Class: GlobalSession::Keystore

Inherits:
Object
  • Object
show all
Defined in:
lib/global_session/keystore.rb

Overview

Keystore uses one or more filesystem directories as a backing store for RSA keys of global session authorities. The directories should contain one or more *.pub files containing OpenSSH-format public RSA keys. The name of the pub file determines the name of the authority it represents.

The Local Authority

Directory will infer the name of the local authority (if any) by looking for a private-key file in the keystore. If a *.key file is found, then its name is taken to be the name of the local authority and all GlobalSessions created will be signed by that authority’s private key.

If more than one private key file is found, Directory will raise an error at initialization time.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(configuration) ⇒ Keystore

Returns a new instance of Keystore.



60
61
62
63
 
# File 'lib/global_session/keystore.rb', line 60

def initialize(configuration)
  @configuration = configuration
  load
end

Instance Attribute Details

#configurationConfiguration (readonly)

Returns shared configuration object.

Returns:



44
45
46
 
# File 'lib/global_session/keystore.rb', line 44

def configuration
  @configuration
end

#private_keynil, OpenSSL::PKey (readonly)

Returns local authority key if we are an authority, else nil.

Returns:

  • (nil, OpenSSL::PKey)

    local authority key if we are an authority, else nil



53
54
55
 
# File 'lib/global_session/keystore.rb', line 53

def private_key
  @private_key
end

#private_key_namenil, String (readonly)

Returns name of local authority if we are one, else nil.

Returns:

  • (nil, String)

    name of local authority if we are one, else nil



50
51
52
 
# File 'lib/global_session/keystore.rb', line 50

def private_key_name
  @private_key_name
end

#public_keysHash (readonly)

Returns map of String authority-names to OpenSSL::PKey public-keys.

Returns:

  • (Hash)

    map of String authority-names to OpenSSL::PKey public-keys



47
48
49
 
# File 'lib/global_session/keystore.rb', line 47

def public_keys
  @public_keys
end

Class Method Details

.create_keypair(cryptosystem = :RSA, parameter = nil) ⇒ OpenSSL::PKey::PKey

Factory method to generate a new keypair for use with GlobalSession.

Parameters:

  • parameter (Integer, String) (defaults to: nil)

    keylength in bits (for RSA/DSA) or curve name (for EC)

Returns:

  • (OpenSSL::PKey::PKey)

    a public/private keypair

Raises:

  • (ArgumentError)

    if cryptosystem is unknown to OpenSSL



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/global_session/keystore.rb', line 70

def self.create_keypair(cryptosystem=:RSA, parameter=nil)
  factory = OpenSSL::PKey.const_get(cryptosystem)
  if factory.respond_to?(:generate)
    # parameter-free cryptosystem e.g. RSA, DSA. Default key length 1024,
    # which is really too small, but whose signatures are quite large.
    parameter ||= 1024
    factory.generate( parameter )
  else
    # parameterized family of cryptosystems (e.g. EC). Default curve is
    # compatible with JSON Web Signature (JWS) ES256 algorithm.
    parameter ||= 'prime256v1'
    alg = factory.new(parameter)
    alg.generate_key
  end
rescue NameError => e
  raise ArgumentError, e.message
end

Instance Method Details

#inspectObject

Returns a representation of the object suitable for printing to the console.

Returns:

  • a representation of the object suitable for printing to the console



56
57
58
 
# File 'lib/global_session/keystore.rb', line 56

def inspect
  "<#{self.class.name} @configuration=#{@configuration.inspect}>"
end