509_key(options.client_x509_signing_key)
-            end
-          else
-        end
-      end
-      def parse_x509_key(key)
-        OpenSSL::X509::Certificate.new(key).public_key
-      end
-      def parse_jwk_key(key)
-        json = JSON.parse(key)
-        if json.has_key?('keys')
-          JSON::JWK::Set.new json['keys']
-        else
-          JSON::JWK.new json
-        end
-      end
-      def decode(str)
-        UrlSafeBase64.decode64(str).unpack('B*').first.to_i(2).to_s
-      end
-      class CallbackError < StandardError
-        attr_accessor :error, :error_reason, :error_uri
-        def initialize(error, error_reason=nil, error_uri=nil)
-          self.error = error
-          self.error_reason = error_reason
-          self.error_uri = error_uri
-        end
-        def message
-          [error, error_reason, error_uri].compact.join(' | ')
-        end
-      end
+      # def nonce
+      #  session[:nonce] = SecureRandom.hex(16)
+      # end
+      #
+      # def session
+      #  @env.nil? ? {} : super
+      # end
     end
   end
 end

data/omniauth-openid-connector.gemspec CHANGED

@@ -7,10 +7,10 @@ Gem::Specification.new do |spec|
   spec.name          = "omniauth-openid-connector"
   spec.version       = OmniAuth::OpenIDConnect::VERSION
   spec.authors       = ["Danial Oberg"]
-  spec.email         = ["doberg@verisys.com"]
-  spec.summary       = %q{OpenID Connect Strategy for OmniAuth}
-  spec.description   = %q{OpenID Connect Strategy for OmniAuth}
-  spec.homepage      = "https://github.com/doberg/omniauth-openid-connector"
+  spec.email         = ["dan@cs1.com"]
+  spec.summary       = %q{OpenID Connect Strategy MK2 for OmniAuth}
+  spec.description   = %q{OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with devise and rails and currently maintained. Derived from jjbohn's work which is not actively maintained}
+  spec.homepage      = "https://github.com/doberg/omniauth-openid-reconnect"
   spec.license       = "MIT"
   spec.files         = `git ls-files -z`.split("\x0")
@@ -18,18 +18,19 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency 'omniauth', '~> 1.6.1'
-  spec.add_dependency 'openid_connect', '~> 1.1.2'
-  spec.add_dependency 'addressable', '~> 2.4'
-  spec.add_development_dependency "bundler", "~> 1.15.1"
-  spec.add_development_dependency "minitest"
-  spec.add_development_dependency "mocha"
-  spec.add_development_dependency "guard"
-  spec.add_development_dependency "guard-minitest"
-  spec.add_development_dependency "guard-bundler"
-  spec.add_development_dependency "rake"
-  spec.add_development_dependency "simplecov"
-  spec.add_development_dependency "pry"
-  spec.add_development_dependency "coveralls"
-  spec.add_development_dependency "faker"
+  spec.add_dependency 'activesupport', '>= 0'
+  spec.add_dependency 'omniauth', '~> 1.6', '>= 1.6.1'
+  spec.add_dependency 'openid_connect', '= 1.1.2'
+  spec.add_dependency 'addressable', '~> 2.3', '>= 2.3.6' # Because there is a breaking change in 2.3 with the way rails params arrays are handled
+  spec.add_development_dependency 'bundler', '~> 1.15', '>= 1.15.1'
+  spec.add_development_dependency 'minitest', '~> 5.4'
+  spec.add_development_dependency 'mocha', '~> 1.2', '>= 1.2.1'
+  spec.add_development_dependency 'guard', '~> 2.14', '>= 2.14.1'
+  spec.add_development_dependency 'guard-minitest', '~> 2.4', '>= 2.4.6'
+  spec.add_development_dependency 'guard-bundler', '~> 2.1', '>= 2.1.0'
+  spec.add_development_dependency 'rake', '~> 12.0', '>= 12.0.0'
+  spec.add_development_dependency 'simplecov', '~> 0.14.1'
+  spec.add_development_dependency 'pry', '~> 0.10.4'
+  spec.add_development_dependency 'coveralls', '~> 0.8.21'
+  spec.add_development_dependency 'faker', '~> 1.8', '>= 1.8.2'
 end

