Module: Autosign::Validator

Defined in:

lib/autosign/validator.rb,
lib/autosign/validator/jwt.rb,
lib/autosign/validator/multiplexer.rb,
lib/autosign/validator/passwordlist.rb,
lib/autosign/validator/validator_base.rb

Defined Under Namespace

Classes: JWT, Multiplexer, Passwordlist, ValidatorBase

Class Method Summary

• .any_validator(challenge_password, certname, raw_csr, settings = Autosign::Config.new.settings) ⇒ Boolean

  Class method to attempt validation of a request against all validators which inherit from this class.

• .validation_order(settings = Autosign::Config.new.settings, list = nil) ⇒ Array

  This returns a list of validators that were specified by the user and the exact order they want the validation to procede.

Class Method Details

.any_validator(challenge_password, certname, raw_csr, settings = Autosign::Config.new.settings) ⇒ Boolean

Class method to attempt validation of a request against all validators which inherit from this class. The request is considered to be validated if any one validator succeeds. The first validator to pass shorts the validation process so other validators are not called.

Parameters:

• challenge_password (String) —

  the challenge_password OID from the certificate signing request

• certname (String) —

  the common name being requested in the certificate signing request

• raw_csr (String) —

  the encoded X509 certificate signing request, as received by the autosign policy executable

Returns:

• (Boolean) —

  return true if the certificate should be signed, and false if it cannot be validated

# File 'lib/autosign/validator.rb', line 34

def self.any_validator(challenge_password, certname, raw_csr, settings = Autosign::Config.new.settings)
  @log = Logging.logger[self.class]
  # find the first validator that passes and return the class
  validator = validation_order(settings).find { |c| c.new(settings).validate(challenge_password, certname, raw_csr) }
  if validator
    @log.info "Successfully validated using #{validator::NAME}"
    true
  else
    @log.info 'unable to validate using any validator'
    false
  end
end

.validation_order(settings = Autosign::Config.new.settings, list = nil) ⇒ Array

This returns a list of validators that were specified by the user and the exact order they want the validation to procede.

Parameters:

• list (Array) (defaults to: nil) —

  • a list of validators to use, uses the settings list by default

Returns:

• (Array) —

  • A list of all the validator classes

# File 'lib/autosign/validator.rb', line 12

def self.validation_order(settings = Autosign::Config.new.settings, list = nil)
  validation_order = list || settings['general']['validation_order']
  # create a key pair where the key is the name of the validator and value is the class
  validator_list = validator_classes.each_with_object({}) do |klass, acc|
    acc[klass::NAME] = klass
    acc
  end
  # filter out validators that do not exist
  order = validation_order.map { |v| validator_list.fetch(v, nil) }.compact
  @log = Logging.logger[self.class]
  @log.debug("Validator order: #{order.inspect}")
  order
end