class NemID::XMLDSig::Document

Public Class Methods

new(document, options = {}) click to toggle source
Calls superclass method
# File lib/nemid/xmldsig/document.rb, line 6
def initialize(document, options = {})
  super
  @store = OpenSSL::X509::Store.new
  @user_certificate = nil
  extract_and_store_certificates
end

Public Instance Methods

extract_pid_or_rid() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 13
def extract_pid_or_rid
  return @user_certificate.subject.to_a.assoc("serialNumber")[1]
end
get_user_certificate() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 17
def get_user_certificate
  return @user_certificate
end
user_certificate_expired?() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 21
def user_certificate_expired?
  @user_certificate.not_after < Time.now.utc
end
user_certificate_revoked?() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 25
def user_certificate_revoked?
  ocsp.request(
    subject: @user_certificate,
    issuer: @intermediate_cert,
    ca: @root_cert
  )
rescue NemID::OCSP::Error
  return true
end
validate_certificate_chain() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 35
def validate_certificate_chain
  @store.verify(@user_certificate)
end
validate_signature() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 39
def validate_signature
  validate(@user_certificate)
end

Private Instance Methods

certificates() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 44
def certificates
  xpath = '//ds:KeyInfo/ds:X509Data/ds:X509Certificate'
  document.xpath(xpath, NAMESPACES).each
end
extract_and_store_certificates() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 49
def extract_and_store_certificates
  certificates.each do |element|
    cert = x509_certificate(Base64.decode64(element.text))
    cert_key_usage = cert.find_extension('keyUsage').value
    
    if (cert_key_usage =~ /Digital Signature/)
      @user_certificate = cert
    elsif cert.issuer.cmp(cert.subject) == 0
      @root_cert = cert
      @store.add_cert(cert)
    else
      @intermediate_cert = cert
      @store.add_cert(cert)
    end
  end
end
ocsp() click to toggle source
# File lib/nemid/xmldsig/document.rb, line 66
def ocsp
  @ocsp ||= NemID::OCSP
end
x509_certificate(raw) click to toggle source
# File lib/nemid/xmldsig/document.rb, line 70
def x509_certificate(raw)
  OpenSSL::X509::Certificate.new(raw)
end