web_authn 0.4.1 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +71 -0
- data/VERSION +1 -1
- data/lib/web_authn/attestation_object.rb +2 -0
- data/lib/web_authn/attestation_statement.rb +1 -0
- data/lib/web_authn/attestation_statement/apple.rb +90 -0
- data/lib/web_authn/attestation_statement/packed.rb +18 -1
- data/spec/context/registration_spec.rb +15 -6
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5a95868432d9b0378f32f89fcb8ebc3c64f30b2c881c52ec1e6cc43a1b94c48b
|
4
|
+
data.tar.gz: ed86036716a75ea287888670cc0d3e2555e2c18dad65aed820d067019aabafe4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f47a3020a2a9e54840eedcc38a816ef65503a90798b67cc15c684f02b9f6eeb4b5b7afa8b08ed6f4c629626a4a117cbdff8b8bdaab687c9c3a2d30a8561a98c5
|
7
|
+
data.tar.gz: 8b6fd8bbecfb96b24ab1359011d5868b6d1098645f74389221bd9b9861451a41aa279ca9f6b51e00022284db9b13cd25930a5c064291980872b53ecffe65e359
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,71 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
web_authn (0.4.1)
|
5
|
+
activesupport
|
6
|
+
cbor
|
7
|
+
cose-key (>= 0.2.0)
|
8
|
+
json-jwt
|
9
|
+
|
10
|
+
GEM
|
11
|
+
remote: https://rubygems.org/
|
12
|
+
specs:
|
13
|
+
activesupport (5.2.2)
|
14
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
15
|
+
i18n (>= 0.7, < 2)
|
16
|
+
minitest (~> 5.1)
|
17
|
+
tzinfo (~> 1.1)
|
18
|
+
aes_key_wrap (1.0.1)
|
19
|
+
bindata (2.4.4)
|
20
|
+
cbor (0.5.9.3)
|
21
|
+
concurrent-ruby (1.1.4)
|
22
|
+
cose-key (0.2.0)
|
23
|
+
cbor
|
24
|
+
diff-lcs (1.3)
|
25
|
+
docile (1.3.1)
|
26
|
+
i18n (1.5.1)
|
27
|
+
concurrent-ruby (~> 1.0)
|
28
|
+
json (2.1.0)
|
29
|
+
json-jwt (1.10.0)
|
30
|
+
activesupport (>= 4.2)
|
31
|
+
aes_key_wrap
|
32
|
+
bindata
|
33
|
+
minitest (5.11.3)
|
34
|
+
rake (10.5.0)
|
35
|
+
rspec (3.8.0)
|
36
|
+
rspec-core (~> 3.8.0)
|
37
|
+
rspec-expectations (~> 3.8.0)
|
38
|
+
rspec-mocks (~> 3.8.0)
|
39
|
+
rspec-core (3.8.0)
|
40
|
+
rspec-support (~> 3.8.0)
|
41
|
+
rspec-expectations (3.8.2)
|
42
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
43
|
+
rspec-support (~> 3.8.0)
|
44
|
+
rspec-its (1.2.0)
|
45
|
+
rspec-core (>= 3.0.0)
|
46
|
+
rspec-expectations (>= 3.0.0)
|
47
|
+
rspec-mocks (3.8.0)
|
48
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
49
|
+
rspec-support (~> 3.8.0)
|
50
|
+
rspec-support (3.8.0)
|
51
|
+
simplecov (0.16.1)
|
52
|
+
docile (~> 1.1)
|
53
|
+
json (>= 1.8, < 3)
|
54
|
+
simplecov-html (~> 0.10.0)
|
55
|
+
simplecov-html (0.10.2)
|
56
|
+
thread_safe (0.3.6)
|
57
|
+
tzinfo (1.2.5)
|
58
|
+
thread_safe (~> 0.1)
|
59
|
+
|
60
|
+
PLATFORMS
|
61
|
+
ruby
|
62
|
+
|
63
|
+
DEPENDENCIES
|
64
|
+
rake (~> 10.0)
|
65
|
+
rspec
|
66
|
+
rspec-its
|
67
|
+
simplecov
|
68
|
+
web_authn!
