Class: BBK::Utils::Crypt

Inherits:

Object

• Object
• BBK::Utils::Crypt

Defined in:

lib/bbk/utils/crypt.rb

Class Method Summary

• .full_check(key_path, cert_path, *cacert_chain) ⇒ Object
• .valid_cert_sign?(cert_path, *ca_certs_paths) ⇒ Boolean
• .valid_key_cert?(key_path, cert_path) ⇒ Boolean

Class Method Details

.full_check(key_path, cert_path, *cacert_chain) ⇒ Object

# File 'lib/bbk/utils/crypt.rb', line 9

def self.full_check(key_path, cert_path, *cacert_chain)
  errors = []
  errors << 'Invalid key and cert pair' unless valid_key_cert?(key_path, cert_path)
  errors << 'Invalid cert and cacert pair' unless valid_cert_sign?(cert_path,
                                                                   *cacert_chain.compact)
  if errors.empty?
    nil
  else
    errors
  end
end

.valid_cert_sign?(cert_path, *ca_certs_paths) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/bbk/utils/crypt.rb', line 30

def self.valid_cert_sign?(cert_path, *ca_certs_paths)
  raise "Cert file #{cert_path} not exists" unless File.exist? cert_path
  raise "Not all files in ca chain #{ca_certs_paths} exists" unless ca_certs_paths.all? {|pth| File.exist? pth }

  store = ca_certs_paths.reduce(OpenSSL::X509::Store.new) {|st, c| st.add_file(c) }
  cert = OpenSSL::X509::Certificate.new File.read(cert_path)
  store.verify(cert)
end

.valid_key_cert?(key_path, cert_path) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/bbk/utils/crypt.rb', line 21

def self.valid_key_cert?(key_path, cert_path)
  raise "Key file #{key_path} not exists" unless File.exist? key_path
  raise "Cert file #{cert_path} not exists" unless File.exist? cert_path

  key = OpenSSL::PKey::RSA.new(File.read(key_path))
  cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
  cert.check_private_key(key)
end