safety_net_attestation-0.5.0/0000755000004100000410000000000015065647424016341 5ustar www-datawww-datasafety_net_attestation-0.5.0/Gemfile.lock0000644000004100000410000000424715065647424020572 0ustar www-datawww-dataPATH remote: . specs: safety_net_attestation (0.5.0) jwt (>= 2.0, < 4.0) GEM remote: https://rubygems.org/ specs: appraisal (2.5.0) bundler rake thor (>= 0.14.0) ast (2.4.3) base64 (0.3.0) byebug (12.0.0) coderay (1.1.3) date (3.4.1) diff-lcs (1.6.2) erb (5.0.2) io-console (0.8.1) irb (1.15.2) pp (>= 0.6.0) rdoc (>= 4.0.0) reline (>= 0.4.2) json (2.14.1) jwt (3.1.2) base64 language_server-protocol (3.17.0.5) lint_roller (1.1.0) method_source (1.1.0) parallel (1.27.0) parser (3.3.9.0) ast (~> 2.4.1) racc pp (0.6.2) prettyprint prettyprint (0.2.0) prism (1.5.1) pry (0.15.2) coderay (~> 1.1) method_source (~> 1.0) pry-byebug (3.11.0) byebug (~> 12.0) pry (>= 0.13, < 0.16) psych (5.2.6) date stringio racc (1.8.1) rainbow (3.1.1) rake (13.3.0) rdoc (6.14.2) erb psych (>= 4.0.0) regexp_parser (2.11.3) reline (0.6.2) io-console (~> 0.5) rspec (3.13.1) rspec-core (~> 3.13.0) rspec-expectations (~> 3.13.0) rspec-mocks (~> 3.13.0) rspec-core (3.13.5) rspec-support (~> 3.13.0) rspec-expectations (3.13.5) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-mocks (3.13.5) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.6) rubocop (1.80.2) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.9.3, < 3.0) rubocop-ast (>= 1.46.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 4.0) rubocop-ast (1.46.0) parser (>= 3.3.7.2) prism (~> 1.4) ruby-progressbar (1.13.0) stringio (3.1.7) thor (1.4.0) unicode-display_width (3.2.0) unicode-emoji (~> 4.1) unicode-emoji (4.1.0) PLATFORMS ruby DEPENDENCIES appraisal bundler irb pry-byebug rspec (~> 3.8) rubocop (~> 1.80) safety_net_attestation! BUNDLED WITH 2.7.1 safety_net_attestation-0.5.0/bin/0000755000004100000410000000000015065647424017111 5ustar www-datawww-datasafety_net_attestation-0.5.0/bin/setup0000755000004100000410000000020315065647424020172 0ustar www-datawww-data#!/usr/bin/env bash set -euo pipefail IFS=$'\n\t' set -vx bundle install # Do any other automated setup that you need to do here safety_net_attestation-0.5.0/bin/rubocop0000755000004100000410000000150115065647424020505 0ustar www-datawww-data#!/usr/bin/env ruby # frozen_string_literal: true # # This file was generated by Bundler. # # The application 'rubocop' is installed as part of a gem, and # this file is here to facilitate running it. # require "pathname" ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", Pathname.new(__FILE__).realpath) bundle_binstub = File.expand_path("bundle", __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ load(bundle_binstub) else abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") end end require "rubygems" require "bundler/setup" load Gem.bin_path("rubocop", "rubocop") safety_net_attestation-0.5.0/bin/console0000755000004100000410000000060315065647424020500 0ustar www-datawww-data#!/usr/bin/env ruby # frozen_string_literal: true require "bundler/setup" require "safety_net_attestation" # You can add fixtures and/or initialization code here to make experimenting # with your gem easier. You can also use a different console, if you like. # (If you use this, don't forget to add pry to your Gemfile!) # require "pry" # Pry.start require "irb" IRB.start(__FILE__) safety_net_attestation-0.5.0/bin/rspec0000755000004100000410000000150015065647424020147 0ustar www-datawww-data#!