class TPM::KeyAttestation
Constants
Attributes
certificates[R]
certified_key[R]
certify_info[R]
hash_algorithm[R]
qualifying_data[R]
root_certificates[R]
signature[R]
signature_algorithm[R]
Public Class Methods
new( certify_info, signature, certified_key, certificates, qualifying_data, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256, root_certificates: ROOT_CERTIFICATES )
click to toggle source
# File lib/tpm/key_attestation.rb, line 35 def initialize( certify_info, signature, certified_key, certificates, qualifying_data, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256, root_certificates: ROOT_CERTIFICATES ) @certify_info = certify_info @signature = signature @certified_key = certified_key @certificates = certificates @signature_algorithm = signature_algorithm @hash_algorithm = hash_algorithm @qualifying_data = qualifying_data @root_certificates = root_certificates end
Public Instance Methods
key()
click to toggle source
# File lib/tpm/key_attestation.rb, line 56 def key if valid? public_area.key end end
valid?()
click to toggle source
# File lib/tpm/key_attestation.rb, line 62 def valid? certify_validator.valid?(aik_certificate.public_key) && aik_certificate.conformant? && trustworthy? end
Private Instance Methods
aik_certificate()
click to toggle source
# File lib/tpm/key_attestation.rb, line 95 def aik_certificate @aik_certificate ||= TPM::AIKCertificate.from_der(certificates.first) end
certify_validator()
click to toggle source
# File lib/tpm/key_attestation.rb, line 70 def certify_validator @certify_validator ||= TPM::CertifyValidator.new( certify_info, signature, qualifying_data, public_area, signature_algorithm: signature_algorithm, hash_algorithm: hash_algorithm ) end
public_area()
click to toggle source
# File lib/tpm/key_attestation.rb, line 99 def public_area @public_area ||= TPM::PublicArea.new(certified_key) end
trust_store()
click to toggle source
# File lib/tpm/key_attestation.rb, line 88 def trust_store @trust_store ||= OpenSSL::X509::Store.new.tap do |trust_store| root_certificates.uniq(&:serial).each { |root_certificate| trust_store.add_cert(root_certificate) } end end
trustworthy?()
click to toggle source
# File lib/tpm/key_attestation.rb, line 82 def trustworthy? x509_certificates = certificates.map { |c| OpenSSL::X509::Certificate.new(c) } trust_store.verify(x509_certificates[0], x509_certificates[1..-1]) end