feature(conformanceTests): use MDS v3

cedarcode · Oct 13, 2023 · 7c50912 · 7c50912
1 parent a3223f4
commit 7c50912
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 35 deletions.
diff --git a/spec/conformance/MDSROOT.crt b/spec/conformance/MDSROOT.crt
@@ -1,15 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIICZzCCAe6gAwIBAgIPBF0rd3WL/GExWV/szYNVMAoGCCqGSM49BAMDMGcxCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMScwJQYDVQQLDB5GQUtF
-IE1ldGFkYXRhIFRPQyBTaWduaW5nIEZBS0UxFzAVBgNVBAMMDkZBS0UgUm9vdCBG
-QUtFMB4XDTE3MDIwMTAwMDAwMFoXDTQ1MDEzMTIzNTk1OVowZzELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxJzAlBgNVBAsMHkZBS0UgTWV0YWRh
-dGEgVE9DIFNpZ25pbmcgRkFLRTEXMBUGA1UEAwwORkFLRSBSb290IEZBS0UwdjAQ
-BgcqhkjOPQIBBgUrgQQAIgNiAARcVLd6r4fnNHzs5K2zfbg//4X9/oBqmsdRVtZ9
-iXhlgM9vFYaKviYtqmwkq0D3Lihg3qefeZgXXYi4dFgvzU7ZLBapSNM3CT8RDBe/
-MBJqsPwaRQbIsGmmItmt/ESNQD6jYDBeMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MB0GA1UdDgQWBBTd95rIHO/hX9Oh69szXzD0ahmZWTAfBgNVHSMEGDAW
-gBTd95rIHO/hX9Oh69szXzD0ahmZWTAKBggqhkjOPQQDAwNnADBkAjBkP3L99KEX
-QzviJVGytDMWBmITMBYv1LgNXXiSilWixTyQqHrYrFpLvNFyPZQvS6sCMFMAOUCw
-Ach/515XH0XlDbMgdIe2N4zzdY77TVwiHmsxTFWRT0FtS7fUk85c/LzSPQ==
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
 -----END CERTIFICATE-----
diff --git a/spec/conformance/conformance_cache_store.rb b/spec/conformance/conformance_cache_store.rb
@@ -6,6 +6,7 @@
 
 class ConformanceCacheStore < FidoMetadata::TestCacheStore
   FILENAME = "metadata.zip"
+  METADATA_ENDPOINT = URI("https://mds.fidoalliance.org/")
 
   def setup_authenticators
     puts("#{FILENAME} not found, this will affect Metadata Service Test results.") unless File.exist?(FILENAME)
@@ -18,27 +19,11 @@ def setup_authenticators
     end
   end
 
-  def setup_metadata_store(endpoint)
+  def setup_metadata_store
     puts("Setting up metadata store TOC")
 
-    response = Net::HTTP.post(
-      URI("https://mds.certinfra.fidoalliance.org/getEndpoints"),
-      { endpoint: endpoint }.to_json,
-      FidoMetadata::Client::DEFAULT_HEADERS
-    )
-
-    response.value
-    possible_endpoints = JSON.parse(response.body)["result"]
-
-    client = FidoMetadata::Client.new(nil)
-
-    json =
-      possible_endpoints.each_with_index do |uri, index|
-        puts("Trying endpoint #{index}: #{uri}")
-        break client.download_toc(URI(uri), trusted_certs: conformance_certificates)
-      rescue FidoMetadata::Client::DataIntegrityError, JWT::VerificationError, Net::HTTPFatalError
-        nil
-      end
+    client = FidoMetadata::Client.new
+    json = client.download_toc(METADATA_ENDPOINT, trusted_certs: conformance_certificates)
 
     if json.is_a?(Hash) && json.keys == ["legalHeader", "no", "nextUpdate", "entries"]
       puts("TOC setup done!")

diff --git a/spec/conformance/server.rb b/spec/conformance/server.rb
@@ -42,16 +42,15 @@ def self.registered_for(username)
 
 mds_finder =
   MDSFinder.new.tap do |mds|
-    mds.token = ""
     mds.cache_backend = ConformanceCacheStore.new
     mds.cache_backend.setup_authenticators
-    mds.cache_backend.setup_metadata_store("http://#{host}:#{settings.port}")
+    mds.cache_backend.setup_metadata_store
   end
 
 relying_party = WebAuthn::RelyingParty.new(
   origin: "http://#{host}:#{settings.port}",
   name: RP_NAME,
-  algorithms: %w(ES256 ES384 ES512 PS256 PS384 PS512 RS256 RS384 RS512 RS1),
+  algorithms: %w(ES256 ES384 ES512 PS256 PS384 PS512 RS256 RS384 RS512 RS1 EdDSA),
   silent_authentication: true,
   attestation_root_certificates_finders: mds_finder
 )