lib/yubikey/otp_verify.rb in yubikey-1.3.1 vs lib/yubikey/otp_verify.rb in yubikey-1.4.0

@@ -1,27 +1,31 @@
 require 'base64'
 require 'securerandom'
+require "net/http"
+require "uri"
 
 module Yubikey
   
-  API_URL = 'https://api.yubico.com/wsapi/2.0/'
-
   class OTP::Verify
     # The raw status from the Yubico server
     attr_reader :status
 
     def initialize(args)
       @api_key = args[:api_key] || Yubikey.api_key
       @api_id  = args[:api_id]  || Yubikey.api_id
+      
       raise(ArgumentError, "Must supply API ID") if @api_id.nil?
       raise(ArgumentError, "Must supply API Key") if @api_key.nil?
-
       raise(ArgumentError, "Must supply OTP") if args[:otp].nil?
 
-      @url = args[:url] || API_URL
+      @url = args[:url] || Yubikey.url
       @nonce = args[:nonce] || OTP::Verify.generate_nonce(32)
-
+      
+      @certificate_chain = args[:certificate_chain] || Yubikey.certificate_chain
+      @cert_store = OpenSSL::X509::Store.new
+      @cert_store.add_file @certificate_chain
+      
       verify(args)
     end
     
     def valid?
       @status == 'OK'
@@ -39,11 +43,12 @@
       uri = URI.parse(@url) + 'verify'
       uri.query = query
       
       http = Net::HTTP.new(uri.host, uri.port)
       http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      http.cert_store = @cert_store
       
       req = Net::HTTP::Get.new(uri.request_uri)
       result = http.request(req).body
 
       @status = result[/status=(.*)$/,1].strip
@@ -57,10 +62,9 @@
         return
       end
     end
 
     def verify_response(result)
-
       signature = result[/^h=(.+)$/, 1].strip
       returned_nonce = result[/nonce=(.+)$/, 1]
       returned_nonce.strip! unless returned_nonce.nil?
 
       if @nonce != returned_nonce