webauthn 2.1.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +6 -0
- data/.github/workflows/build.yml +50 -0
- data/.github/workflows/git.yml +21 -0
- data/.rubocop.yml +121 -13
- data/CHANGELOG.md +169 -0
- data/CONTRIBUTING.md +0 -5
- data/README.md +80 -14
- data/SECURITY.md +7 -4
- data/docs/advanced_configuration.md +174 -0
- data/docs/u2f_migration.md +14 -20
- data/lib/cose/rsapkcs1_algorithm.rb +50 -0
- data/lib/webauthn/attestation_object.rb +47 -0
- data/lib/webauthn/attestation_statement/android_key.rb +27 -33
- data/lib/webauthn/attestation_statement/android_safetynet.rb +27 -11
- data/lib/webauthn/attestation_statement/apple.rb +65 -0
- data/lib/webauthn/attestation_statement/base.rb +114 -21
- data/lib/webauthn/attestation_statement/fido_u2f.rb +8 -6
- data/lib/webauthn/attestation_statement/none.rb +7 -1
- data/lib/webauthn/attestation_statement/packed.rb +14 -42
- data/lib/webauthn/attestation_statement/tpm.rb +38 -75
- data/lib/webauthn/attestation_statement.rb +24 -21
- data/lib/webauthn/authenticator_assertion_response.rb +22 -11
- data/lib/webauthn/authenticator_attestation_response.rb +31 -92
- data/lib/webauthn/authenticator_data/attested_credential_data.rb +33 -49
- data/lib/webauthn/authenticator_data.rb +59 -51
- data/lib/webauthn/authenticator_response.rb +24 -11
- data/lib/webauthn/client_data.rb +4 -6
- data/lib/webauthn/configuration.rb +38 -40
- data/lib/webauthn/credential.rb +4 -4
- data/lib/webauthn/credential_creation_options.rb +2 -0
- data/lib/webauthn/credential_request_options.rb +2 -0
- data/lib/webauthn/encoder.rb +13 -4
- data/lib/webauthn/fake_authenticator/attestation_object.rb +25 -4
- data/lib/webauthn/fake_authenticator/authenticator_data.rb +25 -10
- data/lib/webauthn/fake_authenticator.rb +49 -8
- data/lib/webauthn/fake_client.rb +41 -8
- data/lib/webauthn/json_serializer.rb +45 -0
- data/lib/webauthn/public_key.rb +21 -2
- data/lib/webauthn/public_key_credential/creation_options.rb +3 -3
- data/lib/webauthn/public_key_credential/entity.rb +5 -28
- data/lib/webauthn/public_key_credential/options.rb +11 -32
- data/lib/webauthn/public_key_credential/request_options.rb +11 -1
- data/lib/webauthn/public_key_credential.rb +52 -8
- data/lib/webauthn/public_key_credential_with_assertion.rb +16 -2
- data/lib/webauthn/public_key_credential_with_attestation.rb +2 -2
- data/lib/webauthn/relying_party.rb +137 -0
- data/lib/webauthn/u2f_migrator.rb +8 -4
- data/lib/webauthn/version.rb +1 -1
- data/lib/webauthn.rb +1 -0
- data/webauthn.gemspec +15 -12
- metadata +56 -60
- data/.travis.yml +0 -36
- data/Appraisals +0 -17
- data/gemfiles/cose_head.gemfile +0 -7
- data/gemfiles/openssl_2_0.gemfile +0 -7
- data/gemfiles/openssl_2_1.gemfile +0 -7
- data/gemfiles/openssl_head.gemfile +0 -7
- data/lib/android_safetynet/attestation_response.rb +0 -116
- data/lib/cose/rsassa_algorithm.rb +0 -10
- data/lib/tpm/constants.rb +0 -44
- data/lib/tpm/s_attest/s_certify_info.rb +0 -14
- data/lib/tpm/s_attest.rb +0 -26
- data/lib/tpm/sized_buffer.rb +0 -13
- data/lib/tpm/t_public/s_ecc_parms.rb +0 -17
- data/lib/tpm/t_public/s_rsa_parms.rb +0 -17
- data/lib/tpm/t_public.rb +0 -32
- data/lib/webauthn/attestation_statement/android_key/authorization_list.rb +0 -39
- data/lib/webauthn/attestation_statement/android_key/key_description.rb +0 -37
- data/lib/webauthn/attestation_statement/tpm/cert_info.rb +0 -44
