class Vcert::Policy
Attributes
creation_date[R]
name[R]
policy_id[R]
system_generated[R]
Public Class Methods
new(policy_id:, name:, system_generated:, creation_date:, subject_cn_regexes:, subject_o_regexes:, subject_ou_regexes:, subject_st_regexes:, subject_l_regexes:, subject_c_regexes:, san_regexes:, key_types:)
click to toggle source
# File lib/objects/objects.rb, line 168 def initialize(policy_id:, name:, system_generated:, creation_date:, subject_cn_regexes:, subject_o_regexes:, subject_ou_regexes:, subject_st_regexes:, subject_l_regexes:, subject_c_regexes:, san_regexes:, key_types:) @policy_id = policy_id @name = name @system_generated = system_generated @creation_date = creation_date @subject_cn_regexes = subject_cn_regexes @subject_c_regexes = subject_c_regexes @subject_st_regexes = subject_st_regexes @subject_l_regexes = subject_l_regexes @subject_o_regexes = subject_o_regexes @subject_ou_regexes = subject_ou_regexes @san_regexes = san_regexes @key_types = key_types end
Public Instance Methods
check_request(request)
click to toggle source
@param [Request] request
# File lib/objects/objects.rb, line 207 def check_request(request) simple_check_request(request) if request.csr? csr = parse_csr_fields(request.csr) unless component_is_valid?(csr[:C], @subject_c_regexes) raise ValidationError, "Country #{csr[:C]} doesnt match #{@subject_c_regexes}" end unless component_is_valid?(csr[:ST], @subject_st_regexes) raise ValidationError, "Province #{csr[:ST]} doesnt match #{@subject_st_regexes}" end unless component_is_valid?(csr[:L], @subject_l_regexes) raise ValidationError, "Locality #{csr[:L]} doesnt match #{@subject_l_regexes}" end unless component_is_valid?(csr[:O], @subject_o_regexes) raise ValidationError, "Organization #{csr[:O]} doesnt match #{@subject_o_regexes}" end unless component_is_valid?(csr[:OU], @subject_ou_regexes) raise ValidationError, "Organizational unit #{csr[:OU]} doesnt match #{@subject_ou_regexes}" end #todo: add uri, upn, ip, email unless is_key_type_is_valid?(csr[:key_type], @key_types) raise ValidationError, "Key Type #{csr[:key_type]} doesnt match allowed #{@key_types}" end else # subject unless component_is_valid?(request.country, @subject_c_regexes) raise ValidationError, "Country #{request.country} doesnt match #{@subject_c_regexes}" end unless component_is_valid?(request.province, @subject_st_regexes) raise ValidationError, "Province #{request.province} doesnt match #{@subject_st_regexes}" end unless component_is_valid?(request.locality, @subject_l_regexes) raise ValidationError, "Locality #{request.locality} doesnt match #{@subject_l_regexes}" end unless component_is_valid?(request.organization, @subject_o_regexes) raise ValidationError, "Organization #{request.organization} doesnt match #{@subject_o_regexes}" end unless component_is_valid?(request.organizational_unit, @subject_ou_regexes) raise ValidationError, "Organizational unit #{request.organizational_unit} doesnt match #{@subject_ou_regexes}" end #todo: add uri, upn, ip, email unless is_key_type_is_valid?(request.key_type, @key_types) raise ValidationError, "Key Type #{request.key_type} doesnt match allowed #{@key_types}" end end # todo: (!important!) parse csr if it alredy generated (!important!) end
simple_check_request(request)
click to toggle source
@param [Request] request
# File lib/objects/objects.rb, line 187 def simple_check_request(request) if request.csr? csr = parse_csr_fields(request.csr) unless component_is_valid?(csr[:CN], @subject_cn_regexes) raise ValidationError, "Common name #{csr[:CN]} doesnt match #{@subject_cn_regexes}" end unless component_is_valid?(request.san_dns, @san_regexes, optional: true) raise ValidationError, "SANs #{csr[:DNS]} doesnt match #{ @san_regexes }" end else unless component_is_valid?(request.common_name, @subject_cn_regexes) raise ValidationError, "Common name #{request.common_name} doesnt match #{@subject_cn_regexes}" end unless component_is_valid?(request.san_dns, @san_regexes, optional: true) raise ValidationError, "SANs #{request.san_dns} doesnt match #{ @san_regexes }" end end end
Private Instance Methods
component_is_valid?(component, regexps, optional:false)
click to toggle source
# File lib/objects/objects.rb, line 271 def component_is_valid?(component, regexps, optional:false) if component == nil component = [] end unless component.instance_of? Array component = [component] end if component.length == 0 && optional return true end if component.length == 0 component = [""] end for i in 0 ... component.length unless match_regexps?(component[i], regexps) return false end end true end
is_key_type_is_valid?(key_type, allowed_key_types)
click to toggle source
# File lib/objects/objects.rb, line 259 def is_key_type_is_valid?(key_type, allowed_key_types) if key_type == nil key_type = DEFAULT_KEY_TYPE end for i in 0 ... allowed_key_types.length if allowed_key_types[i] == key_type return true end end false end
match_regexps?(s, regexps)
click to toggle source
# File lib/objects/objects.rb, line 292 def match_regexps?(s, regexps) for i in 0 ... regexps.length if Regexp.new(regexps[i]).match(s) return true end end false end