u2f 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -1
- data/lib/u2f/register_response.rb +2 -2
- data/lib/u2f/sign_response.rb +2 -2
- data/lib/u2f/u2f.rb +17 -5
- data/lib/version.rb +1 -1
- data/spec/lib/register_response_spec.rb +14 -1
- data/spec/lib/u2f_spec.rb +1 -1
- data/spec/spec_helper.rb +9 -1
- metadata +37 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a03e6339d53e5e21893fa7c6224ab59ddf1d1384
|
4
|
+
data.tar.gz: 8410718b966db91eefb70b5e6f79c446483fa108
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26f289c893d9437b3d6ae14b101e8a155153bc5d3dfd2725b543ba5dbb8972b29fb576769820498ac5354ed8cebbb0832dc93b89f05c6ab5671922b37d648cbd
|
7
|
+
data.tar.gz: 5b998a653dcaaa557bec91273183acb42b7a75d6215ab0e7eee6833e0a785fc69a65f8969e41df5c34ea014164e41bba94b2a39979a1ec2bae6eae68ed42ffd0
|
data/README.md
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
# Ruby U2F
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/u2f.png)](http://badge.fury.io/rb/u2f)
|
4
|
+
[![Dependency Status](https://gemnasium.com/userbin/ruby-u2f.svg)](https://gemnasium.com/userbin/ruby-u2f)
|
5
|
+
[![security](https://hakiri.io/github/userbin/ruby-u2f/master.svg)](https://hakiri.io/github/userbin/ruby-u2f/master)
|
6
|
+
|
4
7
|
[![Build Status](https://travis-ci.org/userbin/ruby-u2f.png)](https://travis-ci.org/userbin/ruby-u2f)
|
5
8
|
[![Code Climate](https://codeclimate.com/github/userbin/ruby-u2f/badges/gpa.svg)](https://codeclimate.com/github/userbin/ruby-u2f)
|
6
9
|
[![Coverage Status](https://img.shields.io/coveralls/userbin/ruby-u2f.svg)](https://coveralls.io/r/userbin/ruby-u2f)
|
7
|
-
[![security](https://hakiri.io/github/userbin/ruby-u2f/master.svg)](https://hakiri.io/github/userbin/ruby-u2f/master)
|
8
10
|
|
9
11
|
Provides functionality for working with the server side aspects of the U2F
|
10
12
|
protocol as defined in the [FIDO specifications](http://fidoalliance.org/specifications/download). To read more about U2F and how to use a U2F library, visit [developers.yubico.com/U2F](http://developers.yubico.com/U2F).
|
@@ -17,11 +17,11 @@ module U2F
|
|
17
17
|
data = JSON.parse(json)
|
18
18
|
instance = new
|
19
19
|
instance.client_data_json =
|
20
|
-
|
20
|
+
::U2F.urlsafe_decode64(data['clientData'])
|
21
21
|
instance.client_data =
|
22
22
|
ClientData.load_from_json(instance.client_data_json)
|
23
23
|
instance.registration_data_raw =
|
24
|
-
|
24
|
+
::U2F.urlsafe_decode64(data['registrationData'])
|
25
25
|
instance
|
26
26
|
end
|
27
27
|
|
data/lib/u2f/sign_response.rb
CHANGED
@@ -6,12 +6,12 @@ module U2F
|
|
6
6
|
data = ::JSON.parse(json)
|
7
7
|
instance = new
|
8
8
|
instance.client_data_json =
|
9
|
-
|
9
|
+
::U2F.urlsafe_decode64(data['clientData'])
|
10
10
|
instance.client_data =
|
11
11
|
ClientData.load_from_json(instance.client_data_json)
|
12
12
|
instance.key_handle = data['keyHandle']
|
13
13
|
instance.signature_data =
|
14
|
-
|
14
|
+
::U2F.urlsafe_decode64(data['signatureData'])
