class OmfCommon::Auth::CertificateStore

Public Class Methods

init(opts = {}) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 21
def self.init(opts = {})
  if @@instance
    raise "CertificateStore already initialized"
  end
  @@instance = self.new(opts)
end
instance() click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 28
def self.instance
  throw "CertificateStore not initialized" unless @@instance
  @@instance
end
new(opts) click to toggle source
Calls superclass method
# File lib/omf_common/auth/certificate_store.rb, line 106
def initialize(opts)
  @x509_store = OpenSSL::X509::Store.new
  @intermediate_store = OpenSSL::X509::Store.new

  @certs = {}
  if store = opts[:store]
  else
    @store = {private: {}, public: {}}
  end
  @serial = 0

  super()
end

Public Instance Methods

cert_for(url) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 75
def cert_for(url)
  # The key of @certs could be a OpenSSL::X509::Name instance
  unless (cert = @certs.find { |k, v| k.to_s == url.to_s })
    warn "Unknown cert '#{url}'"
    raise MissingCertificateException.new(url)
  end
  cert[1]
end
register(certificate) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 48
def register(certificate)
  raise "Expected Certificate, but got '#{certificate.class}'" unless certificate.is_a? Certificate

  debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}"
  @@instance.synchronize do
    begin
      @intermediate_store.add_cert(certificate.to_x509)
    rescue OpenSSL::X509::StoreError => e
      raise e unless e.message == "cert already in hash table"
    end
    _set(certificate.subject, certificate)
    if rid = certificate.resource_id
      _set(rid, certificate)
    end
    certificate.addresses.each do |type, name|
      _set(name, certificate)
    end
  end
end
register_default_certs(folder) click to toggle source

Load a set of CA certs into cert store from a given location

@param [String] folder contains all the CA certs

# File lib/omf_common/auth/certificate_store.rb, line 98
def register_default_certs(folder)
  Dir["#{folder}/*"].each do |cert|
    register_trusted(Certificate.create_from_pem(File.read(cert)))
  end
end
register_trusted(certificate) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 33
def register_trusted(certificate)
  @@instance.synchronize do
    begin
      @x509_store.add_cert(certificate.to_x509)
    rescue OpenSSL::X509::StoreError => e
      if e.message == "cert already in hash table"
        warn "X509 cert '#{certificate.subject}' already registered in X509 store"
      else
        raise e
      end
    end
    @certs[certificate.subject] ||= certificate
  end
end
register_x509(cert_pem) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 68
def register_x509(cert_pem)
  if (cert = Certificate.create_from_pem(cert_pem))
    debug "REGISTERED #{cert}"
    register(cert)
  end
end
verify(cert) click to toggle source

@param [OpenSSL::X509::Certificate] cert

# File lib/omf_common/auth/certificate_store.rb, line 86
def verify(cert)
  #puts "VERIFY: #{cert}::#{cert.class}}"
  cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate
  v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert)
  warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result
  v_result
end

Private Instance Methods

_set(name, certificate) click to toggle source
# File lib/omf_common/auth/certificate_store.rb, line 120
def _set(name, certificate)
  if old = @certs[name]
    return if old.to_pem == certificate.to_pem
    warn "Overriding certificate '#{name}' - new: #{certificate.subject} old: #{old.subject}"
  end
  @certs[name] = certificate
  unless name.is_a? String
    _set(name.to_s, certificate)
  end
end