openid_connect_client 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/openid_connect_client.rb +41 -42
- data/lib/openid_connect_client/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a04420f4fb5cb30857d4c300665ea22be333e357
|
|
4
|
+
data.tar.gz: 567b669805a9105c167f12af02aa90c208239381
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c460a20702cd1039dc2624ce76b9aae80a7aa8e8c911ce151d06d2df7e0ed82deb65e6498d7dc8eb420985092251ef1452be274ea67184cccb528aa19d7006ad
|
|
7
|
+
data.tar.gz: 86198e72f63dadbbe5e73745e2014f556e36f168c454df587efda5fcb6ff0ef72d54ad9fd878f0550a6d526af16998da31c40aafebc5f6bccad3197d2c5c52ba
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
require "openid_connect_client/version"
|
|
2
|
-
|
|
3
1
|
module OpenIDConnectClient
|
|
4
2
|
class OpenIDConnectClientException < Exception
|
|
5
3
|
end
|
|
@@ -10,7 +8,6 @@ module OpenIDConnectClient
|
|
|
10
8
|
require 'cgi'
|
|
11
9
|
require 'base64'
|
|
12
10
|
require 'openssl'
|
|
13
|
-
# require 'xml/libxml'
|
|
14
11
|
require 'curb'
|
|
15
12
|
|
|
16
13
|
|
|
@@ -22,7 +19,7 @@ module OpenIDConnectClient
|
|
|
22
19
|
# @return void
|
|
23
20
|
# @throws OpenIDConnectClientException
|
|
24
21
|
#
|
|
25
|
-
def get_provider_config
|
|
22
|
+
def get_provider_config()
|
|
26
23
|
|
|
27
24
|
well_known_config_response = fetch_url(@well_known_config_url).body_str
|
|
28
25
|
|
|
@@ -127,21 +124,19 @@ module OpenIDConnectClient
|
|
|
127
124
|
unless key["n"] and key["e"]
|
|
128
125
|
raise OpenIDConnectClientException, "Malformed key object."
|
|
129
126
|
end
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
key = rsa_key_from_xml(public_key_xml)
|
|
144
|
-
key.public_key.verify(digest, signature, payload)
|
|
127
|
+
|
|
128
|
+
digest = case hashtype
|
|
129
|
+
when 'md2' then OpenSSL::Digest::MD2.new
|
|
130
|
+
when 'md5' then OpenSSL::Digest::MD5.new
|
|
131
|
+
when 'sha1' then OpenSSL::Digest::SHA1.new
|
|
132
|
+
when 'sha256' then OpenSSL::Digest::SHA256.new
|
|
133
|
+
when 'sha384' then OpenSSL::Digest::SHA384.new
|
|
134
|
+
when 'sha512' then OpenSSL::Digest::SHA512.new
|
|
135
|
+
else OpenSSL::Digest::SHA256.new
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
key = get_rsa_key(url_safe_base64(key["n"]), url_safe_base64(key["e"]))
|
|
139
|
+
key.public_key.verify(digest, signature, payload)
|
|
145
140
|
end
|
|
146
141
|
|
|
147
142
|
#
|
|
@@ -149,7 +144,11 @@ module OpenIDConnectClient
|
|
|
149
144
|
# @return bool
|
|
150
145
|
#
|
|
151
146
|
def verify_JWT_claims(claims)
|
|
152
|
-
|
|
147
|
+
if claims["nonce"]
|
|
148
|
+
return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)) and (claims["nonce"] == @state["openid_connect_nonce"]))
|
|
149
|
+
else
|
|
150
|
+
return (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)))
|
|
151
|
+
end
|
|
153
152
|
end
|
|
154
153
|
|
|
155
154
|
#
|
|
@@ -291,21 +290,21 @@ module OpenIDConnectClient
|
|
|
291
290
|
# @param string xml_string
|
|
292
291
|
# @return object
|
|
293
292
|
#
|
|
294
|
-
def
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
293
|
+
def get_rsa_key(modulus, exponent)
|
|
294
|
+
#d = XML::Parser.string(xml_string).parse
|
|
295
|
