yubikey 1.3.1 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +7 -0
  2. data/lib/yubikey/configuration.rb +15 -5
  3. data/lib/yubikey/otp.rb +2 -4
  4. data/lib/yubikey/otp_verify.rb +11 -7
  5. metadata +7 -8
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e4aaad8f3b9a983633ccfe8f0b0a1ad3cfef9e8c
4
+ data.tar.gz: f2ed25594b25522b8110ce194b25852d5743bacb
5
+ SHA512:
6
+ metadata.gz: 7eae97ec5cca53de8b555e582a296191a1b91b86db8e89a7a33345e6bff11bb8296a891c9793089b1a379c47f6323aa31609ffa1d4be889484c249beb34c04ab
7
+ data.tar.gz: f1c7c525aa464b54072d46cdc17f83a93e9ac33da1dd4f9bbf1a147740b10ffa4d679d91d5ea96e7131f8d5c23d365da7006e265a53f1a75289ab6c4af630807
data/lib/yubikey/configuration.rb CHANGED
@@ -4,14 +4,22 @@ module Yubikey
4
4
  # An array of valid keys in the options hash when configuring a Yubikey::OTP::Verify
5
5
  VALID_OPTIONS_KEYS = [
6
6
  :api_id,
7
+ :url,
7
8
  :api_key,
9
+ :certificate_chain,
8
10
  ].freeze
9
11
 
12
+ # By default, we want to point to Yubicloud
13
+ DEFAULT_API_URL = 'https://api.yubico.com/wsapi/2.0/'
14
+
10
15
  # By default, don't have an api_id
11
- DEFAULT_API_ID = nil
16
+ DEFAULT_API_ID = nil
12
17
 
13
18
  # By default, don't have an api_key
14
- DEFAULT_API_KEY = nil
19
+ DEFAULT_API_KEY = nil
20
+
21
+ # Default location of the Yubico certificate chain
22
+ DEFAULT_CERTIFICATE_CHAIN = File.join(File.dirname(__FILE__), '../cert/chain.pem')
15
23
 
16
24
  # @private
17
25
  attr_accessor *VALID_OPTIONS_KEYS
@@ -35,8 +43,10 @@ module Yubikey
35
43
 
36
44
  # Reset all configuration options to defaults
37
45
  def reset
38
- self.api_id = DEFAULT_API_ID
39
- self.api_key = DEFAULT_API_KEY
46
+ self.api_id = DEFAULT_API_ID
47
+ self.url = DEFAULT_API_URL
48
+ self.api_key = DEFAULT_API_KEY
49
+ self.certificate_chain = DEFAULT_CERTIFICATE_CHAIN
40
50
  end
41
51
  end
42
- end
52
+ end
data/lib/yubikey/otp.rb CHANGED
@@ -22,6 +22,8 @@ class Yubikey::OTP
22
22
  # [+otp+] ModHex encoded Yubikey OTP (at least 32 characters)
23
23
  # [+key+] 32-character hex AES key
24
24
  def initialize(otp, key)
25
+ raise InvalidOTPError, 'OTP must be at least 32 characters of modhex' unless otp.modhex? && otp.length >= 32
26
+ raise InvalidKeyError, 'Key must be 32 hex characters' unless key.hex? && key.length == 32
25
27
 
26
28
  # Get the public ID first
27
29
  @public_id = otp[0, 12]
@@ -29,10 +31,6 @@ class Yubikey::OTP
29
31
  # Strip prefix so otp will decode (following from yubico-c library)
30
32
  otp = otp[-32,32] if otp.length > 32
31
33
 
32
- raise InvalidOTPError, 'OTP must be at least 32 characters of modhex' unless otp.modhex? && otp.length >= 32
33
- raise InvalidKeyError, 'Key must be 32 hex characters' unless key.hex? && key.length == 32
34
-
35
-
36
34
  @token = Yubikey::ModHex.decode(otp[-32,32])
37
35
  @aes_key = key.to_bin
38
36
 
data/lib/yubikey/otp_verify.rb CHANGED
@@ -1,10 +1,10 @@
1
1
  require 'base64'
2
2
  require 'securerandom'
3
+ require "net/http"
4
+ require "uri"
3
5
 
4
6
  module Yubikey
5
7
 
6
- API_URL = 'https://api.yubico.com/wsapi/2.0/'
7
-
8
8
  class OTP::Verify
9
9
  # The raw status from the Yubico server
10
10
  attr_reader :status
@@ -12,14 +12,18 @@ module Yubikey
12
12
  def initialize(args)
13
13
  @api_key = args[:api_key] || Yubikey.api_key
14
14
  @api_id = args[:api_id] || Yubikey.api_id
15
+
15
16
  raise(ArgumentError, "Must supply API ID") if @api_id.nil?
16
17
  raise(ArgumentError, "Must supply API Key") if @api_key.nil?
17
-
18
18
  raise(ArgumentError, "Must supply OTP") if args[:otp].nil?
19
19
 
20
- @url = args[:url] || API_URL
20
+ @url = args[:url] || Yubikey.url
21
21
  @nonce = args[:nonce] || OTP::Verify.generate_nonce(32)
22
-
22
+
23
+ @certificate_chain = args[:certificate_chain] || Yubikey.certificate_chain
24
+ @cert_store = OpenSSL::X509::Store.new
25
+ @cert_store.add_file @certificate_chain
26
+
23
27
  verify(args)
24
28
  end
25
29
 
@@ -41,7 +45,8 @@ module Yubikey
41
45
 
42
46
  http = Net::HTTP.new(uri.host, uri.port)
43
47
  http.use_ssl = true
44
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE
48
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
49
+ http.cert_store = @cert_store
45
50
 
46
51
  req = Net::HTTP::Get.new(uri.request_uri)
47
52
  result = http.request(req).body
@@ -59,7 +64,6 @@ module Yubikey
59
64
  end
60
65
 
61
66
  def verify_response(result)
62
-
63
67
  signature = result[/^h=(.+)$/, 1].strip
64
68
  returned_nonce = result[/nonce=(.+)$/, 1]
65
69
  returned_nonce.strip! unless returned_nonce.nil?
metadata CHANGED
@@ -1,8 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yubikey
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
5
- prerelease:
4
+ version: 1.4.0
6
5
  platform: ruby
7
6
  authors:
8
7
  - Jonathan Rudenberg
@@ -32,6 +31,7 @@ files:
32
31
  - README.md
33
32
  homepage: https://github.com/titanous/yubikey
34
33
  licenses: []
34
+ metadata: {}
35
35
  post_install_message:
36
36
  rdoc_options:
37
37
  - --title
@@ -41,21 +41,20 @@ rdoc_options:
41
41
  require_paths:
42
42
  - lib
43
43
  required_ruby_version: !ruby/object:Gem::Requirement
44
- none: false
45
44
  requirements:
46
- - - ! '>='
45
+ - - '>='
47
46
  - !ruby/object:Gem::Version
48
47
  version: '0'
49
48
  required_rubygems_version: !ruby/object:Gem::Requirement
50
- none: false
51
49
  requirements:
52
- - - ! '>='
50
+ - - '>='
53
51
  - !ruby/object:Gem::Version
54
52
  version: '0'
55
53
  requirements: []
56
54
  rubyforge_project: yubikey
57
- rubygems_version: 1.8.25
55
+ rubygems_version: 2.0.14
58
56
  signing_key:
59
- specification_version: 3
57
+ specification_version: 4
60
58
  summary: Yubikey library for Ruby
61
59
  test_files: []
60
+ has_rdoc: