webauthn 2.2.0 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +36 -0
- data/.rubocop.yml +60 -0
- data/Appraisals +2 -10
- data/CHANGELOG.md +53 -0
- data/README.md +71 -9
- data/SECURITY.md +6 -3
- data/gemfiles/{openssl_2_0.gemfile → openssl_2_2.gemfile} +1 -1
- data/lib/cose/rsapkcs1_algorithm.rb +11 -0
- data/lib/webauthn/attestation_object.rb +2 -2
- data/lib/webauthn/attestation_statement.rb +4 -1
- data/lib/webauthn/attestation_statement/android_key.rb +0 -11
- data/lib/webauthn/attestation_statement/android_safetynet.rb +1 -5
- data/lib/webauthn/attestation_statement/apple.rb +65 -0
- data/lib/webauthn/attestation_statement/base.rb +36 -14
- data/lib/webauthn/attestation_statement/fido_u2f.rb +2 -5
- data/lib/webauthn/attestation_statement/none.rb +7 -1
- data/lib/webauthn/attestation_statement/packed.rb +10 -23
- data/lib/webauthn/attestation_statement/tpm.rb +10 -20
- data/lib/webauthn/authenticator_assertion_response.rb +1 -4
- data/lib/webauthn/authenticator_attestation_response.rb +2 -2
- data/lib/webauthn/configuration.rb +2 -6
- data/lib/webauthn/credential_creation_options.rb +2 -0
- data/lib/webauthn/credential_request_options.rb +2 -0
- data/lib/webauthn/fake_authenticator.rb +16 -4
- data/lib/webauthn/fake_authenticator/attestation_object.rb +7 -3
- data/lib/webauthn/fake_client.rb +21 -4
- data/lib/webauthn/public_key.rb +21 -2
- data/lib/webauthn/public_key_credential.rb +13 -3
- data/lib/webauthn/public_key_credential/entity.rb +3 -4
- data/lib/webauthn/version.rb +1 -1
- data/webauthn.gemspec +7 -6
- metadata +34 -22
- data/.travis.yml +0 -26
- data/gemfiles/cose_head.gemfile +0 -7
- data/gemfiles/openssl_head.gemfile +0 -7
- data/lib/webauthn/signature_verifier.rb +0 -52
data/.travis.yml
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
dist: bionic
|
2
|
-
language: ruby
|
3
|
-
cache: bundler
|
4
|
-
|
5
|
-
rvm:
|
6
|
-
- ruby-head
|
7
|
-
- 2.7.0
|
8
|
-
- 2.6.5
|
9
|
-
- 2.5.7
|
10
|
-
- 2.4.9
|
11
|
-
|
12
|
-
gemfile:
|
13
|
-
- gemfiles/cose_head.gemfile
|
14
|
-
- gemfiles/openssl_head.gemfile
|
15
|
-
- gemfiles/openssl_2_1.gemfile
|
16
|
-
- gemfiles/openssl_2_0.gemfile
|
17
|
-
|
18
|
-
matrix:
|
19
|
-
fast_finish: true
|
20
|
-
allow_failures:
|
21
|
-
- rvm: ruby-head
|
22
|
-
- gemfile: gemfiles/cose_head.gemfile
|
23
|
-
- gemfile: gemfiles/openssl_head.gemfile
|
24
|
-
|
25
|
-
before_install:
|
26
|
-
- gem install bundler -v "~> 2.0"
|
data/gemfiles/cose_head.gemfile
DELETED
@@ -1,52 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "cose"
|
4
|
-
require "cose/rsapkcs1_algorithm"
|
5
|
-
require "openssl"
|
6
|
-
require "webauthn/error"
|
7
|
-
|
8
|
-
module WebAuthn
|
9
|
-
class SignatureVerifier
|
10
|
-
class UnsupportedAlgorithm < Error; end
|
11
|
-
|
12
|
-
def initialize(algorithm, public_key)
|
13
|
-
@algorithm = algorithm
|
14
|
-
@public_key = public_key
|
15
|
-
|
16
|
-
validate
|
17
|
-
end
|
18
|
-
|
19
|
-
def verify(signature, verification_data)
|
20
|
-
cose_algorithm.verify(public_key, signature, verification_data)
|
21
|
-
rescue COSE::Error
|
22
|
-
false
|
23
|
-
end
|
24
|
-
|
25
|
-
private
|
26
|
-
|
27
|
-
attr_reader :algorithm, :public_key
|
28
|
-
|
29
|
-
def cose_algorithm
|
30
|
-
case algorithm
|
31
|
-
when COSE::Algorithm::Base
|
32
|
-
algorithm
|
33
|
-
else
|
34
|
-
COSE::Algorithm.find(algorithm)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
def validate
|
39
|
-
if !cose_algorithm
|
40
|
-
raise UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}"
|
41
|
-
elsif !supported_algorithms.include?(cose_algorithm.name)
|
42
|
-
raise UnsupportedAlgorithm, "Unsupported algorithm #{algorithm}"
|
43
|
-
elsif !cose_algorithm.compatible_key?(public_key)
|
44
|
-
raise("Incompatible algorithm and key")
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
def supported_algorithms
|
49
|
-
WebAuthn.configuration.algorithms
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|