nov

require 'openssl'

expired = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ

nov

nov-matake@nov ~$ curl https://userinfo.yahooapis.jp
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in

nov

nov.matake@tovl ~$ openssl s_client -connect userinfo.yahooapis.jp:443 -showcerts
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=JP/ST=Tokyo/L=Minato-Ku/O=Yahoo Japan Corporation/CN=*.yahooapis.jp
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
-----BEGIN CERTIFICATE-----

nov

require 'openssl'

root_cert = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ

nov

if (!crypto.subtle) {
  crypto.subtle = crypto.webkitSubtle
}

// Encrypt some data using AES-CBC and alert() the result:
// ----------------------------------------
var keyBytes1 = asciiToArrayBufferView("raw key bytes 1.");
crypto.subtle.importKey('raw', keyBytes1, {name: 'aes-cbc'}, false, ['encrypt', 'decrypt']).then(function(key) {
  // Initialization vector of all zeros.
  var iv = asciiToArrayBufferView("16 bytes of iv..");

nov

nov.matake@tovl ~$ curl -I https://www.iknow.jp/open_ids
HTTP/1.1 302 Moved Temporarily
Content-length: 160
Content-Type: text/html
Date: Thu, 08 May 2014 03:53:33 GMT
Location: https://iknow.jp/open_ids
Server: nginx/1.4.4
X-Frame-Options: SAMEORIGIN
Connection: keep-alive

nov

nov.matake@tovl ~$ curl https://iknow.jp/discovery.xrds
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)">
  <XRD>
    <Service priority="0">
      <Type>http://specs.openid.net/auth/2.0/return_to</Type>
      <URI>https://iknow.jp/open_ids?_method=GET</URI>
    </Service>
    <Service priority="10">
      <Type>http://specs.openid.net/extensions/ui/icon</Type>

nov

nov.matake@tovl ~$ curl -I https://iknow.jp/open_ids
HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-length: 248
Content-Type: text/html; charset=utf-8
Date: Thu, 08 May 2014 03:00:19 GMT
ETag: "d7f555eab7c746d1f7d362f1188832cc"
P3P: CP="CAO CURa ADMa DEVa TAIa IVAa HISa OUR BUS UNI NAV INT"
Server: nginx/1.4.4
Set-Cookie: csid=cffb1060b88a013140000a18ce984607; path=/; expires=Sun, 08-Jun-2014 03:00:19 GMT

nov

require 'openid_connect'

private_key = OpenSSL::PKey::RSA.generate(2048)

client = Rack::OAuth2::Client.new(
  identifier: 'client.example.com',
  host: 'server.example.com',
  redirect_uri: 'myapp://callback'
)

nov

require 'openid_connect'

private_key = SecureStorage.device_key_pair

client = Rack::OAuth2::Client.new(
  identifier: 'client.example.com',
  host: 'server.example.com',
  redirect_uri: 'myapp://callback'
)