RubyGems - smart-id-ruby-client - Versions diffs - 0.1.0 - Mend

smart-id-ruby-client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

data/lib/smart_id_ruby/flows/certificate_by_document_number_request_builder.rb ADDED Viewed

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+require "base64"
+require "openssl"
+module SmartIdRuby
+  module Flows
+    # Builds certificate by document number requests.
+    class CertificateByDocumentNumberRequestBuilder < BaseBuilder
+      BASE64_PATTERN = /\A[A-Za-z0-9+\/]+={0,2}\z/
+      SUPPORTED_STATES = %w[OK DOCUMENT_UNUSABLE].freeze
+      CERTIFICATE_LEVEL_ORDER = {
+        "ADVANCED" => 1,
+        "QUALIFIED" => 2,
+        "QSCD" => 2
+      }.freeze
+      DEFAULT_CERTIFICATE_LEVEL = "QUALIFIED"
+      def initialize(connector)
+        super(connector)
+        @document_number = nil
+        @certificate_level = DEFAULT_CERTIFICATE_LEVEL
+      end
+      def with_document_number(document_number)
+        @document_number = document_number
+        self
+      end
+      def with_certificate_level(certificate_level)
+        @certificate_level = certificate_level
+        self
+      end
+      def get_certificate_by_document_number
+        validate_request_parameters
+        request = create_request
+        response = connector.get_certificate_by_document_number(@document_number, request)
+        validate_response_parameters(response)
+        cert = fetch_value(response, :cert)
+        cert_level = fetch_value(cert, :certificateLevel).to_s
+        cert_value = fetch_value(cert, :value).to_s
+        {
+          certificate_level: cert_level,
+          certificate: OpenSSL::X509::Certificate.new(Base64.strict_decode64(cert_value))
+        }
+      end
+      private
+      def create_request
+        {
+          relyingPartyUUID: relying_party_uuid,
+          relyingPartyName: relying_party_name,
+          certificateLevel: @certificate_level&.to_s
+        }.compact
+      end
+      def validate_request_parameters
+        if blank?(@document_number)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'documentNumber' cannot be empty"
+        end
+        if blank?(relying_party_uuid)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyUUID' cannot be empty"
+        end
+        if blank?(relying_party_name)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyName' cannot be empty"
+        end
+      end
+      def validate_response_parameters(response)
+        if response.nil?
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response is not provided"
+        end
+        validate_state(response)
+        cert = fetch_value(response, :cert)
+        if cert.nil?
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response field 'cert' is missing"
+        end
+        validate_certificate_level(cert)
+        validate_certificate_value(cert)
+      end
+      def validate_state(response)
+        state = fetch_value(response, :state)
+        if blank?(state)
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response field 'state' is missing"
+        end
+        unless SUPPORTED_STATES.include?(state)
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response field 'state' has unsupported value"
+        end
+        if state == "DOCUMENT_UNUSABLE"
+          raise SmartIdRuby::Errors::DocumentUnusableError
+        end
+      end
+      def validate_certificate_level(cert)
+        response_level = fetch_value(cert, :certificateLevel)
+        if blank?(response_level)
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response field 'cert.certificateLevel' is missing"
+        end
+        unless CERTIFICATE_LEVEL_ORDER.key?(response_level)
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Queried certificate response field 'cert.certificateLevel' has unsupported value"
+        end
+        requested_level = @certificate_level.nil? ? DEFAULT_CERTIFICATE_LEVEL : @certificate_level.to_s
+        if CERTIFICATE_LEVEL_ORDER[response_level] < CERTIFICATE_LEVEL_ORDER.fetch(requested_level, CERTIFICATE_LEVEL_ORDER[DEFAULT_CERTIFICATE_LEVEL])
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate has lower level than requested"
+        end
+      end
+      def validate_certificate_value(cert)
+        cert_value = fetch_value(cert, :value)
+        if blank?(cert_value)
+          raise SmartIdRuby::Errors::UnprocessableResponseError, "Queried certificate response field 'cert.value' is missing"
+        end
+        return if BASE64_PATTERN.match?(cert_value)
+        raise SmartIdRuby::Errors::UnprocessableResponseError,
+              "Queried certificate response field 'cert.value' does not have Base64-encoded value"
+      end
+    end
+  end
+end

data/lib/smart_id_ruby/flows/device_link_authentication_session_request_builder.rb ADDED Viewed

