Sha256: 218e2a6ee926b27908a378af418953eedef850852347a7908bfa7dae1a28a2cf
Contents?: true
Size: 1.71 KB
Versions: 1
Compression:
Stored size: 1.71 KB
Contents
# frozen_string_literal: true module RubyScep class PkiOperation class << self # @param raw_csr [String] The binary encoded CSR # @return DER-encoded [String], PkiMessage represented in an OpenSSL::ASN1 structure containing the # device's MDM certificate to be installed def build_response(raw_csr) pki_message = parse_pki_message(raw_csr) csr = decrypt_pki_envelope(pki_message) pki_message.build_enrollment_response(csr) end private # @param raw_csr [String] The binary encoded CSR # @return [RubyScep::PkiMessage], containing the CSR info def parse_pki_message(raw_csr) p7 = OpenSSL::PKCS7.new(raw_csr) flags = OpenSSL::PKCS7::BINARY | OpenSSL::PKCS7::NOVERIFY # OpenSSL::PKCS7::NOVERIFY is necessary otherwise the verify step fails p7.verify(nil, RubyScep.configuration.certificates_store, nil, flags) # necessary to populate the p7 data field asn1 = OpenSSL::ASN1.decode(p7.to_der) PkiMessage.new(asn1, p7) end # @param pki_message [RubyScep::PkiMessage] The PkiMessage containing the CSR info sent by the iOS device # @return [OpenSSL::X509::Request], the decrypted CSR def decrypt_pki_envelope(pki_message) encrypted_p7 = OpenSSL::PKCS7.new(pki_message.p7.data) raw_csr = encrypted_p7.decrypt(RubyScep.configuration.ca_key, RubyScep.configuration.ca, OpenSSL::PKCS7::BINARY) # this is the moment when we could extract the device info from the CSR (device id and challenge password) # see https://github.com/AppBlade/TestHub/blob/master/app/controllers/scep_controller.rb#L57 OpenSSL::X509::Request.new(raw_csr) end end end end
Version data entries
1 entries across 1 versions & 1 rubygems
Version | Path |
---|---|
ruby_scep-0.1.0 | lib/ruby_scep/pki_operation.rb |