webauthn 2.3.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +32 -0
  3. data/.github/workflows/git.yml +21 -0
  4. data/.rubocop.yml +57 -1
  5. data/CHANGELOG.md +79 -0
  6. data/README.md +8 -5
  7. data/SECURITY.md +6 -3
  8. data/docs/advanced_configuration.md +174 -0
  9. data/docs/u2f_migration.md +14 -20
  10. data/lib/cose/rsapkcs1_algorithm.rb +7 -0
  11. data/lib/webauthn/attestation_object.rb +9 -5
  12. data/lib/webauthn/attestation_statement/android_key.rb +0 -4
  13. data/lib/webauthn/attestation_statement/android_safetynet.rb +1 -5
  14. data/lib/webauthn/attestation_statement/apple.rb +65 -0
  15. data/lib/webauthn/attestation_statement/base.rb +18 -32
  16. data/lib/webauthn/attestation_statement/none.rb +7 -1
  17. data/lib/webauthn/attestation_statement/packed.rb +1 -1
  18. data/lib/webauthn/attestation_statement/tpm.rb +2 -2
  19. data/lib/webauthn/attestation_statement.rb +6 -3
  20. data/lib/webauthn/authenticator_assertion_response.rb +4 -3
  21. data/lib/webauthn/authenticator_attestation_response.rb +10 -7
  22. data/lib/webauthn/authenticator_data/attested_credential_data.rb +10 -5
  23. data/lib/webauthn/authenticator_data.rb +10 -2
  24. data/lib/webauthn/authenticator_response.rb +7 -7
  25. data/lib/webauthn/configuration.rb +38 -42
  26. data/lib/webauthn/credential.rb +5 -4
  27. data/lib/webauthn/credential_creation_options.rb +2 -0
  28. data/lib/webauthn/credential_request_options.rb +2 -0
  29. data/lib/webauthn/fake_authenticator/attestation_object.rb +8 -0
  30. data/lib/webauthn/fake_authenticator/authenticator_data.rb +20 -5
  31. data/lib/webauthn/fake_authenticator.rb +19 -3
  32. data/lib/webauthn/fake_client.rb +20 -5
  33. data/lib/webauthn/public_key_credential/creation_options.rb +3 -3
  34. data/lib/webauthn/public_key_credential/entity.rb +3 -4
  35. data/lib/webauthn/public_key_credential/options.rb +9 -8
  36. data/lib/webauthn/public_key_credential/request_options.rb +11 -1
  37. data/lib/webauthn/public_key_credential.rb +24 -5
  38. data/lib/webauthn/public_key_credential_with_assertion.rb +14 -1
  39. data/lib/webauthn/relying_party.rb +120 -0
  40. data/lib/webauthn/u2f_migrator.rb +4 -1
  41. data/lib/webauthn/version.rb +1 -1
  42. data/webauthn.gemspec +7 -8
  43. metadata +40 -59
  44. data/.travis.yml +0 -39
  45. data/Appraisals +0 -21
  46. data/gemfiles/cose_head.gemfile +0 -7
  47. data/gemfiles/openssl_2_0.gemfile +0 -7
  48. data/gemfiles/openssl_2_1.gemfile +0 -7
  49. data/gemfiles/openssl_2_2.gemfile +0 -7
  50. data/gemfiles/openssl_head.gemfile +0 -7
  51. data/lib/webauthn/security_utils.rb +0 -20
  52. data/script/ci/install-openssl +0 -7
  53. data/script/ci/install-ruby +0 -13
metadata CHANGED
@@ -1,15 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: webauthn
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo Rodriguez
8
8
  - Braulio Martinez
9
- autorequire:
9
+ autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-06-27 00:00:00.000000000 Z
12
+ date: 2023-02-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: android_key_attestation
@@ -73,28 +73,28 @@ dependencies:
73
73
  requirements:
74
74
  - - "~>"
75
75
  - !ruby/object:Gem::Version
76
- version: '1.0'
76
+ version: '1.1'
77
77
  type: :runtime
78
78
  prerelease: false
79
79
  version_requirements: !ruby/object:Gem::Requirement
80
80
  requirements:
81
81
  - - "~>"
82
82
  - !ruby/object:Gem::Version
83
- version: '1.0'
83
+ version: '1.1'
84
84
  - !ruby/object:Gem::Dependency
85
85
  name: openssl
86
86
