openid_connect_client 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/openid_connect_client.rb +41 -42
  3. data/lib/openid_connect_client/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3028774f7690857097978a42d1e37d7a06e7b420
4
- data.tar.gz: beab8bfddad12de483da4ce8f771cd6ddf4fcfe8
3
+ metadata.gz: a04420f4fb5cb30857d4c300665ea22be333e357
4
+ data.tar.gz: 567b669805a9105c167f12af02aa90c208239381
5
5
  SHA512:
6
- metadata.gz: 18dd8f984a273539e15977fc31d39959435fc55dd6db9a428d9aee24a12e3af91746e5afcf7cc1feada7a08a964b5397e20794d0c9137fb7bd8c03f051daedbf
7
- data.tar.gz: 3d799bf2933ea76459be189c624d0008e86cadec766dcdff8cec2b2988d97d215c2d065b4e7ec6c933de540f818f5f7ae71cc268da4af837b6699fa30c16dd94
6
+ metadata.gz: c460a20702cd1039dc2624ce76b9aae80a7aa8e8c911ce151d06d2df7e0ed82deb65e6498d7dc8eb420985092251ef1452be274ea67184cccb528aa19d7006ad
7
+ data.tar.gz: 86198e72f63dadbbe5e73745e2014f556e36f168c454df587efda5fcb6ff0ef72d54ad9fd878f0550a6d526af16998da31c40aafebc5f6bccad3197d2c5c52ba
data/lib/openid_connect_client.rb CHANGED
@@ -1,5 +1,3 @@
1
- require "openid_connect_client/version"
2
-
3
1
  module OpenIDConnectClient
4
2
  class OpenIDConnectClientException < Exception
5
3
  end
@@ -10,7 +8,6 @@ module OpenIDConnectClient
10
8
  require 'cgi'
11
9
  require 'base64'
12
10
  require 'openssl'
13
- # require 'xml/libxml'
14
11
  require 'curb'
15
12
 
16
13
 
@@ -22,7 +19,7 @@ module OpenIDConnectClient
22
19
  # @return void
23
20
  # @throws OpenIDConnectClientException
24
21
  #
25
- def get_provider_config
22
+ def get_provider_config()
26
23
 
27
24
  well_known_config_response = fetch_url(@well_known_config_url).body_str
28
25
 
@@ -127,21 +124,19 @@ module OpenIDConnectClient
127
124
  unless key["n"] and key["e"]
128
125
  raise OpenIDConnectClientException, "Malformed key object."
129
126
  end
130
-
131
- public_key_xml = "<RSAKeyValue>\r\n <Modulus>#{url_safe_base64(key["n"])}</Modulus>\r\n <Exponent>#{url_safe_base64(key["e"])}</Exponent>\r\n</RSAKeyValue>"
132
-
133
- digest = case hashtype
134
- when 'md2' then OpenSSL::Digest::MD2.new
135
- when 'md5' then OpenSSL::Digest::MD5.new
136
- when 'sha1' then OpenSSL::Digest::SHA1.new
137
- when 'sha256' then OpenSSL::Digest::SHA256.new
138
- when 'sha384' then OpenSSL::Digest::SHA384.new
139
- when 'sha512' then OpenSSL::Digest::SHA512.new
140
- else OpenSSL::Digest::SHA256.new
141
- end
142
-
143
- key = rsa_key_from_xml(public_key_xml)
144
- key.public_key.verify(digest, signature, payload)
127
+
128
+ digest = case hashtype
129
+ when 'md2' then OpenSSL::Digest::MD2.new
130
+ when 'md5' then OpenSSL::Digest::MD5.new
131
+ when 'sha1' then OpenSSL::Digest::SHA1.new
132
+ when 'sha256' then OpenSSL::Digest::SHA256.new
133
+ when 'sha384' then OpenSSL::Digest::SHA384.new
134
+ when 'sha512' then OpenSSL::Digest::SHA512.new
135
+ else OpenSSL::Digest::SHA256.new
136
+ end
137
+
138
+ key = get_rsa_key(url_safe_base64(key["n"]), url_safe_base64(key["e"]))
139
+ key.public_key.verify(digest, signature, payload)
145
140
  end
146
141
 
147
142
  #
@@ -149,7 +144,11 @@ module OpenIDConnectClient
149
144
  # @return bool
150
145
  #
151
146
  def verify_JWT_claims(claims)
152
- (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)) and (claims["nonce"] == @state[:openid_connect_nonce]))
147
+ if claims["nonce"]
148
+ return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)) and (claims["nonce"] == @state["openid_connect_nonce"]))
149
+ else
150
+ return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)))
151
+ end
153
152
  end
154
153
 