/usr/bin/env ruby # frozen_string_literal: true # # This file was generated by Bundler. # # The application 'rspec' is installed as part of a gem, and # this file is here to facilitate running it. # require "pathname" ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", Pathname.new(__FILE__).realpath) bundle_binstub = File.expand_path("bundle", __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ load(bundle_binstub) else abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") end end require "rubygems" require "bundler/setup" load Gem.bin_path("rspec-core", "rspec") safety_net_attestation-0.5.0/.gitignore0000644000004100000410000000020115065647424020322 0ustar www-datawww-data/.bundle/ /.yardoc /_yardoc/ /coverage/ /doc/ /pkg/ /spec/reports/ /tmp/ # rspec failure tracking .rspec_status gemfiles/*.locksafety_net_attestation-0.5.0/android_safety_net.gemspec0000644000004100000410000000262115065647424023550 0ustar www-datawww-data# frozen_string_literal: true require_relative "lib/safety_net_attestation/version" Gem::Specification.new do |spec| spec.name = "safety_net_attestation" spec.version = SafetyNetAttestation::VERSION spec.authors = ["Bart de Water"] spec.summary = "SafetyNet attestation response verification" spec.homepage = "https://github.com/bdewater/safety_net_attestation" spec.license = "MIT" if spec.respond_to?(:metadata) spec.metadata["homepage_uri"] = spec.homepage spec.metadata["source_code_uri"] = spec.homepage spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/master/CHANGELOG.md" end # Specify which files should be added to the gem when it is released. # The `git ls-files -z` loads the files in the RubyGem that have been added into git. spec.files = Dir.chdir(File.expand_path(__dir__)) do `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } end spec.bindir = "exe" spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] spec.required_ruby_version = ">= 2.3" spec.add_dependency "jwt", ">= 2.0", "< 4.0" spec.add_development_dependency "appraisal" spec.add_development_dependency "bundler" spec.add_development_dependency "irb" spec.add_development_dependency "pry-byebug" spec.add_development_dependency "rspec", "~> 3.8" end safety_net_attestation-0.5.0/.github/0000755000004100000410000000000015065647424017701 5ustar www-datawww-datasafety_net_attestation-0.5.0/.github/workflows/0000755000004100000410000000000015065647424021736 5ustar www-datawww-datasafety_net_attestation-0.5.0/.github/workflows/ci.yml0000644000004100000410000000243515065647424023060 0ustar www-datawww-data# This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. # This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake # For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby name: build on: push jobs: test: runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: ruby: - '3.4' - '3.3' - '3.2' - '3.1' - '3.0' - '2.7' - '2.6' - '2.5' - '2.4' gemfile: - jwt_2 - jwt_3 exclude: - ruby: '2.4' gemfile: jwt_3 env: BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile steps: - uses: actions/checkout@v5 - run: rm Gemfile.lock - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - run: bundle exec rake lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - uses: ruby/setup-ruby@v1 with: ruby-version: '3.4' bundler-cache: true - run: bundle exec rubocop safety_net_attestation-0.5.0/lib/0000755000004100000410000000000015065647424017107 5ustar www-datawww-datasafety_net_attestation-0.5.0/lib/safety_net_attestation.rb0000644000004100000410000000031515065647424024213 0ustar www-datawww-data# frozen_string_literal: true module SafetyNetAttestation GEM_ROOT = File.expand_path(__dir__) end require_relative "safety_net_attestation/statement" require_relative "safety_net_attestation/version" safety_net_attestation-0.5.0/lib/safety_net_attestation/0000755000004100000410000000000015065647424023667 5ustar www-datawww-datasafety_net_attestation-0.5.0/lib/safety_net_attestation/statement.rb0000644000004100000410000000535115065647424026224 0ustar www-datawww-data# frozen_string_literal: true require "jwt" require "openssl" require "time" require_relative "errors" require_relative "fixed_length_secure_compare" require_relative "x5c_key_finder" module SafetyNetAttestation class Statement GOOGLE_ROOT_CERTIFICATES = Dir.glob( File.join(SafetyNetAttestation::GEM_ROOT, "safety_net_attestation", "certificates", "*.