class OmfCommon::Auth::CertificateStore
Public Class Methods
init(opts = {})
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 21 def self.init(opts = {}) if @@instance raise "CertificateStore already initialized" end @@instance = self.new(opts) end
instance()
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 28 def self.instance throw "CertificateStore not initialized" unless @@instance @@instance end
new(opts)
click to toggle source
Calls superclass method
# File lib/omf_common/auth/certificate_store.rb, line 106 def initialize(opts) @x509_store = OpenSSL::X509::Store.new @intermediate_store = OpenSSL::X509::Store.new @certs = {} if store = opts[:store] else @store = {private: {}, public: {}} end @serial = 0 super() end
Public Instance Methods
cert_for(url)
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 75 def cert_for(url) # The key of @certs could be a OpenSSL::X509::Name instance unless (cert = @certs.find { |k, v| k.to_s == url.to_s }) warn "Unknown cert '#{url}'" raise MissingCertificateException.new(url) end cert[1] end
register(certificate)
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 48 def register(certificate) raise "Expected Certificate, but got '#{certificate.class}'" unless certificate.is_a? Certificate debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}" @@instance.synchronize do begin @intermediate_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e raise e unless e.message == "cert already in hash table" end _set(certificate.subject, certificate) if rid = certificate.resource_id _set(rid, certificate) end certificate.addresses.each do |type, name| _set(name, certificate) end end end
register_default_certs(folder)
click to toggle source
Load a set of CA certs into cert store from a given location
@param [String] folder contains all the CA certs
# File lib/omf_common/auth/certificate_store.rb, line 98 def register_default_certs(folder) Dir["#{folder}/*"].each do |cert| register_trusted(Certificate.create_from_pem(File.read(cert))) end end
register_trusted(certificate)
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 33 def register_trusted(certificate) @@instance.synchronize do begin @x509_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e if e.message == "cert already in hash table" warn "X509 cert '#{certificate.subject}' already registered in X509 store" else raise e end end @certs[certificate.subject] ||= certificate end end
register_x509(cert_pem)
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 68 def register_x509(cert_pem) if (cert = Certificate.create_from_pem(cert_pem)) debug "REGISTERED #{cert}" register(cert) end end
verify(cert)
click to toggle source
@param [OpenSSL::X509::Certificate] cert
# File lib/omf_common/auth/certificate_store.rb, line 86 def verify(cert) #puts "VERIFY: #{cert}::#{cert.class}}" cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert) warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result v_result end
Private Instance Methods
_set(name, certificate)
click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 120 def _set(name, certificate) if old = @certs[name] return if old.to_pem == certificate.to_pem warn "Overriding certificate '#{name}' - new: #{certificate.subject} old: #{old.subject}" end @certs[name] = certificate unless name.is_a? String _set(name.to_s, certificate) end end