lib/tpm/key_attestation.rb in tpm-key_attestation-0.10.0 vs lib/tpm/key_attestation.rb in tpm-key_attestation-0.11.0
- old
+ new
@@ -9,11 +9,11 @@
require "tpm/public_area"
module TPM
class KeyAttestation
# https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-install-trusted-tpm-root-certificates
- ROOT_CERTIFICATES =
+ TRUSTED_CERTIFICATES =
begin
pattern = File.expand_path(File.join(__dir__, "certificates", "*", "RootCA", "*.*"))
Dir.glob(pattern).map do |filename|
File.open(filename) { |file| OpenSSL::X509::Certificate.new(file) }
end
@@ -27,32 +27,32 @@
:certified_key,
:certificates,
:signature_algorithm,
:hash_algorithm,
:qualifying_data,
- :root_certificates
+ :trusted_certificates
)
def initialize(
certify_info,
signature,
certified_key,
certificates,
qualifying_data,
signature_algorithm: ALG_RSASSA,
hash_algorithm: ALG_SHA256,
- root_certificates: ROOT_CERTIFICATES
+ trusted_certificates: TRUSTED_CERTIFICATES
)
@certify_info = certify_info
@signature = signature
@certified_key = certified_key
@certificates = certificates
@signature_algorithm = signature_algorithm
@hash_algorithm = hash_algorithm
@qualifying_data = qualifying_data
- @root_certificates = root_certificates
+ @trusted_certificates = trusted_certificates
end
def key
if valid?
public_area.key
@@ -86,10 +86,10 @@
end
def trust_store
@trust_store ||=
OpenSSL::X509::Store.new.tap do |trust_store|
- root_certificates.uniq(&:serial).each { |root_certificate| trust_store.add_cert(root_certificate) }
+ trusted_certificates.uniq(&:serial).each { |trusted_certificate| trust_store.add_cert(trusted_certificate) }
end
end
def aik_certificate
@aik_certificate ||= TPM::AIKCertificate.from_der(certificates.first)