Class: Rails::Auth::X509::Middleware

Inherits:

Object

Object
Rails::Auth::X509::Middleware

Defined in:: lib/rails/auth/x509/middleware.rb

Overview

Validates X.509 client certificates and adds credential objects for valid clients to the rack environment as env[“x509”]

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app, ca_file: nil, cert_filters: {}, logger: nil, require_cert: false, truststore: nil) ⇒ Rails::Auth::X509::Middleware constructor

Create a new X.509 Middleware object.

Constructor Details

#initialize(app, ca_file: nil, cert_filters: {}, logger: nil, require_cert: false, truststore: nil) ⇒ `Rails::Auth::X509::Middleware`

Create a new X.509 Middleware object

Parameters:

app (Object) —

next app in the Rack middleware chain
ca_file (String) (defaults to: nil) —

path to the CA bundle to verify client certs with
cert_filters (Hash) (defaults to: {}) —

maps Rack environment names to cert extractors
logger (Logger) (defaults to: nil) —

place to log verification successes & failures
require_cert (Boolean) (defaults to: false) —

causes middleware to raise if certs are unverified
truststore (OpenSSL::X509::Store) (defaults to: nil) —

(optional) provide your own truststore (for e.g. CRLs)

Raises:

(ArgumentError)

# File 'lib/rails/auth/x509/middleware.rb', line 22

def initialize(app, ca_file: nil, cert_filters: {}, logger: nil, require_cert: false, truststore: nil)
  raise ArgumentError, "no ca_file or truststore given" unless ca_file || truststore

  @app          = app
  @cert_filters = cert_filters
  @logger       = logger
  @require_cert = require_cert
  @truststore   = truststore || OpenSSL::X509::Store.new.add_file(ca_file)

  @cert_filters.each do |key, filter|
    next unless filter.is_a?(Symbol)

    # Convert snake_case to CamelCase
    filter_name = filter.to_s.split("_").map(&:capitalize).join

    # Shortcut syntax for symbols
    @cert_filters[key] = Rails::Auth::X509::Filter.const_get(filter_name).new
  end
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/rails/auth/x509/middleware.rb', line 42

def call(env)
  credential = extract_credential(env)
  Rails::Auth.add_credential(env, "x509", credential.freeze) if credential

  @app.call(env)
end

Class: Rails::Auth::X509::Middleware

Overview

Instance Method Summary collapse

Constructor Details

#initialize(app, ca_file: nil, cert_filters: {}, logger: nil, require_cert: false, truststore: nil) ⇒ Rails::Auth::X509::Middleware

Instance Method Details

#call(env) ⇒ Object

#initialize(app, ca_file: nil, cert_filters: {}, logger: nil, require_cert: false, truststore: nil) ⇒ `Rails::Auth::X509::Middleware`

#call(env) ⇒ `Object`