class OmfCommon::Auth::Assertion

Attributes

content[R]
iss[R]
type[R]

Public Class Methods

generate(str, opts = {}) click to toggle source

Factory method to generate new assertion

# File lib/omf_common/auth/assertion.rb, line 20
def self.generate(str, opts = {})
  raise 'Missing iss of assertion' if opts[:iss].nil?

  cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])

  raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?

  sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')

  new(opts.merge(content: str, sig: sig))
end
new(opts = {}) click to toggle source
# File lib/omf_common/auth/assertion.rb, line 66
def initialize(opts = {})
  @type = opts[:type] || 'json'
  @iss = opts[:iss]
  # Signature of assertion content signed by issuer
  @sig = opts[:sig]
  @content = opts[:content]
end
parse(str, opts = {}) click to toggle source

Parse from a serialised assertion

# File lib/omf_common/auth/assertion.rb, line 9
def self.parse(str, opts = {})
  opts[:type] ||= 'json'

  case opts[:type]
  when 'json'
    new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
  end
end

Public Instance Methods

to_s() click to toggle source
# File lib/omf_common/auth/assertion.rb, line 57
def to_s
  case @type
  when 'json'
    { type: @type, iss: @iss, sig: @sig, content: @content }.to_json
  end
end
verify() click to toggle source

Verify cert and sig validity

# File lib/omf_common/auth/assertion.rb, line 34
def verify
  begin
    cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
  rescue MissingCertificateException => e
    return false
  end
  # Verify cert
  #
  unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
    warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
    return false
  end

  if cert.nil?
    warn "Certifcate of #{@iss} NOT found"
    return false
  end

  # Verify sig
  #
  cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
end