Class: OmfCommon::Auth::CertificateStore
- Inherits:
-
Object
- Object
- OmfCommon::Auth::CertificateStore
- Includes:
- MonitorMixin
- Defined in:
- lib/omf_common/auth/certificate_store.rb
Constant Summary collapse
- @@instance =
nil
Class Method Summary collapse
Instance Method Summary collapse
- #cert_for(url) ⇒ Object
- #register(certificate) ⇒ Object
-
#register_default_certs(folder) ⇒ Object
Load a set of CA certs into cert store from a given location.
- #register_trusted(certificate) ⇒ Object
- #register_x509(cert_pem) ⇒ Object
- #verify(cert) ⇒ Object
Class Method Details
.init(opts = {}) ⇒ Object
21 22 23 24 25 26 |
# File 'lib/omf_common/auth/certificate_store.rb', line 21 def self.init(opts = {}) if @@instance raise "CertificateStore already initialized" end @@instance = self.new(opts) end |
.instance ⇒ Object
28 29 30 31 |
# File 'lib/omf_common/auth/certificate_store.rb', line 28 def self.instance throw "CertificateStore not initialized" unless @@instance @@instance end |
Instance Method Details
#cert_for(url) ⇒ Object
75 76 77 78 79 80 81 82 |
# File 'lib/omf_common/auth/certificate_store.rb', line 75 def cert_for(url) # The key of @certs could be a OpenSSL::X509::Name instance unless (cert = @certs.find { |k, v| k.to_s == url.to_s }) warn "Unknown cert '#{url}'" raise MissingCertificateException.new(url) end cert[1] end |
#register(certificate) ⇒ Object
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/omf_common/auth/certificate_store.rb', line 48 def register(certificate) raise "Expected Certificate, but got '#{certificate.class}'" unless certificate.is_a? Certificate debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}" @@instance.synchronize do begin @intermediate_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e raise e unless e. == "cert already in hash table" end _set(certificate.subject, certificate) if rid = certificate.resource_id _set(rid, certificate) end certificate.addresses.each do |type, name| _set(name, certificate) end end end |
#register_default_certs(folder) ⇒ Object
Load a set of CA certs into cert store from a given location
98 99 100 101 102 |
# File 'lib/omf_common/auth/certificate_store.rb', line 98 def register_default_certs(folder) Dir["#{folder}/*"].each do |cert| register_trusted(Certificate.create_from_pem(File.read(cert))) end end |
#register_trusted(certificate) ⇒ Object
33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/omf_common/auth/certificate_store.rb', line 33 def register_trusted(certificate) @@instance.synchronize do begin @x509_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e if e. == "cert already in hash table" warn "X509 cert '#{certificate.subject}' already registered in X509 store" else raise e end end @certs[certificate.subject] ||= certificate end end |
#register_x509(cert_pem) ⇒ Object
68 69 70 71 72 73 |
# File 'lib/omf_common/auth/certificate_store.rb', line 68 def register_x509(cert_pem) if (cert = Certificate.create_from_pem(cert_pem)) debug "REGISTERED #{cert}" register(cert) end end |
#verify(cert) ⇒ Object
86 87 88 89 90 91 92 |
# File 'lib/omf_common/auth/certificate_store.rb', line 86 def verify(cert) #puts "VERIFY: #{cert}::#{cert.class}}" cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert) warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result v_result end |