*") ).map do |path| file = File.binread(path) OpenSSL::X509::Certificate.new(file) end.freeze using FixedLengthSecureCompare attr_reader :json def initialize(jws_result) @jws_result = jws_result end def verify(nonce, timestamp_leeway: 60, trusted_certificates: GOOGLE_ROOT_CERTIFICATES, time: Time.now) certificate_chain = nil response, _ = JWT.decode(@jws_result, nil, true, algorithms: ["ES256", "RS256"]) do |headers| x5c_certificates = headers["x5c"].map do |encoded| OpenSSL::X509::Certificate.new(Base64.strict_decode64(encoded)) end certificate_chain = X5cKeyFinder.from(x5c_certificates, trusted_certificates, time: time) certificate_chain.first.public_key end verify_certificate_subject(certificate_chain.first) verify_nonce(response, nonce) verify_timestamp(response, timestamp_leeway, time) @json = response @certificate_chain = certificate_chain self end def cts_profile_match? raise NotVerifiedError unless json json["ctsProfileMatch"] end def basic_integrity? raise NotVerifiedError unless json json["basicIntegrity"] end def apk_package_name raise NotVerifiedError unless json json["apkPackageName"] end def apk_certificate_digest_sha256 raise NotVerifiedError unless json json["apkCertificateDigestSha256"] end def error raise NotVerifiedError unless json json["error"] end def advice raise NotVerifiedError unless json json["advice"]&.split(",") end def certificate_chain raise NotVerifiedError unless json @certificate_chain end private def verify_certificate_subject(certificate) common_name = certificate.subject.to_a.assoc("CN") unless common_name[1] == "attest.android.com" raise CertificateSubjectError end end def verify_nonce(response, nonce) unless OpenSSL.fixed_length_secure_compare(nonce, response["nonce"]) raise NonceMismatchError end end def verify_timestamp(response, leeway, time) now = time.to_f response_time = response["timestampMs"] / 1000.0 unless response_time.between?(now - leeway, now + leeway) raise TimestampError, "not within #{leeway}s leeway" end end end end safety_net_attestation-0.5.0/lib/safety_net_attestation/fixed_length_secure_compare.rb0000644000004100000410000000115115065647424031726 0ustar www-datawww-data# frozen_string_literal: true require "openssl" module SafetyNetAttestation module FixedLengthSecureCompare unless OpenSSL.singleton_class.method_defined?(:fixed_length_secure_compare) refine OpenSSL.singleton_class do def fixed_length_secure_compare(a, b) # rubocop:disable Naming/MethodParameterName raise ArgumentError, "inputs must be of equal length" unless a.bytesize == b.bytesize # borrowed from Rack::Utils l = a.unpack("C*") r, i = 0, -1 b.each_byte { |v| r |= v ^ l[i += 1] } r == 0 end end end end end safety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/0000755000004100000410000000000015065647424026334 5ustar www-datawww-datasafety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/GSR2.crt0000644000004100000410000000167615065647424027575 0ustar www-datawww-data00 & 0  *H 0L1 0U GlobalSign Root CA - R210U  GlobalSign10U GlobalSign0 061215080000Z 211215080000Z0L1 0U GlobalSign Root CA - R210U  GlobalSign10U GlobalSign0"0  *H 0 $.o(EBī>!T p˿_Ӳ0\{` S{~sR{JI^Zz뾌鳬%J*/w|Ź:,Y}_^Ij9^4x lK} yM-!l[})ӔI$b ' +sƝ/M6zma\ QZί `_r`^J?!›00U0U00UWgjY-.06U/0-0+)'%http://crl.globalsign.net/root-r2.crl0U#0WgjY-.0  *H ShJD 'OCx ,[AdC-9Ң߷E--tVIOnDx9~yo5]mDmyF1~ n P_M ɠAjsSPn%LRَiވIޕ x`%@j~B8@d.safety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/GTSR1.crt0000644000004100000410000000253615065647424027714 0ustar www-datawww-data0Z0BnGKG 3Љ0  *H  0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R10 160622000000Z 360622000000Z0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R10"0  *H 0 w;ܿ>@<}2qۼj.K+΄ŗ^R#'ˤcי~ ^hZG M3NlK ߝd)%#=.