Class: AuthenticationStrategies::X509Strategy

Inherits:
Warden::Strategies::Base
  • Object
show all
Defined in:
lib/authentication_strategies/x509_strategy.rb

Instance Method Summary collapse

Instance Method Details

#auth_requestObject


3
4
5
# File 'lib/authentication_strategies/x509_strategy.rb', line 3

def auth_request
  @auth_request ||= ::ActionDispatch::Request.new(env)
end

#authenticate!Object

See Also:


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/authentication_strategies/x509_strategy.rb', line 24

def authenticate!
  Rails.logger.debug "[AuthN] [#{self.class}] Authenticating ..."

  unless auth_request.env['SSL_CLIENT_VERIFY'] == 'SUCCESS'
    fail! "The verification process has failed! SSL_CLIENT_VERIFY = #{auth_request.env['SSL_CLIENT_VERIFY'].inspect}"
    return
  end

  user = Hashie::Mash.new
  user.auth!.type = 'x509'
  user.auth!.credentials!.client_cert_dn = auth_request.env['SSL_CLIENT_S_DN']
  user.auth!.credentials!.client_cert = auth_request.env['SSL_CLIENT_CERT'] unless auth_request.env['SSL_CLIENT_CERT'].blank?
  user.auth!.credentials!.issuer_cert_dn = auth_request.env['SSL_CLIENT_I_DN']
  user.auth!.credentials!.verification_status = auth_request.env['SSL_CLIENT_VERIFY']
  user.identity = user.auth.credentials.client_cert_dn

  Rails.logger.debug "[AuthN] [#{self.class}] Authenticated #{user.to_hash.inspect}"
  success! user.deep_freeze
end

#store?Boolean

Returns:

  • (Boolean)

See Also:


8
9
10
# File 'lib/authentication_strategies/x509_strategy.rb', line 8

def store?
  false
end

#valid?Boolean

Returns:

  • (Boolean)

See Also:


13
14
15
16
17
18
19
20
21
# File 'lib/authentication_strategies/x509_strategy.rb', line 13

def valid?
  # TODO: verify that we are running inside Apache2
  Rails.logger.debug "[AuthN] [#{self.class}] Checking for applicability"
  Rails.logger.debug "[AuthN] [#{self.class}] SSL_CLIENT_S_DN: #{auth_request.env['SSL_CLIENT_S_DN'].inspect}"
  result = !(auth_request.env['SSL_CLIENT_S_DN'].blank? || VomsStrategy.voms_extensions?(auth_request))

  Rails.logger.debug "[AuthN] [#{self.class}] Strategy is #{result ? '' : 'not '}applicable!"
  result
end