Class: RightScale::Signature
- Defined in:
- lib/right_agent/security/signature.rb
Overview
Signature that can be validated against certificates
Constant Summary collapse
- FLAGS =
OpenSSL::PKCS7::NOCERTS || OpenSSL::PKCS7::BINARY || OpenSSL::PKCS7::NOATTR || OpenSSL::PKCS7::NOSMIMECAP || OpenSSL::PKCS7::DETACH
Class Method Summary collapse
-
.from_data(data) ⇒ Object
Load signature from previously serialized data.
Instance Method Summary collapse
-
#data(format = :pem) ⇒ Object
(also: #to_s)
Signature data in PEM or DER format.
-
#initialize(data, cert, key) ⇒ Signature
constructor
Create signature using certificate and key pair.
-
#match?(cert) ⇒ Boolean
Check whether signature was created using cert.
Constructor Details
#initialize(data, cert, key) ⇒ Signature
Create signature using certificate and key pair.
Parameters
- data(String)
-
Data to be signed
- cert(Certificate)
-
Certificate used for signature
- key(RsaKeyPair)
-
Key pair used for signature
42 43 44 45 |
# File 'lib/right_agent/security/signature.rb', line 42 def initialize(data, cert, key) @p7 = OpenSSL::PKCS7.sign(cert.raw_cert, key.raw_key, data, [], FLAGS) @store = OpenSSL::X509::Store.new end |
Class Method Details
.from_data(data) ⇒ Object
Load signature from previously serialized data
Parameters
- data(String)
-
Serialized data
Return
- sig(Signature)
-
Signature for data
54 55 56 57 58 59 |
# File 'lib/right_agent/security/signature.rb', line 54 def self.from_data(data) sig = Signature.allocate sig.instance_variable_set(:@p7, RightScale::PKCS7.new(data)) sig.instance_variable_set(:@store, OpenSSL::X509::Store.new) sig end |
Instance Method Details
#data(format = :pem) ⇒ Object Also known as: to_s
Signature data in PEM or DER format
Parameters
- format(Symbol)
-
Encode format: :pem or :der, defaults to :pem
Return
- (String)
-
Signature
79 80 81 |
# File 'lib/right_agent/security/signature.rb', line 79 def data(format = :pem) format == :pem ? @p7.to_pem : @p7.to_der end |
#match?(cert) ⇒ Boolean
Check whether signature was created using cert
Parameters
- cert(Certificate)
-
Certificate
Return
- (Boolean)
-
true if created using given cert, otherwise false
68 69 70 |
# File 'lib/right_agent/security/signature.rb', line 68 def match?(cert) @p7.verify([cert.raw_cert], @store, nil, OpenSSL::PKCS7::NOVERIFY) end |