  requirement: !ruby/object:Gem::Requirement
87
87
  requirements:
88
- - - "~>"
88
+ - - ">="
89
89
  - !ruby/object:Gem::Version
90
- version: '2.0'
90
+ version: '2.2'
91
91
  type: :runtime
92
92
  prerelease: false
93
93
  version_requirements: !ruby/object:Gem::Requirement
94
94
  requirements:
95
- - - "~>"
95
+ - - ">="
96
96
  - !ruby/object:Gem::Version
97
- version: '2.0'
97
+ version: '2.2'
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: safety_net_attestation
100
100
  requirement: !ruby/object:Gem::Requirement
@@ -109,48 +109,20 @@ dependencies:
109
109
  - - "~>"
110
110
  - !ruby/object:Gem::Version
111
111
  version: 0.4.0
112
- - !ruby/object:Gem::Dependency
113
- name: securecompare
114
- requirement: !ruby/object:Gem::Requirement
115
- requirements:
116
- - - "~>"
117
- - !ruby/object:Gem::Version
118
- version: '1.0'
119
- type: :runtime
120
- prerelease: false
121
- version_requirements: !ruby/object:Gem::Requirement
122
- requirements:
123
- - - "~>"
124
- - !ruby/object:Gem::Version
125
- version: '1.0'
126
112
  - !ruby/object:Gem::Dependency
127
113
  name: tpm-key_attestation
128
114
  requirement: !ruby/object:Gem::Requirement
129
115
  requirements:
130
116
  - - "~>"
131
117
  - !ruby/object:Gem::Version
132
- version: 0.9.0
118
+ version: 0.12.0
133
119
  type: :runtime
134
120
  prerelease: false
135
121
  version_requirements: !ruby/object:Gem::Requirement
136
122
  requirements:
137
123
  - - "~>"
138
124
  - !ruby/object:Gem::Version
139
- version: 0.9.0
140
- - !ruby/object:Gem::Dependency
141
- name: appraisal
142
- requirement: !ruby/object:Gem::Requirement
143
- requirements:
144
- - - "~>"
145
- - !ruby/object:Gem::Version
146
- version: 2.3.0
147
- type: :development
148
- prerelease: false
149
- version_requirements: !ruby/object:Gem::Requirement
150
- requirements:
151
- - - "~>"
152
- - !ruby/object:Gem::Version
153
- version: 2.3.0
125
+ version: 0.12.0
154
126
  - !ruby/object:Gem::Dependency
155
127
  name: bundler
156
128
  requirement: !ruby/object:Gem::Requirement
@@ -217,30 +189,44 @@ dependencies:
217
189
  name: rubocop
218
190
  requirement: !ruby/object:Gem::Requirement
219
191
  requirements:
220
- - - '='
192
+ - - "~>"
193
+ - !ruby/object:Gem::Version
194
+ version: 1.9.1
195
+ type: :development
196
+ prerelease: false
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: 1.9.1
202
+ - !ruby/object:Gem::Dependency
203
+ name: rubocop-rake
204
+ requirement: !ruby/object:Gem::Requirement
205
+ requirements:
206
+ - - "~>"
221
207
  - !ruby/object:Gem::Version
222
- version: 0.80.1
208
+ version: 0.5.1
223
209
  type: :development
224
210
  prerelease: false
225
211
  version_requirements: !ruby/object:Gem::Requirement
226
212
  requirements:
227
- - - '='
213
+ - - "~>"
228
214
  - !ruby/object:Gem::Version
229
- version: 0.80.1
215
+ version: 0.5.1
230
216
  - !ruby/object:Gem::Dependency
231
217
  name: rubocop-rspec
232
218
  requirement: !ruby/object:Gem::Requirement
233
219
  requirements:
234
220
  - - "~>"
235
221
  - !ruby/object:Gem::Version
236
- version: 1.38.1
222
+ version: 2.2.0
237
223
  type: :development
238
224
  prerelease: false
239
225
  version_requirements: !ruby/object:Gem::Requirement
240
226
  requirements:
241
227
  - - "~>"
242
228
  - !ruby/object:Gem::Version
243
- version: 1.38.1
229
+ version: 2.2.0
244
230
  description: |-
245
231
  WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
246
232
  Relying Party and allow your users to authenticate with U2F and FIDO2 authenticators.
@@ -251,11 +237,11 @@ executables: []
251
237
  extensions: []
252
238
  extra_rdoc_files: []
253
239
  files:
240
+ - ".github/workflows/build.yml"
241
+ - ".github/workflows/git.yml"
254
242
  - ".gitignore"
255
243
  - ".rspec"
256
244
  - ".rubocop.yml"
257
- - ".travis.yml"
258
- - Appraisals
259
245
  - CHANGELOG.md
260
246
  - CONTRIBUTING.md
261
247
  - Gemfile
@@ -265,18 +251,15 @@ files:
265
251
  - SECURITY.md
266
252
  - bin/console
267
253
  - bin/setup
254
+ - docs/advanced_configuration.md
268
255
  - docs/u2f_migration.md
269
- - gemfiles/cose_head.gemfile
270
- - gemfiles/openssl_2_0.gemfile
271
- - gemfiles/openssl_2_1.gemfile
272
- - gemfiles/openssl_2_2.gemfile
273
- - gemfiles/openssl_head.gemfile
274
256
  - lib/cose/rsapkcs1_algorithm.rb
275
257
  - lib/webauthn.rb
276
258
  - lib/webauthn/attestation_object.rb
277
259
  - lib/webauthn/attestation_statement.rb
278
260
  - lib/webauthn/attestation_statement/android_key.rb
279
261
  - lib/webauthn/attestation_statement/android_safetynet.rb
262
+ - lib/webauthn/attestation_statement/apple.rb
280
263
  - lib/webauthn/attestation_statement/base.rb
281
264
  - lib/webauthn/attestation_statement/fido_u2f.rb
282
265
  - lib/webauthn/attestation_statement/fido_u2f/public_key.rb
@@ -313,11 +296,9 @@ files:
313
296
  - lib/webauthn/public_key_credential/user_entity.rb
314
297
  - lib/webauthn/public_key_credential_with_assertion.rb
315
298
  - lib/webauthn/public_key_credential_with_attestation.rb
316
- - lib/webauthn/security_utils.rb
299
+ - lib/webauthn/relying_party.rb
317
300
  - lib/webauthn/u2f_migrator.rb
318
301
  - lib/webauthn/version.rb
319
- - script/ci/install-openssl
320
- - script/ci/install-ruby
321
302
  - webauthn.gemspec
322
303
  homepage: https://github.com/cedarcode/webauthn-ruby
323
304
  licenses:
@@ -326,7 +307,7 @@ metadata:
326
307
  bug_tracker_uri: https://github.com/cedarcode/webauthn-ruby/issues
327
308
  changelog_uri: https://github.com/cedarcode/webauthn-ruby/blob/master/CHANGELOG.md
328
309
  source_code_uri: https://github.com/cedarcode/webauthn-ruby
329
- post_install_message:
310
+ post_install_message:
330
311
  rdoc_options: []
331
312
  require_paths:
332
313
  - lib
@@ -334,15 +315,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
334
315
  requirements:
335
316
  - - ">="
336
317
  - !ruby/object:Gem::Version
337
- version: '2.4'
318
+ version: '2.5'
338
319
  required_rubygems_version: !ruby/object:Gem::Requirement
339
320
  requirements:
340
321
  - - ">="
341
322
  - !ruby/object:Gem::Version
342
323
  version: '0'
343
324
  requirements: []
344
- rubygems_version: 3.1.4
345
- signing_key:
325
+ rubygems_version: 3.2.32
326
+ signing_key:
346
327
  specification_version: 4
347
328
  summary: WebAuthn ruby server library
348
329
  test_files: []
data/.travis.yml DELETED
@@ -1,39 +0,0 @@
1
- dist: bionic
2
- language: ruby
3
-
4
- cache:
5
- bundler: true
6
- directories:
7
- - /home/travis/.rvm/
8
-
9
- env:
10
- - LIBSSL=1.1 RB=2.7.1
11
- - LIBSSL=1.1 RB=2.6.6
12
- - LIBSSL=1.1 RB=2.5.8
13
- - LIBSSL=1.1 RB=2.4.10
14
- - LIBSSL=1.1 RB=ruby-head
15
- - LIBSSL=1.0 RB=2.7.1
16
- - LIBSSL=1.0 RB=2.6.6
17
- - LIBSSL=1.0 RB=2.5.8
18
- - LIBSSL=1.0 RB=2.4.10
19
- - LIBSSL=1.0 RB=ruby-head
20
-
21
- gemfile:
22
- - gemfiles/cose_head.gemfile
