class Rails::Auth::X509::Certificate

X.509 client certificates obtained from HTTP requests

Attributes

certificate[R]

Public Class Methods

new(certificate) click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 10
def initialize(certificate)
  unless certificate.is_a?(OpenSSL::X509::Certificate)
    raise TypeError, "expecting OpenSSL::X509::Certificate, got #{certificate.class}"
  end

  @certificate = certificate.freeze
  @subject = {}

  @certificate.subject.to_a.each do |name, data, _type|
    @subject[name.freeze] = data.freeze
  end
  @subject_alt_names = SubjectAltNameExtension.new(certificate)
  @subject_alt_names.freeze
  @subject.freeze
end

Public Instance Methods

==(other) click to toggle source

Compare ourself to another object by ensuring that it has the same type and that its certificate pem is the same as ours

# File lib/rails/auth/x509/certificate.rb, line 81
def ==(other)
  other.is_a?(self.class) && other.certificate.to_der == certificate.to_der
end
Also aliased as: eql?
[](component) click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 26
def [](component)
  @subject[component.to_s.upcase]
end
attributes() click to toggle source

Generates inspectable attributes for debugging

@return [Hash] hash containing parts of the certificate subject (cn, ou)

and subject alternative name extension (uris, dns_names) as well
as SPIFFE ID (spiffe_id), which is just a convenience since those
are already included in the uris
# File lib/rails/auth/x509/certificate.rb, line 68
def attributes
  {
    cn: cn,
    dns_names: dns_names,
    ips: ips,
    ou: ou,
    spiffe_id: spiffe_id,
    uris: uris
  }.reject { |_, v| v.nil? || v.empty? }
end
cn() click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 30
def cn
  @subject["CN"]
end
Also aliased as: common_name
common_name()
Alias for: cn
dns_names() click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 35
def dns_names
  @subject_alt_names.dns_names
end
eql?(other)
Alias for: ==
ips() click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 39
def ips
  @subject_alt_names.ips
end
organizational_unit()
Alias for: ou
ou() click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 43
def ou
  @subject["OU"]
end
Also aliased as: organizational_unit
spiffe_id() click to toggle source

According to the SPIFFE standard only one SPIFFE ID can exist in the URI SAN: (github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md#2-spiffe-id)

@return [String, nil] string containing SPIFFE ID if one is present

in the certificate
# File lib/rails/auth/x509/certificate.rb, line 58
def spiffe_id
  uris.detect { |uri| uri.start_with?("spiffe://") }
end
uris() click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 48
def uris
  @subject_alt_names.uris
end