Sha256: 37204dd39093539dc240a8a31f1a3538c4b20944009e23d6395180c585e6b8d6
Contents?: true
Size: 1.08 KB
Versions: 15
Compression:
Stored size: 1.08 KB
Contents
require 'resolv'
require 'certmeister/policy/response'
module Certmeister
module Policy
class Fcrdns
def authenticate(request)
begin
if not request[:cn]
Certmeister::Policy::Response.new(false, "missing cn")
elsif not request[:ip]
Certmeister::Policy::Response.new(false, "missing ip")
elsif not fcrdns_names(request[:ip]).include?(request[:cn])
Certmeister::Policy::Response.new(false, "cn does not match fcrdns")
else
Certmeister::Policy::Response.new(true, nil)
end
rescue Resolv::ResolvError => e
Certmeister::Policy::Response.new(false, "DNS error (#{e.message})")
end
end
private
def fcrdns_names(ip)
resolv = Resolv::DNS.new
names = resolv.getnames(ip)
addresses = names.inject([]) { |m, name| m.concat(resolv.getaddresses(name)) }
reverse_names = addresses.inject([]) { |m, address| m.concat(resolv.getnames(address.to_s)) }
(names & reverse_names).map(&:to_s)
end
end
end
end
Version data entries
15 entries across 15 versions & 1 rubygems