|
69
|
+
|
70
|
+
BUNDLED WITH
|
71
|
+
1.17.1
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.5.0
|
@@ -18,6 +18,8 @@ module WebAuthn
|
|
18
18
|
AttestationStatement::AndroidSafetynet.decode att_stmt
|
19
19
|
when 'packed'
|
20
20
|
AttestationStatement::Packed.decode att_stmt
|
21
|
+
when 'apple'
|
22
|
+
AttestationStatement::Apple.decode att_stmt
|
21
23
|
when 'tpm', 'android-key', 'fido-u2f'
|
22
24
|
raise NotImplementedError, "Unsupported Attestation Format: #{format}"
|
23
25
|
else
|
@@ -0,0 +1,90 @@
|
|
1
|
+
module WebAuthn
|
2
|
+
class AttestationStatement
|
3
|
+
class Apple < AttestationStatement
|
4
|
+
CERTIFICATE_EXTENSION_OID = '1.2.840.113635.100.8.2'
|
5
|
+
ROOT_CERTIFICATE = <<~PEM
|
6
|
+
-----BEGIN CERTIFICATE-----
|
7
|
+
MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
|
8
|
+
HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
|
9
|
+
bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
|
10
|
+
NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
|
11
|
+
A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
|
12
|
+
AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
|
13
|
+
xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
|
14
|
+
pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
|
15
|
+
2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
|
16
|
+
MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
|
17
|
+
jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
|
18
|
+
1bWeT0vT
|
19
|
+
-----END CERTIFICATE-----
|
20
|
+
PEM
|
21
|
+
|
22
|
+
attr_accessor :alg, :x5c, :certs
|
23
|
+
|
24
|
+
def initialize(alg:, x5c:)
|
25
|
+
self.alg = alg
|
26
|
+
self.x5c = Array(x5c)
|
27
|
+
self.certs = self.x5c.collect do |x5c|
|
28
|
+
OpenSSL::X509::Certificate.new x5c
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def verify!(authenticator_data, client_data_json)
|
33
|
+
verify_nonce! authenticator_data, client_data_json
|
34
|
+
verify_certificate! authenticator_data.attested_credential_data
|
35
|
+
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def verify_nonce!(authenticator_data, client_data_json)
|
40
|
+
nonce = OpenSSL::Digest::SHA256.digest [
|
41
|
+
authenticator_data.raw,
|
42
|
+
OpenSSL::Digest::SHA256.digest(client_data_json.raw)
|
43
|
+
].join
|
44
|
+
|
45
|
+
extension = certs.first.extensions.detect { |ext| ext.oid == CERTIFICATE_EXTENSION_OID }
|
46
|
+
expected_nonce = OpenSSL::ASN1.decode(
|
47
|
+
OpenSSL::ASN1.decode(extension.to_der).value.last.value
|
48
|
+
).value.last.value.last.value
|
49
|
+
|
50
|
+
unless expected_nonce == nonce
|
51
|
+
raise InvalidAttestation, 'Invalid Apple Response: nonce'
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def verify_certificate!(attested_credential_data)
|
56
|
+
attested_cert = certs.first
|
57
|
+
remaining_chain = certs[1..-1]
|
58
|
+
|
59
|
+
store = OpenSSL::X509::Store.new
|
60
|
+
store.add_cert OpenSSL::X509::Certificate.new ROOT_CERTIFICATE
|
61
|
+
valid_chain = store.verify(attested_cert, remaining_chain)
|
62
|
+
|
63
|
+
valid_timestamp = (
|
64
|
+
attested_cert.not_after > Time.now &&
|
65
|
+
attested_cert.not_before < Time.now
|
66
|
+
)
|
67
|
+
|
68
|
+
valid_attested_public_key = (
|
69
|
+
attested_credential_data.public_key.to_pem ==
|
70
|
+
attested_cert.public_key.to_pem
|
71
|
+
)
