Class: UnionPei::CertUtil
- Inherits:
-
Object
- Object
- UnionPei::CertUtil
- Defined in:
- lib/unionpei/cert_util.rb
Constant Summary collapse
- @@signCerts =
{}
- @@encryptCert =
{}
- @@verifyCerts =
5.0.0验签证书,key是certId
{}
- @@verifyCerts5_1_0 =
5.1.0验签证书,key是base64的证书内容
{}
- @@middleCert =
nil- @@rootCert =
nil
Class Method Summary collapse
- .getDecryptPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
- .getEncryptCertId(certPath = SDKConfig.instance.encryptCertPath) ⇒ Object
- .getEncryptKey(certPath = SDKConfig.instance.encryptCertPath) ⇒ Object
- .getSignCertId(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
- .getSignPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
- .getX509Cert(strCert) ⇒ Object
- .resetEncryptCertPublicKey ⇒ Object
- .verifyAndGetVerifyKey(certBase64String) ⇒ Object
Class Method Details
.getDecryptPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
179 180 181 182 183 184 |
# File 'lib/unionpei/cert_util.rb', line 179 def CertUtil.getDecryptPriKey(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd) if !@@signCerts[certPath] CertUtil.initSignCert(certPath, certPwd) end @@signCerts[certPath].key end |
.getEncryptCertId(certPath = SDKConfig.instance.encryptCertPath) ⇒ Object
113 114 115 116 117 118 |
# File 'lib/unionpei/cert_util.rb', line 113 def CertUtil.getEncryptCertId(certPath=SDKConfig.instance.encryptCertPath) if !@@encryptCert[certPath] CertUtil.initEncryptCert(certPath) end @@encryptCert[certPath].certId end |
.getEncryptKey(certPath = SDKConfig.instance.encryptCertPath) ⇒ Object
106 107 108 109 110 111 |
# File 'lib/unionpei/cert_util.rb', line 106 def CertUtil.getEncryptKey(certPath=SDKConfig.instance.encryptCertPath) if !@@encryptCert[certPath] CertUtil.initEncryptCert(certPath) end @@encryptCert[certPath].key end |
.getSignCertId(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
99 100 101 102 103 104 |
# File 'lib/unionpei/cert_util.rb', line 99 def CertUtil.getSignCertId(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd) if !@@signCerts[certPath] CertUtil.initSignCert(certPath, certPwd) end @@signCerts[certPath].certId end |
.getSignPriKey(certPath = SDKConfig.instance.signCertPath, certPwd = SDKConfig.instance.signCertPwd) ⇒ Object
92 93 94 95 96 97 |
# File 'lib/unionpei/cert_util.rb', line 92 def CertUtil.getSignPriKey(certPath=SDKConfig.instance.signCertPath, certPwd=SDKConfig.instance.signCertPwd) if !@@signCerts[certPath] CertUtil.initSignCert(certPath, certPwd) end @@signCerts[certPath].key end |
.getX509Cert(strCert) ⇒ Object
191 192 193 |
# File 'lib/unionpei/cert_util.rb', line 191 def CertUtil.getX509Cert(strCert) OpenSSL::X509::Certificate.new(strCert) end |
.resetEncryptCertPublicKey ⇒ Object
186 187 188 189 |
# File 'lib/unionpei/cert_util.rb', line 186 def CertUtil.resetEncryptCertPublicKey() @@encryptCert = {} CertUtil.initEncryptCert end |
.verifyAndGetVerifyKey(certBase64String) ⇒ Object
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
# File 'lib/unionpei/cert_util.rb', line 120 def CertUtil.verifyAndGetVerifyKey(certBase64String) if @@verifyCerts5_1_0[certBase64String] return @@verifyCerts5_1_0[certBase64String].key end initMiddleCert initRootCert x509Cert = OpenSSL::X509::Certificate.new(certBase64String) cert = Cert.new cert.cert = x509Cert cert.certId = x509Cert.serial.to_s cert.key = x509Cert.public_key store = OpenSSL::X509::Store.new store.purpose = OpenSSL::X509::PURPOSE_ANY store.add_cert(x509Cert) store.add_cert(@@middleCert) store.add_cert(@@rootCert) if !store.verify(x509Cert) LogUtil.error("validate signPubKeyCert by cert chain failed, error=" + store.error + ", error string=" + store.error_string) return nil end sSubject = x509Cert.subject.to_s ss = sSubject.split("@") if ss.length <= 2 LogUtil.error("error sSubject: " + sSubject) return nil end cn = ss[2]; if SDKConfig.instance.ifValidateCNName if UNIONPAY_CNNAME != cn LogUtil.error("cer owner is not CUP:" + cn) return nil elsif UNIONPAY_CNNAME != cn and cn != "00040000:SIGN" #测试环境目前是00040000:SIGN LogUtil.error("cer owner is not CUP:" + cn) return nil end end LogUtil.info("validate signPubKeyCert by cert succeed: " + certBase64String) @@verifyCerts5_1_0[certBase64String] = cert; return @@verifyCerts5_1_0[certBase64String].key # 用bc的jar用中级证书验证可以单独验时间,然后再用中级证书验一下,但为了和谐统一,目前改store验证书链验证了。 # if Time.new<x509Cert.not_before or Time.new>x509Cert.not_after # LogUtil..info("verifyPubKeyCert has expired") # return nil # end # if x509Cert.verify(@@middleKey) # return x509Cert.public_key # else # LogUtil.info("validate signPubKeyCert by rootCert failed") # return nil # end end |