` HMzY֯1.ml~&E=y(&ߑ"2cQr])h3:f&Wex'^I! lH<@~ ZV<їK9K?Un$qA=:Ȯz7B0@0U0U00U+&q+H'/Rf,q>0  *H  8 =_ 3+Ҏ At|7R2 a(D)5uw|ٽth1 )`sG|SJ'Kן6Κh o_\q}{/~6֗p \Vj3I8 }Y^jݡdDQ!f>G(%f5\ ,bZ)J|Zr9зwyi:7n8eF~`y_8[ȆmvInm_'v@X\,BB{4E>acPI4jnGAB)` 1c#ZH͊ϙٞ6hKqI6(:=Κ%qa+{%1_~jvr 6//pĒ@l%~{ ܲDhutZ| K b1QltI|< CNՓ46 d9Lȩb=@435,s'ru;"ޘhf[cGUQuH%safety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/GTSR3.crt0000644000004100000410000000102015065647424027701 0ustar www-datawww-data0 0nGls$@Uݍ0 *H=0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R30 160622000000Z 360622000000Z0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R30v0*H=+"bO33)!XAV+KL'&Qro֣EF~~/qEAUn+&KTE lD 2'B0@0U0U00U&-* g0 *H=i0f1[|#,ܾo#eR^ȝrtS }@h`T;6%15t%Q$dR$PvnS)Ӄ#ɤ{a]safety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/GTSR4.crt0000644000004100000410000000101615065647424027707 0ustar www-datawww-data0 0nGȋ;*آ0 *H=0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R40 160622000000Z 360622000000Z0G1 0 UUS1"0 U Google Trust Services LLC10U GTS Root R40v0*H=+"btsh`C5Ł0{KIaFka5@s0Z<|@v;ƸG*璑jsr9)_^Xee܋sȌj/īB0@0U0U00ULtI6>j0 *H=g0d0jPRtpܞPt!z!On"5a-7m۲}4`,4o 0q` jhd|^y-#]qMȔusafety_net_attestation-0.5.0/lib/safety_net_attestation/certificates/GSR4.crt0000644000004100000410000000074515065647424027573 0ustar www-datawww-data00*8 B( 40 *H=0P1$0"U GlobalSign ECC Root CA - R410U  GlobalSign10U GlobalSign0 121113000000Z 380119031407Z0P1$0"U GlobalSign ECC Root CA - R410U  GlobalSign10U GlobalSign0Y0*H=*H=Byӏl%.99 cWWBseBns!q?ԹΌB0@0U0U00UT{E@ n3<0 *H=H0E!ܒ!W-E{UbR@GtZc( Vw@&y%>aQKQE̅ h>P8z$b 7mjM XN硭6k$9PҁF_bW,ldnT_-gcω7 zP "YRCVRMF'q$چ ~k ej腋:Uu~f!s5D =[^o*у#fmp2/R",`]/ïEÄ,ROݣԆ safety_net_attestation-0.5.0/lib/safety_net_attestation/x5c_key_finder.rb0000644000004100000410000000156515065647424027121 0ustar www-datawww-data# frozen_string_literal: true require "base64" require_relative "errors" module SafetyNetAttestation class SignatureError < Error; end class X5cKeyFinder def self.from(x5c_certificates, trusted_certificates, time: Time.now) store = OpenSSL::X509::Store.new trusted_certificates.each { |certificate| store.add_cert(certificate) } signing_certificate, *certificate_chain = x5c_certificates store_context = OpenSSL::X509::StoreContext.new(store, signing_certificate, certificate_chain) store_context.time = time if store_context.verify store_context.chain else error = "Certificate verification failed: #{store_context.error_string}." error = "#{error} Certificate subject: #{store_context.current_cert.subject}." if store_context.current_cert raise SignatureError, error end end end end safety_net_attestation-0.5.0/lib/safety_net_attestation/version.rb0000644000004100000410000000012315065647424025675 0ustar www-datawww-data# frozen_string_literal: true module SafetyNetAttestation VERSION = "0.5.0" end safety_net_attestation-0.5.0/lib/safety_net_attestation/errors.rb0000644000004100000410000000040115065647424025523 0ustar www-datawww-data# frozen_string_literal: true module SafetyNetAttestation class Error < StandardError; end class NotVerifiedError < Error; end class NonceMismatchError < Error; end class TimestampError < Error; end class CertificateSubjectError < Error; end end safety_net_attestation-0.5.0/Appraisals0000644000004100000410000000021615065647424020362 0ustar www-datawww-data# frozen_string_literal: true appraise "jwt_2" do gem "jwt", "~> 2.0", "< 3.0" end appraise "jwt_3" do gem "jwt", "~> 3.0", "< 4.0" end safety_net_attestation-0.5.0/gemfiles/0000755000004100000410000000000015065647424020134 5ustar www-datawww-datasafety_net_attestation-0.5.0/gemfiles/jwt_3.gemfile0000644000004100000410000000017115065647424022513 0ustar www-datawww-data# This file was generated by Appraisal source "https://rubygems.org" gem "jwt", "~> 3.0", "< 4.0" gemspec path: "../" safety_net_attestation-0.5.0/gemfiles/jwt_2.gemfile0000644000004100000410000000017115065647424022512 0ustar www-datawww-data# This file was generated by Appraisal source "https://rubygems.org" gem "jwt", "~> 2.0", "< 3.0" gemspec path: "../" safety_net_attestation-0.5.0/.rspec0000644000004100000410000000006515065647424017457 0ustar www-datawww-data--format documentation --color --require spec_helper safety_net_attestation-0.5.0/Rakefile0000644000004100000410000000022115065647424020001 0ustar www-datawww-data# frozen_string_literal: true require "bundler/gem_tasks" require "rspec/core/rake_task" RSpec::Core::RakeTask.new(:spec) task default: :spec safety_net_attestation-0.5.0/CODE_OF_CONDUCT.md0000644000004100000410000000623515065647424021146 0ustar www-datawww-data# Contributor Covenant Code of Conduct ## Our Pledge In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. ## Our Standards Examples of behavior that contributes to creating a positive environment include: * Using welcoming and inclusive language * Being respectful of differing viewpoints and experiences * Gracefully accepting constructive criticism * Focusing on what is best for the community * Showing empathy towards other community members Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery and unwelcome sexual attention or advances * Trolling, insulting/derogatory comments, and personal or political attacks * Public or private harassment * Publishing others' private information, such as a physical or electronic address, without explicit permission * Other conduct which could reasonably be considered inappropriate in a professional setting ## Our Responsibilities Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. ## Scope This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at bartdewater@gmail.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/4/ safety_net_attestation-0.5.0/Gemfile0000644000004100000410000000037115065647424017635 0ustar www-datawww-data# frozen_string_literal: true source "https://rubygems.org" # Specify your gem's dependencies in safety_net_attestation.gemspec gemspec if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.4.0") gem "rubocop", "~> 1.80", require: false end safety_net_attestation-0.5.0/README.md0000644000004100000410000000545215065647424017626 0ustar www-datawww-data# SafetyNetAttestation A Ruby gem to verify SafetyNet attestation statements from Google Play Services on your server. This gem verifies that the statement: - has a valid signature that is trusted using certificates from https://pki.goog/ - has the correct nonce - has been generated recently (default allowed leeway from current time is 60 seconds) - has a signing certificate with the correct subject With a valid statement your application can then inspect the information contained about the device integrity, calling app, and if applicable any integrity errors and potential solutions (see usage). ## Installation Add this line to your application's Gemfile: ```ruby gem 'safety_net_attestation' ``` And then execute: $ bundle install Or install it yourself as: $ gem install safety_net_attestation ## Usage Request an attestation statement as described in the [Android developer documentation](https://developer.android.com/training/safetynet/attestation#request-attestation-process) and send the JWS response to your server application. In your server application code, do the following: ```ruby require "safety_net_attestation" statement = begin SafetyNetAttestation::Statement.new(jws_response).verify(nonce) rescue SafetyNetAttestation::Error => e # Statement is not valid, you should abort end statement.json # => {"apkPackageName": "com.package.name.of.requesting.app", "ctsProfileMatch": true, ... } # snake cased convenience methods are available after #verify call succeeded, use these to make your specific checks: statement.cts_profile_match? # => true statement.basic_integrity? # => true statement.apk_package_name # => "com.package.name.of.requesting.app" statement.apk_certificate_digest_sha256 # => ["..."] statement.error # => nil statement.advice # => nil ``` ## Development After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/bdewater/safety_net_attestation. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. ## License The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). The gem and its authors are unaffiliated with Google. safety_net_attestation-0.5.0/.rubocop.yml0000644000004100000410000000514215065647424020615 0ustar www-datawww-datainherit_mode: merge: - AllowedNames AllCops: TargetRubyVersion: 2.3 DisabledByDefault: true Exclude: - "gemfiles/**/*" - "vendor/**/*" Bundler: Enabled: true Gemspec: Enabled: true Layout: Enabled: true Lint: Enabled: true Layout/LineLength: Max: 120 Naming: Enabled: true Security: Enabled: true Style/BlockComments: Enabled: true Style/CaseEquality: Enabled: true Style/ClassAndModuleChildren: Enabled: true Style/ClassMethods: Enabled: true Style/ClassVars: Enabled: true Style/CommentAnnotation: Enabled: true Style/ConditionalAssignment: Enabled: true Style/DefWithParentheses: Enabled: true Style/Dir: Enabled: true Style/EachForSimpleLoop: Enabled: true Style/EachWithObject: Enabled: true Style/EmptyBlockParameter: Enabled: true Style/EmptyCaseCondition: Enabled: true Style/EmptyElse: Enabled: true Style/EmptyLambdaParameter: Enabled: true Style/EmptyLiteral: Enabled: true Style/EvenOdd: Enabled: true Style/ExpandPathArguments: Enabled: true Style/For: Enabled: true Style/FrozenStringLiteralComment: Enabled: true Style/GlobalVars: Enabled: true Style/HashSyntax: Enabled: true Style/IdenticalConditionalBranches: Enabled: true Style/IfInsideElse: Enabled: true Style/InverseMethods: Enabled: true Style/MethodCallWithoutArgsParentheses: Enabled: true Style/MethodDefParentheses: Enabled: true Style/MultilineMemoization: Enabled: true Style/MutableConstant: Enabled: true Style/NestedParenthesizedCalls: Enabled: true Style/OptionalArguments: Enabled: true Style/ParenthesesAroundCondition: Enabled: true Style/RedundantBegin: Enabled: true Style/RedundantConditional: Enabled: true Style/RedundantException: Enabled: true Style/RedundantFreeze: Enabled: true Style/RedundantParentheses: Enabled: true Style/RedundantReturn: Enabled: true Style/RedundantSelf: Enabled: true Style/Semicolon: Enabled: true Style/SingleLineMethods: Enabled: true Style/SpecialGlobalVars: Enabled: true Style/SymbolLiteral: Enabled: true Style/StringLiterals: Enabled: true EnforcedStyle: double_quotes Style/TrailingBodyOnClass: Enabled: true Style/TrailingBodyOnMethodDefinition: Enabled: true Style/TrailingBodyOnModule: Enabled: true Style/TrailingMethodEndStatement: Enabled: true Style/TrivialAccessors: Enabled: true Style/RedundantInterpolation: Enabled: true Style/RedundantPercentQ: Enabled: true Style/UnpackFirst: Enabled: true Style/YodaCondition: Enabled: true Style/ZeroLengthPredicate: Enabled: true Layout/BlockAlignment: Enabled: false safety_net_attestation-0.5.0/CHANGELOG.md0000644000004100000410000000324315065647424020154 0ustar www-datawww-data# Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ## [0.5.0] - 2025-09-22 ### Changed - Update `jwt` dependency to support both v2 and v3. ([#23](https://github.com/cedarcode/safety_net_attestation/pull/7)) ## [0.4.0] - 2019-12-29 ### Fixed - Root certificate loading when this gem is used as a dependency ### Changed - Rename `Statement#certificates` to `Statement#certificate_chain` ## [0.3.0] - 2019-12-29 ### Added - `Statement#certificates` exposes the certificate chain used during verification - `Statement#verify` takes an optional `time` argument, defaulting to the current time. This can be used for testing captured statements from real devices without needing stubbing. ## [0.2.0] - 2019-12-28 ### Fixed - Fixed loading bundled root certificates ## [0.1.0] - 2019-12-28 ### Added - Extracted from [webauthn-ruby](https://github.com/cedarcode/webauthn-ruby) after discussion with the maintainers. Thanks for the feedback @grzuy and @brauliomartinezlm! [Unreleased]: https://github.com/cedarcode/safety_net_attestation/compare/v0.5.0...HEAD [0.5.0]: https://github.com/cedarcode/safety_net_attestation/compare/v0.4.0...v0.5.0 [0.4.0]: https://github.com/cedarcode/safety_net_attestation/compare/v0.3.0...v0.4.0 [0.3.0]: https://github.com/cedarcode/safety_net_attestation/compare/v0.2.0...v0.3.0 [0.2.0]: https://github.com/cedarcode/safety_net_attestation/compare/v0.1.0...v0.2.0 [0.1.0]: https://github.com/cedarcode/safety_net_attestation/releases/tag/v0.1.0