Class: Gitlab::X509::Certificate
- Inherits:
-
Object
- Object
- Gitlab::X509::Certificate
- Extended by:
- Utils::StrongMemoize
- Defined in:
- lib/gitlab/x509/certificate.rb
Constant Summary collapse
- CERT_REGEX =
/-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/
Instance Attribute Summary collapse
-
#ca_certs ⇒ Object
readonly
Returns the value of attribute ca_certs.
-
#cert ⇒ Object
readonly
Returns the value of attribute cert.
-
#key ⇒ Object
readonly
Returns the value of attribute key.
Class Method Summary collapse
-
.ca_certs_bundle ⇒ Object
Returns a concatenated array of Strings, each being a PEM-coded CA certificate.
-
.ca_certs_paths ⇒ Object
Returns all top-level, readable files in the default CA cert directory.
- .default_cert_dir ⇒ Object
- .default_cert_file ⇒ Object
- .from_files(key_path, cert_path, ca_certs_path = nil) ⇒ Object
- .from_strings(key_string, cert_string, ca_certs_string = nil) ⇒ Object
-
.load_ca_certs_bundle(ca_certs_string) ⇒ Object
Returns an array of OpenSSL::X509::Certificate objects, empty array if none found.
- .reset_ca_certs_bundle ⇒ Object
- .reset_default_cert_paths ⇒ Object
Instance Method Summary collapse
- #ca_certs_string ⇒ Object
- #cert_string ⇒ Object
-
#initialize(key, cert, ca_certs = nil) ⇒ Certificate
constructor
A new instance of Certificate.
- #key_string ⇒ Object
Constructor Details
#initialize(key, cert, ca_certs = nil) ⇒ Certificate
Returns a new instance of Certificate.
94 95 96 97 98 |
# File 'lib/gitlab/x509/certificate.rb', line 94 def initialize(key, cert, ca_certs = nil) @key = key @cert = cert @ca_certs = ca_certs end |
Instance Attribute Details
#ca_certs ⇒ Object (readonly)
Returns the value of attribute ca_certs.
8 9 10 |
# File 'lib/gitlab/x509/certificate.rb', line 8 def ca_certs @ca_certs end |
#cert ⇒ Object (readonly)
Returns the value of attribute cert.
8 9 10 |
# File 'lib/gitlab/x509/certificate.rb', line 8 def cert @cert end |
#key ⇒ Object (readonly)
Returns the value of attribute key.
8 9 10 |
# File 'lib/gitlab/x509/certificate.rb', line 8 def key @key end |
Class Method Details
.ca_certs_bundle ⇒ Object
Returns a concatenated array of Strings, each being a PEM-coded CA certificate.
62 63 64 65 66 67 68 69 70 |
# File 'lib/gitlab/x509/certificate.rb', line 62 def self.ca_certs_bundle strong_memoize(:ca_certs_bundle) do ca_certs_paths.flat_map do |cert_file| load_ca_certs_bundle(File.read(cert_file)) rescue OpenSSL::OpenSSLError => e Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file) end.uniq.join("\n") end end |
.ca_certs_paths ⇒ Object
Returns all top-level, readable files in the default CA cert directory
53 54 55 56 57 58 59 |
# File 'lib/gitlab/x509/certificate.rb', line 53 def self.ca_certs_paths cert_paths = Dir["#{default_cert_dir}/*"].select do |path| !File.directory?(path) && File.readable?(path) end cert_paths << default_cert_file if File.exist? default_cert_file cert_paths end |
.default_cert_dir ⇒ Object
26 27 28 29 30 |
# File 'lib/gitlab/x509/certificate.rb', line 26 def self.default_cert_dir strong_memoize(:default_cert_dir) do ENV.fetch('SSL_CERT_DIR', OpenSSL::X509::DEFAULT_CERT_DIR) end end |
.default_cert_file ⇒ Object
32 33 34 35 36 |
# File 'lib/gitlab/x509/certificate.rb', line 32 def self.default_cert_file strong_memoize(:default_cert_file) do ENV.fetch('SSL_CERT_FILE', OpenSSL::X509::DEFAULT_CERT_FILE) end end |
.from_files(key_path, cert_path, ca_certs_path = nil) ⇒ Object
46 47 48 49 50 |
# File 'lib/gitlab/x509/certificate.rb', line 46 def self.from_files(key_path, cert_path, ca_certs_path = nil) ca_certs_string = File.read(ca_certs_path) if ca_certs_path from_strings(File.read(key_path), File.read(cert_path), ca_certs_string) end |
.from_strings(key_string, cert_string, ca_certs_string = nil) ⇒ Object
38 39 40 41 42 43 44 |
# File 'lib/gitlab/x509/certificate.rb', line 38 def self.from_strings(key_string, cert_string, ca_certs_string = nil) key = OpenSSL::PKey::RSA.new(key_string) cert = OpenSSL::X509::Certificate.new(cert_string) ca_certs = load_ca_certs_bundle(ca_certs_string) new(key, cert, ca_certs) end |
.load_ca_certs_bundle(ca_certs_string) ⇒ Object
Returns an array of OpenSSL::X509::Certificate objects, empty array if none found
Ruby OpenSSL::X509::Certificate.new will only load the first certificate if a bundle is presented, this allows to parse multiple certs in the same file
86 87 88 89 90 91 92 |
# File 'lib/gitlab/x509/certificate.rb', line 86 def self.load_ca_certs_bundle(ca_certs_string) return [] unless ca_certs_string ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string| OpenSSL::X509::Certificate.new(ca_cert_string) end end |
.reset_ca_certs_bundle ⇒ Object
72 73 74 |
# File 'lib/gitlab/x509/certificate.rb', line 72 def self.reset_ca_certs_bundle clear_memoization(:ca_certs_bundle) end |
.reset_default_cert_paths ⇒ Object
76 77 78 79 |
# File 'lib/gitlab/x509/certificate.rb', line 76 def self.reset_default_cert_paths clear_memoization(:default_cert_dir) clear_memoization(:default_cert_file) end |
Instance Method Details
#ca_certs_string ⇒ Object
18 19 20 |
# File 'lib/gitlab/x509/certificate.rb', line 18 def ca_certs_string ca_certs.map(&:to_pem).join('\n') unless ca_certs.blank? end |
#cert_string ⇒ Object
14 15 16 |
# File 'lib/gitlab/x509/certificate.rb', line 14 def cert_string cert.to_pem end |
#key_string ⇒ Object
10 11 12 |
# File 'lib/gitlab/x509/certificate.rb', line 10 def key_string key.to_s end |