Class: EzCrypto::TrustStore

Inherits:
Object
  • Object
show all
Defined in:
lib/ezsig.rb

Overview

Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.

You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.

For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.

NOTE: Currently this does not support CRL's or OCSP. We may add support for this later.

Instance Method Summary collapse

Constructor Details

#initialize(*paths) ⇒ TrustStore

Create trust store with an optional list of paths of openssl trust stores.



415
416
417
418
419
 
# File 'lib/ezsig.rb', line 415

def initialize(*paths)
  @store=OpenSSL::X509::Store.new
#      @store.set_default_path paths.shift if paths.length>0
  paths.each {|path| @store.add_path path}
end

Instance Method Details

#add(obj) ⇒ Object

Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.



424
425
426
427
428
429
430
431
432
 
# File 'lib/ezsig.rb', line 424

def add(obj)
  if obj.kind_of?(EzCrypto::Certificate)
    @store.add_cert obj.cert
  elsif obj.kind_of?(OpenSSL::X509::Cert)
    @store.add_cert obj
  else 
    raise "unsupported object type"
  end
end

#verify(cert) ⇒ Object

Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.



436
437
438
439
440
441
442
443
444
 
# File 'lib/ezsig.rb', line 436

def verify(cert)
  if cert.kind_of?(EzCrypto::Certificate)
    @store.verify cert.cert
  elsif cert.kind_of?(OpenSSL::X509::Cert)
    @store.verify cert
  else 
    false
  end
end