|
15
15
|
instance
|
16
16
|
end
|
17
17
|
|
data/lib/u2f/u2f.rb
CHANGED
@@ -69,9 +69,10 @@ module U2F
|
|
69
69
|
# Validate public key
|
70
70
|
U2F.public_key_pem(response.public_key_raw)
|
71
71
|
|
72
|
-
|
73
|
-
|
74
|
-
|
72
|
+
# TODO:
|
73
|
+
# unless U2F.validate_certificate(response.certificate_raw)
|
74
|
+
# fail AttestationVerificationError
|
75
|
+
# end
|
75
76
|
|
76
77
|
fail AttestationSignatureError unless response.verify(app_id)
|
77
78
|
|
@@ -102,12 +103,23 @@ module U2F
|
|
102
103
|
pem
|
103
104
|
end
|
104
105
|
|
105
|
-
def self.validate_certificate(
|
106
|
+
# def self.validate_certificate(_certificate_raw)
|
106
107
|
# TODO
|
107
|
-
return true
|
108
108
|
# cacert = OpenSSL::X509::Certificate.new()
|
109
109
|
# cert = OpenSSL::X509::Certificate.new(certificate_raw)
|
110
110
|
# cert.verify(cacert.public_key)
|
111
|
+
# end
|
112
|
+
end
|
113
|
+
|
114
|
+
##
|
115
|
+
# Variant of Base64::urlsafe_base64 which adds padding if necessary
|
116
|
+
def self.urlsafe_decode64(string)
|
117
|
+
string = case string.length % 4
|
118
|
+
when 2 then string + '=='
|
119
|
+
when 3 then string + '='
|
120
|
+
else
|
121
|
+
string
|
111
122
|
end
|
123
|
+
Base64.urlsafe_decode64(string)
|
112
124
|
end
|
113
125
|
end
|
data/lib/version.rb
CHANGED
@@ -14,6 +14,10 @@ describe U2F::RegisterResponse do
|
|
14
14
|
'{ "registrationData": "BQQtEmhWVgvbh-8GpjsHbj_d5FB9iNoRL8mNEq34-ANufKWUpVdIj6BSB_m3eMoZ3GqnaDy3RA5eWP8mhTkT1Ht3QAk1GsmaPIQgXgvrBkCQoQtMFvmwYPfW5jpRgoMPFxquHS7MTt8lofZkWAK2caHD-YQQdaRBgd22yWIjPuWnHOcwggLiMIHLAgEBMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBDQTAeFw0xNDA1MTUxMjU4NTRaFw0xNDA2MTQxMjU4NTRaMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNsK2_Uhx1zOY9ym4eglBg2U5idUGU-dJK8mGr6tmUQflaNxkQo6IOc-kV4T6L44BXrVeqN-dpCPr-KKlLYw650wDQYJKoZIhvcNAQELBQADggIBAJVAa1Bhfa2Eo7TriA_jMA8togoA2SUE7nL6Z99YUQ8LRwKcPkEpSpOsKYWJLaR6gTIoV3EB76hCiBaWN5HV3-CPyTyNsM2JcILsedPGeHMpMuWrbL1Wn9VFkc7B3Y1k3OmcH1480q9RpYIYr-A35zKedgV3AnvmJKAxVhv9GcVx0_CewHMFTryFuFOe78W8nFajutknarupekDXR4tVcmvj_ihJcST0j_Qggeo4_3wKT98CgjmBgjvKCd3Kqg8n9aSDVWyaOZsVOhZj3Fv5rFu895--D4qiPDETozJIyliH-HugoQpqYJaTX10mnmMdCa6aQeW9CEf-5QmbIP0S4uZAf7pKYTNmDQ5z27DVopqaFw00MIVqQkae_zSPX4dsNeeoTTXrwUGqitLaGap5ol81LKD9JdP3nSUYLfq0vLsHNDyNgb306TfbOenRRVsgQS8tJyLcknSKktWD_Qn7E5vjOXprXPrmdp7g5OPvrbz9QkWa1JTRfo2n2AXV02LPFc-UfR9bWCBEIJBxvmbpmqt0MnBTHWnth2b0CU_KJTDCY3kAPLGbOT8A4KiI73pRW-e9SWTaQXskw3Ei_dHRILM_l9OXsqoYHJ4Dd3tbfvmjoNYggSw4j50l3unI9d1qR5xlBFpW5sLr8gKX4bnY4SR2nyNiOQNLyPc0B0nW502aMEUCIQDTGOX-i_QrffJDY8XvKbPwMuBVrOSO-ayvTnWs_WSuDQIgZ7fMAvD_Ezyy5jg6fQeuOkoJi8V2naCtzV-HTly8Nww=", "clientData": "eyAiY2hhbGxlbmdlIjogInlLQTB4MDc1dGpKLUdFN2ZLVGZuelRPU2FOVU9XUXhSZDlUV3o1YUZPZzgiLCAib3JpZ2luIjogImh0dHA6XC9cL2RlbW8uZXhhbXBsZS5jb20iLCAidHlwIjogIm5hdmlnYXRvci5pZC5maW5pc2hFbnJvbGxtZW50IiB9" }'
|
15
15
|
end
|
16
16
|
|
17
|
+
let(:registration_data_without_padding) {
|
18
|
+
