Class: OMF::SFA::AM::Credential
- Inherits:
-
Base::LObject
- Object
- Base::LObject
- OMF::SFA::AM::Credential
- Defined in:
- lib/omf-sfa/am/credential.rb
Direct Known Subclasses
Constant Summary collapse
- @@root_certs =
certs.collect do |v| v = File.join(trusted_roots, v) end
- @@xmlsec =
'xmlsec1'
Instance Attribute Summary collapse
-
#owner_urn ⇒ Object
readonly
Returns the value of attribute owner_urn.
-
#signer_urn ⇒ Object
readonly
Returns the value of attribute signer_urn.
-
#target_urn ⇒ Object
readonly
Returns the value of attribute target_urn.
-
#valid_until ⇒ Object
readonly
Returns the value of attribute valid_until.
Class Method Summary collapse
-
.unmarshall(xml_text) ⇒ Object
</signed-credential>.
-
.verify_signed_xml(content) ⇒ Object
The xml content (provided as string) should contain a Signature tag.
- .verify_type(type) ⇒ Object
Instance Method Summary collapse
Instance Attribute Details
#owner_urn ⇒ Object (readonly)
Returns the value of attribute owner_urn.
107 108 109 |
# File 'lib/omf-sfa/am/credential.rb', line 107 def owner_urn @owner_urn end |
#signer_urn ⇒ Object (readonly)
Returns the value of attribute signer_urn.
109 110 111 |
# File 'lib/omf-sfa/am/credential.rb', line 109 def signer_urn @signer_urn end |
#target_urn ⇒ Object (readonly)
Returns the value of attribute target_urn.
108 109 110 |
# File 'lib/omf-sfa/am/credential.rb', line 108 def target_urn @target_urn end |
#valid_until ⇒ Object (readonly)
Returns the value of attribute valid_until.
110 111 112 |
# File 'lib/omf-sfa/am/credential.rb', line 110 def valid_until @valid_until end |
Class Method Details
.unmarshall(xml_text) ⇒ Object
</signed-credential>
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/omf-sfa/am/credential.rb', line 47 def self.unmarshall(xml_text) signer_urn = verify_signed_xml(xml_text) cred = Nokogiri::XML.parse(xml_text) unless cred.root.name == 'signed-credential' raise "Expected 'signed-credential' but got '#{cred.root}'" end #puts @doc.to_xml unless (type_el = cred.xpath('//credential/type')[0]) raise "Credential doesn't contain 'type' element" end self.verify_type(type_el.content) #<owner_urn>urn:publicid:IDN+geni:gpo:gcf+user+alice</owner_urn> self.new(cred, signer_urn) end |
.verify_signed_xml(content) ⇒ Object
The xml content (provided as string) should contain a Signature tag.
Returns urn of signer if signature is valid, otherwise throw an exception
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/omf-sfa/am/credential.rb', line 68 def self.verify_signed_xml(content) tf = nil begin #debug "Verifying: ", content tf = Tempfile.open('omf-am-rpc') tf << content tf.close trusted_pems = @@root_certs.map do |r| "--trusted-pem #{r}" end.join(' ') cmd = "#{@@xmlsec} verify --enabled-key-data 'x509' #{trusted_pems} --print-xml-debug #{tf.path} 2> /dev/null" #cmd = "#{@@xmlsec} verify --trusted-pem #{@@root_certs} --print-xml-debug #{tf.path} 2> /dev/null" out = [] result = nil IO.popen(cmd) do |so| result = Nokogiri::XML.parse(so) #debug result end unless (result.xpath('/VerificationContext')[0]['status'] == 'succeeded') raise OMF::SFA::AM::InsufficientPrivilegesException.new("Error: Signature doesn't verify")#\n#{@signature.to_xml}" end # <Certificate> # <SubjectName>/CN=geni//gpo//gcf.authority.sa</SubjectName> # <IssuerName>/CN=geni//gpo//gcf.authority.sa</IssuerName> # <SerialNumber>3</SerialNumber> # </Certificate> signer = result.xpath('//Certificate/SubjectName')[0].content debug "Signer of cert is '#{signer}'" return signer ensure tf.close! if tf end end |
.verify_type(type) ⇒ Object
102 103 104 |
# File 'lib/omf-sfa/am/credential.rb', line 102 def self.verify_type(type) raise "Implement 'verify_type' in '#{self}'" end |
Instance Method Details
#valid_at?(time = Time.now) ⇒ Boolean
112 113 114 115 |
# File 'lib/omf-sfa/am/credential.rb', line 112 def valid_at?(time = Time.now) #debug ">>>> #{valid_until}" time <= @valid_until end |