+
m = Base64.decode64(modulus).unpack('H*')
|
|
296
|
+
e = Base64.decode64(exponent).unpack('H*')
|
|
298
297
|
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
298
|
+
pub_key = OpenSSL::PKey::RSA.new
|
|
299
|
+
|
|
300
|
+
#modules
|
|
301
|
+
pub_key.n = OpenSSL::BN.new(m[0].hex.to_s)
|
|
302
|
+
|
|
303
|
+
#exponent
|
|
304
|
+
pub_key.e = OpenSSL::BN.new(e[0].hex.to_s)
|
|
305
|
+
|
|
306
|
+
#return Public Key
|
|
307
|
+
pub_key
|
|
309
308
|
end
|
|
310
309
|
|
|
311
310
|
#
|
|
@@ -413,11 +412,11 @@ module OpenIDConnectClient
|
|
|
413
412
|
# Generate and store a nonce in the session
|
|
414
413
|
# The nonce is an arbitrary value
|
|
415
414
|
nonce = random_string()
|
|
416
|
-
@state[
|
|
415
|
+
@state["openid_connect_nonce"] = nonce
|
|
417
416
|
|
|
418
417
|
# State essentially acts as a session key for OIDC
|
|
419
418
|
state = random_string()
|
|
420
|
-
@state[
|
|
419
|
+
@state["openid_connect_state"] = state
|
|
421
420
|
|
|
422
421
|
@auth_params = @auth_params.merge({
|
|
423
422
|
response_type: response_type,
|
|
@@ -454,7 +453,7 @@ module OpenIDConnectClient
|
|
|
454
453
|
token_endpoint = get_provider_config_value(:token_endpoint)
|
|
455
454
|
grant_type = "authorization_code"
|
|
456
455
|
|
|
457
|
-
|
|
456
|
+
tokemoduluss = {
|
|
458
457
|
grant_type: grant_type,
|
|
459
458
|
code: code,
|
|
460
459
|
redirect_uri: @redirect_url,
|
|
@@ -463,9 +462,9 @@ module OpenIDConnectClient
|
|
|
463
462
|
}
|
|
464
463
|
|
|
465
464
|
# Convert token params to string format
|
|
466
|
-
|
|
465
|
+
tokemoduluss = http_build_query(tokemoduluss)
|
|
467
466
|
|
|
468
|
-
token_data = fetch_url(token_endpoint,
|
|
467
|
+
token_data = fetch_url(token_endpoint, tokemoduluss).body_str
|
|
469
468
|
|
|
470
469
|
unless token_data
|
|
471
470
|
raise OpenIDConnectClientException, "Unable to get token data from the provider."
|
|
@@ -479,7 +478,7 @@ module OpenIDConnectClient
|
|
|
479
478
|
end
|
|
480
479
|
|
|
481
480
|
# Do an OpenID Connect session check
|
|
482
|
-
unless @params[
|
|
481
|
+
unless @params["state"] == @state["openid_connect_state"]
|
|
483
482
|
raise OpenIDConnectClientException, "Unable to determine state."
|
|
484
483
|
end
|
|
485
484
|
|
|
@@ -570,7 +569,7 @@ module OpenIDConnectClient
|
|
|
570
569
|
# @return void
|
|
571
570
|
# @throws OpenIDConnectClientException
|
|
572
571
|
#
|
|
573
|
-
def register
|
|
572
|
+
def register()
|
|
574
573
|
registration_endpoint = get_provider_config_value(:registration_endpoint)
|
|
575
574
|
|
|
576
575
|
send_object = {
|
|
@@ -590,7 +589,7 @@ module OpenIDConnectClient
|
|
|
590
589
|
if json_response[:client_id]
|
|
591
590
|
@client_secret = json_response[:client_id]
|
|
592
591
|
else
|
|
593
|
-
raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them"
|
|
592
|
+
raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them."
|
|
594
593
|
end
|
|
595
594
|
end
|
|
596
595
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect_client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rita Zerrizuela
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
11
|
+
date: 2016-04-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|