- data/lib/webauthn/attestation_statement/tpm/pub_area.rb +0 -85
- data/lib/webauthn/security_utils.rb +0 -20
- data/lib/webauthn/signature_verifier.rb +0 -77
|
@@ -10,7 +10,7 @@ module WebAuthn
|
|
|
10
10
|
def initialize(rp_id: nil, allow_credentials: nil, allow: nil, user_verification: nil, **keyword_arguments)
|
|
11
11
|
super(**keyword_arguments)
|
|
12
12
|
|
|
13
|
-
@rp_id = rp_id ||
|
|
13
|
+
@rp_id = rp_id || relying_party.id
|
|
14
14
|
@allow_credentials = allow_credentials
|
|
15
15
|
@allow = allow
|
|
16
16
|
@user_verification = user_verification
|
|
@@ -26,6 +26,16 @@ module WebAuthn
|
|
|
26
26
|
super.concat([:allow_credentials, :rp_id, :user_verification])
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
def default_extensions
|
|
30
|
+
extensions = super || {}
|
|
31
|
+
|
|
32
|
+
if relying_party.legacy_u2f_appid
|
|
33
|
+
extensions.merge!(appid: relying_party.legacy_u2f_appid)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
extensions
|
|
37
|
+
end
|
|
38
|
+
|
|
29
39
|
def allow_credentials_from_allow
|
|
30
40
|
if allow
|
|
31
41
|
as_public_key_descriptors(allow)
|
|
@@ -4,25 +4,47 @@ require "webauthn/encoder"
|
|
|
4
4
|
|
|
5
5
|
module WebAuthn
|
|
6
6
|
class PublicKeyCredential
|
|
7
|
-
|
|
7
|
+
class InvalidChallengeError < Error; end
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
attr_reader :type, :id, :raw_id, :client_extension_outputs, :authenticator_attachment, :response
|
|
10
|
+
|
|
11
|
+
def self.from_client(credential, relying_party: WebAuthn.configuration.relying_party)
|
|
10
12
|
new(
|
|
11
13
|
type: credential["type"],
|
|
12
14
|
id: credential["id"],
|
|
13
|
-
raw_id:
|
|
14
|
-
|
|
15
|
+
raw_id: relying_party.encoder.decode(credential["rawId"]),
|
|
16
|
+
client_extension_outputs: credential["clientExtensionResults"],
|
|
17
|
+
authenticator_attachment: credential["authenticatorAttachment"],
|
|
18
|
+
response: response_class.from_client(credential["response"], relying_party: relying_party),
|
|
19
|
+
relying_party: relying_party
|
|
15
20
|
)
|
|
16
21
|
end
|
|
17
22
|
|
|
18
|
-
def initialize(
|
|
23
|
+
def initialize(
|
|
24
|
+
type:,
|
|
25
|
+
id:,
|
|
26
|
+
raw_id:,
|
|
27
|
+
response:,
|
|
28
|
+
authenticator_attachment: nil,
|
|
29
|
+
client_extension_outputs: {},
|
|
30
|
+
relying_party: WebAuthn.configuration.relying_party
|
|
31
|
+
)
|
|
19
32
|
@type = type
|
|
20
33
|
@id = id
|
|
21
34
|
@raw_id = raw_id
|
|
35
|
+
@client_extension_outputs = client_extension_outputs
|
|
36
|
+
@authenticator_attachment = authenticator_attachment
|
|
22
37
|
@response = response
|
|
38
|
+
@relying_party = relying_party
|
|
23
39
|
end
|
|
24
40
|
|
|
25
|
-
def verify(*_args)
|
|
41
|
+
def verify(challenge, *_args)
|
|
42
|
+
unless valid_class?(challenge)
|
|
43
|
+
msg = "challenge must be a String. input challenge class: #{challenge.class}"
|
|
44
|
+
|
|
45
|
+
raise(InvalidChallengeError, msg)
|
|
46
|
+
end
|
|
47
|
+
|
|
26
48
|
valid_type? || raise("invalid type")
|
|
27
49
|
valid_id? || raise("invalid id")
|
|
28
50
|
|
|
@@ -30,11 +52,25 @@ module WebAuthn
|
|
|
30
52
|
end
|
|
31
53
|
|
|
32
54
|
def sign_count
|
|
33
|
-
|
|
55
|
+
authenticator_data&.sign_count
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def authenticator_extension_outputs
|
|
59
|
+
authenticator_data.extension_data if authenticator_data&.extension_data_included?
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def backup_eligible?
|
|
63
|
+
authenticator_data&.credential_backup_eligible?
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def backed_up?
|
|
67
|
+
authenticator_data&.credential_backed_up?
|
|
34
68
|
end
|
|
35
69
|
|
|
36
70
|
private
|
|
37
71
|
|
|
72
|
+
attr_reader :relying_party
|
|
73
|
+
|
|
38
74
|
def valid_type?
|
|
39
75
|
type == TYPE_PUBLIC_KEY
|
|
40
76
|
end
|
|
@@ -43,8 +79,16 @@ module WebAuthn
|
|
|
43
79
|
raw_id && id && raw_id == WebAuthn.standard_encoder.decode(id)
|
|
44
80
|
end
|
|
45
81
|
|
|
82
|
+
def valid_class?(challenge)
|
|
83
|
+
challenge.is_a?(String)
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def authenticator_data
|
|
87
|
+
response&.authenticator_data
|
|
88
|
+
end
|
|
89
|
+
|
|
46
90
|
def encoder
|
|
47
|
-
|
|
91
|
+
relying_party.encoder
|
|
48
92
|
end
|
|
49
93
|
end
|
|
50
94
|
end
|
|
@@ -9,14 +9,16 @@ module WebAuthn
|
|
|
9
9
|
WebAuthn::AuthenticatorAssertionResponse
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def verify(challenge, public_key:, sign_count:, user_verification: nil)
|
|
12
|
+
def verify(challenge, public_key:, sign_count:, user_presence: nil, user_verification: nil)
|
|
13
13
|
super
|
|
14
14
|
|
|
15
15
|
response.verify(
|
|
16
16
|
encoder.decode(challenge),
|
|
17
17
|
public_key: encoder.decode(public_key),
|
|
18
18
|
sign_count: sign_count,
|
|
19
|
-
|
|
19
|
+
user_presence: user_presence,
|
|
20
|
+
user_verification: user_verification,
|
|
21
|
+
rp_id: appid_extension_output ? appid : nil
|
|
20
22
|
)
|
|
21
23
|
|
|
22
24
|
true
|
|
@@ -31,5 +33,17 @@ module WebAuthn
|
|
|
31
33
|
def raw_user_handle
|
|
32
34
|
response.user_handle
|
|
33
35
|
end
|
|
36
|
+
|
|
37
|
+
private
|
|
38
|
+
|
|
39
|
+
def appid_extension_output
|
|
40
|
+
return if client_extension_outputs.nil?
|
|
41
|
+
|
|
42
|
+
client_extension_outputs['appid']
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def appid
|
|
46
|
+
URI.parse(relying_party.legacy_u2f_appid || raise("Unspecified legacy U2F AppID")).to_s
|
|
47
|
+
end
|
|
34
48
|
end
|
|
35
49
|
end
|
|
@@ -9,10 +9,10 @@ module WebAuthn
|
|
|
9
9
|
WebAuthn::AuthenticatorAttestationResponse
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def verify(challenge, user_verification: nil)
|
|
12
|
+
def verify(challenge, user_presence: nil, user_verification: nil)
|
|
13
13
|
super
|
|
14
14
|
|
|
15
|
-
response.verify(encoder.decode(challenge), user_verification: user_verification)
|
|
15
|
+
response.verify(encoder.decode(challenge), user_presence: user_presence, user_verification: user_verification)
|
|
16
16
|
|
|
17
17
|
true
|
|
18
18
|
end
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "openssl"
|
|
4
|
+
require "webauthn/credential"
|
|
5
|
+
require "webauthn/encoder"
|
|
6
|
+
require "webauthn/error"
|
|
7
|
+
|
|
8
|
+
module WebAuthn
|
|
9
|
+
class RootCertificateFinderNotSupportedError < Error; end
|
|
10
|
+
|
|
11
|
+
class RelyingParty
|
|
12
|
+
DEFAULT_ALGORITHMS = ["ES256", "PS256", "RS256"].compact.freeze
|
|
13
|
+
|
|
14
|
+
def self.if_pss_supported(algorithm)
|
|
15
|
+
OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss) ? algorithm : nil
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def initialize(
|
|
19
|
+
algorithms: DEFAULT_ALGORITHMS.dup,
|
|
20
|
+
encoding: WebAuthn::Encoder::STANDARD_ENCODING,
|
|
21
|
+
allowed_origins: nil,
|
|
22
|
+
origin: nil,
|
|
23
|
+
id: nil,
|
|
24
|
+
name: nil,
|
|
25
|
+
verify_attestation_statement: true,
|
|
26
|
+
credential_options_timeout: 120000,
|
|
27
|
+
silent_authentication: false,
|
|
28
|
+
acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'],
|
|
29
|
+
attestation_root_certificates_finders: [],
|
|
30
|
+
legacy_u2f_appid: nil
|
|
31
|
+
)
|
|
32
|
+
@algorithms = algorithms
|
|
33
|
+
@encoding = encoding
|
|
34
|
+
@allowed_origins = allowed_origins
|
|
35
|
+
@id = id
|
|
36
|
+
@name = name
|
|
37
|
+
@verify_attestation_statement = verify_attestation_statement
|
|
38
|
+
@credential_options_timeout = credential_options_timeout
|
|
39
|
+
@silent_authentication = silent_authentication
|
|
40
|
+
@acceptable_attestation_types = acceptable_attestation_types
|
|
41
|
+
@legacy_u2f_appid = legacy_u2f_appid
|
|
42
|
+
self.origin = origin
|
|
43
|
+
self.attestation_root_certificates_finders = attestation_root_certificates_finders
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
attr_accessor :algorithms,
|
|
47
|
+
:encoding,
|
|
48
|
+
:allowed_origins,
|
|
49
|
+
:id,
|
|
50
|
+
:name,
|
|
51
|
+
:verify_attestation_statement,
|
|
52
|
+
:credential_options_timeout,
|
|
53
|
+
:silent_authentication,
|
|
54
|
+
:acceptable_attestation_types,
|
|
55
|
+
:legacy_u2f_appid
|
|
56
|
+
|
|
57
|
+
attr_reader :attestation_root_certificates_finders, :origin
|
|
58
|
+
|
|
59
|
+
# This is the user-data encoder.
|
|
60
|
+
# Used to decode user input and to encode data provided to the user.
|
|
61
|
+
def encoder
|
|
62
|
+
@encoder ||= WebAuthn::Encoder.new(encoding)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def attestation_root_certificates_finders=(finders)
|
|
66
|
+
if !finders.respond_to?(:each)
|
|
67
|
+
finders = [finders]
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
finders.each do |finder|
|
|
71
|
+
unless finder.respond_to?(:find)
|
|
72
|
+
raise RootCertificateFinderNotSupportedError, "Finder must implement `find` method"
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
@attestation_root_certificates_finders = finders
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def options_for_registration(**keyword_arguments)
|
|
80
|
+
WebAuthn::Credential.options_for_create(
|
|
81
|
+
**keyword_arguments,
|
|
82
|
+
relying_party: self
|
|
83
|
+
)
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil)
|
|
87
|
+
webauthn_credential = WebAuthn::Credential.from_create(raw_credential, relying_party: self)
|
|
88
|
+
|
|
89
|
+
if webauthn_credential.verify(challenge, user_presence: user_presence, user_verification: user_verification)
|
|
90
|
+
webauthn_credential
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
def options_for_authentication(**keyword_arguments)
|
|
95
|
+
WebAuthn::Credential.options_for_get(
|
|
96
|
+
**keyword_arguments,
|
|
97
|
+
relying_party: self
|
|
98
|
+
)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def verify_authentication(
|
|
102
|
+
raw_credential,
|
|
103
|
+
challenge,
|
|
104
|
+
user_presence: nil,
|
|
105
|
+
user_verification: nil,
|
|
106
|
+
public_key: nil,
|
|
107
|
+
sign_count: nil
|
|
108
|
+
)
|
|
109
|
+
webauthn_credential = WebAuthn::Credential.from_get(raw_credential, relying_party: self)
|
|
110
|
+
|
|
111
|
+
stored_credential = yield(webauthn_credential) if block_given?
|
|
112
|
+
|
|
113
|
+
if webauthn_credential.verify(
|
|
114
|
+
challenge,
|
|
115
|
+
public_key: public_key || stored_credential.public_key,
|
|
116
|
+
sign_count: sign_count || stored_credential.sign_count,
|
|
117
|
+
user_presence: user_presence,
|
|
118
|
+
user_verification: user_verification
|
|
119
|
+
)
|
|
120
|
+
block_given? ? [webauthn_credential, stored_credential] : webauthn_credential
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
|
|
124
|
+
# DEPRECATED: This method will be removed in future.
|
|
125
|
+
def origin=(new_origin)
|
|
126
|
+
return if new_origin.nil?
|
|
127
|
+
|
|
128
|
+
warn(
|
|
129
|
+
"DEPRECATION WARNING: `WebAuthn.origin` is deprecated and will be removed in future. "\
|
|
130
|
+
"Please use `WebAuthn.allowed_origins` instead "\
|
|
131
|
+
"that also allows configuring multiple origins per Relying Party"
|
|
132
|
+
)
|
|
133
|
+
|
|
134
|
+
@allowed_origins ||= Array(new_origin) # rubocop:disable Naming/MemoizedInstanceVariableName
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
end
|
|
@@ -28,10 +28,14 @@ module WebAuthn
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def credential
|
|
31
|
-
@credential ||=
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
@credential ||=
|
|
32
|
+
begin
|
|
33
|
+
hash = authenticator_data.send(:credential)
|
|
34
|
+
WebAuthn::AuthenticatorData::AttestedCredentialData::Credential.new(
|
|
35
|
+
id: hash[:id],
|
|
36
|
+
public_key: hash[:public_key].serialize
|
|
37
|
+
)
|
|
38
|
+
end
|
|
35
39
|
end
|
|
36
40
|
|
|
37
41
|
def attestation_type
|
data/lib/webauthn/version.rb
CHANGED
data/lib/webauthn.rb
CHANGED
data/webauthn.gemspec
CHANGED
|
@@ -22,28 +22,31 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
"source_code_uri" => "https://github.com/cedarcode/webauthn-ruby"
|
|
23
23
|
}
|
|
24
24
|
|
|
25
|
-
spec.files =
|
|
26
|
-
|
|
27
|
-
|
|
25
|
+
spec.files =
|
|
26
|
+
`git ls-files -z`.split("\x0").reject do |f|
|
|
27
|
+
f.match(%r{^(test|spec|features|assets)/})
|
|
28
|
+
end
|
|
29
|
+
|
|
28
30
|
spec.bindir = "exe"
|
|
29
31
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
30
32
|
spec.require_paths = ["lib"]
|
|
31
33
|
|
|
32
|
-
spec.required_ruby_version = ">= 2.
|
|
34
|
+
spec.required_ruby_version = ">= 2.5"
|
|
33
35
|
|
|
34
|
-
spec.add_dependency "
|
|
36
|
+
spec.add_dependency "android_key_attestation", "~> 0.3.0"
|
|
35
37
|
spec.add_dependency "bindata", "~> 2.4"
|
|
36
38
|
spec.add_dependency "cbor", "~> 0.5.9"
|
|
37
|
-
spec.add_dependency "cose", "~>
|
|
38
|
-
spec.add_dependency "
|
|
39
|
-
spec.add_dependency "
|
|
40
|
-
spec.add_dependency "
|
|
39
|
+
spec.add_dependency "cose", "~> 1.1"
|
|
40
|
+
spec.add_dependency "openssl", ">= 2.2"
|
|
41
|
+
spec.add_dependency "safety_net_attestation", "~> 0.4.0"
|
|
42
|
+
spec.add_dependency "tpm-key_attestation", "~> 0.14.0"
|
|
41
43
|
|
|
42
|
-
spec.add_development_dependency "
|
|
44
|
+
spec.add_development_dependency "base64", ">= 0.1.0"
|
|
43
45
|
spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
|
|
44
46
|
spec.add_development_dependency "byebug", "~> 11.0"
|
|
45
47
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
46
48
|
spec.add_development_dependency "rspec", "~> 3.8"
|
|
47
|
-
spec.add_development_dependency "rubocop", "
|
|
48
|
-
spec.add_development_dependency "
|
|
49
|
+
spec.add_development_dependency "rubocop", "~> 1.9.1"
|
|
50
|
+
spec.add_development_dependency "rubocop-rake", "~> 0.5.1"
|
|
51
|
+
spec.add_development_dependency "rubocop-rspec", "~> 2.2.0"
|
|
49
52
|
end
|
metadata
CHANGED
|
@@ -1,30 +1,30 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: webauthn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Rodriguez
|
|
8
8
|
- Braulio Martinez
|
|
9
|
-
autorequire:
|
|
9
|
+
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-02-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
|
-
name:
|
|
15
|
+
name: android_key_attestation
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
18
|
- - "~>"
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
|
-
version:
|
|
20
|
+
version: 0.3.0
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
25
|
- - "~>"
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version:
|
|
27
|
+
version: 0.3.0
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: bindata
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -59,76 +59,70 @@ dependencies:
|
|
|
59
59
|
requirements:
|
|
60
60
|
- - "~>"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version:
|
|
62
|
+
version: '1.1'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
67
|
- - "~>"
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version:
|
|
69
|
+
version: '1.1'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
|
-
name:
|
|
71
|
+
name: openssl
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
73
73
|
requirements:
|
|
74
74
|
- - ">="
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
|
-
version: '
|
|
77
|
-
- - "<"
|
|
78
|
-
- !ruby/object:Gem::Version
|
|
79
|
-
version: '3.0'
|
|
76
|
+
version: '2.2'
|
|
80
77
|
type: :runtime
|
|
81
78
|
prerelease: false
|
|
82
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
83
80
|
requirements:
|
|
84
81
|
- - ">="
|
|
85
82
|
- !ruby/object:Gem::Version
|
|
86
|
-
version: '
|
|
87
|
-
- - "<"
|
|
88
|
-
- !ruby/object:Gem::Version
|
|
89
|
-
version: '3.0'
|
|
83
|
+
version: '2.2'
|
|
90
84
|
- !ruby/object:Gem::Dependency
|
|
91
|
-
name:
|
|
85
|
+
name: safety_net_attestation
|
|
92
86
|
requirement: !ruby/object:Gem::Requirement
|
|
93
87
|
requirements:
|
|
94
88
|
- - "~>"
|
|
95
89
|
- !ruby/object:Gem::Version
|
|
96
|
-
version:
|
|
90
|
+
version: 0.4.0
|
|
97
91
|
type: :runtime
|
|
98
92
|
prerelease: false
|
|
99
93
|
version_requirements: !ruby/object:Gem::Requirement
|
|
100
94
|
requirements:
|
|
101
95
|
- - "~>"
|
|
102
96
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
97
|
+
version: 0.4.0
|
|
104
98
|
- !ruby/object:Gem::Dependency
|
|
105
|
-
name:
|
|
99
|
+
name: tpm-key_attestation
|
|
106
100
|
requirement: !ruby/object:Gem::Requirement
|
|
107
101
|
requirements:
|
|
108
102
|
- - "~>"
|
|
109
103
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
104
|
+
version: 0.14.0
|
|
111
105
|
type: :runtime
|
|
112
106
|
prerelease: false
|
|
113
107
|
version_requirements: !ruby/object:Gem::Requirement
|
|
114
108
|
requirements:
|
|
115
109
|
- - "~>"
|
|
116
110
|
- !ruby/object:Gem::Version
|
|
117
|
-
version:
|
|
111
|
+
version: 0.14.0
|
|
118
112
|
- !ruby/object:Gem::Dependency
|
|
119
|
-
name:
|
|
113
|
+
name: base64
|
|
120
114
|
requirement: !ruby/object:Gem::Requirement
|
|
121
115
|
requirements:
|
|
122
|
-
- - "
|
|
116
|
+
- - ">="
|
|
123
117
|
- !ruby/object:Gem::Version
|
|
124
|
-
version:
|
|
118
|
+
version: 0.1.0
|
|
125
119
|
type: :development
|
|
126
120
|
prerelease: false
|
|
127
121
|
version_requirements: !ruby/object:Gem::Requirement
|
|
128
122
|
requirements:
|
|
129
|
-
- - "
|
|
123
|
+
- - ">="
|
|
130
124
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
125
|
+
version: 0.1.0
|
|
132
126
|
- !ruby/object:Gem::Dependency
|
|
133
127
|
name: bundler
|
|
134
128
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -195,30 +189,44 @@ dependencies:
|
|
|
195
189
|
name: rubocop
|
|
196
190
|
requirement: !ruby/object:Gem::Requirement
|
|
197
191
|
requirements:
|
|
198
|
-
- -
|
|
192
|
+
- - "~>"
|
|
193
|
+
- !ruby/object:Gem::Version
|
|
194
|
+
version: 1.9.1
|
|
195
|
+
type: :development
|
|
196
|
+
prerelease: false
|
|
197
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - "~>"
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
201
|
+
version: 1.9.1
|
|
202
|
+
- !ruby/object:Gem::Dependency
|
|
203
|
+
name: rubocop-rake
|
|
204
|
+
requirement: !ruby/object:Gem::Requirement
|
|
205
|
+
requirements:
|
|
206
|
+
- - "~>"
|
|
199
207
|
- !ruby/object:Gem::Version
|
|
200
|
-
version: 0.