data/test/lib/omniauth/strategies/openid_connect_test.rb CHANGED

@@ -2,189 +2,35 @@ require_relative '../../../test_helper'
 class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
   def test_client_options_defaults
-    assert_equal 'https', strategy.options.client_options.scheme
+    assert_equal "https", strategy.options.client_options.scheme
     assert_equal 443, strategy.options.client_options.port
-    assert_equal '/authorize', strategy.options.client_options.authorization_endpoint
-    assert_equal '/token', strategy.options.client_options.token_endpoint
+    assert_equal "/authorize", strategy.options.client_options.authorization_endpoint
+    assert_equal "/token", strategy.options.client_options.token_endpoint
   end
   def test_request_phase
-    expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&nonce=[\w\d]{32}&response_type=code&scope=openid&state=[\w\d]{32}$/
-    strategy.options.issuer = 'example.com'
-    strategy.options.client_options.host = 'example.com'
-    strategy.expects(:redirect).with(regexp_matches(expected_redirect))
-    strategy.request_phase
-  end
-  def test_request_phase_with_discovery
-    expected_redirect = /^https:\/\/example\.com\/authorization\?client_id=1234&nonce=[\w\d]{32}&response_type=code&scope=openid&state=[\w\d]{32}$/
-    strategy.options.client_options.host = 'example.com'
-    strategy.options.discovery = true
-    issuer = stub('OpenIDConnect::Discovery::Issuer')
-    issuer.stubs(:issuer).returns('https://example.com/')
-    ::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
-    config = stub('OpenIDConnect::Discovery::Provder::Config')
-    config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
-    config.stubs(:token_endpoint).returns('https://example.com/token')
-    config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
-    config.stubs(:jwks_uri).returns('https://example.com/jwks')
-    ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
+    expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&response_type=code&scope=openid$/
+    strategy.options.client_options.host = "example.com"
     strategy.expects(:redirect).with(regexp_matches(expected_redirect))
     strategy.request_phase
-    assert_equal strategy.options.issuer, 'https://example.com/'
-    assert_equal strategy.options.client_options.authorization_endpoint, 'https://example.com/authorization'
-    assert_equal strategy.options.client_options.token_endpoint, 'https://example.com/token'
-    assert_equal strategy.options.client_options.userinfo_endpoint, 'https://example.com/userinfo'
-    assert_equal strategy.options.client_options.jwks_uri, 'https://example.com/jwks'
   end
   def test_uid
     assert_equal user_info.sub, strategy.uid
   end
-  def test_callback_phase(session = {}, params = {})
+  def test_callback_phase
     code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'code' => code,'state' => state})
-    request.stubs(:path_info).returns('')
-    strategy.options.issuer = 'example.com'
-    strategy.options.client_signing_alg = :RS256
-    strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
-    id_token = stub('OpenIDConnect::ResponseObject::IdToken')
-    id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
-    ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
-    strategy.unstub(:user_info)
-    access_token = stub('OpenIDConnect::AccessToken')
-    access_token.stubs(:access_token)
-    access_token.stubs(:refresh_token)
-    access_token.stubs(:expires_in)
-    access_token.stubs(:scope)
-    access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
-    client.expects(:access_token!).at_least_once.returns(access_token)
-    access_token.expects(:userinfo!).returns(user_info)
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.callback_phase
-  end
-  def test_callback_phase_with_discovery
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    jwks = JSON::JWK::Set.new(JSON.parse(File.read('test/fixtures/jwks.json'))['keys'])
-    request.stubs(:params).returns({'code' => code,'state' => state})
-    request.stubs(:path_info).returns('')
-    strategy.options.client_options.host = 'example.com'
-    strategy.options.discovery = true
-    issuer = stub('OpenIDConnect::Discovery::Issuer')
-    issuer.stubs(:issuer).returns('https://example.com/')
