10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# File 'lib/safety_net_attestation/x5c_key_finder.rb', line 10
def self.from(x5c_certificates, trusted_certificates, time: Time.now)
store = OpenSSL::X509::Store.new
trusted_certificates.each { |certificate| store.add_cert(certificate) }
signing_certificate, *certificate_chain = x5c_certificates
store_context = OpenSSL::X509::StoreContext.new(store, signing_certificate, certificate_chain)
store_context.time = time
if store_context.verify
store_context.chain
else
error = "Certificate verification failed: #{store_context.error_string}."
error = "#{error} Certificate subject: #{store_context.current_cert.subject}." if store_context.current_cert
raise SignatureError, error
end
end
|