Class: EzCrypto::TrustStore
- Inherits:
-
Object
- Object
- EzCrypto::TrustStore
- Defined in:
- lib/ezsig.rb
Overview
Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.
You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.
For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.
NOTE: Currently this does not support CRL's or OCSP. We may add support for this later.
Class Method Summary collapse
-
.default_trusted ⇒ Object
Create a trust store of normally trusted root certificates as found in a browser.
Instance Method Summary collapse
-
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore.
-
#initialize(*paths) ⇒ TrustStore
constructor
Create trust store with an optional list of paths of openssl trust stores.
-
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
Constructor Details
#initialize(*paths) ⇒ TrustStore
Create trust store with an optional list of paths of openssl trust stores.
449 450 451 452 453 |
# File 'lib/ezsig.rb', line 449 def initialize(*paths) @store=OpenSSL::X509::Store.new # @store.set_default_path paths.shift if paths.length>0 paths.each {|path| @store.add_path path} end |
Class Method Details
.default_trusted ⇒ Object
Create a trust store of normally trusted root certificates as found in a browser. Extracted from Safari.
439 440 441 442 443 444 445 |
# File 'lib/ezsig.rb', line 439 def self.default_trusted store=TrustStore.new EzCrypto::Verifier.load_all_from_file(File.dirname(__FILE__) + "/trusted.pem").each do |cert| store.add cert end store end |
Instance Method Details
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.
458 459 460 461 462 463 464 465 466 |
# File 'lib/ezsig.rb', line 458 def add(obj) if obj.kind_of?(EzCrypto::Certificate) @store.add_cert obj.cert elsif obj.kind_of?(OpenSSL::X509::Cert) @store.add_cert obj else raise "unsupported object type" end end |
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
470 471 472 473 474 475 476 477 478 |
# File 'lib/ezsig.rb', line 470 def verify(cert) if cert.kind_of?(EzCrypto::Certificate) @store.verify cert.cert elsif cert.kind_of?(OpenSSL::X509::Cert) @store.verify cert else false end end |