selfsdk 0.0.128 → 0.0.133

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/acl.rb +1 -5
  3. data/lib/client.rb +1 -0
  4. data/lib/jwt_service.rb +3 -1
  5. data/lib/messages/attestation.rb +4 -3
  6. data/lib/messages/base.rb +5 -4
  7. data/lib/messaging.rb +1 -1
  8. data/lib/services/auth.rb +5 -7
  9. data/lib/services/identity.rb +3 -2
  10. data/lib/signature_graph.rb +17 -17
  11. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 125110bf24194be23beb2ef32eaffc67cdd4fb0f0124c8b6bc2da283fc7cf999
4
- data.tar.gz: f058e20f529c0c71480b673cb78d511bee67056a2c8aa215663552443311be4d
3
+ metadata.gz: b0b0d98353e921f104b67c05456975e12135f7c9ce67b285f962cffd11b30c5e
4
+ data.tar.gz: 82d0dac60ed6ec6bd31f0ea7ef9d01ab8dda4a3bdd3f9d4912073953c53676b0
5
5
  SHA512:
6
- metadata.gz: 1748a529d80ef342b18d4a8a8e9b2ab14191d478ce7d431c5ce192ac6052e05a20b62cc27851cc3f890eacbef65fe2f4850a934d99a50f3879f90698b6abbd86
7
- data.tar.gz: 1648159549fa5474b98a141a7df7fe2901a50f0472e9e0cc03da0e65ab923ed52c8589344b34aff25b9dd9c32e1ad9e9abe65ed6b52c11364520139dde1aae61
6
+ metadata.gz: a30410ab97a325f40ee84f465eac9a15972a188916b3633c08a2d02ef4f07ef528be69446a8189c06e037a90a12b8085e4c4b9de3e686fc0f6eba8335005ad91
7
+ data.tar.gz: 70091f9d604789568e96d36c86a094093bfbf872dcec0c768e674bf6b01f8f480822e18ddc09027380187337767b55d798919cc823172d829df24a38e3f53fcb
data/lib/acl.rb CHANGED
@@ -14,11 +14,7 @@ module SelfSDK
14
14
  # Lists allowed connections.
15
15
  def list
16
16
  SelfSDK.logger.info "Listing allowed connections"
17
- rules = {}
18
- @messaging.list_acl_rules.each do |c|
19
- rules[c['acl_source']] = DateTime.parse(c['acl_exp'])
20
- end
21
- rules
17
+ @messaging.list_acl_rules
22
18
  end
23
19
 
24
20
  # Allows incomming messages from the given identity.
data/lib/client.rb CHANGED
@@ -59,6 +59,7 @@ module SelfSDK
59
59
  # Lists all public keys stored on self for the given ID
60
60
  #
61
61
  # @param id [string] identity id
62
+ # DEPRECATED
62
63
  def public_keys(id)
63
64
  i = entity(id)
64
65
  i[:public_keys]
data/lib/jwt_service.rb CHANGED
@@ -71,7 +71,9 @@ module SelfSDK
71
71
  if verify_key.verify(decode(payload[:signature]), "#{payload[:protected]}.#{payload[:payload]}")
72
72
  return true
73
73
  end
74
- rescue StandardError
74
+ false
75
+ rescue StandardError => e
76
+ SelfSDK.logger.info e
75
77
  false
76
78
  end
77
79
 
data/lib/messages/attestation.rb CHANGED
@@ -15,7 +15,8 @@ module SelfSDK
15
15
  @to = payload[:sub]
16
16
  @audience = payload[:aud]
17
17
  @source = payload[:source]
18
- @verified = valid_signature?(attestation)
18
+ header = JSON.parse(@messaging.jwt.decode(attestation[:protected]), symbolize_names: true)
19
+ @verified = valid_signature?(attestation, header[:kid])
19
20
  @expected_value = payload[:expected_value]
20
21
  @operator = payload[:operator]
21
22
  @fact_name = name.to_s
@@ -24,8 +25,8 @@ module SelfSDK
24
25
  end
25
26
  end
26
27
 
27
- def valid_signature?(body)
28
- k = @messaging.client.public_keys(@origin).first[:key]
28
+ def valid_signature?(body, kid)
29
+ k = @messaging.client.public_key(@origin, kid).raw_public_key
29
30
  raise ::StandardError.new("invalid signature") unless @messaging.jwt.verify(body, k)
30
31
 
