Class: CertificateUtility

Inherits:
Object
  • Object
show all
Defined in:
lib/AuthenticationSDK/util/CertificateUtility.rb

Class Method Summary collapse

Class Method Details

.getCertificateBasedOnKeyAlias(certificateList, keyAlias) ⇒ Object



30
31
32
33
34
35
36
# File 'lib/AuthenticationSDK/util/CertificateUtility.rb', line 30

def self.getCertificateBasedOnKeyAlias(certificateList, keyAlias)
  return nil if certificateList.nil?

  certificateList.find do |cert|
    cert.subject.to_a.any? { |_, value, _| value.include?(keyAlias) }
  end
end

.getCertificateCollectionAndPrivateKeyFromP12(certificateFilePath, merchantConfig) ⇒ Object



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'lib/AuthenticationSDK/util/CertificateUtility.rb', line 10

def self.getCertificateCollectionAndPrivateKeyFromP12(certificateFilePath, merchantConfig)
  if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
    @@logger = Log.new merchantConfig.log_config, "CertificateUtility"
  end
  logger = @@logger.logger

  p12File = File.binread(certificateFilePath)
  p12Object = OpenSSL::PKCS12.new(p12File, merchantConfig.keyPass)

  privateKey = OpenSSL::PKey::RSA.new(p12Object.key)

  primaryX5Certificate = p12Object.certificate
  additionalX5Certificates = p12Object.ca_certs

  certificateList = [primaryX5Certificate]
  certificateList.concat(additionalX5Certificates) if additionalX5Certificates

  return [privateKey, certificateList]
end

.getCertificatesFromPemFile(certificateFilePath) ⇒ Object



38
39
40
41
42
43
44
45
46
47
# File 'lib/AuthenticationSDK/util/CertificateUtility.rb', line 38

def self.getCertificatesFromPemFile(certificateFilePath)
  pem_data = File.read(certificateFilePath)
  certificateList = []

  pem_data.scan(/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m) do |certBlock|
    certificateList << OpenSSL::X509::Certificate.new(certBlock)
  end

  certificateList
end

.validateCertificateExpiry(certificate, keyAlias, certificateIdentifier, logConfig) ⇒ Object



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/AuthenticationSDK/util/CertificateUtility.rb', line 49

def self.validateCertificateExpiry(certificate, keyAlias, certificateIdentifier, logConfig)
  if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
    @@logger = Log.new logConfig, "CertificateUtility"
  end
  logger = @@logger.logger

  warning_no_expiry_date = "Certificate does not have expiry date"
  warning_expiring_soon = "Certificate with alias #{keyAlias} is going to expire on %s. Please update the certificate before then."
  warning_expired = "Certificate with alias #{keyAlias} is expired as of %s. Please update the certificate."

  if Constants::MLE_CACHE_IDENTIFIER_FOR_CONFIG_CERT == certificateIdentifier
    warning_no_expiry_date = "Certificate for MLE Requests does not have expiry date from mleForRequestPublicCertPath in merchant configuration."
    warning_expiring_soon = "Certificate for MLE Requests with alias #{keyAlias} is going to expire on %s. Please update the certificate provided in mleForRequestPublicCertPath in merchant configuration before then."
    warning_expired = "Certificate for MLE Requests with alias #{keyAlias} is expired as of %s. Please update the certificate provided in mleForRequestPublicCertPath in merchant configuration."
  end

  if Constants::MLE_CACHE_IDENTIFIER_FOR_P12_CERT == certificateIdentifier
    warning_no_expiry_date = "Certificate for MLE Requests does not have expiry date in the P12 file."
    warning_expiring_soon = "Certificate for MLE Requests with alias #{keyAlias} is going to expire on %s. Please update the P12 file before then."
    warning_expired = "Certificate for MLE Requests with alias #{keyAlias} is expired as of %s. Please update the P12 file."
  end

  not_after = certificate.not_after # This returns a Time object in Ruby's OpenSSL
  if not_after.nil?
    logger.warn(warning_no_expiry_date)
  else
    now = Time.now.utc
    if not_after < now
      logger.warn(warning_expired % [not_after])
    else
      time_to_expire = not_after - now
      days_to_expire = (time_to_expire / 86400).to_i
      if days_to_expire < Constants::CERTIFICATE_EXPIRY_DATE_WARNING_DAYS
        logger.warn(warning_expiring_soon % [not_after])
      end
    end
  end
end

.validatePathAndFile(filePath, pathType, logConfig) ⇒ Object



88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File 'lib/AuthenticationSDK/util/CertificateUtility.rb', line 88

def self.validatePathAndFile(filePath, pathType, logConfig)
  if !CertificateUtility.class_variable_defined?(:@@logger) || @@logger.nil?
    @@logger = Log.new logConfig, "CertificateUtility"
  end
  logger = @@logger.logger

  if filePath.nil? || filePath.strip.empty?
    logger.error("#{pathType} path cannot be null or empty.")
    raise ArgumentError, "#{pathType} path cannot be null or empty."
  end

  normalized_path = filePath.dup
  if File::SEPARATOR == '\\' && normalized_path =~ %r{^/[A-Za-z]:.*}
    normalized_path = normalized_path[1..-1]
  end

  path = normalized_path

  unless File.exist?(path)
    logger.error("#{pathType} does not exist: #{path}")
    raise IOError, "#{pathType} does not exist: #{path}"
  end

  if File.directory?(path)
    logger.error("#{pathType} does not have valid file: #{path}")
    raise IOError, "#{pathType} does not have valid file: #{path}"
  end

  begin
    File.open(path, "rb") {} # Just to check readability
    return path
  rescue => e
    logger.error("#{pathType} is not readable: #{path}")
    raise IOError, "#{pathType} is not readable: #{path}"
  end
end