webauthn 2.4.1 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1ffc928d4b54cc4c19c946a30e3e0d1e6a56b317d9d82376bb7f7f9693ee88a
-  data.tar.gz: fe42ab966c5ec4ef20089f147276ba485496b8bcf284c1a16a05606c217a434a
+  metadata.gz: 1e6487b19f172c0c7e96af23d04e47f91bebd2ef7d20f144f99f85e761a2db86
+  data.tar.gz: 7623405e7cd01708f29897a0d4183fbc8c9b2a3dfb06b9c182646ddaf9c6cb0d
 SHA512:
-  metadata.gz: bd77e2c99e1a08f63dc1986edef737e64872f48108e5e664c8517c7bea11e22a9b4c2bf6e07f7d370d09c3ba3ba3264dff309fd792a47c239d359b27bdd070db
-  data.tar.gz: 36a50f38e8c7dac6e33e0494d9ebeac33587ace21d4cad022be1984bd7f915112ba99c6fb975186e63d2757156c09014538a8cfda55db8edeac5ef0327c42bc0
+  metadata.gz: d2f8d2137b2ee140a3258fbbff8d62e49264b2eafa80f0726dacc16a742addf75625b9da51696db6f3862a85e63f44ca5fc2b73320b1c256dd1c57f96121de24
+  data.tar.gz: dcb2ea914a14944b4bf7c4682394df12e00ddd4a4b0cc1076a03a7368bf4d563d08b61fbbe27ece3ddcbc05a9ed542d8236c1bfce833669c9b60c5d3387b35b4

data/.github/workflows/build.yml

@@ -0,0 +1,36 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.0'
+          - '2.7'
+          - '2.6'
+          - '2.5'
+          - '2.4'
+          - truffleruby
+        gemfile:
+          - openssl_2_2
+          - openssl_2_1
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/.rubocop.yml

@@ -1,5 +1,6 @@
 require:
   - rubocop-rspec
+  - rubocop-rake
 
 inherit_mode:
   merge:
@@ -8,6 +9,7 @@ inherit_mode:
 AllCops:
   TargetRubyVersion: 2.4
   DisabledByDefault: true
+  NewCops: disable
   Exclude:
     - "gemfiles/**/*"
     - "vendor/**/*"
@@ -24,6 +26,9 @@ Layout:
 Layout/ClassStructure:
   Enabled: true
 
+Layout/EmptyLineBetweenDefs:
+  AllowAdjacentOneLineDefs: true
+
 Layout/EmptyLinesAroundAttributeAccessor:
   Enabled: true
 
@@ -92,6 +97,9 @@ Lint/UnreachableLoop:
 Naming:
   Enabled: true
 
+Naming/VariableNumber:
+  Enabled: false
+
 RSpec/Be:
   Enabled: true
 

data/Appraisals

@@ -1,13 +1,5 @@
 # frozen_string_literal: true
 
-appraise "cose_head" do
-  gem "cose", git: "https://github.com/cedarcode/cose-ruby"
-end
-
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
-end
-
 appraise "openssl_2_2" do
   gem "openssl", "~> 2.2.0"
 end
@@ -15,7 +7,3 @@ end
 appraise "openssl_2_1" do
   gem "openssl", "~> 2.1.0"
 end
-
-appraise "openssl_2_0" do
-  gem "openssl", "~> 2.0.0"
-end

data/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## [v3.0.0.alpha1] - 2020-06-27
+
+### Added
+
+- Ability to define multiple relying parties with the introduction of the `WebAuthn::RelyingParty` class ([@padulafacundo], [@brauliomartinezlm])
+
+## [v2.5.0] - 2021-03-14
+
+### Added
+
+- Support 'apple' attestation statement format ([#343](https://github.com/cedarcode/webauthn-ruby/pull/343) / [@juanarias93], [@santiagorodriguez96])
+- Allow specifying an array of ids as `allow_credentials:` for `FakeClient#get` method ([#335](https://github.com/cedarcode/webauthn-ruby/pull/335) / [@kingjan1999])
+
+### Removed
+
+- No longer accept "removed from the WebAuthn spec" options `rp: { icon: }` and `user: { icon: }` for `WebAuthn::Credential.options_for_create` method ([#326](https://github.com/cedarcode/webauthn-ruby/pull/326) / [@santiagorodriguez96])
+
 ## [v2.4.1] - 2021-02-15
 
