Class: RightScale::Signature

Inherits:

Object

• Object
• RightScale::Signature

Defined in:

lib/right_agent/security/signature.rb

Overview

Signature that can be validated against certificates

Constant Summary

FLAGS =

OpenSSL::PKCS7::NOCERTS || OpenSSL::PKCS7::BINARY || OpenSSL::PKCS7::NOATTR || OpenSSL::PKCS7::NOSMIMECAP || OpenSSL::PKCS7::DETACH

Class Method Summary

• .from_data(data) ⇒ Object

  Load signature from previously serialized data.

Instance Method Summary

• #data(format = :pem) ⇒ Object (also: #to_s)

  Signature data in PEM or DER format.

• #initialize(data, cert, key) ⇒ Signature constructor

  Create signature using certificate and key pair.

• #match?(cert) ⇒ Boolean

  Check whether signature was created using cert.

Constructor Details

#initialize(data, cert, key) ⇒ Signature

Create signature using certificate and key pair.

Parameters

data(String)

Data to be signed

cert(Certificate)

Certificate used for signature

key(RsaKeyPair)

Key pair used for signature

# File 'lib/right_agent/security/signature.rb', line 42

def initialize(data, cert, key)
  @p7 = OpenSSL::PKCS7.sign(cert.raw_cert, key.raw_key, data, [], FLAGS)
  @store = OpenSSL::X509::Store.new
end

Class Method Details

.from_data(data) ⇒ Object

Load signature from previously serialized data

Parameters

data(String)

Serialized data

Return

sig(Signature)

Signature for data

# File 'lib/right_agent/security/signature.rb', line 54

def self.from_data(data)
  sig = Signature.allocate
  sig.instance_variable_set(:@p7, RightScale::PKCS7.new(data))
  sig.instance_variable_set(:@store, OpenSSL::X509::Store.new)
  sig
end

Instance Method Details

#data(format = :pem) ⇒ Object Also known as: to_s

Signature data in PEM or DER format

Parameters

format(Symbol)

Encode format: :pem or :der, defaults to :pem

Return

(String)

Signature

# File 'lib/right_agent/security/signature.rb', line 79

def data(format = :pem)
  format == :pem ? @p7.to_pem : @p7.to_der
end

#match?(cert) ⇒ Boolean

Check whether signature was created using cert

Parameters

cert(Certificate)

Certificate

Return

(Boolean)

true if created using given cert, otherwise false

Returns:

• (Boolean)

# File 'lib/right_agent/security/signature.rb', line 68

def match?(cert)
  @p7.verify([cert.raw_cert], @store, nil, OpenSSL::PKCS7::NOVERIFY)
end