yubikey 1.3.1 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +7 -0
  2. data/lib/yubikey/configuration.rb +15 -5
  3. data/lib/yubikey/otp.rb +2 -4
  4. data/lib/yubikey/otp_verify.rb +11 -7
  5. metadata +7 -8
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e4aaad8f3b9a983633ccfe8f0b0a1ad3cfef9e8c
4
+ data.tar.gz: f2ed25594b25522b8110ce194b25852d5743bacb
5
+ SHA512:
6
+ metadata.gz: 7eae97ec5cca53de8b555e582a296191a1b91b86db8e89a7a33345e6bff11bb8296a891c9793089b1a379c47f6323aa31609ffa1d4be889484c249beb34c04ab
7
+ data.tar.gz: f1c7c525aa464b54072d46cdc17f83a93e9ac33da1dd4f9bbf1a147740b10ffa4d679d91d5ea96e7131f8d5c23d365da7006e265a53f1a75289ab6c4af630807
data/lib/yubikey/configuration.rb CHANGED
@@ -4,14 +4,22 @@ module Yubikey
4
4
  # An array of valid keys in the options hash when configuring a Yubikey::OTP::Verify
5
5
  VALID_OPTIONS_KEYS = [
6
6
  :api_id,
7
+ :url,
7
8
  :api_key,
9
+ :certificate_chain,
8
10
  ].freeze
9
11
 
12
+ # By default, we want to point to Yubicloud
13
+ DEFAULT_API_URL = 'https://api.yubico.com/wsapi/2.0/'
14
+
10
15
  # By default, don't have an api_id
11
- DEFAULT_API_ID = nil
16
+ DEFAULT_API_ID = nil
12
17
 
13
18
  # By default, don't have an api_key
14
- DEFAULT_API_KEY = nil
19
+ DEFAULT_API_KEY = nil
20
+
21
+ # Default location of the Yubico certificate chain
22
+ DEFAULT_CERTIFICATE_CHAIN = File.join(File.dirname(__FILE__), '../cert/chain.pem')
15
23
 
16
24
  # @private
17
25
  attr_accessor *VALID_OPTIONS_KEYS
@@ -35,8 +43,10 @@ module Yubikey
35
43
 
36
44
  # Reset all configuration options to defaults
37
45
  def reset
38
- self.api_id = DEFAULT_API_ID
39
- self.api_key = DEFAULT_API_KEY
46
+ self.api_id = DEFAULT_API_ID
47
+ self.url = DEFAULT_API_URL
48
+ self.api_key = DEFAULT_API_KEY
49
+ self.certificate_chain = DEFAULT_CERTIFICATE_CHAIN
40
50
  end
41
51
  end
42
- end
52
+ end
data/lib/yubikey/otp.rb CHANGED
@@ -22,6 +22,8 @@ class Yubikey::OTP
22
22
  # [+otp+] ModHex encoded Yubikey OTP (at least 32 characters)
23
23
  # [+key+] 32-character hex AES key
24
24
  def initialize(otp, key)
25
+ raise InvalidOTPError, 'OTP must be at least 32 characters of modhex' unless otp.modhex? && otp.length >= 32
26
+ raise InvalidKeyError, 'Key must be 32 hex characters' unless key.hex? && key.length == 32
25
27
 
26
28
  # Get the public ID first
27
29
  @public_id = otp[0, 12]
@@ -29,10 +31,6 @@ class Yubikey::OTP
29
31
  # Strip prefix so otp will decode (following from yubico-c library)
30
32
  otp = otp[-32,32] if otp.length > 32
31
33
 
32
- raise InvalidOTPError, 'OTP must be at least 32 characters of modhex' unless otp.modhex? && otp.length >= 32
33
- raise InvalidKeyError, 'Key must be 32 hex characters' unless key.hex? && key.length == 32
34
-
35
-
36
34
  @token = Yubikey::ModHex.decode(otp[-32,32])
37
35
  @aes_key = key.to_bin
38
36
 
data/lib/yubikey/otp_verify.rb CHANGED
@@ -1,10 +1,10 @@
1
1
  require 'base64'
2
2
  require 'securerandom'
3
+ require "net/http"
4
+ require "uri"
3
5
 
4
6
  module Yubikey
5
7
 
6
- API_URL = 'https://api.yubico.com/wsapi/2.0/'
7
-
8
8
  class OTP::Verify
9
9
  # The raw status from the Yubico server
10
10
  attr_reader :status
@@ -12,14 +12,18 @@ module Yubikey
12
12
  def initialize(args)
13
13
  @api_key = args[:api_key] || Yubikey.api_key
14
14
  @api_id = args[:api_id] || Yubikey.api_id
15
+
15
16
  raise(ArgumentError, "Must supply API ID") if @api_id.nil?
16
17
  raise(ArgumentError, "Must supply API Key") if @api_key.nil?
17
-
18
18
  raise(ArgumentError, "Must supply OTP") if args[:otp].nil?
19
19
 
20
- @url = args[:url] || API_URL
20
+ @url = args[:url] || Yubikey.url
21
21
  @nonce = args[:nonce] || OTP::Verify.generate_nonce(32)
22
-
22
+
23
+ @certificate_chain = args[:certificate_chain] || Yubikey.certificate_chain
24
+ @cert_store = OpenSSL::X509::Store.new
25
+ @cert_store.add_file @certificate_chain
26
+
23
27
  verify(args)
24
28
  end
25
29
 
@@ -41,7 +45,8 @@ module Yubikey
41
45
 
42
46
  http = Net::HTTP.new(uri.host, uri.port)
43
47
  http.use_ssl = true
44
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE
48
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
49
+ http.cert_store = @cert_store
45
50
 
46
51
  req = Net::HTTP::Get.new(uri.request_uri)
47
52
  result = http.request(req).body
@@ -59,7 +64,6 @@ module Yubikey
59
64
  end
60
65
 
61
66
  def verify_response(result)
62
-
63
67
  signature = result[/^h=(.+)$/, 1].strip
64
68
  returned_nonce = result[/nonce=(.+)$/, 1]
65
69
  returned_nonce.strip! unless returned_nonce.nil?
metadata CHANGED
@@ -1,8 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yubikey
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
5
- prerelease:
4
+ version: 1.4.0
6
5
  platform: ruby
7
6
  authors:
8
7
  - Jonathan Rudenberg
@@ -32,6 +31,7 @@ files:
32
31
  - README.md
33
32
  homepage: https://github.com/titanous/yubikey
34
33
  licenses: []
34
+ metadata: {}
35
35
  post_install_message:
36
36
  rdoc_options:
37
37
  - --title
@@ -41,21 +41,20 @@ rdoc_options:
41
41
  require_paths:
42
42
  - lib
43
43
  required_ruby_version: !ruby/object:Gem::Requirement
44
- none: false
45
44
  requirements:
46
- - - ! '>='
45
+ - - '>='
47
46
  - !ruby/object:Gem::Version
48
47
  version: '0'
49
48
  required_rubygems_version: !ruby/object:Gem::Requirement
50
- none: false
51
49
  requirements:
52
- - - ! '>='
50
+ - - '>='
53
51
  - !ruby/object:Gem::Version
54
52
  version: '0'
55
53
  requirements: []
56
54
  rubyforge_project: yubikey
57
- rubygems_version: 1.8.25
55
+ rubygems_version: 2.0.14
58
56
  signing_key:
59
- specification_version: 3
57
+ specification_version: 4
60
58
  summary: Yubikey library for Ruby
61
59
  test_files: []
60
+ has_rdoc: