class Rails::Auth::X509::Middleware

Extracts X.509 client certificates and adds credential objects to the rack environment as env[“x509”]

Public Class Methods

new(app, cert_filters: {}, logger: nil) click to toggle source

Create a new X.509 Middleware object

@param [Object] app next app in the Rack middleware chain @param [Hash] cert_filters maps Rack environment names to cert extractors @param [Logger] logger place to log certificate extraction issues

@return [Rails::Auth::X509::Middleware] new X509 middleware instance

# File lib/rails/auth/x509/middleware.rb, line 16
def initialize(app, cert_filters: {}, logger: nil)
  @app          = app
  @cert_filters = cert_filters
  @logger       = logger

  @cert_filters.each do |key, filter|
    next unless filter.is_a?(Symbol)

    # Convert snake_case to CamelCase
    filter_name = filter.to_s.split("_").map(&:capitalize).join

    # Shortcut syntax for symbols
    @cert_filters[key] = Rails::Auth::X509::Filter.const_get(filter_name).new
  end
end

Public Instance Methods

call(env) click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 32
def call(env)
  credential = extract_credential(env)
  Rails::Auth.add_credential(env, "x509", credential.freeze) if credential

  @app.call(env)
end

Private Instance Methods

extract_certificate_with_filter(filter, raw_cert) click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 52
def extract_certificate_with_filter(filter, raw_cert)
  case raw_cert
  when String   then return if raw_cert.empty?
  when NilClass then return
  end

  filter.call(raw_cert)
rescue StandardError => e
  @logger.debug("rails-auth: Certificate error: #{e.class}: #{e.message}") if @logger
  nil
end
extract_credential(env) click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 41
def extract_credential(env)
  @cert_filters.each do |key, filter|
    cert = extract_certificate_with_filter(filter, env[key])
    next unless cert

    return Rails::Auth::X509::Certificate.new(cert)
  end

  nil
end
subject(cert) click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 64
def subject(cert)
  cert.subject.to_a.map { |attr, data| "#{attr}=#{data}" }.join(",")
end