Module: RightSupport::Validation::OpenSSL

Defined in:

lib/right_support/validation/openssl.rb

Overview

Validation methods pertaining to OpenSSL cryptography, e.g. various widely-used key formats and encoding/envelope formats.

Instance Method Summary

• #pem_key?(key_material) ⇒ Boolean

  Determine whether a string is a PEM-encoded public or private key.

• #pem_private_key?(key_material, passphrase = nil) ⇒ Boolean

  Determine whether a string is a valid PEM-encoded private key.

• #pem_public_key?(key_material) ⇒ Boolean

  Determine whether a string is a valid PEM-encoded public key.

Instance Method Details

#pem_key?(key_material) ⇒ Boolean

Determine whether a string is a PEM-encoded public or private key. Does not determine whether the key is valid, only that it is well-formed.

Parameters

key_material(String)

the putative key material

Return

If the key is well-formed, return the OpenSSL class that can be used to process the key material (e.g. OpenSSL::PKey::RSA). Otherwise, return false.

Returns:

• (Boolean)

# File 'lib/right_support/validation/openssl.rb', line 39

def pem_key?(key_material)
  return false if key_material.nil? || key_material.empty?
  m = /BEGIN ([A-Z]+) (PUBLIC|PRIVATE) KEY/.match(key_material)
  return false unless m
  case m[1]
    when 'DSA' then return ::OpenSSL::PKey::DSA
    when 'RSA' then return ::OpenSSL::PKey::RSA
    else return false
  end

end

#pem_private_key?(key_material, passphrase = nil) ⇒ Boolean

Determine whether a string is a valid PEM-encoded private key. Actually parses the key to prove validity as well as well-formedness. If the key is passphrase-protected, the passphrase is required in order to decrypt it; am incorrect passphrase will result in the key being recognized as not a valid key!

Parameters

key_material(String)

the putative key material

passphrase(String)

the encryption passphrase, if needed

Return

If the key is well-formed and valid, return true. Otherwise, return false.

Returns:

• (Boolean)

# File 'lib/right_support/validation/openssl.rb', line 64

def pem_private_key?(key_material, passphrase=nil)
  alg = pem_key?(key_material)
  return false unless alg
  key = alg.new(key_material, passphrase || 'dummy passphrase, should never work')
  key.to_der #make sure it's valid in addition to being well formed
  # deal with varying interfaces between RSA/DSA/EC
  return (key.private? rescue false) || (key.private_key? rescue false)
rescue ::OpenSSL::PKey::PKeyError, NotImplementedError
  return false
end

#pem_public_key?(key_material) ⇒ Boolean

Determine whether a string is a valid PEM-encoded public key. Actually parses the key to prove validity as well as well-formedness.

Parameters

key_material(String)

the putative key material

Return

If the key is well-formed and valid, return true. Otherwise, return false.

Returns:

• (Boolean)

# File 'lib/right_support/validation/openssl.rb', line 83

def pem_public_key?(key_material)
  alg = pem_key?(key_material)
  return false unless alg
  key = alg.new(key_material)
  key.to_der #make sure it's valid in addition to being well formed
  # deal with varying interfaces between RSA/DSA/EC
  return (key.public? rescue false) || (key.public_key? rescue false)
rescue ::OpenSSL::PKey::PKeyError, NotImplementedError
  return false
end