Module: IOSCertEnrollment::Sign
- Defined in:
- lib/ios-cert-enrollment/sign.rb
Class Method Summary collapse
- .certificate_authority_caps ⇒ Object
- .registration_authority ⇒ Object
- .sign_PKI(data) ⇒ Object
- .verify_response(raw_postback_data) ⇒ Object
- .verify_signer(p7sign) ⇒ Object
Class Method Details
.certificate_authority_caps ⇒ Object
18 19 20 |
# File 'lib/ios-cert-enrollment/sign.rb', line 18 def return "POSTPKIOperation\nSHA-1\nDES3\n" end |
.registration_authority ⇒ Object
11 12 13 14 15 16 |
# File 'lib/ios-cert-enrollment/sign.rb', line 11 def scep_certs = OpenSSL::PKCS7.new() scep_certs.type="signed" scep_certs.certificates=[SSL.certificate,SSL.certificate] return Certificate.new(scep_certs.to_der, "application/x-x509-ca-ra-cert") end |
.sign_PKI(data) ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/ios-cert-enrollment/sign.rb', line 22 def sign_PKI(data) p7sign = OpenSSL::PKCS7.new(data) store = OpenSSL::X509::Store.new p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY) signers = p7sign.signers p7enc = OpenSSL::PKCS7.new(p7sign.data) # Certificate Signing Request csr = p7enc.decrypt(SSL.key, SSL.certificate) # Signed Certificate cert = self.sign_certificate(csr) degenerate_pkcs7 = OpenSSL::PKCS7.new() degenerate_pkcs7.type="signed" degenerate_pkcs7.certificates=[cert] enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der, OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY) reply = OpenSSL::PKCS7.sign(SSL.certificate, SSL.key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY) return Certificate.new(reply.to_der, "application/x-pki-message") end |
.verify_response(raw_postback_data) ⇒ Object
46 47 48 49 50 51 |
# File 'lib/ios-cert-enrollment/sign.rb', line 46 def verify_response(raw_postback_data) p7sign = OpenSSL::PKCS7.new(raw_postback_data) store = OpenSSL::X509::Store.new p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY) return p7sign end |
.verify_signer(p7sign) ⇒ Object
52 53 54 55 56 |
# File 'lib/ios-cert-enrollment/sign.rb', line 52 def verify_signer(p7sign) signers = p7sign.signers return (signers[0].issuer.to_s == SSL.certificate.subject.to_s) end |