Class: RevocationChecker
- Inherits:
-
Object
- Object
- RevocationChecker
- Defined in:
- lib/sslackey/revocation_checker.rb
Class Attribute Summary collapse
-
.cache ⇒ Object
Returns the value of attribute cache.
-
.issuers ⇒ Object
Returns the value of attribute issuers.
-
.issuers_by_name ⇒ Object
Returns the value of attribute issuers_by_name.
-
.trusted_certs_file_path ⇒ Object
Returns the value of attribute trusted_certs_file_path.
Class Method Summary collapse
- .parse_authority_key_identifier(authority_key_identifier_string) ⇒ Object
- .setup(trusted_certs_file_path) ⇒ Object
Instance Method Summary collapse
Class Attribute Details
.cache ⇒ Object
Returns the value of attribute cache.
16 17 18 |
# File 'lib/sslackey/revocation_checker.rb', line 16 def cache @cache end |
.issuers ⇒ Object
Returns the value of attribute issuers.
16 17 18 |
# File 'lib/sslackey/revocation_checker.rb', line 16 def issuers @issuers end |
.issuers_by_name ⇒ Object
Returns the value of attribute issuers_by_name.
16 17 18 |
# File 'lib/sslackey/revocation_checker.rb', line 16 def issuers_by_name @issuers_by_name end |
.trusted_certs_file_path ⇒ Object
Returns the value of attribute trusted_certs_file_path.
16 17 18 |
# File 'lib/sslackey/revocation_checker.rb', line 16 def trusted_certs_file_path @trusted_certs_file_path end |
Class Method Details
.parse_authority_key_identifier(authority_key_identifier_string) ⇒ Object
84 85 86 87 88 |
# File 'lib/sslackey/revocation_checker.rb', line 84 def self.() .slice!(/keyid:/) .slice!(/\n/) end |
.setup(trusted_certs_file_path) ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/sslackey/revocation_checker.rb', line 19 def self.setup(trusted_certs_file_path) RevocationChecker.issuers = {} RevocationChecker.issuers_by_name = {} RevocationChecker.trusted_certs_file_path = trusted_certs_file_path certs_file = File.read(RevocationChecker.trusted_certs_file_path) certs = certs_file.scan(/-----BEGIN CERTIFICATE-----[^-]*-----END CERTIFICATE-----/) certs.each do |cert| certificate = OpenSSL::X509::Certificate.new(cert) certificate.extensions.each do |extension| props = extension.to_h if props["oid"] == "subjectKeyIdentifier" issuer_key = props["value"] RevocationChecker.issuers[issuer_key] = certificate end end RevocationChecker.issuers_by_name[certificate.subject.hash] = certificate end end |
Instance Method Details
#check_revocation_status(certificate) ⇒ Object
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/sslackey/revocation_checker.rb', line 43 def check_revocation_status(certificate) unless RevocationChecker.cache LOGGER.info("skipping revocation caching") if defined? LOGGER return get_latest_revocation_status(certificate) end if cached_response = RevocationChecker.cache.cached_response(certificate) return cached_response end response = get_latest_revocation_status(certificate) RevocationChecker.cache.cache_response(certificate, response) response end |
#get_latest_revocation_status(certificate) ⇒ Object
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/sslackey/revocation_checker.rb', line 62 def get_latest_revocation_status(certificate) issuer_certificate = nil certificate.extensions.each do |extension| props = extension.to_h if props["oid"] == "authorityKeyIdentifier" issuer_key = RevocationChecker.(props["value"]) issuer_certificate = RevocationChecker.issuers[issuer_key] end end unless issuer_certificate issuer_certificate = RevocationChecker.issuers_by_name[certificate.issuer.hash] end raise "No issuer certificate #{certificate.issuer} found for certificate #{certificate.subject}" unless issuer_certificate real_time_checker = AuthorityChecker.new(RevocationChecker.trusted_certs_file_path) response = real_time_checker.validate(certificate, issuer_certificate) response end |