Class: JWT::X5cKeyFinder

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt/x5c_key_finder.rb

Overview

If the x5c header certificate chain can be validated by trusted root certificates, and none of the certificates are revoked, returns the public key from the first certificate. See tools.ietf.org/html/rfc7515#section-4.1.6

Instance Method Summary collapse

Constructor Details

#initialize(root_certificates, crls = nil) ⇒ X5cKeyFinder

Returns a new instance of X5cKeyFinder.

Raises:

  • (ArgumentError) 


12
13
14
15
16
 
# File 'lib/jwt/x5c_key_finder.rb', line 12

def initialize(root_certificates, crls = nil)
  raise(ArgumentError, 'Root certificates must be specified') unless root_certificates

  @store = build_store(root_certificates, crls)
end

Instance Method Details

#from(x5c_header_or_certificates) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/jwt/x5c_key_finder.rb', line 18

def from(x5c_header_or_certificates)
  signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
  store_context = OpenSSL::X509::StoreContext.new(@store, signing_certificate, certificate_chain)

  if store_context.verify
    signing_certificate.public_key
  else
    error = "Certificate verification failed: #{store_context.error_string}."
    if (current_cert = store_context.current_cert)
      error = "#{error} Certificate subject: #{current_cert.subject}."
    end

    raise(JWT::VerificationError, error)
  end
end