Class: RevocationChecker

Inherits:
Object
  • Object
show all
Defined in:
lib/sslackey/revocation_checker.rb

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Attribute Details

.cacheObject

Returns the value of attribute cache.



16
17
18
# File 'lib/sslackey/revocation_checker.rb', line 16

def cache
  @cache
end

.issuersObject

Returns the value of attribute issuers.



16
17
18
# File 'lib/sslackey/revocation_checker.rb', line 16

def issuers
  @issuers
end

.issuers_by_nameObject

Returns the value of attribute issuers_by_name.



16
17
18
# File 'lib/sslackey/revocation_checker.rb', line 16

def issuers_by_name
  @issuers_by_name
end

.trusted_certs_file_pathObject

Returns the value of attribute trusted_certs_file_path.



16
17
18
# File 'lib/sslackey/revocation_checker.rb', line 16

def trusted_certs_file_path
  @trusted_certs_file_path
end

Class Method Details

.parse_authority_key_identifier(authority_key_identifier_string) ⇒ Object



84
85
86
87
88
# File 'lib/sslackey/revocation_checker.rb', line 84

def self.parse_authority_key_identifier(authority_key_identifier_string)
  authority_key_identifier_string.slice!(/keyid:/)
  authority_key_identifier_string.slice!(/\n/)
  authority_key_identifier_string
end

.setup(trusted_certs_file_path) ⇒ Object



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/sslackey/revocation_checker.rb', line 19

def self.setup(trusted_certs_file_path)
  RevocationChecker.issuers = {}
  RevocationChecker.issuers_by_name = {}

  RevocationChecker.trusted_certs_file_path = trusted_certs_file_path

  certs_file = File.read(RevocationChecker.trusted_certs_file_path)

  certs = certs_file.scan(/-----BEGIN CERTIFICATE-----[^-]*-----END CERTIFICATE-----/)

  certs.each do |cert|
    certificate = OpenSSL::X509::Certificate.new(cert)

    certificate.extensions.each do |extension|
      props = extension.to_h
      if props["oid"] == "subjectKeyIdentifier"
        issuer_key = props["value"]
        RevocationChecker.issuers[issuer_key] = certificate
      end
    end
    RevocationChecker.issuers_by_name[certificate.subject.hash] = certificate
  end
end

Instance Method Details

#check_revocation_status(certificate) ⇒ Object



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/sslackey/revocation_checker.rb', line 43

def check_revocation_status(certificate)

  unless RevocationChecker.cache
    LOGGER.info("skipping revocation caching") if defined? LOGGER
    return get_latest_revocation_status(certificate)
  end

  if  cached_response = RevocationChecker.cache.cached_response(certificate)
    return cached_response
  end

  response = get_latest_revocation_status(certificate)

  RevocationChecker.cache.cache_response(certificate, response)

  response
end

#get_latest_revocation_status(certificate) ⇒ Object



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/sslackey/revocation_checker.rb', line 62

def get_latest_revocation_status(certificate)
  issuer_certificate = nil
  certificate.extensions.each do |extension|
    props = extension.to_h
    if props["oid"] == "authorityKeyIdentifier"
      issuer_key = RevocationChecker.parse_authority_key_identifier(props["value"])
      issuer_certificate = RevocationChecker.issuers[issuer_key]
    end
  end

  unless issuer_certificate
    issuer_certificate = RevocationChecker.issuers_by_name[certificate.issuer.hash]
  end

  raise "No issuer certificate #{certificate.issuer} found for certificate #{certificate.subject}" unless issuer_certificate

  real_time_checker = AuthorityChecker.new(RevocationChecker.trusted_certs_file_path)
  response = real_time_checker.validate(certificate, issuer_certificate)

  response
end