 ### Fixed
@@ -307,6 +324,8 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
 
+[v3.0.0.alpha1]: https://github.com/cedarcode/webauthn-ruby/compare/2-stable...v3.0.0.alpha1/
+[v2.5.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.4.1...v2.5.0/
 [v2.4.1]: https://github.com/cedarcode/webauthn-ruby/compare/v2.4.0...v2.4.1/
 [v2.4.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.3.0...v2.4.0/
 [v2.3.0]: https://github.com/cedarcode/webauthn-ruby/compare/v2.2.1...v2.3.0/
@@ -336,6 +355,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
 [v0.2.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.1.0...v0.2.0/
 [v0.1.0]: https://github.com/cedarcode/webauthn-ruby/compare/v0.0.0...v0.1.0/
 
+[@brauliomartinezlm]: https://github.com/brauliomartinezlm
 [@bdewater]: https://github.com/bdewater
 [@jdongelmans]: https://github.com/jdongelmans
 [@kalebtesfay]: https://github.com/kalebtesfay
@@ -345,3 +365,5 @@ Note: Both additions should help making it compatible with Chrome for Android 70
 [@padulafacundo]: https://github.com/padulafacundo
 [@santiagorodriguez96]: https://github.com/santiagorodriguez96
 [@lgarron]: https://github.com/lgarron
+[@juanarias93]: https://github.com/juanarias93
+[@kingjan1999]: https://github.com/@kingjan1999

data/README.md

@@ -6,7 +6,7 @@ For the current release version see https://github.com/cedarcode/webauthn-ruby/b
 ![banner](assets/webauthn-ruby.png)
 
 [![Gem](https://img.shields.io/gem/v/webauthn.svg?style=flat-square)](https://rubygems.org/gems/webauthn)
-[![Travis](https://img.shields.io/travis/cedarcode/webauthn-ruby/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/webauthn-ruby)
+[![Travis](https://img.shields.io/travis/cedarcode/webauthn-ruby/master.svg?style=flat-square)](https://travis-ci.com/cedarcode/webauthn-ruby)
 [![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-informational.svg?style=flat-square)](https://conventionalcommits.org)
 [![Join the chat at https://gitter.im/cedarcode/webauthn-ruby](https://badges.gitter.im/cedarcode/webauthn-ruby.svg)](https://gitter.im/cedarcode/webauthn-ruby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
@@ -408,7 +408,7 @@ credential.authenticator_extension_outputs
 
 ## Attestation
 
-### Attestation Statement Format
+### Attestation Statement Formats
 
 | Attestation Statement Format | Supported? |
 | -------- | :--------: |
@@ -417,6 +417,7 @@ credential.authenticator_extension_outputs
 | tpm (x5c attestation) | Yes |
 | android-key | Yes |
 | android-safetynet | Yes |
+| apple | Yes |
 | fido-u2f | Yes |
 | none | Yes |
 

data/SECURITY.md

@@ -4,9 +4,10 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 2.5.z    | :white_check_mark: |
 | 2.4.z    | :white_check_mark: |
 | 2.3.z    | :white_check_mark: |
-| 2.2.z    | :white_check_mark: |
+| 2.2.z    | :x: |
 | 2.1.z    | :x: |
 | 2.0.z    | :x: |
 | 1.18.z   | :white_check_mark: |

data/lib/webauthn/attestation_statement.rb

@@ -2,6 +2,7 @@
 
 require "webauthn/attestation_statement/android_key"
 require "webauthn/attestation_statement/android_safetynet"
+require "webauthn/attestation_statement/apple"
 require "webauthn/attestation_statement/fido_u2f"
 require "webauthn/attestation_statement/none"
 require "webauthn/attestation_statement/packed"
@@ -18,6 +19,7 @@ module WebAuthn
     ATTESTATION_FORMAT_ANDROID_SAFETYNET = "android-safetynet"
     ATTESTATION_FORMAT_ANDROID_KEY = "android-key"
     ATTESTATION_FORMAT_TPM = "tpm"
+    ATTESTATION_FORMAT_APPLE = "apple"
 