"{\"registrationData\":\"BQT2UXxw7PXHmN5nCj1M3Lq_sibfqQehZbuUV1Vxr1l0J1Gdcv7FEvnPofmrSN44_pz8-XAj7pOpqB79rOphJPf2QM8nt8Jtyyj9_XmZWZTQMg2UVHvrin_Jc4tMHY9QmyCNDmSU9_Bhb-Ei4u5GPgLrpF1TaEYQCqUHboqDKt4x524wggIbMIIBBaADAgECAgR1o_Z1MAsGCSqGSIb3DQEBCzAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowKjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTk3MzY3OTczMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBmjfkNqa2mXzVh2ZxuES5coCvvENxDMDLmfd-0ACG0Fu7wR4ZTjKd9KAuidySpfona5csGmlM0Te_Zu35h_wwujEjAQMA4GCisGAQQBgsQKAQIEADALBgkqhkiG9w0BAQsDggEBAb0tuI0-CzSxBg4cAlyD6UyT4cKyJZGVhWdtPgj_mWepT3Tu9jXtdgA5F3jfZtTc2eGxuS-PPvqRAkZd40AXgM8A0YaXPwlT4s0RUTY9Y8aAQzQZeAHuZk3lKKd_LUCg5077dzdt90lC5eVTEduj6cOnHEqnOr2Cv75FuiQXX7QkGQxtoD-otgvhZ2Fjk29o7Iy9ik7ewHGXOfoVw_ruGWi0YfXBTuqEJ6H666vvMN4BZWHtzhC0k5ceQslB9Xdntky-GQgDqNkkBf32GKwAFT9JJrkO2BfsB-wfBrTiHr0AABYNTNKTceA5dtR3UVpI492VUWQbY3YmWUUfKTI7fM4wRgIhAIfEKaF0w43L3RJHXp8qeRKw8Ek0CVcZ6pvBsH3Wo3F1AiEA5w89AFOBrjoSsnuGdUgB4AGxc5bRnV-p8jGUNoVSUwI\",\"version\":\"U2F_V2\",\"challenge\":\"oqDO4u_tTvhm1LhFDVYhFwywQF0PzFsXPgjD-5lKGDY=\",\"appId\":\"http://localhost:3000\",\"clientData\":\"eyJ0eXAiOiJuYXZpZ2F0b3IuaWQuZmluaXNoRW5yb2xsbWVudCIsImNoYWxsZW5nZSI6Im9xRE80dV90VHZobTFMaEZEVlloRnd5d1FGMFB6RnNYUGdqRC01bEtHRFk9Iiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwIiwiY2lkX3B1YmtleSI6IiJ9\"}"
|
19
|
+
}
|
20
|
+
|
17
21
|
let(:app_id) { 'http://demo.example.com' }
|
18
22
|
let(:challenge) { 'yKA0x075tjJ-GE7fKTfnzTOSaNUOWQxRd9TWz5aFOg8' }
|
19
23
|
|
@@ -23,6 +27,15 @@ describe U2F::RegisterResponse do
|
|
23
27
|
U2F::RegisterResponse.load_from_json(registration_data_json)
|
24
28
|
end
|
25
29
|
|
30
|
+
context 'with unpadded response' do
|
31
|
+
let(:registration_data_json) { registration_data_without_padding }
|
32
|
+
it 'does not raise "invalid base64" exception' do
|
33
|
+
expect {
|
34
|
+
register_response
|
35
|
+
}.not_to raise_error
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
26
39
|
describe '#certificate' do
|
27
40
|
subject { register_response.certificate }
|
28
41
|
it { is_expected.to eq certificate }
|
@@ -42,7 +55,7 @@ describe U2F::RegisterResponse do
|
|
42
55
|
|
43
56
|
describe '#key_handle_length' do
|
44
57
|
subject { register_response.key_handle_length }
|
45
|
-
it { is_expected.to eq
|
58
|
+
it { is_expected.to eq U2F.urlsafe_decode64(key_handle).length }
|
46
59
|
end
|
47
60
|
|
48
61
|
describe '#public_key' do
|
data/spec/lib/u2f_spec.rb
CHANGED
@@ -118,7 +118,7 @@ describe U2F do
|
|
118
118
|
end
|
119
119
|
|
120
120
|
context 'with incorrect key' do
|
121
|
-
let(:public_key) {
|
121
|
+
let(:public_key) { U2F.urlsafe_decode64('NW5jdzdnODV3dm9nNzU4d2duNTd3') }
|
122
122
|
it 'fails when key is to short' do
|
123
123
|
expect {
|
124
124
|
U2F::U2F.public_key_pem public_key
|
data/spec/spec_helper.rb
CHANGED
@@ -1,5 +1,13 @@
|
|
1
|
+
require 'simplecov'
|
1
2
|
require 'coveralls'
|
2
|
-
|
3
|
+
|
4
|
+
SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
