Class: X509CertificateCredentialsValidator
- Inherits:
-
ActiveModel::Validator
- Object
- ActiveModel::Validator
- X509CertificateCredentialsValidator
- Defined in:
- app/validators/x509_certificate_credentials_validator.rb
Overview
X509CertificateCredentialsValidator
Custom validator to check if certificate-attribute was signed using the private key stored in an attrebute.
This can be used as an ‘ActiveModel::Validator` as follows:
validates_with X509CertificateCredentialsValidator,
certificate: :client_certificate,
pkey: :decrypted_private_key,
pass: :decrypted_passphrase
Required attributes:
-
certificate: The name of the accessor that returns the certificate to check
-
pkey: The name of the accessor that returns the private key
Optional:
-
pass: The name of the accessor that returns the passphrase to decrypt the
private key
Instance Method Summary collapse
-
#initialize(*args) ⇒ X509CertificateCredentialsValidator
constructor
A new instance of X509CertificateCredentialsValidator.
- #validate(record) ⇒ Object
Constructor Details
#initialize(*args) ⇒ X509CertificateCredentialsValidator
Returns a new instance of X509CertificateCredentialsValidator.
23 24 25 26 27 28 29 30 31 |
# File 'app/validators/x509_certificate_credentials_validator.rb', line 23 def initialize(*args) super # We can't validate if we don't have a private key or certificate attributes # in which case this validator is useless. if [:pkey].nil? || [:certificate].nil? raise 'Provide at least `certificate` and `pkey` attribute names' end end |
Instance Method Details
#validate(record) ⇒ Object
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'app/validators/x509_certificate_credentials_validator.rb', line 33 def validate(record) unless certificate = read_certificate(record) record.errors.add([:certificate], _('is not a valid X509 certificate.')) end unless private_key = read_private_key(record) record.errors.add([:pkey], _('could not read private key, is the passphrase correct?')) end return if private_key.nil? || certificate.nil? unless certificate.check_private_key(private_key) record.errors.add([:pkey], _('private key does not match certificate.')) end end |