Module: IOSCertEnrollment::Sign

Defined in:

lib/ios-cert-enrollment/sign.rb

Class Method Summary

• .certificate_authority_caps ⇒ Object
• .registration_authority ⇒ Object
• .sign_PKI(data) ⇒ Object
• .verify_response(raw_postback_data) ⇒ Object
• .verify_signer(p7sign) ⇒ Object

Class Method Details

.certificate_authority_caps ⇒ Object

# File 'lib/ios-cert-enrollment/sign.rb', line 18

def certificate_authority_caps
  return "POSTPKIOperation\nSHA-1\nDES3\n"
end

.registration_authority ⇒ Object

# File 'lib/ios-cert-enrollment/sign.rb', line 11

def registration_authority    
  scep_certs = OpenSSL::PKCS7.new()
  scep_certs.type="signed"
  scep_certs.certificates=[SSL.certificate,SSL.certificate]
  return Certificate.new(scep_certs.to_der, "application/x-x509-ca-ra-cert")
end

.sign_PKI(data) ⇒ Object

# File 'lib/ios-cert-enrollment/sign.rb', line 22

def sign_PKI(data)
  
  p7sign = OpenSSL::PKCS7.new(data)
  store = OpenSSL::X509::Store.new
  p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
  signers = p7sign.signers
  p7enc = OpenSSL::PKCS7.new(p7sign.data)
  
  # Certificate Signing Request
  csr = p7enc.decrypt(SSL.key, SSL.certificate)
  
  # Signed Certificate
  cert = self.sign_certificate(csr)
  
  degenerate_pkcs7 = OpenSSL::PKCS7.new()
  degenerate_pkcs7.type="signed"
  degenerate_pkcs7.certificates=[cert]
  enc_cert = OpenSSL::PKCS7.encrypt(p7sign.certificates, degenerate_pkcs7.to_der, 
      OpenSSL::Cipher::Cipher::new("des-ede3-cbc"), OpenSSL::PKCS7::BINARY)
  reply = OpenSSL::PKCS7.sign(SSL.certificate, SSL.key, enc_cert.to_der, [], OpenSSL::PKCS7::BINARY)

  return Certificate.new(reply.to_der, "application/x-pki-message")        
end

.verify_response(raw_postback_data) ⇒ Object

# File 'lib/ios-cert-enrollment/sign.rb', line 46

def verify_response(raw_postback_data)
  p7sign = OpenSSL::PKCS7.new(raw_postback_data)
  store = OpenSSL::X509::Store.new
  p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY)
  return p7sign           
end

.verify_signer(p7sign) ⇒ Object

# File 'lib/ios-cert-enrollment/sign.rb', line 52

def verify_signer(p7sign)
  signers = p7sign.signers
  
  return (signers[0].issuer.to_s == SSL.certificate.subject.to_s)
end