RubyGems - webauthn - Versions diffs - 2.2.0 → 2.5.0 - Mend

webauthn 2.2.0 → 2.5.0

Files changed (37) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yml +36 -0
data/.rubocop.yml +60 -0
data/Appraisals +2 -10
data/CHANGELOG.md +53 -0
data/README.md +71 -9
data/SECURITY.md +6 -3
data/gemfiles/{openssl_2_0.gemfile → openssl_2_2.gemfile} +1 -1
data/lib/cose/rsapkcs1_algorithm.rb +11 -0
data/lib/webauthn/attestation_object.rb +2 -2
data/lib/webauthn/attestation_statement.rb +4 -1
data/lib/webauthn/attestation_statement/android_key.rb +0 -11
data/lib/webauthn/attestation_statement/android_safetynet.rb +1 -5
data/lib/webauthn/attestation_statement/apple.rb +65 -0
data/lib/webauthn/attestation_statement/base.rb +36 -14
data/lib/webauthn/attestation_statement/fido_u2f.rb +2 -5
data/lib/webauthn/attestation_statement/none.rb +7 -1
data/lib/webauthn/attestation_statement/packed.rb +10 -23
data/lib/webauthn/attestation_statement/tpm.rb +10 -20
data/lib/webauthn/authenticator_assertion_response.rb +1 -4
data/lib/webauthn/authenticator_attestation_response.rb +2 -2
data/lib/webauthn/configuration.rb +2 -6
data/lib/webauthn/credential_creation_options.rb +2 -0
data/lib/webauthn/credential_request_options.rb +2 -0
data/lib/webauthn/fake_authenticator.rb +16 -4
data/lib/webauthn/fake_authenticator/attestation_object.rb +7 -3
data/lib/webauthn/fake_client.rb +21 -4
data/lib/webauthn/public_key.rb +21 -2
data/lib/webauthn/public_key_credential.rb +13 -3
data/lib/webauthn/public_key_credential/entity.rb +3 -4
data/lib/webauthn/version.rb +1 -1
data/webauthn.gemspec +7 -6
metadata +34 -22
data/.travis.yml +0 -26
data/gemfiles/cose_head.gemfile +0 -7
data/gemfiles/openssl_head.gemfile +0 -7
data/lib/webauthn/signature_verifier.rb +0 -52

data/.travis.yml DELETED Viewed

@@ -1,26 +0,0 @@
-dist: bionic
-language: ruby
-cache: bundler
-rvm:
-  - ruby-head
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
-gemfile:
-  - gemfiles/cose_head.gemfile
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-matrix:
-  fast_finish: true
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/cose_head.gemfile
-    - gemfile: gemfiles/openssl_head.gemfile
-before_install:
-  - gem install bundler -v "~> 2.0"

data/gemfiles/cose_head.gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "cose", git: "https://github.com/cedarcode/cose-ruby"
-gemspec path: "../"

data/gemfiles/openssl_head.gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "openssl", git: "https://github.com/ruby/openssl"
-gemspec path: "../"

data/lib/webauthn/signature_verifier.rb DELETED Viewed

@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-require "cose"
-require "cose/rsapkcs1_algorithm"
-require "openssl"
-require "webauthn/error"
-module WebAuthn
-  class SignatureVerifier
-    class UnsupportedAlgorithm < Error; end
-    def initialize(algorithm, public_key)
-      @algorithm = algorithm
-      @public_key = public_key
-      validate
-    end
-    def verify(signature, verification_data)
-      cose_algorithm.verify(public_key, signature, verification_data)
-    rescue COSE::Error
-      false
-    end
-    private
-    attr_reader :algorithm, :public_key
-    def cose_algorithm
-      case algorithm
-      when COSE::Algorithm::Base
-        algorithm
-      else
-        COSE::Algorithm.find(algorithm)
-      end
-    end
-    def validate
-      if !cose_algorithm
-        raise UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}"
-      elsif !supported_algorithms.include?(cose_algorithm.name)
-        raise UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}"
-      elsif !cose_algorithm.compatible_key?(public_key)
-        raise("Incompatible algorithm and key")
-      end
-    end
-    def supported_algorithms
-      WebAuthn.configuration.algorithms
-    end
-  end
-end