Class: OmfCommon::Auth::CertificateStore
- Inherits:
-
Object
- Object
- OmfCommon::Auth::CertificateStore
- Includes:
- MonitorMixin
- Defined in:
- omf_common/lib/omf_common/auth/certificate_store.rb
Constant Summary
- @@instance =
nil
Class Method Summary (collapse)
Instance Method Summary (collapse)
- - (Object) _set(name, certificate) private
- - (Object) cert_for(url)
-
- (CertificateStore) initialize(opts)
constructor
private
A new instance of CertificateStore.
- - (Object) register(certificate)
-
- (Object) register_default_certs(folder)
Load a set of CA certs into cert store from a given location.
- - (Object) register_trusted(certificate)
- - (Object) register_x509(cert_pem)
- - (Object) verify(cert)
Constructor Details
- (CertificateStore) initialize(opts) (private)
Returns a new instance of CertificateStore
106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 106 def initialize(opts) @x509_store = OpenSSL::X509::Store.new @intermediate_store = OpenSSL::X509::Store.new @certs = {} if store = opts[:store] else @store = {private: {}, public: {}} end @serial = 0 super() end |
Class Method Details
+ (Object) init(opts = {})
21 22 23 24 25 26 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 21 def self.init(opts = {}) if @@instance raise "CertificateStore already initialized" end @@instance = self.new(opts) end |
+ (Object) instance
28 29 30 31 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 28 def self.instance throw "CertificateStore not initialized" unless @@instance @@instance end |
Instance Method Details
- (Object) _set(name, certificate) (private)
120 121 122 123 124 125 126 127 128 129 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 120 def _set(name, certificate) if old = @certs[name] return if old.to_pem == certificate.to_pem warn "Overriding certificate '#{name}' - new: #{certificate.subject} old: #{old.subject}" end @certs[name] = certificate unless name.is_a? String _set(name.to_s, certificate) end end |
- (Object) cert_for(url)
75 76 77 78 79 80 81 82 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 75 def cert_for(url) # The key of @certs could be a OpenSSL::X509::Name instance unless (cert = @certs.find { |k, v| k.to_s == url.to_s }) warn "Unknown cert '#{url}'" raise MissingCertificateException.new(url) end cert[1] end |
- (Object) register(certificate)
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 48 def register(certificate) raise "Expected Certificate, but got '#{certificate.class}'" unless certificate.is_a? Certificate debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}" @@instance.synchronize do begin @intermediate_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e raise e unless e. == "cert already in hash table" end _set(certificate.subject, certificate) if rid = certificate.resource_id _set(rid, certificate) end certificate.addresses.each do |type, name| _set(name, certificate) end end end |
- (Object) register_default_certs(folder)
Load a set of CA certs into cert store from a given location
98 99 100 101 102 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 98 def register_default_certs(folder) Dir["#{folder}/*"].each do |cert| register_trusted(Certificate.create_from_pem(File.read(cert))) end end |
- (Object) register_trusted(certificate)
33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 33 def register_trusted(certificate) @@instance.synchronize do begin @x509_store.add_cert(certificate.to_x509) rescue OpenSSL::X509::StoreError => e if e. == "cert already in hash table" warn "X509 cert '#{certificate.subject}' already registered in X509 store" else raise e end end @certs[certificate.subject] ||= certificate end end |
- (Object) register_x509(cert_pem)
68 69 70 71 72 73 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 68 def register_x509(cert_pem) if (cert = Certificate.create_from_pem(cert_pem)) debug "REGISTERED #{cert}" register(cert) end end |
- (Object) verify(cert)
86 87 88 89 90 91 92 |
# File 'omf_common/lib/omf_common/auth/certificate_store.rb', line 86 def verify(cert) #puts "VERIFY: #{cert}::#{cert.class}}" cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert) warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result v_result end |