openid_connect_client 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/openid_connect_client.rb +41 -42
- data/lib/openid_connect_client/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a04420f4fb5cb30857d4c300665ea22be333e357
|
4
|
+
data.tar.gz: 567b669805a9105c167f12af02aa90c208239381
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c460a20702cd1039dc2624ce76b9aae80a7aa8e8c911ce151d06d2df7e0ed82deb65e6498d7dc8eb420985092251ef1452be274ea67184cccb528aa19d7006ad
|
7
|
+
data.tar.gz: 86198e72f63dadbbe5e73745e2014f556e36f168c454df587efda5fcb6ff0ef72d54ad9fd878f0550a6d526af16998da31c40aafebc5f6bccad3197d2c5c52ba
|
@@ -1,5 +1,3 @@
|
|
1
|
-
require "openid_connect_client/version"
|
2
|
-
|
3
1
|
module OpenIDConnectClient
|
4
2
|
class OpenIDConnectClientException < Exception
|
5
3
|
end
|
@@ -10,7 +8,6 @@ module OpenIDConnectClient
|
|
10
8
|
require 'cgi'
|
11
9
|
require 'base64'
|
12
10
|
require 'openssl'
|
13
|
-
# require 'xml/libxml'
|
14
11
|
require 'curb'
|
15
12
|
|
16
13
|
|
@@ -22,7 +19,7 @@ module OpenIDConnectClient
|
|
22
19
|
# @return void
|
23
20
|
# @throws OpenIDConnectClientException
|
24
21
|
#
|
25
|
-
def get_provider_config
|
22
|
+
def get_provider_config()
|
26
23
|
|
27
24
|
well_known_config_response = fetch_url(@well_known_config_url).body_str
|
28
25
|
|
@@ -127,21 +124,19 @@ module OpenIDConnectClient
|
|
127
124
|
unless key["n"] and key["e"]
|
128
125
|
raise OpenIDConnectClientException, "Malformed key object."
|
129
126
|
end
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
key = rsa_key_from_xml(public_key_xml)
|
144
|
-
key.public_key.verify(digest, signature, payload)
|
127
|
+
|
128
|
+
digest = case hashtype
|
129
|
+
when 'md2' then OpenSSL::Digest::MD2.new
|
130
|
+
when 'md5' then OpenSSL::Digest::MD5.new
|
131
|
+
when 'sha1' then OpenSSL::Digest::SHA1.new
|
132
|
+
when 'sha256' then OpenSSL::Digest::SHA256.new
|
133
|
+
when 'sha384' then OpenSSL::Digest::SHA384.new
|
134
|
+
when 'sha512' then OpenSSL::Digest::SHA512.new
|
135
|
+
else OpenSSL::Digest::SHA256.new
|
136
|
+
end
|
137
|
+
|
138
|
+
key = get_rsa_key(url_safe_base64(key["n"]), url_safe_base64(key["e"]))
|
139
|
+
key.public_key.verify(digest, signature, payload)
|
145
140
|
end
|
146
141
|
|
147
142
|
#
|
@@ -149,7 +144,11 @@ module OpenIDConnectClient
|
|
149
144
|
# @return bool
|
150
145
|
#
|
151
146
|
def verify_JWT_claims(claims)
|
152
|
-
|
147
|
+
if claims["nonce"]
|
148
|
+
return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)) and (claims["nonce"] == @state["openid_connect_nonce"]))
|
149
|
+
else
|
150
|
+
return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)))
|
151
|
+
end
|
153
152
|
end
|
154
153
|
|
155
154
|
#
|
@@ -291,21 +290,21 @@ module OpenIDConnectClient
|
|
291
290
|
# @param string xml_string
|
292
291
|
# @return object
|
293
292
|
#
|
294
|
-
def
|
295
|
-
|
296
|
-
|
297
|
-
|
293
|
+
def get_rsa_key(modulus, exponent)
|
294
|
+
#d = XML::Parser.string(xml_string).parse
|
295
|
+
m = Base64.decode64(modulus).unpack('H*')
|
296
|
+
e = Base64.decode64(exponent).unpack('H*')
|
298
297
|
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
298
|
+
pub_key = OpenSSL::PKey::RSA.new
|
299
|
+
|
300
|
+
#modules
|
301
|
+
pub_key.n = OpenSSL::BN.new(m[0].hex.to_s)
|
302
|
+
|
303
|
+
#exponent
|
304
|
+
pub_key.e = OpenSSL::BN.new(e[0].hex.to_s)
|
305
|
+
|
306
|
+
#return Public Key
|
307
|
+
pub_key
|
309
308
|
end
|
310
309
|
|
311
310
|
#
|
@@ -413,11 +412,11 @@ module OpenIDConnectClient
|
|
413
412
|
# Generate and store a nonce in the session
|
414
413
|
# The nonce is an arbitrary value
|
415
414
|
nonce = random_string()
|
416
|
-
@state[
|
415
|
+
@state["openid_connect_nonce"] = nonce
|
417
416
|
|
418
417
|
# State essentially acts as a session key for OIDC
|
419
418
|
state = random_string()
|
420
|
-
@state[
|
419
|
+
@state["openid_connect_state"] = state
|
421
420
|
|
422
421
|
@auth_params = @auth_params.merge({
|
423
422
|
response_type: response_type,
|
@@ -454,7 +453,7 @@ module OpenIDConnectClient
|
|
454
453
|
token_endpoint = get_provider_config_value(:token_endpoint)
|
455
454
|
grant_type = "authorization_code"
|
456
455
|
|
457
|
-
|
456
|
+
tokemoduluss = {
|
458
457
|
grant_type: grant_type,
|
459
458
|
code: code,
|
460
459
|
redirect_uri: @redirect_url,
|
@@ -463,9 +462,9 @@ module OpenIDConnectClient
|
|
463
462
|
}
|
464
463
|
|
465
464
|
# Convert token params to string format
|
466
|
-
|
465
|
+
tokemoduluss = http_build_query(tokemoduluss)
|
467
466
|
|
468
|
-
token_data = fetch_url(token_endpoint,
|
467
|
+
token_data = fetch_url(token_endpoint, tokemoduluss).body_str
|
469
468
|
|
470
469
|
unless token_data
|
471
470
|
raise OpenIDConnectClientException, "Unable to get token data from the provider."
|
@@ -479,7 +478,7 @@ module OpenIDConnectClient
|
|
479
478
|
end
|
480
479
|
|
481
480
|
# Do an OpenID Connect session check
|
482
|
-
unless @params[
|
481
|
+
unless @params["state"] == @state["openid_connect_state"]
|
483
482
|
raise OpenIDConnectClientException, "Unable to determine state."
|
484
483
|
end
|
485
484
|
|
@@ -570,7 +569,7 @@ module OpenIDConnectClient
|
|
570
569
|
# @return void
|
571
570
|
# @throws OpenIDConnectClientException
|
572
571
|
#
|
573
|
-
def register
|
572
|
+
def register()
|
574
573
|
registration_endpoint = get_provider_config_value(:registration_endpoint)
|
575
574
|
|
576
575
|
send_object = {
|
@@ -590,7 +589,7 @@ module OpenIDConnectClient
|
|
590
589
|
if json_response[:client_id]
|
591
590
|
@client_secret = json_response[:client_id]
|
592
591
|
else
|
593
|
-
raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them"
|
592
|
+
raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them."
|
594
593
|
end
|
595
594
|
end
|
596
595
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rita Zerrizuela
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-04-
|
11
|
+
date: 2016-04-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|