|
|
208
|
+
version: 0.5.1
|
|
201
209
|
type: :development
|
|
202
210
|
prerelease: false
|
|
203
211
|
version_requirements: !ruby/object:Gem::Requirement
|
|
204
212
|
requirements:
|
|
205
|
-
- -
|
|
213
|
+
- - "~>"
|
|
206
214
|
- !ruby/object:Gem::Version
|
|
207
|
-
version: 0.
|
|
215
|
+
version: 0.5.1
|
|
208
216
|
- !ruby/object:Gem::Dependency
|
|
209
|
-
name:
|
|
217
|
+
name: rubocop-rspec
|
|
210
218
|
requirement: !ruby/object:Gem::Requirement
|
|
211
219
|
requirements:
|
|
212
220
|
- - "~>"
|
|
213
221
|
- !ruby/object:Gem::Version
|
|
214
|
-
version:
|
|
222
|
+
version: 2.2.0
|
|
215
223
|
type: :development
|
|
216
224
|
prerelease: false
|
|
217
225
|
version_requirements: !ruby/object:Gem::Requirement
|
|
218
226
|
requirements:
|
|
219
227
|
- - "~>"
|
|
220
228
|
- !ruby/object:Gem::Version
|
|
221
|
-
version:
|
|
229
|
+
version: 2.2.0
|
|
222
230
|
description: |-
|
|
223
231
|
WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
|
|
224
232
|
Relying Party and allow your users to authenticate with U2F and FIDO2 authenticators.
|
|
@@ -229,11 +237,12 @@ executables: []
|
|
|
229
237
|
extensions: []
|
|
230
238
|
extra_rdoc_files: []
|
|
231
239
|
files:
|
|
240
|
+
- ".github/dependabot.yml"
|
|
241
|
+
- ".github/workflows/build.yml"
|
|
242
|
+
- ".github/workflows/git.yml"
|
|
232
243
|
- ".gitignore"
|
|
233
244
|
- ".rspec"
|
|
234
245
|
- ".rubocop.yml"
|
|
235
|
-
- ".travis.yml"
|
|
236
|
-
- Appraisals
|
|
237
246
|
- CHANGELOG.md
|
|
238
247
|
- CONTRIBUTING.md
|
|
239
248
|
- Gemfile
|
|
@@ -243,34 +252,21 @@ files:
|
|
|
243
252
|
- SECURITY.md
|
|
244
253
|
- bin/console
|
|
245
254
|
- bin/setup
|
|
255
|
+
- docs/advanced_configuration.md
|
|
246
256
|
- docs/u2f_migration.md
|
|
247
|
-
-
|
|
248
|
-
- gemfiles/openssl_2_0.gemfile
|
|
249
|
-
- gemfiles/openssl_2_1.gemfile
|
|
250
|
-
- gemfiles/openssl_head.gemfile
|
|
251
|
-
- lib/android_safetynet/attestation_response.rb
|
|
252
|
-
- lib/cose/rsassa_algorithm.rb
|
|
253
|
-
- lib/tpm/constants.rb
|
|
254
|
-
- lib/tpm/s_attest.rb
|
|
255
|
-
- lib/tpm/s_attest/s_certify_info.rb
|
|
256
|
-
- lib/tpm/sized_buffer.rb
|
|
257
|
-
- lib/tpm/t_public.rb
|
|
258
|
-
- lib/tpm/t_public/s_ecc_parms.rb
|
|
259
|
-
- lib/tpm/t_public/s_rsa_parms.rb
|
|
257
|
+
- lib/cose/rsapkcs1_algorithm.rb
|
|
260
258
|
- lib/webauthn.rb
|
|
259
|
+
- lib/webauthn/attestation_object.rb
|
|
261
260
|
- lib/webauthn/attestation_statement.rb
|
|
262
261
|
- lib/webauthn/attestation_statement/android_key.rb
|
|
263
|
-
- lib/webauthn/attestation_statement/android_key/authorization_list.rb
|
|
264
|
-
- lib/webauthn/attestation_statement/android_key/key_description.rb
|
|
265
262
|
- lib/webauthn/attestation_statement/android_safetynet.rb
