Class: EzCrypto::TrustStore
- Inherits:
-
Object
- Object
- EzCrypto::TrustStore
- Defined in:
- lib/ezsig.rb
Overview
Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.
You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.
For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.
NOTE: Currently this does not support CRL's or OCSP. We may add support for this later.
Instance Method Summary collapse
-
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore.
-
#initialize(*paths) ⇒ TrustStore
constructor
Create trust store with an optional list of paths of openssl trust stores.
-
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
Constructor Details
#initialize(*paths) ⇒ TrustStore
Create trust store with an optional list of paths of openssl trust stores.
415 416 417 418 419 |
# File 'lib/ezsig.rb', line 415 def initialize(*paths) @store=OpenSSL::X509::Store.new # @store.set_default_path paths.shift if paths.length>0 paths.each {|path| @store.add_path path} end |
Instance Method Details
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.
424 425 426 427 428 429 430 431 432 |
# File 'lib/ezsig.rb', line 424 def add(obj) if obj.kind_of?(EzCrypto::Certificate) @store.add_cert obj.cert elsif obj.kind_of?(OpenSSL::X509::Cert) @store.add_cert obj else raise "unsupported object type" end end |
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
436 437 438 439 440 441 442 443 444 |
# File 'lib/ezsig.rb', line 436 def verify(cert) if cert.kind_of?(EzCrypto::Certificate) @store.verify cert.cert elsif cert.kind_of?(OpenSSL::X509::Cert) @store.verify cert else false end end |