class Vcert::Policy

Attributes

creation_date[R]
name[R]
policy_id[R]
system_generated[R]

Public Class Methods

new(policy_id:, name:, system_generated:, creation_date:, subject_cn_regexes:, subject_o_regexes:, subject_ou_regexes:, subject_st_regexes:, subject_l_regexes:, subject_c_regexes:, san_regexes:, key_types:) click to toggle source
# File lib/objects/objects.rb, line 168
def initialize(policy_id:, name:, system_generated:, creation_date:, subject_cn_regexes:, subject_o_regexes:,
               subject_ou_regexes:, subject_st_regexes:, subject_l_regexes:, subject_c_regexes:, san_regexes:,
               key_types:)

  @policy_id = policy_id
  @name = name
  @system_generated = system_generated
  @creation_date = creation_date
  @subject_cn_regexes = subject_cn_regexes
  @subject_c_regexes = subject_c_regexes
  @subject_st_regexes = subject_st_regexes
  @subject_l_regexes = subject_l_regexes
  @subject_o_regexes = subject_o_regexes
  @subject_ou_regexes = subject_ou_regexes
  @san_regexes = san_regexes
  @key_types = key_types
end

Public Instance Methods

check_request(request) click to toggle source

@param [Request] request

# File lib/objects/objects.rb, line 207
def check_request(request)
  simple_check_request(request)
  if request.csr?
    csr = parse_csr_fields(request.csr)
    unless component_is_valid?(csr[:C], @subject_c_regexes)
      raise ValidationError, "Country #{csr[:C]} doesnt match #{@subject_c_regexes}"
    end
    unless component_is_valid?(csr[:ST], @subject_st_regexes)
      raise ValidationError, "Province #{csr[:ST]} doesnt match #{@subject_st_regexes}"
    end
    unless component_is_valid?(csr[:L], @subject_l_regexes)
      raise ValidationError, "Locality #{csr[:L]} doesnt match #{@subject_l_regexes}"
    end
    unless component_is_valid?(csr[:O], @subject_o_regexes)
      raise ValidationError, "Organization #{csr[:O]} doesnt match #{@subject_o_regexes}"
    end
    unless component_is_valid?(csr[:OU], @subject_ou_regexes)
      raise ValidationError, "Organizational unit #{csr[:OU]} doesnt match #{@subject_ou_regexes}"
    end
    #todo: add uri, upn, ip, email
    unless is_key_type_is_valid?(csr[:key_type], @key_types)
      raise ValidationError, "Key Type #{csr[:key_type]} doesnt match allowed #{@key_types}"
    end
  else
    # subject
    unless component_is_valid?(request.country, @subject_c_regexes)
      raise ValidationError, "Country #{request.country} doesnt match #{@subject_c_regexes}"
    end
    unless component_is_valid?(request.province, @subject_st_regexes)
      raise ValidationError, "Province #{request.province} doesnt match #{@subject_st_regexes}"
    end
    unless component_is_valid?(request.locality, @subject_l_regexes)
      raise ValidationError, "Locality #{request.locality} doesnt match #{@subject_l_regexes}"
    end
    unless component_is_valid?(request.organization, @subject_o_regexes)
      raise ValidationError, "Organization #{request.organization} doesnt match #{@subject_o_regexes}"
    end
    unless component_is_valid?(request.organizational_unit, @subject_ou_regexes)
      raise ValidationError, "Organizational unit #{request.organizational_unit} doesnt match #{@subject_ou_regexes}"
    end
    #todo: add uri, upn, ip, email
    unless is_key_type_is_valid?(request.key_type, @key_types)
      raise ValidationError, "Key Type #{request.key_type} doesnt match allowed #{@key_types}"
    end
  end


  # todo: (!important!) parse csr if it alredy generated (!important!)
end
simple_check_request(request) click to toggle source

@param [Request] request

# File lib/objects/objects.rb, line 187
def simple_check_request(request)
  if request.csr?
    csr = parse_csr_fields(request.csr)
    unless component_is_valid?(csr[:CN], @subject_cn_regexes)
      raise ValidationError, "Common name #{csr[:CN]} doesnt match #{@subject_cn_regexes}"
    end
    unless component_is_valid?(request.san_dns, @san_regexes, optional: true)
      raise ValidationError, "SANs #{csr[:DNS]} doesnt match #{ @san_regexes }"
    end
  else
    unless component_is_valid?(request.common_name, @subject_cn_regexes)
      raise ValidationError, "Common name #{request.common_name} doesnt match #{@subject_cn_regexes}"
    end
    unless component_is_valid?(request.san_dns, @san_regexes, optional: true)
      raise ValidationError, "SANs #{request.san_dns} doesnt match #{ @san_regexes }"
    end
  end
end

Private Instance Methods

component_is_valid?(component, regexps, optional:false) click to toggle source
# File lib/objects/objects.rb, line 271
def component_is_valid?(component, regexps, optional:false)
  if component == nil
    component = []
  end
  unless component.instance_of? Array
    component = [component]
  end
  if component.length == 0 && optional
    return true
  end
  if component.length == 0
    component = [""]
  end
  for i in 0 ... component.length
    unless match_regexps?(component[i], regexps)
      return false
    end
  end
  true
end
is_key_type_is_valid?(key_type, allowed_key_types) click to toggle source
# File lib/objects/objects.rb, line 259
def is_key_type_is_valid?(key_type, allowed_key_types)
  if key_type == nil
    key_type = DEFAULT_KEY_TYPE
  end
  for i in 0 ... allowed_key_types.length
    if allowed_key_types[i] == key_type
      return true
    end
  end
  false
end
match_regexps?(s, regexps) click to toggle source
# File lib/objects/objects.rb, line 292
def match_regexps?(s, regexps)
  for i in 0 ... regexps.length
    if Regexp.new(regexps[i]).match(s)
      return true
    end
  end
  false
end