-    ::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
-    config = stub('OpenIDConnect::Discovery::Provder::Config')
-    config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
-    config.stubs(:token_endpoint).returns('https://example.com/token')
-    config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
-    config.stubs(:jwks_uri).returns('https://example.com/jwks')
-    config.stubs(:jwks).returns(jwks)
-    ::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
-    id_token = stub('OpenIDConnect::ResponseObject::IdToken')
-    id_token.stubs(:verify!).with({:issuer => 'https://example.com/', :client_id => @identifier, :nonce => nonce}).returns(true)
-    ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
+    request.stubs(:params).returns({"code" => code})
+    request.stubs(:path_info).returns("")
     strategy.unstub(:user_info)
     access_token = stub('OpenIDConnect::AccessToken')
     access_token.stubs(:access_token)
-    access_token.stubs(:refresh_token)
-    access_token.stubs(:expires_in)
-    access_token.stubs(:scope)
-    access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
-    client.expects(:access_token!).at_least_once.returns(access_token)
+    client.expects(:access_token!).returns(access_token)
     access_token.expects(:userinfo!).returns(user_info)
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.callback_phase
-  end
-  def test_callback_phase_with_error
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'error' => 'invalid_request'})
-    request.stubs(:path_info).returns('')
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.expects(:fail!)
-    strategy.callback_phase
-  end
-  def test_callback_phase_with_invalid_state
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'code' => code,'state' => 'foobar'})
-    request.stubs(:path_info).returns('')
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    result = strategy.callback_phase
-    assert result.kind_of?(Array)
-    assert result.first == 401, "Expecting unauthorized"
-  end
-  def test_callback_phase_with_timeout
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'code' => code,'state' => state})
-    request.stubs(:path_info).returns('')
-    strategy.options.issuer = 'example.com'
-    strategy.stubs(:access_token).raises(::Timeout::Error.new('error'))
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.expects(:fail!)
-    strategy.callback_phase
-  end
-  def test_callback_phase_with_etimeout
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'code' => code,'state' => state})
-    request.stubs(:path_info).returns('')
-    strategy.options.issuer = 'example.com'
-    strategy.stubs(:access_token).raises(::Errno::ETIMEDOUT.new('error'))
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.expects(:fail!)
-    strategy.callback_phase
-  end
-  def test_callback_phase_with_socket_error
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
-    request.stubs(:params).returns({'code' => code,'state' => state})
-    request.stubs(:path_info).returns('')
-    strategy.options.issuer = 'example.com'
-    strategy.stubs(:access_token).raises(::SocketError.new('error'))
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    strategy.expects(:fail!)
+    strategy.call!({"rack.session" => {}})
     strategy.callback_phase
   end
@@ -206,40 +52,11 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
   end
   def test_credentials
-    strategy.options.issuer = 'example.com'
-    strategy.options.client_signing_alg = :RS256
-    strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
-    id_token = stub('OpenIDConnect::ResponseObject::IdToken')
-    id_token.stubs(:verify!).returns(true)
-    ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
     access_token = stub('OpenIDConnect::AccessToken')
     access_token.stubs(:access_token).returns(SecureRandom.hex(16))
-    access_token.stubs(:refresh_token).returns(SecureRandom.hex(16))
-    access_token.stubs(:expires_in).returns(Time.now)
-    access_token.stubs(:scope).returns('openidconnect')
-    access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
     client.expects(:access_token!).returns(access_token)
-    access_token.expects(:refresh_token).returns(access_token.refresh_token)
-    access_token.expects(:expires_in).returns(access_token.expires_in)
