RubyGems - safety_net_attestation - Versions diffs - 0.3.0 → 0.4.0 - Mend

safety_net_attestation 0.3.0 → 0.4.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -0
data/Gemfile.lock +1 -1
data/lib/safety_net_attestation.rb +4 -3
data/lib/safety_net_attestation/statement.rb +8 -8
data/lib/safety_net_attestation/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ccbadd15213737c97c7380d54fbf0b742f33aec05897ae6e7c2f51fe114f487
-  data.tar.gz: e0fe5abd1f16f7b084b53431108defbc1d534d8061ec7d0363674b0ad207fd08
+  metadata.gz: 5116645ce8afe8172658cd294571bb6cef9921579f86ca8b8b8e9cb9d44620d4
+  data.tar.gz: 9cbf7c06202bc80ffa7e2f151c354f3a89ab75048cec8b064096840ece5a68e7
 SHA512:
-  metadata.gz: d2f0413cb1b611f2bb0319da23002edb5f695119badb401fdef6af4e225e9a5cd778af31e0cf4af4ab228fca8c322763eb806d35ef21fa29cd7080edddbc318c
-  data.tar.gz: 6327628183000d2110361284af325cc210f7d45da9af7da755cde2b108e9ac4858e40b6028b71f46c864be58b3bb72736dab8a5cf0bdc1f1a6235745f44b187b
+  metadata.gz: 359e37de75eebdf4198e79996f15ab7cc5d24e34cd664e34136b8a0d6f385729b696f541c40ca4dce14f2f2848082ef4ad4779d0a3c97386b91e291c1913339a
+  data.tar.gz: d2467423824192b293507131a2957e512a9c412ed762c6444359d1605edfe3f3cb837ed167245994d367ba2b37774cfac112018e1a998c39298d06ef279e51bb

data/CHANGELOG.md CHANGED

@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.4.0] - 2019-12-29
+### Fixed
+- Root certificate loading when this gem is used as a dependency
+### Changed
+- Rename `Statement#certificates` to `Statement#certificate_chain`
 ## [0.3.0] - 2019-12-29
 ### Added
 - `Statement#certificates` exposes the certificate chain used during verification
@@ -21,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Extracted from [webauthn-ruby](https://github.com/cedarcode/webauthn-ruby) after discussion with the maintainers. Thanks for the feedback @grzuy and @brauliomartinezlm!
 [Unreleased]: https://github.com/bdewater/safety_net_attestation/compare/v0.1.0...HEAD
+[0.4.0]: https://github.com/bdewater/safety_net_attestation/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/bdewater/safety_net_attestation/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/bdewater/safety_net_attestation/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/bdewater/safety_net_attestation/releases/tag/v0.1.0

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    safety_net_attestation (0.3.0)
+    safety_net_attestation (0.4.0)
       jwt (~> 2.0)
 GEM

data/lib/safety_net_attestation.rb CHANGED

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
-require_relative "safety_net_attestation/statement"
-require_relative "safety_net_attestation/version"
 module SafetyNetAttestation
+  GEM_ROOT = File.expand_path(__dir__)
 end
+require_relative "safety_net_attestation/statement"
+require_relative "safety_net_attestation/version"

data/lib/safety_net_attestation/statement.rb CHANGED

@@ -10,7 +10,7 @@ require_relative "x5c_key_finder"
 module SafetyNetAttestation
   class Statement
     GOOGLE_ROOT_CERTIFICATES = Dir.glob(
-      File.join(Dir.getwd, "lib", "safety_net_attestation", "certificates", "*.*")
+      File.join(SafetyNetAttestation::GEM_ROOT, "safety_net_attestation", "certificates", "*.*")
     ).map do |path|
       file = File.binread(path)
       OpenSSL::X509::Certificate.new(file)
@@ -25,22 +25,22 @@ module SafetyNetAttestation
     end
     def verify(nonce, timestamp_leeway: 60, trusted_certificates: GOOGLE_ROOT_CERTIFICATES, time: Time.now)
-      certificates = nil
+      certificate_chain = nil
       response, _ = JWT.decode(@jws_result, nil, true, algorithms: ["ES256", "RS256"]) do |headers|
         x5c_certificates = headers["x5c"].map do |encoded|
           OpenSSL::X509::Certificate.new(Base64.strict_decode64(encoded))
         end
-        certificates = X5cKeyFinder.from(x5c_certificates, trusted_certificates, time: time)
-        certificates.first.public_key
+        certificate_chain = X5cKeyFinder.from(x5c_certificates, trusted_certificates, time: time)
+        certificate_chain.first.public_key
       end
-      verify_certificate_subject(certificates.first)
+      verify_certificate_subject(certificate_chain.first)
       verify_nonce(response, nonce)
       verify_timestamp(response, timestamp_leeway, time)
       @json = response
-      @certificates = certificates
+      @certificate_chain = certificate_chain
       self
     end
@@ -80,10 +80,10 @@ module SafetyNetAttestation
       json["advice"]&.split(",")
     end
-    def certificates
+    def certificate_chain
       raise NotVerifiedError unless json
-      @certificates
+      @certificate_chain
     end
     private

data/lib/safety_net_attestation/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module SafetyNetAttestation
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: safety_net_attestation
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Bart de Water
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-12-29 00:00:00.000000000 Z
+date: 2019-12-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt