Class: OmfCommon::Auth::Assertion

Inherits:
Object
  • Object
show all
Defined in:
omf_common/lib/omf_common/auth/assertion.rb

Instance Attribute Summary (collapse)

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Assertion) initialize(opts = {}) (private)

Returns a new instance of Assertion



66
67
68
69
70
71
72
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 66

def initialize(opts = {})
  @type = opts[:type] || 'json'
  @iss = opts[:iss]
  # Signature of assertion content signed by issuer
  @sig = opts[:sig]
  @content = opts[:content]
end

Instance Attribute Details

- (Object) content (readonly)

Returns the value of attribute content



5
6
7
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def content
  @content
end

- (Object) iss (readonly)

Returns the value of attribute iss



5
6
7
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def iss
  @iss
end

- (Object) type (readonly)

Returns the value of attribute type



5
6
7
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 5

def type
  @type
end

Class Method Details

+ (Object) generate(str, opts = {})

Factory method to generate new assertion



20
21
22
23
24
25
26
27
28
29
30
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 20

def self.generate(str, opts = {})
  raise 'Missing iss of assertion' if opts[:iss].nil?

  cert = OmfCommon::Auth::CertificateStore.instance.cert_for(opts[:iss])

  raise "Certifcate of #{opts[:iss]} NOT found" if cert.nil?

  sig = Base64.encode64(cert.key.sign(OpenSSL::Digest::SHA256.new(str), str)).encode('utf-8')

  new(opts.merge(content: str, sig: sig))
end

+ (Object) parse(str, opts = {})

Parse from a serialised assertion



9
10
11
12
13
14
15
16
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 9

def self.parse(str, opts = {})
  opts[:type] ||= 'json'

  case opts[:type]
  when 'json'
    new(JSON.parse(str, symbolize_names: true).merge(type: 'json'))
  end
end

Instance Method Details

- (Object) to_s



57
58
59
60
61
62
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 57

def to_s
  case @type
  when 'json'
    { type: @type, iss: @iss, sig: @sig, content: @content }.to_json
  end
end

- (Object) verify

Verify cert and sig validity



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'omf_common/lib/omf_common/auth/assertion.rb', line 34

def verify
  begin
    cert = OmfCommon::Auth::CertificateStore.instance.cert_for(@iss)
  rescue MissingCertificateException => e
    return false
  end
  # Verify cert
  #
  unless OmfCommon::Auth::CertificateStore.instance.verify(cert)
    warn "Invalid certificate '#{cert.to_s}', NOT signed by CA certs, or its CA cert NOT loaded into cert store."
    return false
  end

  if cert.nil?
    warn "Certifcate of #{@iss} NOT found"
    return false
  end

  # Verify sig
  #
  cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(@content), Base64.decode64(@sig), @content)
end