Module: AlexaVerifier::Verifier::CertificateVerifier

Defined in:
lib/alexa_verifier/verifier/certificate_verifier.rb

Overview

Given an OpenSSL certificate, validate it according to: developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-a-web-service.html#h2_verify_sig_cert

Since:

  • 0.1

Constant Summary collapse

SAN =

Since:

  • 0.1

'echo-api.amazon.com'.freeze

Class Method Summary collapse

Class Method Details

.valid!(certificate, chain) ⇒ true

Check that a given certificate meet’s Amazon’s requirements. Raise an error if it does not.

Parameters:

  • certificate (OpenSSL::X509::Certificate)

    certificate to check.

  • chain (Array<OpenSSL::X509::Certificate>)

    chain of certificates to a root trusted CA.

Returns:

  • (true)

    either returns true or raises an error.

Raises:

Since:

  • 0.1



27
28
29
30
31
32
33
34
35
 
# File 'lib/alexa_verifier/verifier/certificate_verifier.rb', line 27

def valid!(certificate, chain)
  check_that_certificate_is_in_date(certificate)

  check_that_certificate_has_the_expected_extensions(certificate)

  check_that_we_can_create_a_chain_of_trust_to_a_root_ca(certificate, chain)

  true
end

.valid?(certificate, chain) ⇒ Boolean

Check that a given certificate meet’s Amazon’s requirements. Returns a boolean.

Parameters:

  • certificate (OpenSSL::X509::Certificate)

    certificate to check.

  • chain (Array<OpenSSL::X509::Certificate>)

    chain of certificates to a root CA.

Returns:

  • (Boolean)

    returns the result of our checks.

Since:

  • 0.1



44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/alexa_verifier/verifier/certificate_verifier.rb', line 44

def valid?(certificate, chain)
  begin
    valid!(certificate, chain)
  rescue AlexaVerifier::InvalidCertificateError => e
    puts e

    return false
  end

  true
end