Class: WSDL::Security::CredentialNormalizer

Inherits:
Object
  • Object
show all
Defined in:
lib/wsdl/security/credential_normalizer.rb

Overview

Normalizes and validates signing credentials.

Constant Summary collapse

KeyRef =

Local alias for key reference constants

Constants::KeyReference

Instance Method Summary collapse

Instance Method Details

#normalize_certificate(certificate) ⇒ OpenSSL::X509::Certificate

Parameters:

  • certificate (OpenSSL::X509::Certificate, String)

Returns:

  • (OpenSSL::X509::Certificate) 


14
15
16
17
18
19
20
21
22
23
24
 
# File 'lib/wsdl/security/credential_normalizer.rb', line 14

def normalize_certificate(certificate)
  case certificate
  when OpenSSL::X509::Certificate
    certificate
  when String
    OpenSSL::X509::Certificate.new(certificate)
  else
    raise ArgumentError, "Invalid certificate type: #{certificate.class}. " \
                         'Expected OpenSSL::X509::Certificate or PEM string.'
  end
end

#normalize_private_key(private_key, password) ⇒ OpenSSL::PKey::RSA, OpenSSL::PKey::EC

Parameters:

  • private_key (OpenSSL::PKey::RSA, OpenSSL::PKey::EC, String)
  • password (String, nil)

Returns:

  • (OpenSSL::PKey::RSA, OpenSSL::PKey::EC) 


29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/wsdl/security/credential_normalizer.rb', line 29

def normalize_private_key(private_key, password)
  case private_key
  when OpenSSL::PKey::RSA, OpenSSL::PKey::EC
    private_key
  when String
    OpenSSL::PKey.read(private_key, password)
  else
    raise ArgumentError, "Invalid private_key type: #{private_key.class}. " \
                         'Expected OpenSSL::PKey::RSA, OpenSSL::PKey::EC, or PEM string.'
  end
end

#validate_key_reference!(key_reference, certificate) ⇒ void

This method returns an undefined value.

Parameters:

  • key_reference (Symbol)
  • certificate (OpenSSL::X509::Certificate)

Raises:

  • (ArgumentError) 


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/wsdl/security/credential_normalizer.rb', line 44

def validate_key_reference!(key_reference, certificate)
  valid_methods = [
    KeyRef::BINARY_SECURITY_TOKEN,
    KeyRef::ISSUER_SERIAL,
    KeyRef::SUBJECT_KEY_IDENTIFIER
  ]

  unless valid_methods.include?(key_reference)
    raise ArgumentError, "Invalid key_reference: #{key_reference.inspect}. " \
                         "Expected one of: #{valid_methods.map(&:inspect).join(', ')}"
  end

  return unless key_reference == KeyRef::SUBJECT_KEY_IDENTIFIER
  return if subject_key_identifier?(certificate)

  raise ArgumentError, 'Cannot use :subject_key_identifier key reference: ' \
                       'certificate does not have a Subject Key Identifier extension'
end