Class: Occi::Api::Client::AuthnUtils

Inherits:
Object
  • Object
show all
Defined in:
lib/occi/api/client/http/authn_utils.rb

Class Method Summary collapse

Class Method Details

.certs_to_file_ary(ca_file) ⇒ Array<String>

Reads X.509 certificates from a file to an array.

Examples:

certs_to_file_ary "~/.globus/usercert.pem"
  # => [#<String>, #<String>, ...]

Parameters:

  • Path (String)

    to a PEM file containing certificates

Returns:

  • (Array<String>)

    An array of read certificates


74
75
76
77
# File 'lib/occi/api/client/http/authn_utils.rb', line 74

def self.certs_to_file_ary(ca_file)
  # TODO: read and separate multiple certificates
  [] << File.open(ca_file).read
end

.extract_pem_from_pkcs12(path_to_p12_file, p12_password) ⇒ String

Reads credentials from a PKCS#12 compliant file. Returns X.509 certificate and decrypted private key in PEM formatted string.

Examples:

extract_pem_from_pkcs12 "~/.globus/usercert.p12", "123456"
  # => #<String>

Parameters:

  • Path (String)

    to a PKCS#12 file with credentials

  • Password (String)

    needed to unlock the PKCS#12 file

Returns:

  • (String)

    Decrypted credentials in a PEM formatted string


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/occi/api/client/http/authn_utils.rb', line 23

def self.extract_pem_from_pkcs12(path_to_p12_file, p12_password)
  # decode certificate and its private key
  pem_from_pkcs12 = ""
  if defined? JRUBY_VERSION
    # Java-based Ruby, read PKCS12 manually
    # using KeyStore
    keystore = Java::JavaSecurity::KeyStore.getInstance("PKCS12")
    p12_input_stream = Java::JavaIo::FileInputStream.new(path_to_p12_file)
    pass_char_array = Java::JavaLang::String.new(p12_password).to_char_array

    # load and unlock PKCS#12 store
    keystore.load p12_input_stream, pass_char_array

    # read the first certificate and PK
    cert = keystore.getCertificate("1")
    pk = keystore.getKey("1", pass_char_array)

    pem_from_pkcs12 << "-----BEGIN CERTIFICATE-----\n"
    pem_from_pkcs12 << Java::JavaxXmlBind::DatatypeConverter.printBase64Binary(cert.getEncoded())
    pem_from_pkcs12 << "\n-----END CERTIFICATE-----"

    pem_from_pkcs12 << "\n"

    pem_from_pkcs12 << "-----BEGIN PRIVATE KEY-----\n"
    pem_from_pkcs12 << Java::JavaxXmlBind::DatatypeConverter.printBase64Binary(pk.getEncoded())
    pem_from_pkcs12 << "\n-----END PRIVATE KEY-----"
  else
    # C-based Ruby, use OpenSSL::PKCS12
    pkcs12 = OpenSSL::PKCS12.new(
      File.open(
        path_to_p12_file,
        'rb'
      ),
      p12_password
    )

    # store cert and private key in a single PEM formatted string
    pem_from_pkcs12 << pkcs12.certificate.to_pem << pkcs12.key.to_pem
  end

  pem_from_pkcs12
end