@@ -0,0 +1,208 @@
+# frozen_string_literal: true
+require "base64"
+module SmartIdRuby
+  module Flows
+    # Builds device link authentication session requests.
+    class DeviceLinkAuthenticationSessionRequestBuilder < BaseBuilder
+      INITIAL_CALLBACK_URL_PATTERN = %r{\Ahttps://[^|]+\z}
+      RP_CHALLENGE_MIN_LENGTH = 44
+      RP_CHALLENGE_MAX_LENGTH = 88
+      attr_reader :authentication_session_request
+      def initialize(connector)
+        super(connector)
+        @certificate_level = "QUALIFIED"
+        @signature_algorithm = "rsassa-pss"
+        @hash_algorithm = "SHA3-512"
+        @interactions = nil
+        @share_md_client_ip_address = nil
+        @capabilities = nil
+        @semantics_identifier = nil
+        @document_number = nil
+        @initial_callback_url = nil
+        @rp_challenge = nil
+      end
+      def with_certificate_level(certificate_level)
+        @certificate_level = certificate_level
+        self
+      end
+      def with_rp_challenge(rp_challenge)
+        @rp_challenge = rp_challenge
+        self
+      end
+      def with_signature_algorithm(signature_algorithm)
+        @signature_algorithm = signature_algorithm
+        self
+      end
+      def with_hash_algorithm(hash_algorithm)
+        @hash_algorithm = hash_algorithm
+        self
+      end
+      def with_interactions(interactions)
+        @interactions = interactions
+        self
+      end
+      def with_share_md_client_ip_address(share_md_client_ip_address)
+        @share_md_client_ip_address = share_md_client_ip_address
+        self
+      end
+      def with_capabilities(*capabilities)
+        @capabilities = normalize_capabilities(capabilities, strip: false, reject_empty: false)
+        self
+      end
+      def with_semantics_identifier(semantics_identifier)
+        @semantics_identifier = semantics_identifier
+        self
+      end
+      def with_document_number(document_number)
+        @document_number = document_number
+        self
+      end
+      def with_initial_callback_url(initial_callback_url)
+        @initial_callback_url = initial_callback_url
+        self
+      end
+      def init_authentication_session
+        validate_request_parameters
+        request = create_authentication_request
+        response = init_session(request)
+        validate_response_parameters(response)
+        @authentication_session_request = request
+        SmartIdRuby::Models::DeviceLinkSessionResponse.from_h(response)
+      end
+      private
+      def init_session(request)
+        if @semantics_identifier && @document_number
+          raise SmartIdRuby::Errors::RequestSetupError, "Only one of 'semanticsIdentifier' or 'documentNumber' may be set"
+        end
+        if @semantics_identifier
+          connector.init_device_link_authentication(request, @semantics_identifier)
+        elsif @document_number
+          connector.init_device_link_authentication_with_document(request, @document_number)
+        else
+          connector.init_anonymous_device_link_authentication(request)
+        end
+      end
+      def validate_request_parameters
+        if blank?(relying_party_uuid)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyUUID' cannot be empty"
+        end
+        if blank?(relying_party_name)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyName' cannot be empty"
+        end
+        validate_signature_parameters
+        validate_interactions
+        validate_initial_callback_url
+      end
+      def validate_signature_parameters
+        raise SmartIdRuby::Errors::RequestSetupError, "Value for 'rpChallenge' cannot be empty" if blank?(@rp_challenge)
+        begin
+          Base64.strict_decode64(@rp_challenge)
+        rescue ArgumentError
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'rpChallenge' must be Base64-encoded string"
+        end
+        unless @rp_challenge.length.between?(RP_CHALLENGE_MIN_LENGTH, RP_CHALLENGE_MAX_LENGTH)
+          raise SmartIdRuby::Errors::RequestSetupError,
+                "Value for 'rpChallenge' must have length between #{RP_CHALLENGE_MIN_LENGTH} and #{RP_CHALLENGE_MAX_LENGTH} characters"
+        end
+        if @signature_algorithm.nil?
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'signatureAlgorithm' must be set"
+        end
+        if @hash_algorithm.nil?
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'hashAlgorithm' must be set"
+        end
+      end
+      def validate_interactions
+        normalized_interactions = normalize_interactions(@interactions)
+        if normalized_interactions.empty?
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'interactions' cannot be empty"
+        end
+        interaction_types = normalized_interactions.map { |interaction| interaction[:type] }
+        if interaction_types.any?(&:nil?)
+          raise SmartIdRuby::Errors::RequestSetupError, "Each interaction must include a 'type' value"
+        end
+        if interaction_types.uniq.length != interaction_types.length
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'interactions' cannot contain duplicate types"
+        end
+      end
+      def validate_initial_callback_url
+        return if blank?(@initial_callback_url)
+        return if INITIAL_CALLBACK_URL_PATTERN.match?(@initial_callback_url)
+        raise SmartIdRuby::Errors::RequestSetupError,
+              "Value for 'initialCallbackUrl' must match pattern ^https://[^|]+$ and must not contain unencoded vertical bars"
+      end
+      def create_authentication_request
+        {
+          relyingPartyUUID: relying_party_uuid,
+          relyingPartyName: relying_party_name,
+          certificateLevel: @certificate_level&.to_s,
+          signatureProtocol: "ACSP_V2",
+          signatureProtocolParameters: {
+            rpChallenge: @rp_challenge,
+            signatureAlgorithm: @signature_algorithm.to_s,
+            signatureAlgorithmParameters: {
+              hashAlgorithm: @hash_algorithm.to_s
+            }
+          },
+          interactions: encode_interactions(@interactions),
+          requestProperties: request_properties,
+          capabilities: @capabilities,
+          initialCallbackUrl: @initial_callback_url
+        }.compact
+      end
+      def request_properties
+        request_properties_for_share_md(@share_md_client_ip_address)
+      end
+      def validate_response_parameters(response)
+        if blank?(fetch_value(response, :sessionID))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link authentication session initialisation response field 'sessionID' is missing or empty"
+        end
+        if blank?(fetch_value(response, :sessionToken))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link authentication session initialisation response field 'sessionToken' is missing or empty"
+        end
+        if blank?(fetch_value(response, :sessionSecret))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link authentication session initialisation response field 'sessionSecret' is missing or empty"
+        end
+        if blank?(fetch_value(response, :deviceLinkBase))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link authentication session initialisation response field 'deviceLinkBase' is missing or empty"
+        end
+      end
+    end
+  end
+end