|
5
|
+
SimpleCov::Formatter::HTMLFormatter,
|
6
|
+
Coveralls::SimpleCov::Formatter
|
7
|
+
]
|
8
|
+
SimpleCov.start do
|
9
|
+
add_filter 'spec'
|
10
|
+
end
|
3
11
|
|
4
12
|
require 'json_expressions/rspec'
|
5
13
|
require 'u2f'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: u2f
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Johan Brissmyr
|
@@ -9,79 +9,93 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-11-
|
12
|
+
date: 2014-11-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - "~>"
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version:
|
20
|
+
version: 10.3.2
|
21
21
|
type: :development
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
|
-
- - "
|
25
|
+
- - "~>"
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version:
|
27
|
+
version: 10.3.2
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: rspec
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
|
-
- - "
|
32
|
+
- - "~>"
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version:
|
34
|
+
version: 3.1.0
|
35
35
|
type: :development
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- - "
|
39
|
+
- - "~>"
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version:
|
41
|
+
version: 3.1.0
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: json_expressions
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
|
-
- - "
|
46
|
+
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version:
|
48
|
+
version: 0.8.3
|
49
49
|
type: :development
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
|
-
- - "
|
53
|
+
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
55
|
+
version: 0.8.3
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: rubocop
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
|
-
- - "
|
60
|
+
- - "~>"
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version:
|
62
|
+
version: 0.27.1
|
63
63
|
type: :development
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
|
-
- - "
|
67
|
+
- - "~>"
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version:
|
69
|
+
version: 0.27.1
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: coveralls
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
|
-
- - "
|
74
|
+
- - "~>"
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version:
|
76
|
+
version: 0.7.2
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
|
-
- - "
|
81
|
+
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
84
|
-
|
83
|
+
version: 0.7.2
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: simplecov
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - "~>"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: 0.9.1
|
91
|
+
type: :development
|
92
|
+
prerelease: false
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: 0.9.1
|
98
|
+
description: Library for handling registration and authentication of U2F devices
|
85
99
|
email:
|
86
100
|
- brissmyr@gmail.com
|
87
101
|
- sebastian.wallin@gmail.com
|