Class: Autosign::Validator::ValidatorBase

Inherits:

Object

• Object
• Autosign::Validator::ValidatorBase

Defined in:

lib/autosign/validator/validator_base.rb

Overview

Parent class for validation backends. Validator take the challenge_password and common name from a certificate signing request, and perform some action to determine whether the request is valid.

Validator also get the raw X509 CSR in case the extracted information is insufficient for future, more powerful validators.

All validators must inherit from this class, and must override several methods in order to function. At a minimum, the name and perform_validation methods must be implemented by child classes.

Returns:

• Autosign::Validator::ValidatorBase instance of the Autosign::Validator::ValidatorBase class

Direct Known Subclasses

JWT, Multiplexer, Passwordlist

Constant Summary

NAME =

'base'

Instance Attribute Summary

• #config_file_settings ⇒ Object readonly

  Returns the value of attribute config_file_settings.

Instance Method Summary

• #initialize(config_file_settings = nil) ⇒ ValidatorBase constructor

  A new instance of ValidatorBase.

• #name ⇒ String

  You must set the NAME constant in the sublcass.

• #perform_validation(_challenge_password, _certname, _raw_csr) ⇒ True, False

  define how a validator actually validates the request.

• #validate(challenge_password, certname, raw_csr) ⇒ Object

  wrapper method that wraps input validation and logging around the perform_validation method.

Constructor Details

#initialize(config_file_settings = nil) ⇒ ValidatorBase

Returns a new instance of ValidatorBase.

# File 'lib/autosign/validator/validator_base.rb', line 23

def initialize(config_file_settings = nil)
  @config_file_settings = config_file_settings
  start_logging
  settings # just run to validate settings
  setup
  # call name to ensure that the class fails immediately if child classes
  # do not implement it.
  name
end

Instance Attribute Details

#config_file_settings ⇒ Object (readonly)

Returns the value of attribute config_file_settings.

# File 'lib/autosign/validator/validator_base.rb', line 21

def config_file_settings
  @config_file_settings
end

Instance Method Details

#name ⇒ String

You must set the NAME constant in the sublcass

Returns:

• (String) —

  name of the validator. Do not use special characters.

# File 'lib/autosign/validator/validator_base.rb', line 35

def name
  self.class::NAME
end

#perform_validation(_challenge_password, _certname, _raw_csr) ⇒ True, False

define how a validator actually validates the request. This must be implemented by validators which inherit from the Autosign::Validator class.

Parameters:

• challenge_password (String) —

  the challenge_password OID from the certificate signing request. The challenge_password field is the same setting as the “challengePassword” field in a ‘csr_attributes.yaml` file when the CSR is generated. In a request using a JSON web token, this would be the serialized token.

• certname (String) —

  the common name being requested in the certificate signing request. Treat the certname as untrusted. This is user-submitted data that you must validate.

• raw_csr (String) —

  the encoded X509 certificate signing request, as received by the autosign policy executable. This is provided as an optional extension point, but your validator may not need to use it.

Returns:

• (True, False) —

  return true if the certificate should be signed, and false if you cannot validate the request successfully.

Raises:

• (NotImplementedError)

# File 'lib/autosign/validator/validator_base.rb', line 47

def perform_validation(_challenge_password, _certname, _raw_csr)
  # override this after inheriting
  # should return true to indicate success validating
  # or false to indicate that the validator was unable to validate
  raise NotImplementedError
end

#validate(challenge_password, certname, raw_csr) ⇒ Object

wrapper method that wraps input validation and logging around the perform_validation method. Do not override or use this class in child classes. This is the class that gets called on validator objects.

# File 'lib/autosign/validator/validator_base.rb', line 57

def validate(challenge_password, certname, raw_csr)
  raise unless challenge_password.is_a?(String)
  raise unless certname.is_a?(String)
  
  case perform_validation(challenge_password, certname, raw_csr)
  when true
    @log.debug 'validated successfully'
    @log.info  "Validated '#{certname}' using '#{name}' validator"
    true
  when false
    @log.debug 'validation failed'
    @log.debug "Unable to validate '#{certname}' using '#{name}' validator"
    false
  else
    @log.error 'perform_validation returned a non-boolean result'
    raise 'perform_validation returned a non-boolean result'
  end
end