Class: Nanite::Signature

Inherits:

Object

Object
Nanite::Signature

show all

Defined in:: lib/nanite/security/signature.rb

Overview

Signature that can be validated against certificates

Constant Summary collapse

FLAGS =

OpenSSL::PKCS7::NOCERTS || OpenSSL::PKCS7::BINARY || OpenSSL::PKCS7::NOATTR || OpenSSL::PKCS7::NOSMIMECAP || OpenSSL::PKCS7::DETACH

Class Method Summary collapse

.from_data(data) ⇒ Object

Load signature previously serialized via ‘data’.

Instance Method Summary collapse

#data ⇒ Object (also: #to_s)

Signature in PEM format.
#initialize(data, cert, key) ⇒ Signature constructor

Create signature using certificate and key pair.
#match?(cert) ⇒ Boolean

‘true’ if signature was created using given cert, ‘false’ otherwise.

Constructor Details

#initialize(data, cert, key) ⇒ `Signature`

Create signature using certificate and key pair.

Arguments:

- 'data': Data to be signed
- 'cert': Certificate used for signature
- 'key':  RsaKeyPair used for signature

# File 'lib/nanite/security/signature.rb', line 21

def initialize(data, cert, key)
  @p7 = OpenSSL::PKCS7.sign(cert.raw_cert, key.raw_key, data, [], FLAGS)
  @store = OpenSSL::X509::Store.new
end

Class Method Details

.from_data(data) ⇒ `Object`

Load signature previously serialized via ‘data’

# File 'lib/nanite/security/signature.rb', line 27

def self.from_data(data)
  sig = Signature.allocate
  sig.instance_variable_set(:@p7, Nanite::PKCS7.new(data))
  sig.instance_variable_set(:@store, OpenSSL::X509::Store.new)
  sig
end

Instance Method Details

#data ⇒ `Object` Also known as: to_s

Signature in PEM format



40
41
42

# File 'lib/nanite/security/signature.rb', line 40

def data
  @p7.to_pem
end

#match?(cert) ⇒ `Boolean`

‘true’ if signature was created using given cert, ‘false’ otherwise

Returns:

(Boolean)



35
36
37

# File 'lib/nanite/security/signature.rb', line 35

def match?(cert)
  @p7.verify([cert.raw_cert], @store, nil, OpenSSL::PKCS7::NOVERIFY)
end