Class: JWT::X5cKeyFinder
- Inherits:
-
Object
- Object
- JWT::X5cKeyFinder
- Defined in:
- lib/jwt/x5c_key_finder.rb
Overview
If the x5c header certificate chain can be validated by trusted root certificates, and none of the certificates are revoked, returns the public key from the first certificate. See tools.ietf.org/html/rfc7515#section-4.1.6
Instance Method Summary collapse
- #from(x5c_header_or_certificates) ⇒ Object
-
#initialize(root_certificates, crls = nil) ⇒ X5cKeyFinder
constructor
A new instance of X5cKeyFinder.
Constructor Details
#initialize(root_certificates, crls = nil) ⇒ X5cKeyFinder
Returns a new instance of X5cKeyFinder.
12 13 14 15 16 |
# File 'lib/jwt/x5c_key_finder.rb', line 12 def initialize(root_certificates, crls = nil) raise(ArgumentError, 'Root certificates must be specified') unless root_certificates @store = build_store(root_certificates, crls) end |
Instance Method Details
#from(x5c_header_or_certificates) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/jwt/x5c_key_finder.rb', line 18 def from(x5c_header_or_certificates) signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates) store_context = OpenSSL::X509::StoreContext.new(@store, signing_certificate, certificate_chain) if store_context.verify signing_certificate.public_key else error = "Certificate verification failed: #{store_context.error_string}." if (current_cert = store_context.current_cert) error = "#{error} Certificate subject: #{current_cert.subject}." end raise(JWT::VerificationError, error) end end |