class OmfCommon::Auth::Assertion
Attributes
content[R]
iss[R]
type[R]
Public Class Methods
generate(str, opts = {})
click to toggle source
Factory method to generate new assertion
# File lib/omf_common/auth/assertion.rb, line 20 def self.generate(str, opts = {}) raise 'Missing iss of assertion' if opts[:iss].nil? cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss]) raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil? sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8') new(opts.merge(content: str, sig: sig)) end
new(opts = {})
click to toggle source
# File lib/omf_common/auth/assertion.rb, line 66 def initialize(opts = {}) @type = opts[:type] || 'json' @iss = opts[:iss] # Signature of assertion content signed by issuer @sig = opts[:sig] @content = opts[:content] end
parse(str, opts = {})
click to toggle source
Parse from a serialised assertion
# File lib/omf_common/auth/assertion.rb, line 9 def self.parse(str, opts = {}) opts[:type] ||= 'json' case opts[:type] when 'json' new(JSON.parse(str, symbolize_names: true).merge(type: 'json')) end end
Public Instance Methods
to_s()
click to toggle source
# File lib/omf_common/auth/assertion.rb, line 57 def to_s case @type when 'json' { type: @type, iss: @iss, sig: @sig, content: @content }.to_json end end
verify()
click to toggle source
Verify cert and sig validity
# File lib/omf_common/auth/assertion.rb, line 34 def verify begin cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss) rescue MissingCertificateException => e return false end # Verify cert # unless OmfCommon::Auth::CertificateStore.instance.verify(cert) warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store." return false end if cert.nil? warn "Certifcate of #{@iss} NOT found" return false end # Verify sig # cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content) end