Sha256: 6fc77e4006e9548380a510f66d8c0d296fb43e5958bbd10219a937bb72353757
Contents?: true
Size: 1.81 KB
Versions: 15
Compression:
Stored size: 1.81 KB
Contents
# encoding: UTF-8 module Blather # An X509 certificate store that validates certificate trust chains. # This uses the #{cert_directory}/*.crt files as the list of trusted root # CA certificates. class CertStore def initialize(cert_directory) @cert_directory = cert_directory @store = OpenSSL::X509::Store.new certs.each {|c| @store.add_cert(c) } end # Return true if the certificate is signed by a CA certificate in the # store. If the certificate can be trusted, it's added to the store so # it can be used to trust other certs. def trusted?(pem) if cert = OpenSSL::X509::Certificate.new(pem) @store.verify(cert).tap do |trusted| begin @store.add_cert(cert) if trusted rescue OpenSSL::X509::StoreError end end end rescue OpenSSL::X509::CertificateError nil end # Return true if the domain name matches one of the names in the # certificate. In other words, is the certificate provided to us really # for the domain to which we think we're connected? def domain?(pem, domain) if cert = OpenSSL::X509::Certificate.new(pem) OpenSSL::SSL.verify_certificate_identity(cert, domain) end end # Return the trusted root CA certificates installed in the @cert_directory. These # certificates are used to start the trust chain needed to validate certs # we receive from clients and servers. def certs @certs ||= begin pattern = /-{5}BEGIN CERTIFICATE-{5}\n.*?-{5}END CERTIFICATE-{5}\n/m Dir[File.join(@cert_directory, '*.crt')] .map {|f| File.read(f) } .map {|c| c.scan(pattern) } .flatten .map {|c| OpenSSL::X509::Certificate.new(c) } .reject {|c| c.not_after < Time.now } end end end end
Version data entries
15 entries across 15 versions & 1 rubygems