31
32
  true
data/lib/messages/base.rb CHANGED
@@ -72,14 +72,15 @@ module SelfSDK
72
72
 
73
73
  jwt = JSON.parse(body, symbolize_names: true)
74
74
  payload = JSON.parse(@jwt.decode(jwt[:payload]), symbolize_names: true)
75
+ header = JSON.parse(@jwt.decode(jwt[:protected]), symbolize_names: true)
75
76
  @from = payload[:iss]
76
- verify! jwt
77
+ verify! jwt, header[:kid]
77
78
  payload
78
79
  end
79
80
 
80
- def verify!(jwt)
81
- k = @client.public_keys(@from).first[:key]
82
- return if @jwt.verify(jwt, k)
81
+ def verify!(input, kid)
82
+ k = @client.public_key(@from, kid).raw_public_key
83
+ return if @jwt.verify(input, k)
83
84
 
84
85
  SelfSDK.logger.info "skipping message, invalid signature"
85
86
  raise ::StandardError.new("invalid signature on incoming message")
data/lib/messaging.rb CHANGED
@@ -44,7 +44,7 @@ module SelfSDK
44
44
  @offset_file = "#{@storage_dir}/#{@jwt.id}:#{@device_id}.offset"
45
45
  @offset = read_offset
46
46
 
47
- FileUtils.mkdir_p @storage_dir unless File.exists? @storage_dir
47
+ FileUtils.mkdir_p @storage_dir unless File.exist? @storage_dir
48
48
 
49
49
  if options.include? :ws
50
50
  @ws = options[:ws]
data/lib/services/auth.rb CHANGED
@@ -82,11 +82,11 @@ module SelfSDK
82
82
  body = @client.jwt.encode(request(selfid, opts))
83
83
 
84
84
  if @client.env.empty?
85
- return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app"
85
+ return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app"
86
86
  elsif @client.env == 'development'
87
- return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.dev"
87
+ return "https://joinself.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.dev"
88
88
  end
89
- "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.#{@client.env}"
89
+ "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=com.joinself.app.#{@client.env}"
90
90
  end
91
91
 
92
92
  # Adds an observer for an authentication response
@@ -115,6 +115,7 @@ module SelfSDK
115
115
  def valid_payload(response)
116
116
  parse_payload(response)
117
117
  rescue StandardError => e
118
+ SelfSDK.logger.error e
118
119
  uuid = ""
119
120
  uuid = response[:cid] unless response.nil?
120
121
  SelfSDK.logger.error "error checking authentication for #{uuid} : #{e.message}"
@@ -153,10 +154,7 @@ module SelfSDK
153
154
  identity = @client.entity(payload[:sub])
154
155
  return if identity.nil?
155
156
 
156
- identity[:public_keys].each do |key|
157
- return payload if @client.jwt.verify(jws, key[:key])
158
- end
159
- nil
157
+ return payload
160
158
  end
161
159
  end
162
160
  end
data/lib/services/identity.rb CHANGED
@@ -27,9 +27,10 @@ module SelfSDK
27
27
  # Gets an identity public keys
28
28
  #
29
29
  # @param [String] selfid gets the identity details (app/user)
30
+ # @param [String] kid the public key id.
30
31
  # @return [Array] with the identity public keys
31
- def public_keys(selfid)
32
- @client.public_keys(selfid)
32
+ def public_key(selfid, kid)
33
+ @client.public_key(selfid, kid).public_key
33
34
  end
34
35
 
35
36
  # Gets an app/identity details
data/lib/signature_graph.rb CHANGED
@@ -9,7 +9,7 @@ module SelfSDK
9
9
  ACTION_REVOKE = "key.revoke"
10
10
  KEY_TYPE_DEVICE = "device.key"
11
11
  KEY_TYPE_RECOVERY = "recovery.key"
12
-
12
+
13
13
  class Operation
14
14
 
15
15
  attr_reader :sequence, :previous, :timestamp, :actions, :signing_key, :jws
@@ -46,7 +46,7 @@ module SelfSDK
46
46
  def revokes(kid)
47
47
  @actions.each do |action|
48
48
  if action[:kid] == kid && action[:action] == ACTION_REVOKE
49
- return true
49
+ return true
50
50
  end
51
51
  end
52
52
  return false
@@ -64,8 +64,8 @@ module SelfSDK
64
64
  @created = action[:from]
65
65
  @revoked = 0
66
66
 