     FORMAT_TO_CLASS = {
       ATTESTATION_FORMAT_NONE => WebAuthn::AttestationStatement::None,
@@ -25,7 +27,8 @@ module WebAuthn
       ATTESTATION_FORMAT_PACKED => WebAuthn::AttestationStatement::Packed,
       ATTESTATION_FORMAT_ANDROID_SAFETYNET => WebAuthn::AttestationStatement::AndroidSafetynet,
       ATTESTATION_FORMAT_ANDROID_KEY => WebAuthn::AttestationStatement::AndroidKey,
-      ATTESTATION_FORMAT_TPM => WebAuthn::AttestationStatement::TPM
+      ATTESTATION_FORMAT_TPM => WebAuthn::AttestationStatement::TPM,
+      ATTESTATION_FORMAT_APPLE => WebAuthn::AttestationStatement::Apple
     }.freeze
 
     def self.from(format, statement)

data/lib/webauthn/attestation_statement/android_key.rb

@@ -20,10 +20,6 @@ module WebAuthn
 
       private
 
-      def matching_public_key?(authenticator_data)
-        attestation_certificate.public_key.to_der == authenticator_data.credential.public_key_object.to_der
-      end
-
       def valid_attestation_challenge?(client_data_hash)
         android_key_attestation.verify_challenge(client_data_hash)
       rescue AndroidKeyAttestation::ChallengeMismatchError

data/lib/webauthn/attestation_statement/android_safetynet.rb

@@ -16,10 +16,6 @@ module WebAuthn
           [attestation_type, attestation_trust_path]
       end
 
-      def attestation_certificate
-        attestation_trust_path.first
-      end
-
       private
 
       def valid_response?(authenticator_data, client_data_hash)
@@ -52,7 +48,7 @@ module WebAuthn
       end
 
       # SafetyNetAttestation returns full chain including root, WebAuthn expects only the x5c certificates
-      def attestation_trust_path
+      def certificates
         attestation_response.certificate_chain[0..-2]
       end
 

data/lib/webauthn/attestation_statement/apple.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "webauthn/attestation_statement/base"
+
+module WebAuthn
+  module AttestationStatement
+    class Apple < Base
+      # Source: https://www.apple.com/certificateauthority/private/
+      ROOT_CERTIFICATE =
+        OpenSSL::X509::Certificate.new(<<~PEM)
+          -----BEGIN CERTIFICATE-----
+          MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
+          HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
+          bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
+          NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
+          A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
+          AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
+          xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
+          pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
+          2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
+          MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
+          jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gpSAk9QZW4B
+          1bWeT0vT
+          -----END CERTIFICATE-----
+        PEM
+
+      NONCE_EXTENSION_OID = "1.2.840.113635.100.8.2"
+
+      def valid?(authenticator_data, client_data_hash)
+        valid_nonce?(authenticator_data, client_data_hash) &&
+          matching_public_key?(authenticator_data) &&
+          trustworthy? &&
+          [attestation_type, attestation_trust_path]
+      end
+
+      private
+
+      def valid_nonce?(authenticator_data, client_data_hash)
+        extension = cred_cert&.extensions&.detect { |ext| ext.oid == NONCE_EXTENSION_OID }
+
+        if extension
+          sequence = OpenSSL::ASN1.decode(OpenSSL::ASN1.decode(extension.to_der).value[1].value)
+
+          sequence.tag == OpenSSL::ASN1::SEQUENCE &&
+            sequence.value.size == 1 &&
+            sequence.value[0].value[0].value ==
+              OpenSSL::Digest::SHA256.digest(authenticator_data.data + client_data_hash)
+        end
+      end
+
+      def attestation_type
+        WebAuthn::AttestationStatement::ATTESTATION_TYPE_ANONCA
+      end
+
+      def cred_cert
+        attestation_certificate
+      end
+
+      def default_root_certificates
+        [ROOT_CERTIFICATE]
+      end
+    end
+  end
+end

data/lib/webauthn/attestation_statement/base.rb

@@ -16,11 +16,13 @@ module WebAuthn
     ATTESTATION_TYPE_SELF = "Self"
     ATTESTATION_TYPE_ATTCA = "AttCA"
     ATTESTATION_TYPE_BASIC_OR_ATTCA = "Basic_or_AttCA"
+    ATTESTATION_TYPE_ANONCA = "AnonCA"
 
     ATTESTATION_TYPES_WITH_ROOT = [
       ATTESTATION_TYPE_BASIC,
       ATTESTATION_TYPE_BASIC_OR_ATTCA,
-      ATTESTATION_TYPE_ATTCA
+      ATTESTATION_TYPE_ATTCA,
+      ATTESTATION_TYPE_ANONCA
     ].freeze
 
     class Base
@@ -42,12 +44,6 @@ module WebAuthn
         certificates&.first
       end
 
-      def certificate_chain
-        if certificates
-          certificates[1..-1]
-        end
-      end
-
       def attestation_certificate_key_id
         raw_subject_key_identifier&.unpack("H*")&.[](0)
       end
@@ -68,6 +64,10 @@ module WebAuthn
         end
       end
 