|
72
|
+
|
73
|
+
# TODO: do we need CRL check?
|
74
|
+
|
75
|
+
unless valid_chain && valid_attested_public_key && valid_timestamp
|
76
|
+
raise InvalidAttestation, 'Invalid Apple Response: certificate'
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
class << self
|
81
|
+
def decode(att_stmt)
|
82
|
+
new(
|
83
|
+
alg: att_stmt[:alg],
|
84
|
+
x5c: att_stmt[:x5c]
|
85
|
+
)
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -12,6 +12,7 @@ module WebAuthn
|
|
12
12
|
|
13
13
|
def verify!(authenticator_data, client_data_json)
|
14
14
|
verify_signature! authenticator_data, client_data_json
|
15
|
+
verify_certificate! unless self_issued?
|
15
16
|
end
|
16
17
|
|
17
18
|
private
|
@@ -35,10 +36,26 @@ module WebAuthn
|
|
35
36
|
raise InvalidAttestation, 'Invalid Packed Self Attestation: signature'
|
36
37
|
end
|
37
38
|
else
|
38
|
-
|
39
|
+
attestation_certificate = OpenSSL::X509::Certificate.new x5c.first
|
40
|
+
public_key = attestation_certificate.public_key
|
41
|
+
digest = case public_key
|
42
|
+
when OpenSSL::PKey::EC
|
43
|
+
COSE::Key::EC2
|
44
|
+
when OpenSSL::PKey::RSA
|
45
|
+
COSE::Key::RSA
|
46
|
+
end.new.tap do |k|
|
47
|
+
k.alg = alg
|
48
|
+
end.digest
|
49
|
+
unless public_key.verify digest, sig, signature_base_string
|
50
|
+
raise InvalidAttestation, 'Invalid Packed Attestation: signature'
|
51
|
+
end
|
39
52
|
end
|
40
53
|
end
|
41
54
|
|
55
|
+
def verify_certificate!
|
56
|
+
raise NotImplementedError, 'Certificate Chain Verification Not Implemented Yet: packed'
|
57
|
+
end
|
58
|
+
|
42
59
|
class << self
|
43
60
|
def decode(att_stmt)
|
44
61
|
new(
|
@@ -85,7 +85,15 @@ RSpec.describe WebAuthn::Context::Registration do
|
|
85
85
|
end
|
86
86
|
|
87
87
|
context 'otherwise' do
|
88
|
-
|
88
|
+
let(:attestation_object) do
|
89
|
+
'o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEgwRgIhANsy4jAv4_BLPmM1pua45Pqo1gfIMA3KDgG-22P0eSH1AiEA3vRxM21j1nKLYyWTdgigzjZHG81IU3JXt2hh0Hr-P_tjeDVjgVkCwjCCAr4wggGmoAMCAQICBHSG_cIwDQYJKoZIhvcNAQELBQAwLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMG8xCzAJBgNVBAYTAlNFMRIwEAYDVQQKDAlZdWJpY28gQUIxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDE5NTUwMDM4NDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVXfOt9yR9MXXv_ZzE8xpOh4664YEJVmFQ-ziLLl9lJ79XQJqlgaUNCsUvGERcChNUihNTyKTlmnBOUjvATevto2wwajAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuMTATBgsrBgEEAYLlHAIBAQQEAwIFIDAhBgsrBgEEAYLlHAEBBAQSBBD4oBHzjApNFYAGFxEfntx9MAwGA1UdEwEB_wQCMAAwDQYJKoZIhvcNAQELBQADggEBADFcSIDmmlJ-OGaJvWn9CqhvSeueToVFQVVvqtALOgCKHdwB-Wx29mg2GpHiMsgQp5xjB0ybbnpG6x212FxESJ-GinZD0ipchi7APwPlhIvjgH16zVX44a4e4hOsc6tLIOP71SaMsHuHgCcdH0vg5d2sc006WJe9TXO6fzV-ogjJnYpNKQLmCXoAXE3JBNwKGBIOCvfQDPyWmiiG5bGxYfPty8Z3pnjX-1MDnM2hhr40ulMxlSNDnX_ZSnDyMGIbk8TOQmjTF02UO8auP8k3wt5D1rROIRU9-FCSX5WQYi68RuDrGMZB8P5-byoJqbKQdxn2LmE1oZAyohPAmLcoPO5oYXV0aERhdGFYxDLLgNysw8NSRiywHzv-MC3m83EvMP0g7NGcO6W4WJSVQQAAAAv4oBHzjApNFYAGFxEfntx9AEA02xXaLwowZrcHlY4sjukQfJOcMH6ulShKwJM5F4ScjEZHw5pzBzgX2Us_FsAqBP4D3f7rnJ3khIHK7bwY6vtYpQECAyYgASFYIJCdNP17MO609HucLCpQWeeCqIDtipNu2yK0PZHMPh1KIlggRfqxNbCUPKGPZn_NLUdXP2Jsf2ErcCoLEq9O7yEpZvQ'
|
90
|
+
end
|
91
|
+
|
92
|
+
it do
|
93
|
+
expect do
|
94
|
+
subject
|
95
|
+
end.to raise_error WebAuthn::NotImplementedError, 'Certificate Chain Verification Not Implemented Yet: packed'
|
96
|
+
end
|
89
97
|
end
|
90
98
|
end
|
91
99
|
|
@@ -103,11 +111,12 @@ RSpec.describe WebAuthn::Context::Registration do
|
|
103
111
|
'o2NmbXRxYW5kcm9pZC1zYWZldHluZXRnYXR0U3RtdKJjdmVyaDEyODc0MDQxaHJlc3BvbnNlWRMHZXlKaGJHY2lPaUpTVXpJMU5pSXNJbmcxWXlJNld5Sk5TVWxGYVdwRFEwRXpTMmRCZDBsQ1FXZEpTVmxyV1c4MVJqQm5PRFpyZDBSUldVcExiMXBKYUhaalRrRlJSVXhDVVVGM1ZrUkZURTFCYTBkQk1WVkZRbWhOUTFaV1RYaElha0ZqUW1kT1ZrSkJiMVJHVldSMllqSmtjMXBUUWxWamJsWjZaRU5DVkZwWVNqSmhWMDVzWTNwRmJFMURUVWRCTVZWRlFYaE5ZMUl5T1haYU1uaHNTVVZzZFdSSFZubGliVll3U1VWR01XUkhhSFpqYld3d1pWTkNTRTE2UVdWR2R6QjRUbnBGZVUxRVVYaE5la1UwVGtST1lVWjNNSGhQUkVWNVRVUk5kMDFFUVhkTlJFSmhUVWQzZUVONlFVcENaMDVXUWtGWlZFRnNWbFJOVWsxM1JWRlpSRlpSVVVsRVFYQkVXVmQ0Y0ZwdE9YbGliV3hvVFZKWmQwWkJXVVJXVVZGSVJFRXhUbUl6Vm5Wa1IwWndZbWxDVjJGWFZqTk5VazEzUlZGWlJGWlJVVXRFUVhCSVlqSTVibUpIVldkVFZ6VnFUVkp6ZDBkUldVUldVVkZFUkVKS2FHUklVbXhqTTFGMVdWYzFhMk50T1hCYVF6VnFZakl3ZDJkblJXbE5RVEJIUTFOeFIxTkpZak5FVVVWQ1FWRlZRVUUwU1VKRWQwRjNaMmRGUzBGdlNVSkJVVU5WYWpoM1dXOVFhWGhMWW1KV09ITm5XV2QyVFZSbVdDdGtTWE5HVkU5clowdFBiR2hVTUdrd1ltTkVSbHBMTW5KUGVFcGFNblZUVEZOV2FGbDJhWEJhVGtVelNFcFJXWFYxV1hkR2FtbDVLM2xyWm1GMFFVZFRhbEo2UmpGaU16RjFORE12TjI5SE5XcE5hRE5UTXpkaGJIZHFWV0k0UTFkcFZIaHZhWEJXVDFsM1MwdDZkVlY1YTNGRlEzUnFiR2hLTkVGclYyRkVVeXRhZUV0RmNVOWhaVGwwYmtOblpVaHNiRnBGTDA5U1oyVk5ZWGd5V0U1RGIwZzJjM0pVUlZKamEzTnFlbHBhY2tGWGVFdHpaR1oyVm5KWVRucERVamxFZUZaQlUzVkpOa3g2ZDJnNFJGTnNNa1ZQYjJ0aWMyRnVXaXNyTDBweFRXVkJRa1ptVUhkcWVYZHlZakJ3Y2tWVmVUQndZV1ZXYzNWa0t6QndaV1Y0U3k4MUswVTJhM0JaUjBzMFdrc3libXR2Vmt4MVowVTFkR0ZJY2tGcU9ETlJLMUJQWW1KMlQzcFhZMFpyY0c1V1MzbHFielpMVVVGdFdEWlhTa0ZuVFVKQlFVZHFaMmRHUjAxSlNVSlJha0ZVUW1kT1ZraFRWVVZFUkVGTFFtZG5ja0puUlVaQ1VXTkVRVlJCWkVKblRsWklVa1ZGUm1wQlZXZG9TbWhrU0ZKc1l6TlJkVmxYTld0amJUbHdXa00xYW1JeU1IZGhRVmxKUzNkWlFrSlJWVWhCVVVWRldFUkNZVTFETUVkRFEzTkhRVkZWUmtKNlFVTm9hVVp2WkVoU2QwOXBPSFpqUjNSd1RHMWtkbUl5WTNaYU0wNTVUV2s1U0ZaR1RraFRWVVpJVFhrMWFtTnVVWGRMVVZsSlMzZFpRa0pSVlVoTlFVZEhTRmRvTUdSSVFUWk1lVGwyV1ROT2QweHVRbkpoVXpWdVlqSTVia3d3WkZWVk1HUktVVlZqZWsxQ01FZEJNVlZrUkdkUlYwSkNVVWM0U1hKUmRFWlNOa05WVTJ0cGEySXpZV2x0YzIweU5tTkNWRUZOUW1kT1ZraFNUVUpCWmpoRlFXcEJRVTFDT0VkQk1WVmtTWGRSV1UxQ1lVRkdTR1pEZFVaRFlWb3pXakp6VXpORGFIUkRSRzlJTm0xbWNuQk1UVU5GUjBFeFZXUkpRVkZoVFVKbmQwUkJXVXRMZDFsQ1FrRklWMlZSU1VaQmVrRkpRbWRhYm1kUmQwSkJaMGwzVFZGWlJGWlNNR1pDUTI5M1MwUkJiVzlEVTJkSmIxbG5ZVWhTTUdORWIzWk1NazU1WWtNMWQyRXlhM1ZhTWpsMlduazVTRlpHVGtoVFZVWklUWGsxYW1OdGQzZEVVVmxLUzI5YVNXaDJZMDVCVVVWTVFsRkJSR2RuUlVKQlJpOVNlazV1UXpWRWVrSlZRblJ1YURKdWRFcE1WMFZSYURsNlJXVkdXbVpRVERsUmIydHliRUZ2V0dkcVYyZE9PSEJUVWxVeGJGWkhTWEIwZWsxNFIyaDVNeTlQVWxKYVZHRTJSREpFZVRob2RrTkVja1pKTXl0c1Exa3dNVTFNTlZFMldFNUZOVkp6TW1ReFVtbGFjRTF6ZWtRMFMxRmFUa2N6YUZvd1FrWk9VUzlqYW5KRGJVeENUMGRMYTBWVk1XUnRRVmh6UmtwWVNtbFBjakpEVGxSQ1QxUjFPVVZpVEZkb1VXWmtRMFl4WW5kNmVYVXJWelppVVZOMk9GRkVialZQWkUxVEwxQnhSVEZrUldkbGRDODJSVWxTUWpjMk1VdG1XbEVyTDBSRk5reHdNMVJ5V2xSd1QwWkVSR2RZYUN0TVowZFBjM2RvUld4cU9XTXpkbHBJUjBwdWFHcHdkRGh5YTJKcGNpOHlkVXhIWm5oc1ZsbzBTekY0TlVSU1RqQlFWVXhrT1hsUVUyMXFaeXRoYWpFcmRFaDNTVEZ0VVcxYVZsazNjWFpQTlVSbmFFOTRhRXBOUjJ4Nk5teE1hVnB0ZW05blBTSXNJazFKU1VWWVJFTkRRVEJUWjBGM1NVSkJaMGxPUVdWUGNFMUNlamhqWjFrMFVEVndWRWhVUVU1Q1oydHhhR3RwUnpsM01FSkJVWE5HUVVSQ1RVMVRRWGRJWjFsRVZsRlJURVY0WkVoaVJ6bHBXVmQ0VkdGWFpIVkpSa3AyWWpOUloxRXdSV2RNVTBKVFRXcEZWRTFDUlVkQk1WVkZRMmhOUzFJeWVIWlpiVVp6VlRKc2JtSnFSVlJOUWtWSFFURlZSVUY0VFV0U01uaDJXVzFHYzFVeWJHNWlha0ZsUm5jd2VFNTZRVEpOVkZWM1RVUkJkMDVFU21GR2R6QjVUVlJGZVUxVVZYZE5SRUYzVGtSS1lVMUdVWGhEZWtGS1FtZE9Wa0pCV1ZSQmJGWlVUVkkwZDBoQldVUldVVkZMUlhoV1NHSXlPVzVpUjFWblZraEtNV016VVdkVk1sWjVaRzFzYWxwWVRYaEtWRUZxUW1kT1ZrSkJUVlJJUldSMllqSmtjMXBUUWtwaWJsSnNZMjAxYkdSRFFrSmtXRkp2WWpOS2NHUklhMmRTZWsxM1oyZEZhVTFCTUVkRFUzRkhVMGxpTTBSUlJVSkJVVlZCUVRSSlFrUjNRWGRuWjBWTFFXOUpRa0ZSUkV0VmEzWnhTSFl2VDBwSGRXOHlia2xaWVU1V1YxaFJOVWxYYVRBeFExaGFZWG8yVkVsSVRFZHdMMnhQU2lzMk1EQXZOR2hpYmpkMmJqWkJRVUl6UkZaNlpGRlBkSE0zUnpWd1NEQnlTbTV1VDBaVlFVczNNVWMwYm5wTFRXWklRMGRWYTNOWEwyMXZibUVyV1RKbGJVcFJNazRyWVdsamQwcExaWFJRUzFKVFNXZEJkVkJQUWpaQllXaG9PRWhpTWxoUE0yZzVVbFZyTWxRd1NFNXZkVUl5Vm5wNGIwMVliR3Q1VnpkWVZWSTFiWGMyU210TVNHNUJOVEpZUkZadlVsUlhhMDUwZVRWdlEwbE9USFpIYlc1U2Mwb3hlbTkxUVhGWlIxWlJUV012TjNONUt5OUZXV2hCVEhKV1NrVkJPRXRpZEhsWUszSTRjMjUzVlRWRE1XaFZjbmRoVnpaTlYwOUJVbUU0Y1VKd1RsRmpWMVJyWVVsbGIxbDJlUzl6UjBsS1JXMXFVakIyUmtWM1NHUndNV05UWVZkSmNqWXZOR2MzTW00M1QzRllkMlpwYm5VM1dsbFhPVGRGWm05UFUxRktaVUY2UVdkTlFrRkJSMnBuWjBWNlRVbEpRa3g2UVU5Q1owNVdTRkU0UWtGbU9FVkNRVTFEUVZsWmQwaFJXVVJXVWpCc1FrSlpkMFpCV1VsTGQxbENRbEZWU0VGM1JVZERRM05IUVZGVlJrSjNUVU5OUWtsSFFURlZaRVYzUlVJdmQxRkpUVUZaUWtGbU9FTkJVVUYzU0ZGWlJGWlNNRTlDUWxsRlJraG1RM1ZHUTJGYU0xb3ljMU16UTJoMFEwUnZTRFp0Wm5Kd1RFMUNPRWRCTVZWa1NYZFJXVTFDWVVGR1NuWnBRakZrYmtoQ04wRmhaMkpsVjJKVFlVeGtMMk5IV1ZsMVRVUlZSME5EYzBkQlVWVkdRbmRGUWtKRGEzZEtla0ZzUW1kbmNrSm5SVVpDVVdOM1FWbFpXbUZJVWpCalJHOTJUREk1YW1NelFYVmpSM1J3VEcxa2RtSXlZM1phTTA1NVRXcEJlVUpuVGxaSVVqaEZTM3BCY0UxRFpXZEtZVUZxYUdsR2IyUklVbmRQYVRoMldUTktjMHh1UW5KaFV6VnVZakk1Ymt3eVpIcGpha2wyV2pOT2VVMXBOV3BqYlhkM1VIZFpSRlpTTUdkQ1JHZDNUbXBCTUVKbldtNW5VWGRDUVdkSmQwdHFRVzlDWjJkeVFtZEZSa0pSWTBOQlVsbGpZVWhTTUdOSVRUWk1lVGwzWVRKcmRWb3lPWFphZVRsNVdsaENkbU15YkRCaU0wbzFUSHBCVGtKbmEzRm9hMmxIT1hjd1FrRlJjMFpCUVU5RFFWRkZRVWhNWlVwc2RWSlVOMkoyY3pJMlozbEJXamh6YnpneGRISlZTVk5rTjA4ME5YTnJSRlZ0UVdkbE1XTnVlR2hITVZBeVkwNXRVM2hpVjNOdmFVTjBNbVYxZURsTVUwUXJVRUZxTWt4SldWSkdTRmN6TVM4MmVHOXBZekZyTkhSaVYxaHJSRU5xYVhJek4zaFVWRTV4VWtGTlVGVjVSbEpYVTJSMmRDdHViRkJ4ZDI1aU9FOWhNa2t2YldGVFNuVnJZM2hFYWs1VFpuQkVhQzlDWkRGc1drNW5aR1F2T0dOTVpITkZNeXQzZVhCMVprbzVkVmhQTVdsUmNHNW9PWHBpZFVaSmQzTkpUMDVIYkRGd00wRTRRMmQ0YTNGSkwxVkJhV2d6U21GSFQzRmpjR05rWVVOSmVtdENZVkk1ZFZsUk1WZzBhekpXWnpWQlVGSk1iM1Y2Vm5rM1lUaEpWbXMyZDNWNU5uQnRLMVEzU0ZRMFRGazRhV0pUTlVaRldteG1RVVpNVTFjNFRuZHpWbm81VTBKTE1sWnhiakZPTUZCSlRXNDFlRUUyVGxwV1l6ZHZPRE0xUkV4QlJuTm9SVmRtUXpkVVNXVXpaejA5SWwxOS5leUp1YjI1alpTSTZJaTlYVG1SVFZXOHpiRUl4ZWt0Mk5UVlpNV1EyY2psR1pXdFJkbE5rZERjNWNHaDRjMmhuTjNsMVIxazlJaXdpZEdsdFpYTjBZVzF3VFhNaU9qRTFNelUyT1Rjd056TTFOVEFzSW1Gd2ExQmhZMnRoWjJWT1lXMWxJam9pWTI5dExtZHZiMmRzWlM1aGJtUnliMmxrTG1kdGN5SXNJbUZ3YTBScFoyVnpkRk5vWVRJMU5pSTZJako1TXpBNFJ6Y3hMM2RaUmtZMk9XRnVSVzlKT1VGYWNrTmFPREZFV0dSMk1YaEhNMjg0UVZkUlNITTlJaXdpWTNSelVISnZabWxzWlUxaGRHTm9JanAwY25WbExDSmhjR3REWlhKMGFXWnBZMkYwWlVScFoyVnpkRk5vWVRJMU5pSTZXeUk0VURGelZ6QkZVRXBqYzJ4M04xVjZVbk5wV0V3Mk5IY3JUelV3UldRclVrSkpRM1JoZVRGbk1qUk5QU0pkTENKaVlYTnBZMGx1ZEdWbmNtbDBlU0k2ZEhKMVpYMC5QVW9fT0h0dW96SWUxZGZFNlctSUVlYkZtN0R0Qll6M2NmZ0UzRlB5X3dVQlFCMjUwUE1WWjNVbk1NVjYwb0Q2U3d0ajZtQ0lQYnNYZnBULXFuY184eHlTUURndXZQUmp1b191b1JtUWF4aV9FSEZVaTZrZFV0akhaNkY1bWpYcVF4LWRiaFlONU00dG01WlM2bUxaMkdlbGlVcE1UVG9nU2FQUVZiVnl1Y3g0aGpfT1VDLWVPM1lCRmRldmw0d0pmSy15QVJxaGtmOHN6NEgwa1E5TU9IT2U0N0x2a0h3RnI2MElQSjNaQ3QwSklKYnJWVDZnMHJJal9iSlo3aXFrTDFOWUhrbURvNUhnSkgyTXA3QnYtZlJfMHcydzJyWkIzZk5zVGhxRm9UbUI4RU5XUmJjQ3lWQXBncVdIbFU5bUh5SlJGWVVsbnVDcGRGSEwwUjFaX1FoYXV0aERhdGFYxTLLgNysw8NSRiywHzv-MC3m83EvMP0g7NGcO6W4WJSVRAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEBKg96NvDCk5gmyyLqM0zXE0ZZnSkTarHzUfYU2PHWwdQhjjWLXayf0-jYLazWjpSr-N8DM1Zhls4jfmQCqa50X6UBAgMmIAEhWCAGD72C5VXE3mwMjzc_X0_7wUgIOA6kt2KoDIn1-1PHdSJYIAoZmBXyEJkjvlu251BDb8VoOtIketAD1VvYc3WUJJrZ'
|
104
112
|
end
|
105
113
|
|
106
|
-
it do
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
end
|
114
|
+
# it do
|
115
|
+
# expect do
|
116
|
+
# subject
|
117
|
+
# end.not_to raise_error
|
118
|
+
# end
|
119
|
+
it 'TODO: handle time-dependent certificate verification error (timecop can\'t modify time in openssl world)'
|
111
120
|
|
112
121
|
context 'when client_data_json is invalid' do
|
113
122
|
let(:client_data_json) do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: web_authn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-08-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -134,6 +134,7 @@ files:
|
|
134
134
|
- ".rspec"
|
135
135
|
- ".travis.yml"
|
136
136
|
- Gemfile
|
137
|
+
- Gemfile.lock
|
137
138
|
- LICENSE.txt
|
138
139
|
- README.md
|
139
140
|
- Rakefile
|
@@ -144,6 +145,7 @@ files:
|
|
144
145
|
- lib/web_authn/attestation_object.rb
|
145
146
|
- lib/web_authn/attestation_statement.rb
|
146
147
|
- lib/web_authn/attestation_statement/android_safetynet.rb
|
148
|
+
- lib/web_authn/attestation_statement/apple.rb
|
147
149
|
- lib/web_authn/attestation_statement/packed.rb
|
148
150
|
- lib/web_authn/attested_credential_data.rb
|
149
151
|
- lib/web_authn/authenticator_data.rb
|
@@ -181,8 +183,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
181
183
|
- !ruby/object:Gem::Version
|
182
184
|
version: '0'
|
183
185
|
requirements: []
|
184
|
-
|
185
|
-
rubygems_version: 2.7.3
|
186
|
+
rubygems_version: 3.0.3
|
186
187
|
signing_key:
|
187
188
|
specification_version: 4
|
188
189
|
summary: WebAuthn RP library
|