Class: EzCrypto::Verifier

Inherits:
Object
  • Object
show all
Defined in:
lib/gems/ezcrypto-0.7/lib/ezsig.rb

Overview

The Verifier is used for verifying signatures. If you use the decode or

from_file methods you can use either raw PEM encoded public keys or certificate.

Direct Known Subclasses

Certificate

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pub) ⇒ Verifier

Initializes a Verifier using a OpenSSL public key object.



130
131
132
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 130

def initialize(pub)
  @pub=pub
end

Class Method Details

.decode(encoded) ⇒ Object

Decodes a PEM encoded Certificate or Public Key and returns a Verifier object.



137
138
139
140
141
142
143
144
145
146
147
148
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 137

def self.decode(encoded)
  case encoded
  when /-----BEGIN CERTIFICATE-----/
    EzCrypto::Certificate.new(OpenSSL::X509::Certificate.new( encoded))
  else
    begin
      EzCrypto::Verifier.new(OpenSSL::PKey::RSA.new( encoded))
    rescue
      EzCrypto::Verifier.new(OpenSSL::PKey::DSA.new( encoded))
    end
  end
end

.from_file(filename) ⇒ Object

Decodes a PEM encoded Certificate or Public Key from a file and returns a Verifier object.



153
154
155
156
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 153

def self.from_file(filename)
  file = File.read( filename )
  decode(file)
end

.from_pkyp(digest) ⇒ Object

Load a certificate or public key from PKYP based on it’s hex digest



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 161

def self.from_pkyp(digest)
  digest=digest.strip.downcase
  if digest=~/[0123456789abcdef]{40}/
#        Net::HTTP.start("localhost", 9000) do |query|
    Net::HTTP.start("pkyp.org", 80) do |query|
      response=query.get "/#{digest}.pem"
      if response.code=="200"
        decode(response.body)
      else
        raise "Error occured (#{response.code}): #{response.body}"      
      end
    end
  else
    raise "Invalid digest"
  end
end

.load_all_from_file(filename) ⇒ Object

Decodes all certificates or public keys in a file and returns an array.



181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 181

def self.load_all_from_file(filename)
  file = File.read( filename )
  certs=[]
  count=0
  file.split( %q{-----BEGIN}).each do |pem|
    if pem and pem!=""
        pem="-----BEGIN#{pem}\n"
          cert=decode(pem)
          if cert.is_a? EzCrypto::Verifier
            certs<<cert
          end
    end
  end
  certs
end

Instance Method Details

#cert?Boolean

Is the Verifier a Certificate or not.

Returns:

  • (Boolean)


200
201
202
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 200

def cert?
  false
end

#digestObject

Returns the SHA1 hexdigest of the DER encoded public key. This can be used as a unique key identifier.



214
215
216
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 214

def digest
  Digest::SHA1.hexdigest(@pub.to_der)
end

#dsa?Boolean

Is this a DSA key?

Returns:

  • (Boolean)


226
227
228
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 226

def dsa?
  @pub.is_a? OpenSSL::PKey::DSA
end

#public_keyObject

Returns the OpenSSL public key object. You would normally not need to use this.



207
208
209
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 207

def public_key
  @pub
end

#register_with_pkypObject

Register the public key or certificate at PKYP



247
248
249
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 247

def register_with_pkyp
  send_to_pkyp(@pub.to_s)
end

#rsa?Boolean

Is this a RSA key?

Returns:

  • (Boolean)


220
221
222
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 220

def rsa?
  @pub.is_a? OpenSSL::PKey::RSA
end

#verify(sig, data) ⇒ Object

Returns true if the public key signed the given data.



234
235
236
237
238
239
240
241
242
# File 'lib/gems/ezcrypto-0.7/lib/ezsig.rb', line 234

def verify(sig,data)
  if rsa?
    @pub.verify( OpenSSL::Digest::SHA1.new, sig, data )
  elsif dsa?
    @pub.verify( OpenSSL::Digest::DSS1.new, sig, data )
  else
    false
  end
end