class Rails::Auth::X509::Middleware
Extracts X.509 client certificates and adds credential objects to the rack environment as env[“x509”]
Public Class Methods
new(app, cert_filters: {}, logger: nil)
click to toggle source
Create a new X.509 Middleware
object
@param [Object] app next app in the Rack middleware chain @param [Hash] cert_filters maps Rack environment names to cert extractors @param [Logger] logger place to log certificate extraction issues
@return [Rails::Auth::X509::Middleware] new X509
middleware instance
# File lib/rails/auth/x509/middleware.rb, line 16 def initialize(app, cert_filters: {}, logger: nil) @app = app @cert_filters = cert_filters @logger = logger @cert_filters.each do |key, filter| next unless filter.is_a?(Symbol) # Convert snake_case to CamelCase filter_name = filter.to_s.split("_").map(&:capitalize).join # Shortcut syntax for symbols @cert_filters[key] = Rails::Auth::X509::Filter.const_get(filter_name).new end end
Public Instance Methods
call(env)
click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 32 def call(env) credential = extract_credential(env) Rails::Auth.add_credential(env, "x509", credential.freeze) if credential @app.call(env) end
Private Instance Methods
extract_certificate_with_filter(filter, raw_cert)
click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 52 def extract_certificate_with_filter(filter, raw_cert) case raw_cert when String then return if raw_cert.empty? when NilClass then return end filter.call(raw_cert) rescue StandardError => e @logger.debug("rails-auth: Certificate error: #{e.class}: #{e.message}") if @logger nil end
extract_credential(env)
click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 41 def extract_credential(env) @cert_filters.each do |key, filter| cert = extract_certificate_with_filter(filter, env[key]) next unless cert return Rails::Auth::X509::Certificate.new(cert) end nil end
subject(cert)
click to toggle source
# File lib/rails/auth/x509/middleware.rb, line 64 def subject(cert) cert.subject.to_a.map { |attr, data| "#{attr}=#{data}" }.join(",") end