diff --git a/spec/conformance/MDSROOT.crt b/spec/conformance/MDSROOT.crt index 8afb2190..46d19c7f 100644 --- a/spec/conformance/MDSROOT.crt +++ b/spec/conformance/MDSROOT.crt @@ -1,21 +1,29 @@ +!!!!!DO NOT DYNAMICALLY FETCH THIS CERTIFICATE!!!!! +!!!!!ADD THIS CERTIFICATE DIRECTLY TO YOUR CERTIFICATE STORAGE OR SOURCE CODE!!!!! + +FIDO Alliance Certification TEST Metadata Service Root Certificate +Expected page status: Valid +CN=FAKE Root FAKE +OU=FAKE Metadata 3 BLOB Signing FAKE +O=FIDO Alliance +C=US +Serial number=04 5A 1C 22 66 A1 4F 3F 1F 4D 29 55 12 23 15 +Valid from=01 February 2017 +Valid to=31 January 2045 + +Base64 -----BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- +MIICaDCCAe6gAwIBAgIPBCqih0DiJLW7+UHXx/o1MAoGCCqGSM49BAMDMGcxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMScwJQYDVQQLDB5GQUtF +IE1ldGFkYXRhIDMgQkxPQiBST09UIEZBS0UxFzAVBgNVBAMMDkZBS0UgUm9vdCBG +QUtFMB4XDTE3MDIwMTAwMDAwMFoXDTQ1MDEzMTIzNTk1OVowZzELMAkGA1UEBhMC +VVMxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxJzAlBgNVBAsMHkZBS0UgTWV0YWRh +dGEgMyBCTE9CIFJPT1QgRkFLRTEXMBUGA1UEAwwORkFLRSBSb290IEZBS0UwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAASKYiz3YltC6+lmxhPKwA1WFZlIqnX8yL5RybSL +TKFAPEQeTD9O6mOz+tg8wcSdnVxHzwnXiQKJwhrav70rKc2ierQi/4QUrdsPes8T +EirZOkCVJurpDFbXZOgs++pa4XmjYDBeMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBQGcfeCs0Y8D+lh6U5B2xSrR74eHTAfBgNVHSMEGDAW +gBQGcfeCs0Y8D+lh6U5B2xSrR74eHTAKBggqhkjOPQQDAwNoADBlAjEA/xFsgri0 +xubSa3y3v5ormpPqCwfqn9s0MLBAtzCIgxQ/zkzPKctkiwoPtDzI51KnAjAmeMyg +X2S5Ht8+e+EQnezLJBJXtnkRWY+Zt491wgt/AwSs5PHHMv5QgjELOuMxQBc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/spec/conformance/conformance_cache_store.rb b/spec/conformance/conformance_cache_store.rb index 68c2ee8b..cbc89208 100644 --- a/spec/conformance/conformance_cache_store.rb +++ b/spec/conformance/conformance_cache_store.rb @@ -6,7 +6,6 @@ class ConformanceCacheStore < FidoMetadata::TestCacheStore FILENAME = "metadata.zip" - METADATA_ENDPOINT = URI("https://mds.fidoalliance.org/") def setup_authenticators puts("#{FILENAME} not found, this will affect Metadata Service Test results.") unless File.exist?(FILENAME) @@ -19,11 +18,27 @@ def setup_authenticators end end - def setup_metadata_store + def setup_metadata_store(endpoint) puts("Setting up metadata store TOC") + response = Net::HTTP.post( + URI("https://mds3.fido.tools/getEndpoints"), + { endpoint: endpoint }.to_json, + FidoMetadata::Client::DEFAULT_HEADERS + ) + + response.value + possible_endpoints = JSON.parse(response.body)["result"] + client = FidoMetadata::Client.new - json = client.download_toc(METADATA_ENDPOINT, trusted_certs: conformance_certificates) + + json = + possible_endpoints.each_with_index do |uri, index| + puts("Trying endpoint #{index}: #{uri}") + break client.download_toc(URI(uri), algorithms: ["ES256"], trusted_certs: conformance_certificates) + rescue FidoMetadata::Client::DataIntegrityError, JWT::VerificationError, Net::HTTPFatalError + nil + end if json.is_a?(Hash) && json.keys == ["legalHeader", "no", "nextUpdate", "entries"] puts("TOC setup done!") diff --git a/spec/conformance/server.rb b/spec/conformance/server.rb index 6911223f..e4abecea 100644 --- a/spec/conformance/server.rb +++ b/spec/conformance/server.rb @@ -44,7 +44,7 @@ def self.registered_for(username) MDSFinder.new.tap do |mds| mds.cache_backend = ConformanceCacheStore.new mds.cache_backend.setup_authenticators - mds.cache_backend.setup_metadata_store + mds.cache_backend.setup_metadata_store("http://#{host}:#{settings.port}") end relying_party = WebAuthn::RelyingParty.new(