-    assert_equal({ id_token: access_token.id_token,
-                   token: access_token.access_token,
-                   refresh_token: access_token.refresh_token,
-                   expires_in: access_token.expires_in,
-                   scope: access_token.scope
-                 }, strategy.credentials)
-  end
-  def test_option_send_nonce
-    strategy.options.client_options[:host] = "foobar.com"
-    assert(strategy.authorize_uri =~ /nonce=/, "URI must contain nonce")
-    strategy.options.send_nonce = false
-    assert(!(strategy.authorize_uri =~ /nonce=/), "URI must not contain nonce")
+    assert_equal({ token: access_token.access_token }, strategy.credentials)
   end
   def test_failure_endpoint_redirect
@@ -254,91 +71,19 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
     assert(result[1]["Location"] =~ /\/auth\/failure/)
   end
-  def test_state
-    strategy.options.state = lambda { 42 }
-    session = { "state" => 42 }
-    expected_redirect = /&state=/
-    strategy.options.issuer = 'example.com'
-    strategy.options.client_options.host = "example.com"
-    strategy.expects(:redirect).with(regexp_matches(expected_redirect))
-    strategy.request_phase
-    # this should succeed as the correct state is passed with the request
-    test_callback_phase(session, { "state" => 42 })
-    # the following should fail because the wrong state is passed to the callback
-    code = SecureRandom.hex(16)
-    request.stubs(:params).returns({"code" => code, "state" => 43})
-    request.stubs(:path_info).returns("")
-    strategy.call!({"rack.session" => session})
-    result = strategy.callback_phase
-    assert result.kind_of?(Array)
-    assert result.first == 401, "Expecting unauthorized"
-  end
   def test_option_client_auth_method
-    code = SecureRandom.hex(16)
-    state = SecureRandom.hex(16)
-    nonce = SecureRandom.hex(16)
     opts = strategy.options.client_options
     opts[:host] = "foobar.com"
-    strategy.options.issuer = "foobar.com"
     strategy.options.client_auth_method = :not_basic
-    strategy.options.client_signing_alg = :RS256
-    strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
-    json_response = {access_token: 'test_access_token',
-                     id_token: File.read('test/fixtures/id_token.txt'),
-                     token_type: 'Bearer',
-    }.to_json
-    success = Struct.new(:status, :body).new(200, json_response)
-    request.stubs(:path_info).returns('')
-    strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
-    id_token = stub('OpenIDConnect::ResponseObject::IdToken')
-    id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
-    ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
+    success = Struct.new(:status).new(200)
     HTTPClient.any_instance.stubs(:post).with(
       "#{opts.scheme}://#{opts.host}:#{opts.port}#{opts.token_endpoint}",
-      {scope: 'openid', :grant_type => :client_credentials, :client_id => @identifier, :client_secret => @secret},
+      {:grant_type => :client_credentials, :client_id => @identifier, :client_secret => @secret},
       {}
     ).returns(success)
+    OpenIDConnect::Client.any_instance.stubs(:handle_success_response).with(success).returns(true)
     assert(strategy.send :access_token)
   end
-  def test_public_key_with_jwks
-    strategy.options.client_signing_alg = :RS256
-    strategy.options.client_jwk_signing_key = File.read('./test/fixtures/jwks.json')
-    assert_equal JSON::JWK::Set, strategy.public_key.class
-  end
-  def test_public_key_with_jwk
-    strategy.options.client_signing_alg = :RS256
-    jwks_str = File.read('./test/fixtures/jwks.json')
-    jwks = JSON.parse(jwks_str)
-    jwk = jwks['keys'].first
-    strategy.options.client_jwk_signing_key = jwk.to_json
-    assert_equal JSON::JWK, strategy.public_key.class
-  end
-  def test_public_key_with_x509
-    strategy.options.client_signing_alg = :RS256
-    strategy.options.client_x509_signing_key = File.read('./test/fixtures/test.crt')
-    assert_equal OpenSSL::PKey::RSA, strategy.public_key.class
-  end
-  def test_public_key_with_hmac
-    strategy.options.client_options.secret = 'secret'
-    strategy.options.client_signing_alg = :HS256
-    assert_equal strategy.options.client_options.secret, strategy.public_key
-  end
 end

data/test/test_helper.rb CHANGED

@@ -8,10 +8,10 @@ Coveralls.wear!
 require 'minitest/autorun'
 require 'mocha/mini_test'
 require 'faker'
-require 'active_support'
-require_relative '../lib/omniauth-openid-connect'
+require_relative '../lib/omniauth-openid-reconnect'
 OmniAuth.config.test_mode = true
+OmniAuth.config.logger = Logger.new('/dev/null')
 class StrategyTestCase < MiniTest::Test
   class DummyApp
@@ -30,7 +30,7 @@ class StrategyTestCase < MiniTest::Test
   end
   def user_info
-    @user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
+    @user_info ||= OpenIDConnect::ResponseObject::UserInfo::OpenID.new(
       sub: SecureRandom.hex(16),
       name: Faker::Name.name,
       email: Faker::Internet.email,

metadata CHANGED

@@ -1,20 +1,37 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-openid-connector
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.1.3
 platform: ruby
 authors:
 - Danial Oberg
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-07-07 00:00:00.000000000 Z
+date: 2017-07-13 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.1
   type: :runtime
@@ -22,20 +39,23 @@ dependencies:
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.1
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 1.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 1.1.2
 - !ruby/object:Gem::Dependency
@@ -44,19 +64,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.6
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.15.1
   type: :development
@@ -64,151 +93,192 @@ dependencies:
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.15.1
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.4'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.2.1
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.14.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.14'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.14.1
 - !ruby/object:Gem::Dependency
   name: guard-minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.4.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.4.6
 - !ruby/object:Gem::Dependency
   name: guard-bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.0.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.14.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.14.1
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.10.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.10.4
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.21
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.21
 - !ruby/object:Gem::Dependency
   name: faker
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.8.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
-description: OpenID Connect Strategy for OmniAuth
+        version: 1.8.2
+description: OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with
+  devise and rails and currently maintained. Derived from jjbohn's work which is not
+  actively maintained
 email:
-- doberg@verisys.com
+- dan@cs1.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -220,19 +290,16 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- lib/omniauth-openid-connect.rb
+- lib/omniauth-openid-reconnect.rb
 - lib/omniauth/openid_connect.rb
 - lib/omniauth/openid_connect/errors.rb
 - lib/omniauth/openid_connect/version.rb
 - lib/omniauth/strategies/openid_connect.rb
 - omniauth-openid-connector.gemspec
-- test/fixtures/id_token.txt
-- test/fixtures/jwks.json
-- test/fixtures/test.crt
 - test/lib/omniauth/openid_connect/version_test.rb
 - test/lib/omniauth/strategies/openid_connect_test.rb
 - test/test_helper.rb
-homepage: https://github.com/doberg/omniauth-openid-connector
+homepage: https://github.com/doberg/omniauth-openid-reconnect
 licenses:
 - MIT
 metadata: {}
@@ -252,15 +319,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.8
 signing_key:
 specification_version: 4
-summary: OpenID Connect Strategy for OmniAuth
+summary: OpenID Connect Strategy MK2 for OmniAuth
 test_files:
-- test/fixtures/id_token.txt
-- test/fixtures/jwks.json
-- test/fixtures/test.crt
 - test/lib/omniauth/openid_connect/version_test.rb
 - test/lib/omniauth/strategies/openid_connect_test.rb
 - test/test_helper.rb
-has_rdoc:

data/test/fixtures/id_token.txt DELETED

@@ -1 +0,0 @@

- eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg

data/test/fixtures/jwks.json DELETED

@@ -1,8 +0,0 @@
-{"keys": [{
-    "kty": "RSA",
-    "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
-    "e": "AQAB",
-    "alg": "RS256",
-    "kid": "1e9gdk7"
-  }]
-}

data/test/fixtures/test.crt DELETED

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJDCCAgwCCQC57Ob2JfXb+DANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJK
-UDEOMAwGA1UECBMFVG9reW8xITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
-IEx0ZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDgwMTA4NTAxM1oXDTE1MDgw
-MTA4NTAxM1owVDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMSEwHwYDVQQK
-ExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+7czSGHN2087T+oX2kBCY/
-XN6UOS/mdU2Gn//omZlyxsQXIqvgBLNWeCVt4QdlFUbgPLggfXUelECV/RUOCIIi
-F2Th4t3x1LviN2XkUiva0DZBnOycqEaJdkyreEuGL1CLVZgZjKmSzNqLl0Yci3D0
-zgVsXFZSadQebietm4CCmfJYREt9NJxXcrLxVDgat/Xm/KJBsohs3f+cbBT8EXer
-7+2oZjZoVUgw1hu0alaOvAfE4mxsVwjn3g2mjDqRJLbbuWqgDobjMHah+d4zwJvN
-ePK8E0hfaz/XBLsJ4e6bQA3M3bANEgSvsicup/qb/0th4gUdc/kj4aJGj0RP7oEC
-AwEAATANBgkqhkiG9w0BAQUFAAOCAQEADuVec/8u2qJiq6K2W/gSLGYCBZq64OrA
-s7L2+S82m9/3gAb62wGcDNZjIGFDQubXmO6RhHv7JUT5YZqv9/kRGTJcHDUrwwoN
-IE99CIPizp7VfnrZ6GsYeszSsw3m+mKTETm+6ELmaSDbYAsrCg4IpGwUF0L88ATv
-CJ8QzW4X7b9dYVc7UAYyCie2N65GXfesBbRlSwFLuVqIzZfMdNpNijTIUwUqGSME
-b8IjLYzvekP53CO4wEBRrAVIPNXgftorxIE30OLWua2Qw3y6Pn+Qp5fLe47025S7
-Lcec18/FbHG0Vbq0qO9cKQw80XyK31N6z556wr2GN2WyixkzVRddXA==
------END CERTIFICATE-----