Class: OmfCommon::Auth::Assertion

Inherits:

Object

Object
OmfCommon::Auth::Assertion

show all

Defined in:: lib/omf_common/auth/assertion.rb

Instance Attribute Summary collapse

#content ⇒ Object readonly

Returns the value of attribute content.
#iss ⇒ Object readonly

Returns the value of attribute iss.
#type ⇒ Object readonly

Returns the value of attribute type.

Class Method Summary collapse

.generate(str, opts = {}) ⇒ Object

Factory method to generate new assertion.
.parse(str, opts = {}) ⇒ Object

Parse from a serialised assertion.

Instance Method Summary collapse

#to_s ⇒ Object
#verify ⇒ Object

Verify cert and sig validity.

Instance Attribute Details

#content ⇒ `Object` (readonly)

Returns the value of attribute content.



5
6
7

# File 'lib/omf_common/auth/assertion.rb', line 5

def content
  @content
end

#iss ⇒ `Object` (readonly)

Returns the value of attribute iss.



5
6
7

# File 'lib/omf_common/auth/assertion.rb', line 5

def iss
  @iss
end

#type ⇒ `Object` (readonly)

Returns the value of attribute type.



5
6
7

# File 'lib/omf_common/auth/assertion.rb', line 5

def type
  @type
end

Class Method Details

.generate(str, opts = {}) ⇒ `Object`

Factory method to generate new assertion

# File 'lib/omf_common/auth/assertion.rb', line 20

def self.generate(str, opts = {})
  raise 'Missing iss of assertion' if opts[:iss].nil?

  cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])

  raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?

  sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')

  new(opts.merge(content: str, sig: sig))
end

.parse(str, opts = {}) ⇒ `Object`

Parse from a serialised assertion

# File 'lib/omf_common/auth/assertion.rb', line 9

def self.parse(str, opts = {})
  opts[:type] ||= 'json'

  case opts[:type]
  when 'json'
    new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
  end
end

Instance Method Details

#to_s ⇒ `Object`

# File 'lib/omf_common/auth/assertion.rb', line 57

def to_s
  case @type
  when 'json'
    { type: @type, iss: @iss, sig: @sig, content: @content }.to_json
  end
end

#verify ⇒ `Object`

Verify cert and sig validity

# File 'lib/omf_common/auth/assertion.rb', line 34

def verify
  begin
    cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
  rescue MissingCertificateException => e
    return false
  end
  # Verify cert
  #
  unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
    warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
    return false
  end

  if cert.nil?
    warn "Certifcate of #{@iss} NOT found"
    return false
  end

  # Verify sig
  #
  cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
end

Class: OmfCommon::Auth::Assertion

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#content ⇒ Object (readonly)

#iss ⇒ Object (readonly)

#type ⇒ Object (readonly)

Class Method Details

.generate(str, opts = {}) ⇒ Object

.parse(str, opts = {}) ⇒ Object