Sha256: e8b187a6e25dc46b1d1042af725e185f9d577d1ee7d207c8454372180e3960c0
Contents?: true
Size: 1.12 KB
Versions: 1
Compression:
Stored size: 1.12 KB
Contents
require 'certmeister/policy/response'
require 'openssl'
module Certmeister
module Policy
class KeyBits
DEFAULT_MIN_KEY_BITS = 4096
attr_reader :min_key_bits
def initialize(min_key_bits = DEFAULT_MIN_KEY_BITS)
validate_min_key_bits(min_key_bits)
@min_key_bits = min_key_bits
end
def authenticate(request)
if not request[:csr]
Certmeister::Policy::Response.new(false, "missing csr")
else
cert = OpenSSL::X509::Request.new(request[:csr])
pkey = cert.public_key
kbits = pkey.n.num_bytes * 8
if kbits < @min_key_bits
Certmeister::Policy::Response.new(false, "weak key")
else
Certmeister::Policy::Response.new(true, nil)
end
end
rescue OpenSSL::X509::RequestError => e
Certmeister::Policy::Response.new(false, "invalid csr (#{e.message})")
end
private
def validate_min_key_bits(min_key_bits)
unless min_key_bits.is_a?(Integer)
raise ArgumentError.new("invalid minimum key size")
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| certmeister-2.3.2 | lib/certmeister/policy/key_bits.rb |