|
|
263
|
+
- lib/webauthn/attestation_statement/apple.rb
|
|
266
264
|
- lib/webauthn/attestation_statement/base.rb
|
|
267
265
|
- lib/webauthn/attestation_statement/fido_u2f.rb
|
|
268
266
|
- lib/webauthn/attestation_statement/fido_u2f/public_key.rb
|
|
269
267
|
- lib/webauthn/attestation_statement/none.rb
|
|
270
268
|
- lib/webauthn/attestation_statement/packed.rb
|
|
271
269
|
- lib/webauthn/attestation_statement/tpm.rb
|
|
272
|
-
- lib/webauthn/attestation_statement/tpm/cert_info.rb
|
|
273
|
-
- lib/webauthn/attestation_statement/tpm/pub_area.rb
|
|
274
270
|
- lib/webauthn/authenticator_assertion_response.rb
|
|
275
271
|
- lib/webauthn/authenticator_attestation_response.rb
|
|
276
272
|
- lib/webauthn/authenticator_data.rb
|
|
@@ -291,6 +287,7 @@ files:
|
|
|
291
287
|
- lib/webauthn/fake_authenticator/attestation_object.rb
|
|
292
288
|
- lib/webauthn/fake_authenticator/authenticator_data.rb
|
|
293
289
|
- lib/webauthn/fake_client.rb
|
|
290
|
+
- lib/webauthn/json_serializer.rb
|
|
294
291
|
- lib/webauthn/public_key.rb
|
|
295
292
|
- lib/webauthn/public_key_credential.rb
|
|
296
293
|
- lib/webauthn/public_key_credential/creation_options.rb
|
|
@@ -301,8 +298,7 @@ files:
|
|
|
301
298
|
- lib/webauthn/public_key_credential/user_entity.rb
|
|
302
299
|
- lib/webauthn/public_key_credential_with_assertion.rb
|
|
303
300
|
- lib/webauthn/public_key_credential_with_attestation.rb
|
|
304
|
-
- lib/webauthn/
|
|
305
|
-
- lib/webauthn/signature_verifier.rb
|
|
301
|
+
- lib/webauthn/relying_party.rb
|
|
306
302
|
- lib/webauthn/u2f_migrator.rb
|
|
307
303
|
- lib/webauthn/version.rb
|
|
308
304
|
- webauthn.gemspec
|
|
@@ -313,7 +309,7 @@ metadata:
|
|
|
313
309
|
bug_tracker_uri: https://github.com/cedarcode/webauthn-ruby/issues
|
|
314
310
|
changelog_uri: https://github.com/cedarcode/webauthn-ruby/blob/master/CHANGELOG.md
|
|
315
311
|
source_code_uri: https://github.com/cedarcode/webauthn-ruby
|
|
316
|
-
post_install_message:
|
|
312
|
+
post_install_message:
|
|
317
313
|
rdoc_options: []
|
|
318
314
|
require_paths:
|
|
319
315
|
- lib
|
|
@@ -321,15 +317,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
321
317
|
requirements:
|
|
322
318
|
- - ">="
|
|
323
319
|
- !ruby/object:Gem::Version
|
|
324
|
-
version: '2.
|
|
320
|
+
version: '2.5'
|
|
325
321
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
326
322
|
requirements:
|
|
327
323
|
- - ">="
|
|
328
324
|
- !ruby/object:Gem::Version
|
|
329
325
|
version: '0'
|
|
330
326
|
requirements: []
|
|
331
|
-
rubygems_version: 3.
|
|
332
|
-
signing_key:
|
|
327
|
+
rubygems_version: 3.5.11
|
|
328
|
+
signing_key:
|
|
333
329
|
specification_version: 4
|
|
334
330
|
summary: WebAuthn ruby server library
|
|
335
331
|
test_files: []
|