Class: OMF::SFA::AM::Credential

Inherits:
Base::LObject
  • Object
show all
Defined in:
lib/omf-sfa/am/credential.rb

Direct Known Subclasses

PrivilegeCredential

Constant Summary collapse

@@root_certs = 
certs.collect do |v|
  v = File.join(trusted_roots, v)
end
@@xmlsec = 
'xmlsec1'

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#owner_urnObject (readonly)

Returns the value of attribute owner_urn.



107
108
109
 
# File 'lib/omf-sfa/am/credential.rb', line 107

def owner_urn
  @owner_urn
end

#signer_urnObject (readonly)

Returns the value of attribute signer_urn.



109
110
111
 
# File 'lib/omf-sfa/am/credential.rb', line 109

def signer_urn
  @signer_urn
end

#target_urnObject (readonly)

Returns the value of attribute target_urn.



108
109
110
 
# File 'lib/omf-sfa/am/credential.rb', line 108

def target_urn
  @target_urn
end

#valid_untilObject (readonly)

Returns the value of attribute valid_until.



110
111
112
 
# File 'lib/omf-sfa/am/credential.rb', line 110

def valid_until
  @valid_until
end

Class Method Details

.unmarshall(xml_text) ⇒ Object

</signed-credential>



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/omf-sfa/am/credential.rb', line 47

def self.unmarshall(xml_text)
  signer_urn = verify_signed_xml(xml_text)
  cred = Nokogiri::XML.parse(xml_text)
  unless cred.root.name == 'signed-credential'
    raise "Expected 'signed-credential' but got '#{cred.root}'"
  end
  #puts @doc.to_xml
  unless (type_el =  cred.xpath('//credential/type')[0])
    raise "Credential doesn't contain 'type' element"
  end
  self.verify_type(type_el.content)
  
  #<owner_urn>urn:publicid:IDN+geni:gpo:gcf+user+alice</owner_urn>
  self.new(cred, signer_urn)
end

.verify_signed_xml(content) ⇒ Object

The xml content (provided as string) should contain a Signature tag.

Returns urn of signer if signature is valid, otherwise throw an exception



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/omf-sfa/am/credential.rb', line 68

def self.verify_signed_xml(content)
  tf = nil
  begin
    #debug "Verifying: ", content
    tf = Tempfile.open('omf-am-rpc')
    tf << content
    tf.close
    trusted_pems = @@root_certs.map do |r|
      "--trusted-pem #{r}"
    end.join(' ')
    cmd = "#{@@xmlsec} verify --enabled-key-data 'x509' #{trusted_pems} --print-xml-debug #{tf.path} 2> /dev/null"
    #cmd = "#{@@xmlsec} verify --trusted-pem #{@@root_certs} --print-xml-debug #{tf.path} 2> /dev/null"
    out = []
    result = nil
    IO.popen(cmd) do |so| 
      result = Nokogiri::XML.parse(so)
      #debug result
    end 
    unless (result.xpath('/VerificationContext')[0]['status'] == 'succeeded')
      raise OMF::SFA::AM::InsufficientPrivilegesException.new("Error: Signature doesn't verify")#\n#{@signature.to_xml}"
    end
      # <Certificate>
      #   <SubjectName>/CN=geni//gpo//gcf.authority.sa</SubjectName>
      #   <IssuerName>/CN=geni//gpo//gcf.authority.sa</IssuerName>
      #   <SerialNumber>3</SerialNumber>
      # </Certificate>        
    signer = result.xpath('//Certificate/SubjectName')[0].content
    debug "Signer of cert is '#{signer}'"
    return signer
  ensure
    tf.close! if tf
  end
end

.verify_type(type) ⇒ Object 



102
103
104
 
# File 'lib/omf-sfa/am/credential.rb', line 102

def self.verify_type(type)
  raise "Implement 'verify_type' in '#{self}'"
end

Instance Method Details

#valid_at?(time = Time.now) ⇒ Boolean

Returns:

  • (Boolean) 


112
113
114
115
 
# File 'lib/omf-sfa/am/credential.rb', line 112

def valid_at?(time = Time.now)
  #debug ">>>> #{valid_until}"
  time <= @valid_until     
end