Contents

module SmartId::Utils
  class CertificateValidator
    def self.validate!(hash_data, signature, certificate)
      obj = new(hash_data, signature, certificate)
      obj.validate_certificate!
      obj.validate_signature!
    end

    def initialize(hash_data, signature, certificate)
      @hash_data = hash_data
      @signature = signature
      begin
        @certificate = certificate.cert
      rescue Exception
        debugger
      end
    end

    def certificate_valid?
      ### TODO: Currently not working, because of error "unable to get local issuer certificate" - same error in bash with openssl
      # cert_store = OpenSSL::X509::Store.new
      # cert_chain.each {|c| cert_store.add_cert(c) }
      # cert_store.add_dir(File.dirname(__FILE__)+"/../../../trusted_certs/")
      # cert_store.purpose = OpenSSL::X509::PURPOSE_ANY
      # OpenSSL::X509::Store.new.verify(@certificate) && 
      @certificate.not_before.to_date < Date.today && 
        @certificate.not_after.to_date > Date.today
    end

    def validate_certificate!
      unless certificate_valid?
        raise SmartId::InvalidResponseCertificate
      end
    end

    def cert_chain
      [
        OpenSSL::X509::Certificate.new(
          File.read(File.dirname(__FILE__)+"/../../../trusted_certs/EID-SK_2016.pem.crt")
        ),
        OpenSSL::X509::Certificate.new(
          File.read(File.dirname(__FILE__)+"/../../../trusted_certs/NQ-SK_2016.pem.crt")
        )
      ]
    end

    def validate_signature!
      public_key = @certificate.public_key
      
      unless public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(@signature), @hash_data)
        raise SmartId::InvalidResponseSignature
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
smart_id-0.1.0	lib/smart_id/utils/certificate_validator.rb