67
- @raw_public_key = Base64.urlsafe_decode64(action[:key])
68
- @public_key = Ed25519::VerifyKey.new(@raw_public_key)
67
+ @raw_public_key = action[:key]
68
+ @public_key = Ed25519::VerifyKey.new(Base64.urlsafe_decode64(@raw_public_key))
69
69
 
70
70
  @incoming = Array.new
71
71
  @outgoing = Array.new
@@ -104,7 +104,7 @@ module SelfSDK
104
104
  @recovery_key = nil
105
105
 
106
106
  history.each do |operation|
107
- execute(operation)
107
+ execute(operation)
108
108
  end
109
109
  end
110
110
 
@@ -124,10 +124,10 @@ module SelfSDK
124
124
  op = Operation.new(operation)
125
125
 
126
126
  raise "operation sequence is out of order" if op.sequence != @operations.length
127
-
128
- if op.sequence > 0
127
+
128
+ if op.sequence > 0
129
129
  if @signatures[op.previous] != op.sequence - 1
130
- raise "operation previous signature does not match"
130
+ raise "operation previous signature does not match"
131
131
  end
132
132
 
133
133
  if @operations[op.sequence - 1].timestamp >= op.timestamp
@@ -135,7 +135,7 @@ module SelfSDK
135
135
  end
136
136
 
137
137
  sk = @keys[op.signing_key]
138
-
138
+
139
139
  raise "operation specifies a signing key that does not exist" if sk.nil?
140
140
 
141
141
  if sk.revoked? && op.timestamp > sk.revoked
@@ -144,7 +144,7 @@ module SelfSDK
144
144
 
145
145
  if sk.type == KEY_TYPE_RECOVERY && op.revokes(op.signing_key) != true
146
146
  raise "account recovery operation does not revoke the current active recovery key"
147
- end
147
+ end
148
148
  end
149
149
 
150
150
  execute_actions(op)
@@ -154,7 +154,7 @@ module SelfSDK
154
154
  raise "operation specifies a signing key that does not exist" if sk.nil?
155
155
 
156
156
  if op.timestamp < sk.created || sk.revoked? && op.timestamp > sk.revoked
157
- raise "operation was signed with a key that was revoked"
157
+ raise "operation was signed with a key that was revoked"
158
158
  end
159
159
 
160
160
  sig = Base64.urlsafe_decode64(op.jws[:signature])
@@ -198,9 +198,9 @@ module SelfSDK
198
198
  end
199
199
 
200
200
  if action[:from] < 0
201
- raise "operation action does not provide a valid timestamp for the action to take effect from"
201
+ raise "operation action does not provide a valid timestamp for the action to take effect from"
202
202
  end
203
-
203
+
204
204
  case action[:action]
205
205
  when ACTION_ADD
206
206
  action[:from] = op.timestamp
@@ -213,7 +213,7 @@ module SelfSDK
213
213
 
214
214
  def add(operation, action)
215
215
  if @keys[action[:kid]].nil? != true
216
- raise "operation contains a key with a duplicate identifier"
216
+ raise "operation contains a key with a duplicate identifier"
217
217
  end
218
218
 
219
219
  k = Key.new(action)
@@ -226,7 +226,7 @@ module SelfSDK
226
226
  end
227
227
  when KEY_TYPE_RECOVERY
228
228
  unless @recovery_key.nil?
229
- raise "operation contains more than one active recovery key" unless @recovery_key.revoked?
229
+ raise "operation contains more than one active recovery key" unless @recovery_key.revoked?
230
230
  end
231
231
 
232
232
  @recovery_key = k
@@ -239,7 +239,7 @@ module SelfSDK
239
239
  @root = k
240
240
  return
241
241
  end
242
-
242
+
243
243
  parent = @keys[operation.signing_key]
244
244
 
245
245
  raise "operation specifies a signing key that does not exist" if parent.nil?
@@ -271,7 +271,7 @@ module SelfSDK
271
271
 
272
272
  return
273
273
  end
274
-
274
+
275
275
  k.child_keys.each do |ck|
276
276
  ck.revoke(action[:from]) unless ck.created < action[:from]
277
277
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: selfsdk
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.128
4
+ version: 0.0.133
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aldgate Ventures
@@ -328,7 +328,8 @@ files:
328
328
  - lib/signature_graph.rb
329
329
  - lib/sources.rb
330
330
  homepage: https://www.joinself.com/
331
- licenses: []
331
+ licenses:
332
+ - MIT
332
333
  metadata: {}
333
334
  post_install_message:
334
335
  rdoc_options: []