23
- - gemfiles/openssl_head.gemfile
24
- - gemfiles/openssl_2_2.gemfile
25
- - gemfiles/openssl_2_1.gemfile
26
- - gemfiles/openssl_2_0.gemfile
27
-
28
- matrix:
29
- fast_finish: true
30
- allow_failures:
31
- - env: LIBSSL=1.1 RB=ruby-head
32
- - env: LIBSSL=1.0 RB=ruby-head
33
- - gemfile: gemfiles/cose_head.gemfile
34
- - gemfile: gemfiles/openssl_head.gemfile
35
-
36
- before_install:
37
- - ./script/ci/install-openssl
38
- - ./script/ci/install-ruby
39
- - gem install bundler -v "~> 2.0"
data/Appraisals DELETED
@@ -1,21 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- appraise "cose_head" do
4
- gem "cose", git: "https://github.com/cedarcode/cose-ruby"
5
- end
6
-
7
- appraise "openssl_head" do
8
- gem "openssl", git: "https://github.com/ruby/openssl"
9
- end
10
-
11
- appraise "openssl_2_2" do
12
- gem "openssl", "~> 2.2.0"
13
- end
14
-
15
- appraise "openssl_2_1" do
16
- gem "openssl", "~> 2.1.0"
17
- end
18
-
19
- appraise "openssl_2_0" do
20
- gem "openssl", "~> 2.0.0"
21
- end
data/gemfiles/cose_head.gemfile DELETED
@@ -1,7 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "cose", git: "https://github.com/cedarcode/cose-ruby"
6
-
7
- gemspec path: "../"
data/gemfiles/openssl_2_0.gemfile DELETED
@@ -1,7 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "openssl", "~> 2.0.0"
6
-
7
- gemspec path: "../"
data/gemfiles/openssl_2_1.gemfile DELETED
@@ -1,7 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "openssl", "~> 2.1.0"
6
-
7
- gemspec path: "../"
data/gemfiles/openssl_2_2.gemfile DELETED
@@ -1,7 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "openssl", "~> 2.2.0"
6
-
7
- gemspec path: "../"
data/gemfiles/openssl_head.gemfile DELETED
@@ -1,7 +0,0 @@
1
- # This file was generated by Appraisal
2
-
3
- source "https://rubygems.org"
4
-
5
- gem "openssl", git: "https://github.com/ruby/openssl"
6
-
7
- gemspec path: "../"
data/lib/webauthn/security_utils.rb DELETED
@@ -1,20 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "securecompare"
4
-
5
- module WebAuthn
6
- module SecurityUtils
7
- # Constant time string comparison, for variable length strings.
8
- # This code was adapted from Rails ActiveSupport::SecurityUtils
9
- #
10
- # The values are first processed by SHA256, so that we don't leak length info
11
- # via timing attacks.
12
- def secure_compare(first_string, second_string)
13
- first_string_sha256 = ::Digest::SHA256.digest(first_string)
14
- second_string_sha256 = ::Digest::SHA256.digest(second_string)
15
-
16
- SecureCompare.compare(first_string_sha256, second_string_sha256) && first_string == second_string
17
- end
18
- module_function :secure_compare
19
- end
20
- end
data/script/ci/install-openssl DELETED
@@ -1,7 +0,0 @@
1
- #!/bin/bash
2
-
3
- set -e
4
-
5
- if [[ "$LIBSSL" == "1.0" ]]; then
6
- sudo apt-get install libssl1.0-dev
7
- fi
data/script/ci/install-ruby DELETED
@@ -1,13 +0,0 @@
1
- #!/bin/bash
2
-
3
- set -e
4
-
5
- source "$HOME/.rvm/scripts/rvm"
6
-
7
- if [[ "$LIBSSL" == "1.0" ]]; then
8
- rvm use --install $RB --autolibs=read-only --disable-binary
9
- elif [[ "$LIBSSL" == "1.1" ]]; then
10
- rvm use --install $RB --binary --fuzzy
11
- fi
12
-
13
- [[ "`ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'`" =~ "OpenSSL $LIBSSL" ]] || { echo "Wrong libssl version"; exit 1; }