Class: R509::Validity::CADB::Checker
- Inherits:
-
R509::Validity::Checker
- Object
- R509::Validity::Checker
- R509::Validity::CADB::Checker
- Includes:
- Dependo::Mixin
- Defined in:
- lib/r509/validity/cadb/checker.rb
Overview
implements the R509::Validity interface for OpenSSL ca database (index) checking
Instance Method Summary (collapse)
- - (R509::Validity::Status) check(issuer, serial)
-
- (Checker) initialize(cadb_file_path)
constructor
A new instance of Checker.
- - (Boolean) is_available?
-
- (Object) load_db
openssl ca database format: pki-tutorial.readthedocs.org/en/latest/cadb.html this can get memory intensive so we don't store fields we don't need.
-
- (Object) parse_time(time_string)
parse OpenSSL CA DB format dates into epoch.
Constructor Details
- (Checker) initialize(cadb_file_path)
Returns a new instance of Checker
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/r509/validity/cadb/checker.rb', line 12 def initialize(cadb_file_path) @cadb_file = cadb_file_path load_db @scheduler = Rufus::Scheduler.new @scheduler.every '10s' do if File.stat(@cadb_file).mtime.to_i > @cadb_last_refresh log.info("Change detected in '#{@cadb_file}', reloading.") load_db end end end |
Instance Method Details
- (R509::Validity::Status) check(issuer, serial)
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/r509/validity/cadb/checker.rb', line 27 def check(issuer,serial) raise ArgumentError.new('Serial must be provided') if serial.to_s.empty? cert_data = @cadb[serial.to_i] if cert_data.nil? return R509::Validity::Status.new(status: R509::Validity::UNKNOWN) end case cert_data[:status] when 'R' return R509::Validity::Status.new( status: R509::Validity::REVOKED, revocation_time: cert_data[:revocation_date], revocation_reason: cert_data[:revocation_reason] ) when 'V' return R509::Validity::Status.new(:status => R509::Validity::VALID) else return R509::Validity::Status.new(status: R509::Validity::UNKNOWN) end end |
- (Boolean) is_available?
79 80 81 |
# File 'lib/r509/validity/cadb/checker.rb', line 79 def is_available? true end |
- (Object) load_db
openssl ca database format: pki-tutorial.readthedocs.org/en/latest/cadb.html this can get memory intensive so we don't store fields we don't need.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/r509/validity/cadb/checker.rb', line 51 def load_db @cadb = {} @cadb_last_refresh = File.stat(@cadb_file).mtime.to_i File.open(@cadb_file).each do |line| status, expiration_date, revocation_info, serial, _, _ = line.chomp.split(/\t/) serial = serial.to_i(16) # hex to decimal @cadb[serial] = { status: status, expiration_date: parse_time(expiration_date) } unless revocation_info == '' # revocation_info field (if not blank) format is: YYMMDDHHMMSSZ[,reason] revocation_date, reason = revocation_info.split(',') reason = reason.nil? ? OpenSSL::OCSP::REVOKED_STATUS_NOSTATUS : reason.to_i @cadb[serial][:revocation_date] = parse_time(revocation_date) @cadb[serial][:revocation_reason] = reason end end end |
- (Object) parse_time(time_string)
parse OpenSSL CA DB format dates into epoch. format: YYMMDDHHMMSSZ
75 76 77 |
# File 'lib/r509/validity/cadb/checker.rb', line 75 def parse_time(time_string) Time.strptime(time_string, '%y%m%d%H%M%S%Z').to_i end |