Class: FidoMetadata::X5cKeyFinder

Inherits:
Object
  • Object
show all
Defined in:
lib/fido_metadata/x5c_key_finder.rb

Overview

If the x5c header certificate chain can be validated by trusted root certificates, and none of the certificates are revoked, returns the public key from the first certificate. See tools.ietf.org/html/rfc7515#section-4.1.6

Class Method Summary collapse

Class Method Details

.from(x5c_header_or_certificates, trusted_certificates, crls) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/fido_metadata/x5c_key_finder.rb', line 14

def self.from(x5c_header_or_certificates, trusted_certificates, crls)
  store = build_store(trusted_certificates, crls)
  signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
  store_context = OpenSSL::X509::StoreContext.new(store, signing_certificate, certificate_chain)

  if store_context.verify
    signing_certificate.public_key
  else
    error = "Certificate verification failed: #{store_context.error_string}."
    error = "#{error} Certificate subject: #{store_context.current_cert.subject}." if store_context.current_cert

    raise JWT::VerificationError, error
  end
end