+      def matching_public_key?(authenticator_data)
+        attestation_certificate.public_key.to_der == authenticator_data.credential.public_key_object.to_der
+      end
+
       def certificates
         @certificates ||=
           raw_certificates&.map do |raw_certificate|

data/lib/webauthn/configuration.rb

@@ -16,11 +16,7 @@ module WebAuthn
   class RootCertificateFinderNotSupportedError < Error; end
 
   class Configuration
-    def self.if_pss_supported(algorithm)
-      OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss) ? algorithm : nil
-    end
-
-    DEFAULT_ALGORITHMS = ["ES256", if_pss_supported("PS256"), "RS256"].compact.freeze
+    DEFAULT_ALGORITHMS = ["ES256", "PS256", "RS256"].compact.freeze
 
     attr_accessor :algorithms
     attr_accessor :encoding
@@ -39,7 +35,7 @@ module WebAuthn
       @verify_attestation_statement = true
       @credential_options_timeout = 120000
       @silent_authentication = false
-      @acceptable_attestation_types = ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA']
+      @acceptable_attestation_types = ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA']
       @attestation_root_certificates_finders = []
     end
 

data/lib/webauthn/fake_authenticator.rb

@@ -50,12 +50,20 @@ module WebAuthn
       user_verified: false,
       aaguid: AuthenticatorData::AAGUID,
       sign_count: nil,
-      extensions: nil
+      extensions: nil,
+      allow_credentials: nil
     )
       credential_options = credentials[rp_id]
 
       if credential_options
-        credential_id, credential = credential_options.first
+        allow_credentials ||= credential_options.keys
+        credential_id = (credential_options.keys & allow_credentials).first
+        unless credential_id
+          raise "No matching credentials (allowed=#{allow_credentials}) " \
+                "found for RP #{rp_id} among credentials=#{credential_options}"
+        end
+
+        credential = credential_options[credential_id]
         credential_key = credential[:credential_key]
         credential_sign_count = credential[:sign_count]
 

data/lib/webauthn/fake_client.rb

@@ -74,19 +74,25 @@ module WebAuthn
             user_verified: false,
             sign_count: nil,
             extensions: nil,
-            user_handle: nil)
+            user_handle: nil,
+            allow_credentials: nil)
       rp_id ||= URI.parse(origin).host
 
       client_data_json = data_json_for(:get, encoder.decode(challenge))
       client_data_hash = hashed(client_data_json)
 
+      if allow_credentials
+        allow_credentials = allow_credentials.map { |credential| encoder.decode(credential) }
+      end
+
       assertion = authenticator.get_assertion(
         rp_id: rp_id,
         client_data_hash: client_data_hash,
         user_present: user_present,
         user_verified: user_verified,
         sign_count: sign_count,
-        extensions: extensions
+        extensions: extensions,
+        allow_credentials: allow_credentials
       )
 
       {

data/lib/webauthn/public_key_credential/entity.rb

@@ -5,11 +5,10 @@ require "awrence"
 module WebAuthn
   class PublicKeyCredential
     class Entity
-      attr_reader :name, :icon
+      attr_reader :name
 
-      def initialize(name:, icon: nil)
+      def initialize(name:)
         @name = name
-        @icon = icon
       end
 
       def as_json
@@ -37,7 +36,7 @@ module WebAuthn
       end
 
       def attributes
-        [:name, :icon]
+        [:name]
       end
     end
   end

data/lib/webauthn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WebAuthn
-  VERSION = "2.4.1"
+  VERSION = "2.5.0"
 end

data/webauthn.gemspec

@@ -38,16 +38,17 @@ Gem::Specification.new do |spec|
   spec.add_dependency "bindata", "~> 2.4"
   spec.add_dependency "cbor", "~> 0.5.9"
   spec.add_dependency "cose", "~> 1.1"
-  spec.add_dependency "openssl", "~> 2.0"
+  spec.add_dependency "openssl", "~> 2.1"
   spec.add_dependency "safety_net_attestation", "~> 0.4.0"
   spec.add_dependency "securecompare", "~> 1.0"
   spec.add_dependency "tpm-key_attestation", "~> 0.10.0"
 
