Class: OmfCommon::Auth::Assertion

Inherits:

Object

Object
OmfCommon::Auth::Assertion

show all

Defined in:

omf_common/lib/omf_common/auth/assertion.rb

Instance Attribute Summary (collapse)

- (Object) content readonly

Returns the value of attribute content.
- (Object) iss readonly

Returns the value of attribute iss.
- (Object) type readonly

Returns the value of attribute type.

Class Method Summary (collapse)

+ (Object) generate(str, opts = {})

Factory method to generate new assertion.
+ (Object) parse(str, opts = {})

Parse from a serialised assertion.

Instance Method Summary (collapse)

- (Assertion) initialize(opts = {}) constructor private

A new instance of Assertion.
- (Object) to_s
- (Object) verify

Verify cert and sig validity.

Constructor Details

- (`Assertion`) initialize(opts = {}) (private)

Returns a new instance of Assertion

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 66

def initialize(opts = {})
  @type = opts[:type] || 'json'
  @iss = opts[:iss]
  # Signature of assertion content signed by issuer
  @sig = opts[:sig]
  @content = opts[:content]
end

Instance Attribute Details

- (`Object`) content (readonly)

Returns the value of attribute content



5
6
7

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def content
  @content
end

- (`Object`) iss (readonly)

Returns the value of attribute iss



5
6
7

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def iss
  @iss
end

- (`Object`) type (readonly)

Returns the value of attribute type



5
6
7

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def type
  @type
end

Class Method Details

+ (`Object`) generate(str, opts = {})

Factory method to generate new assertion

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 20

def self.generate(str, opts = {})
  raise 'Missing iss of assertion' if opts[:iss].nil?

  cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])

  raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?

  sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')

  new(opts.merge(content: str, sig: sig))
end

+ (`Object`) parse(str, opts = {})

Parse from a serialised assertion

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 9

def self.parse(str, opts = {})
  opts[:type] ||= 'json'

  case opts[:type]
  when 'json'
    new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
  end
end

Instance Method Details

- (`Object`) to_s

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 57

def to_s
  case @type
  when 'json'
    { type: @type, iss: @iss, sig: @sig, content: @content }.to_json
  end
end

- (`Object`) verify

Verify cert and sig validity

# File 'omf_common/lib/omf_common/auth/assertion.rb', line 34

def verify
  begin
    cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
  rescue MissingCertificateException => e
    return false
  end
  # Verify cert
  #
  unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
    warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
    return false
  end

  if cert.nil?
    warn "Certifcate of #{@iss} NOT found"
    return false
  end

  # Verify sig
  #
  cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
end

Class: OmfCommon::Auth::Assertion

Instance Attribute Summary (collapse)

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Assertion) initialize(opts = {}) (private)

Instance Attribute Details

- (Object) content (readonly)

- (Object) iss (readonly)

- (Object) type (readonly)