Class: EzCrypto::TrustStore

Inherits:

Object

Object
EzCrypto::TrustStore

Defined in:: lib/ezsig.rb

Overview

Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.

You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.

For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.

NOTE: Currently this does not support CRL's or OCSP. We may add support for this later.

Class Method Summary collapse

.default_trusted ⇒ Object

Create a trust store of normally trusted root certificates as found in a browser.

Instance Method Summary collapse

#add(obj) ⇒ Object

Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore.
#initialize(*paths) ⇒ TrustStore constructor

Create trust store with an optional list of paths of openssl trust stores.
#verify(cert) ⇒ Object

Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.

Constructor Details

#initialize(*paths) ⇒ `TrustStore`

Create trust store with an optional list of paths of openssl trust stores.

# File 'lib/ezsig.rb', line 449

def initialize(*paths)
  @store=OpenSSL::X509::Store.new
#      @store.set_default_path paths.shift if paths.length>0
  paths.each {|path| @store.add_path path}
end

Class Method Details

.default_trusted ⇒ `Object`

Create a trust store of normally trusted root certificates as found in a browser. Extracted from Safari.

# File 'lib/ezsig.rb', line 439

def self.default_trusted
  store=TrustStore.new
  EzCrypto::Verifier.load_all_from_file(File.dirname(__FILE__) + "/trusted.pem").each do |cert|
    store.add cert
  end
  store
end

Instance Method Details

#add(obj) ⇒ `Object`

Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.

# File 'lib/ezsig.rb', line 458

def add(obj)
  if obj.kind_of?(EzCrypto::Certificate)
    @store.add_cert obj.cert
  elsif obj.kind_of?(OpenSSL::X509::Cert)
    @store.add_cert obj
  else 
    raise "unsupported object type"
  end
end

#verify(cert) ⇒ `Object`

Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.

# File 'lib/ezsig.rb', line 470

def verify(cert)
  if cert.kind_of?(EzCrypto::Certificate)
    @store.verify cert.cert
  elsif cert.kind_of?(OpenSSL::X509::Cert)
    @store.verify cert
  else 
    false
  end
end