-  spec.add_development_dependency "appraisal", "~> 2.3.0"
+  spec.add_development_dependency "appraisal", "~> 2.4"
   spec.add_development_dependency "bundler", ">= 1.17", "< 3.0"
   spec.add_development_dependency "byebug", "~> 11.0"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.8"
-  spec.add_development_dependency "rubocop", "0.89"
-  spec.add_development_dependency "rubocop-rspec", "~> 1.38.1"
+  spec.add_development_dependency "rubocop", "~> 1.9.1"
+  spec.add_development_dependency "rubocop-rake", "~> 0.5.1"
+  spec.add_development_dependency "rubocop-rspec", "~> 2.2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 2.4.1
+  version: 2.5.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-02-15 00:00:00.000000000 Z
+date: 2021-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: android_key_attestation
@@ -87,14 +87,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: safety_net_attestation
   requirement: !ruby/object:Gem::Requirement
@@ -143,14 +143,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: '2.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: '2.4'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -217,30 +217,44 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.89'
+        version: 1.9.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.89'
+        version: 0.5.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.38.1
+        version: 2.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.38.1
+        version: 2.2.0
 description: |-
   WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
       Relying Party and allow your users to authenticate with U2F and FIDO2 authenticators.
@@ -251,10 +265,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -266,17 +280,15 @@ files:
 - bin/console
 - bin/setup
 - docs/u2f_migration.md
-- gemfiles/cose_head.gemfile
-- gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
 - gemfiles/openssl_2_2.gemfile
-- gemfiles/openssl_head.gemfile
 - lib/cose/rsapkcs1_algorithm.rb
 - lib/webauthn.rb
 - lib/webauthn/attestation_object.rb
 - lib/webauthn/attestation_statement.rb
 - lib/webauthn/attestation_statement/android_key.rb
 - lib/webauthn/attestation_statement/android_safetynet.rb
+- lib/webauthn/attestation_statement/apple.rb
 - lib/webauthn/attestation_statement/base.rb
 - lib/webauthn/attestation_statement/fido_u2f.rb
 - lib/webauthn/attestation_statement/fido_u2f/public_key.rb
@@ -316,8 +328,6 @@ files:
 - lib/webauthn/security_utils.rb
 - lib/webauthn/u2f_migrator.rb
 - lib/webauthn/version.rb
-- script/ci/install-openssl
-- script/ci/install-ruby
 - webauthn.gemspec
 homepage: https://github.com/cedarcode/webauthn-ruby
 licenses:
@@ -341,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.8
+rubygems_version: 3.2.14
 signing_key: 
 specification_version: 4
 summary: WebAuthn ruby server library

data/.travis.yml

@@ -1,39 +0,0 @@
-dist: bionic
-language: ruby
-
-cache:
-  bundler: true
-  directories:
-    - /home/travis/.rvm/
-
-env:
-  - LIBSSL=1.1 RB=2.7.1
-  - LIBSSL=1.1 RB=2.6.6
-  - LIBSSL=1.1 RB=2.5.8
-  - LIBSSL=1.1 RB=2.4.10
-  - LIBSSL=1.1 RB=ruby-head
-  - LIBSSL=1.0 RB=2.7.1
-  - LIBSSL=1.0 RB=2.6.6
-  - LIBSSL=1.0 RB=2.5.8
-  - LIBSSL=1.0 RB=2.4.10
-  - LIBSSL=1.0 RB=ruby-head
-
-gemfile:
-  - gemfiles/cose_head.gemfile
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_2.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    - env: LIBSSL=1.1 RB=ruby-head
-    - env: LIBSSL=1.0 RB=ruby-head
-    - gemfile: gemfiles/cose_head.gemfile
-    - gemfile: gemfiles/openssl_head.gemfile
-
-before_install:
-  - ./script/ci/install-openssl
-  - ./script/ci/install-ruby
-  - gem install bundler -v "~> 2.0"

data/gemfiles/cose_head.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "cose", git: "https://github.com/cedarcode/cose-ruby"
-
-gemspec path: "../"

data/gemfiles/openssl_2_0.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "openssl", "~> 2.0.0"
-
-gemspec path: "../"

data/gemfiles/openssl_head.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "openssl", git: "https://github.com/ruby/openssl"
-
-gemspec path: "../"

data/script/ci/install-openssl

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [[ "$LIBSSL" == "1.0" ]]; then
-  sudo apt-get install libssl1.0-dev
-fi

data/script/ci/install-ruby

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-source "$HOME/.rvm/scripts/rvm"
-
-if [[ "$LIBSSL" == "1.0" ]]; then
-  rvm use --install $RB --autolibs=read-only --disable-binary
-elif [[ "$LIBSSL" == "1.1" ]]; then
-  rvm use --install $RB --binary --fuzzy
-fi
-
-[[ "`ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'`" =~ "OpenSSL $LIBSSL" ]] || { echo "Wrong libssl version"; exit 1; }