155
154
  #
@@ -291,21 +290,21 @@ module OpenIDConnectClient
291
290
  # @param string xml_string
292
291
  # @return object
293
292
  #
294
- def rsa_key_from_xml(xml_string)
295
- d = XML::Parser.string(xml_string).parse
296
- m = Base64.decode64(d.find_first('Modulus').content).unpack('H*')
297
- e = Base64.decode64(d.find_first('Exponent').content).unpack('H*')
293
+ def get_rsa_key(modulus, exponent)
294
+ #d = XML::Parser.string(xml_string).parse
295
+ m = Base64.decode64(modulus).unpack('H*')
296
+ e = Base64.decode64(exponent).unpack('H*')
298
297
 
299
- pub_key = OpenSSL::PKey::RSA.new
300
-
301
- #modules
302
- pub_key.n = OpenSSL::BN.new(m[0].hex.to_s)
303
-
304
- #exponent
305
- pub_key.e = OpenSSL::BN.new(e[0].hex.to_s)
306
-
307
- #return Public Key
308
- pub_key
298
+ pub_key = OpenSSL::PKey::RSA.new
299
+
300
+ #modules
301
+ pub_key.n = OpenSSL::BN.new(m[0].hex.to_s)
302
+
303
+ #exponent
304
+ pub_key.e = OpenSSL::BN.new(e[0].hex.to_s)
305
+
306
+ #return Public Key
307
+ pub_key
309
308
  end
310
309
 
311
310
  #
@@ -413,11 +412,11 @@ module OpenIDConnectClient
413
412
  # Generate and store a nonce in the session
414
413
  # The nonce is an arbitrary value
415
414
  nonce = random_string()
416
- @state[:openid_connect_nonce] = nonce
415
+ @state["openid_connect_nonce"] = nonce
417
416
 
418
417
  # State essentially acts as a session key for OIDC
419
418
  state = random_string()
420
- @state[:openid_connect_state] = state
419
+ @state["openid_connect_state"] = state
421
420
 
422
421
  @auth_params = @auth_params.merge({
423
422
  response_type: response_type,
@@ -454,7 +453,7 @@ module OpenIDConnectClient
454
453
  token_endpoint = get_provider_config_value(:token_endpoint)
455
454
  grant_type = "authorization_code"
456
455
 
457
- token_params = {
456
+ tokemoduluss = {
458
457
  grant_type: grant_type,
459
458
  code: code,
460
459
  redirect_uri: @redirect_url,
@@ -463,9 +462,9 @@ module OpenIDConnectClient
463
462
  }
464
463
 
465
464
  # Convert token params to string format
466
- token_params = http_build_query(token_params)
465
+ tokemoduluss = http_build_query(tokemoduluss)
467
466
 
468
- token_data = fetch_url(token_endpoint, token_params).body_str
467
+ token_data = fetch_url(token_endpoint, tokemoduluss).body_str
469
468
 
470
469
  unless token_data
471
470
  raise OpenIDConnectClientException, "Unable to get token data from the provider."
@@ -479,7 +478,7 @@ module OpenIDConnectClient
479
478
  end
480
479
 
481
480
  # Do an OpenID Connect session check
482
- unless @params[:state] == @state[:openid_connect_state]
481
+ unless @params["state"] == @state["openid_connect_state"]
483
482
  raise OpenIDConnectClientException, "Unable to determine state."
484
483
  end
485
484
 
@@ -570,7 +569,7 @@ module OpenIDConnectClient
570
569
  # @return void
571
570
  # @throws OpenIDConnectClientException
572
571
  #
573
- def register
572
+ def register()
574
573
  registration_endpoint = get_provider_config_value(:registration_endpoint)
575
574
 
576
575
  send_object = {
@@ -590,7 +589,7 @@ module OpenIDConnectClient
590
589
  if json_response[:client_id]
591
590
  @client_secret = json_response[:client_id]
592
591
  else
593
- raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them"
592
+ raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them."
594
593
  end
595
594
  end
596
595
 
data/lib/openid_connect_client/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OpenIDConnectClient
2
- VERSION = "0.1.3"
2
+ VERSION = "0.1.4"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect_client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rita Zerrizuela
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-19 00:00:00.000000000 Z
11
+ date: 2016-04-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler