Class: EzCrypto::TrustStore
- Inherits:
-
Object
- Object
- EzCrypto::TrustStore
- Defined in:
- lib/ezsig.rb
Overview
Wraps around the OpenSSL trust store. This allows you to decide which certificates you trust.
You can either point it at a path which contains a OpenSSL trust store (see OpenSSL for more) or build it up manually.
For a certificate to verify you need the issuer and the issuers issuers certs added to the Trust store.
NOTE: Currently this does not support CRL's or OCSP. We may add support for this later.
Class Method Summary collapse
-
.default_trusted ⇒ Object
Create a trust store of normally trusted root certificates as found in a browser.
-
.load_from_file(file) ⇒ Object
Create a trust store from a list of certificates in a pem file.
Instance Method Summary collapse
-
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore.
-
#initialize(*paths) ⇒ TrustStore
constructor
Create trust store with an optional list of paths of openssl trust stores.
-
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
Constructor Details
#initialize(*paths) ⇒ TrustStore
Create trust store with an optional list of paths of openssl trust stores.
504 505 506 507 508 |
# File 'lib/ezsig.rb', line 504 def initialize(*paths) @store=OpenSSL::X509::Store.new # @store.set_default_path paths.shift if paths.length>0 paths.each {|path| @store.add_path path} end |
Class Method Details
.default_trusted ⇒ Object
Create a trust store of normally trusted root certificates as found in a browser. Extracted from Safari.
487 488 489 |
# File 'lib/ezsig.rb', line 487 def self.default_trusted load_from_file(File.dirname(__FILE__) + "/trusted.pem") end |
.load_from_file(file) ⇒ Object
Create a trust store from a list of certificates in a pem file.
These certificates should just be listed one after each other.
494 495 496 497 498 499 500 |
# File 'lib/ezsig.rb', line 494 def self.load_from_file(file) store=TrustStore.new EzCrypto::Verifier.load_all_from_file(file).each do |cert| store.add cert end store end |
Instance Method Details
#add(obj) ⇒ Object
Add either a EzCrypto::Certificate or a OpenSSL::X509::Cert object to the TrustStore. This should be a trusted certificate such as a CA’s issuer certificate.
513 514 515 516 517 518 519 520 521 |
# File 'lib/ezsig.rb', line 513 def add(obj) if obj.kind_of?(EzCrypto::Certificate) @store.add_cert obj.cert elsif obj.kind_of?(OpenSSL::X509::Certificate) @store.add_cert obj else raise "unsupported object type" end end |
#verify(cert) ⇒ Object
Returns true if either the EzCrypto::Certificate or OpenSSL::X509::Cert object is verified using issuer certificates in the trust store.
525 526 527 528 529 530 531 532 533 |
# File 'lib/ezsig.rb', line 525 def verify(cert) if cert.kind_of?(EzCrypto::Certificate) @store.verify cert.cert elsif cert.kind_of?(OpenSSL::X509::Certificate) @store.verify cert else false end end |