data/lib/smart_id_ruby/flows/device_link_certificate_choice_session_request_builder.rb ADDED Viewed

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+module SmartIdRuby
+  module Flows
+    # Builds device link certificate choice session requests.
+    class DeviceLinkCertificateChoiceSessionRequestBuilder < BaseBuilder
+      INITIAL_CALLBACK_URL_PATTERN = %r{\Ahttps://[^|]+\z}
+      NONCE_MAX_LENGTH = 30
+      def initialize(connector)
+        super(connector)
+        @certificate_level = nil
+        @nonce = nil
+        @capabilities = nil
+        @share_md_client_ip_address = nil
+        @initial_callback_url = nil
+      end
+      def with_certificate_level(certificate_level)
+        @certificate_level = certificate_level
+        self
+      end
+      def with_nonce(nonce)
+        @nonce = nonce
+        self
+      end
+      def with_capabilities(*capabilities)
+        @capabilities = normalize_capabilities(capabilities)
+        self
+      end
+      def with_share_md_client_ip_address(share_md_client_ip_address)
+        @share_md_client_ip_address = share_md_client_ip_address
+        self
+      end
+      def with_initial_callback_url(initial_callback_url)
+        @initial_callback_url = initial_callback_url
+        self
+      end
+      def init_certificate_choice
+        validate_request_parameters
+        request = create_certificate_request
+        response = connector.init_device_link_certificate_choice(request)
+        validate_response_parameters(response)
+        SmartIdRuby::Models::DeviceLinkSessionResponse.from_h(response)
+      end
+      private
+      def validate_request_parameters
+        if blank?(relying_party_uuid)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyUUID' cannot be empty"
+        end
+        if blank?(relying_party_name)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'relyingPartyName' cannot be empty"
+        end
+        if !@nonce.nil? && (@nonce.empty? || @nonce.length > NONCE_MAX_LENGTH)
+          raise SmartIdRuby::Errors::RequestSetupError, "Value for 'nonce' must have length between 1 and 30 characters"
+        end
+        validate_initial_callback_url
+      end
+      def create_certificate_request
+        {
+          relyingPartyUUID: relying_party_uuid,
+          relyingPartyName: relying_party_name,
+          certificateLevel: @certificate_level&.to_s,
+          nonce: @nonce,
+          capabilities: @capabilities,
+          requestProperties: request_properties,
+          initialCallbackUrl: @initial_callback_url
+        }.compact
+      end
+      def request_properties
+        request_properties_for_share_md(@share_md_client_ip_address)
+      end
+      def validate_initial_callback_url
+        return if blank?(@initial_callback_url)
+        return if INITIAL_CALLBACK_URL_PATTERN.match?(@initial_callback_url)
+        raise SmartIdRuby::Errors::RequestSetupError,
+              "Value for 'initialCallbackUrl' must match pattern ^https://[^|]+$ and must not contain unencoded vertical bars"
+      end
+      def validate_response_parameters(response)
+        if blank?(fetch_value(response, :sessionID))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link certificate choice session initialisation response field 'sessionID' is missing or empty"
+        end
+        if blank?(fetch_value(response, :sessionToken))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link certificate choice session initialisation response field 'sessionToken' is missing or empty"
+        end
+        if blank?(fetch_value(response, :sessionSecret))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link certificate choice session initialisation response field 'sessionSecret' is missing or empty"
+        end
+        if blank?(fetch_value(response, :deviceLinkBase))
+          raise SmartIdRuby::Errors::UnprocessableResponseError,
+                "Device link certificate choice session initialisation response field 'deviceLinkBase' is missing or empty"
+        end
+      end
+    end
+  end
+end