Class: SmartId::Utils::CertificateValidator

Inherits:

Object

• Object
• SmartId::Utils::CertificateValidator

Defined in:

lib/smart_id/utils/certificate_validator.rb

Class Method Summary

• .validate!(hash_data, signature, certificate) ⇒ Object

Instance Method Summary

• #cert_chain ⇒ Object
• #certificate_valid? ⇒ Boolean
• #initialize(hash_data, signature, certificate) ⇒ CertificateValidator constructor

  A new instance of CertificateValidator.

• #validate_certificate! ⇒ Object
• #validate_signature! ⇒ Object

Constructor Details

#initialize(hash_data, signature, certificate) ⇒ CertificateValidator

Returns a new instance of CertificateValidator.

# File 'lib/smart_id/utils/certificate_validator.rb', line 9

def initialize(hash_data, signature, certificate)
  @hash_data = hash_data
  @signature = signature
  begin
    @certificate = certificate.cert
  rescue Exception
    debugger
  end
end

Class Method Details

.validate!(hash_data, signature, certificate) ⇒ Object

# File 'lib/smart_id/utils/certificate_validator.rb', line 3

def self.validate!(hash_data, signature, certificate)
  obj = new(hash_data, signature, certificate)
  obj.validate_certificate!
  obj.validate_signature!
end

Instance Method Details

#cert_chain ⇒ Object

# File 'lib/smart_id/utils/certificate_validator.rb', line 36

def cert_chain
  [
    OpenSSL::X509::Certificate.new(
      File.read(File.dirname(__FILE__)+"/../../../trusted_certs/EID-SK_2016.pem.crt")
    ),
    OpenSSL::X509::Certificate.new(
      File.read(File.dirname(__FILE__)+"/../../../trusted_certs/NQ-SK_2016.pem.crt")
    )
  ]
end

#certificate_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/smart_id/utils/certificate_validator.rb', line 19

def certificate_valid?
  ### TODO: Currently not working, because of error "unable to get local issuer certificate" - same error in bash with openssl
  # cert_store = OpenSSL::X509::Store.new
  # cert_chain.each {|c| cert_store.add_cert(c) }
  # cert_store.add_dir(File.dirname(__FILE__)+"/../../../trusted_certs/")
  # cert_store.purpose = OpenSSL::X509::PURPOSE_ANY
  # OpenSSL::X509::Store.new.verify(@certificate) && 
  @certificate.not_before.to_date < Date.today && 
    @certificate.not_after.to_date > Date.today
end

#validate_certificate! ⇒ Object

# File 'lib/smart_id/utils/certificate_validator.rb', line 30

def validate_certificate!
  unless certificate_valid?
    raise SmartId::InvalidResponseCertificate
  end
end

#validate_signature! ⇒ Object

# File 'lib/smart_id/utils/certificate_validator.rb', line 47

def validate_signature!
  public_key = @certificate.public_key
  
  unless public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(@signature), @hash_data)
    raise SmartId::InvalidResponseSignature
  end
end