Class: FidoMetadata::Client

Inherits:
Object
  • Object
show all
Defined in:
lib/fido_metadata/client.rb

Defined Under Namespace

Classes: DataIntegrityError, InvalidHashError, UnverifiedSigningKeyError

Constant Summary collapse

DEFAULT_HEADERS = 
{
  "Content-Type" => "application/json",
  "User-Agent" => "fido_metadata/#{FidoMetadata::VERSION} (Ruby)"
}.freeze
FIDO_ROOT_CERTIFICATES = 
[OpenSSL::X509::Certificate.new(
  File.read(File.join(__dir__, "..", "Root.cer"))
)].freeze

Instance Method Summary collapse

Instance Method Details

#download_toc(uri, algorithms: ["RS256"], trusted_certs: FIDO_ROOT_CERTIFICATES) ⇒ Object 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/fido_metadata/client.rb', line 26

def download_toc(uri, algorithms: ["RS256"], trusted_certs: FIDO_ROOT_CERTIFICATES)
  response = get(uri)
  payload, _ = JWT.decode(response, nil, true, algorithms: algorithms) do |headers|
    jwt_certificates = headers["x5c"].map do |encoded|
      OpenSSL::X509::Certificate.new(Base64.strict_decode64(encoded))
    end
    crls = download_crls(jwt_certificates)

    begin
      X5cKeyFinder.from(jwt_certificates, trusted_certs, crls)
    rescue JWT::VerificationError => e
      raise(UnverifiedSigningKeyError, e.message)
    end
  end
  payload
end