Sha256: 063863c195818e207ade70797dc2b325a331be8e3a29cdf0762e13b9c2d189f9
Contents?: true
Size: 1.69 KB
Versions: 1
Compression:
Stored size: 1.69 KB
Contents
# frozen_string_literal: true
module RubyScep
class PkiOperation
class << self
# @param raw_csr [String] The binary encoded CSR
# @return pki_message [PkiMessage], PkiMessage with the following attributes set:
# @enrollment_response: represented in an OpenSSL::ASN1 structure containing the
# device's MDM certificate to be installed
# @device_certificate: the certificate the device will use to identify itself to the MDM server
def build_response(raw_csr)
pki_message = parse_pki_message(raw_csr)
csr = decrypt_pki_envelope(pki_message)
pki_message.build_enrollment_response!(csr)
pki_message
end
private
# @param raw_csr [String] The binary encoded CSR
# @return [RubyScep::PkiMessage], containing the CSR info
def parse_pki_message(raw_csr)
p7 = OpenSSL::PKCS7.new(raw_csr)
flags = OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOVERIFY
# OpenSSL::PKCS7::NOVERIFY is necessary otherwise the verify step fails
p7.verify(nil, RubyScep.configuration.certificates_store, nil, flags) # necessary to populate the p7 data field
asn1 = OpenSSL::ASN1.decode(p7.to_der)
PkiMessage.new(asn1, p7)
end
# @param pki_message [RubyScep::PkiMessage] The PkiMessage containing the CSR info sent by the iOS device
# @return [OpenSSL::X509::Request], the decrypted CSR
def decrypt_pki_envelope(pki_message)
encrypted_p7 = OpenSSL::PKCS7.new(pki_message.p7.data)
raw_csr = encrypted_p7.decrypt(RubyScep.configuration.ca_key, RubyScep.configuration.ca, OpenSSL::PKCS7::BINARY)
OpenSSL::X509::Request.new(raw_csr)
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| ruby_scep-0.2.1 | lib/ruby_scep/pki_operation.rb |