class SmartId::Utils::CertificateValidator

Public Class Methods

new(hash_data, signature, certificate) click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 9
def initialize(hash_data, signature, certificate)
  @hash_data = hash_data
  @signature = signature
  begin
    @certificate = certificate.cert
  rescue Exception
    debugger
  end
end
validate!(hash_data, signature, certificate) click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 3
def self.validate!(hash_data, signature, certificate)
  obj = new(hash_data, signature, certificate)
  obj.validate_certificate!
  obj.validate_signature!
end

Public Instance Methods

cert_chain() click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 36
def cert_chain
  [
    OpenSSL::X509::Certificate.new(
      File.read(File.dirname(__FILE__)+"/../../../trusted_certs/EID-SK_2016.pem.crt")
    ),
    OpenSSL::X509::Certificate.new(
      File.read(File.dirname(__FILE__)+"/../../../trusted_certs/NQ-SK_2016.pem.crt")
    )
  ]
end
certificate_valid?() click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 19
def certificate_valid?
  ### TODO: Currently not working, because of error "unable to get local issuer certificate" - same error in bash with openssl
  # cert_store = OpenSSL::X509::Store.new
  # cert_chain.each {|c| cert_store.add_cert(c) }
  # cert_store.add_dir(File.dirname(__FILE__)+"/../../../trusted_certs/")
  # cert_store.purpose = OpenSSL::X509::PURPOSE_ANY
  # OpenSSL::X509::Store.new.verify(@certificate) &&
  @certificate.not_before.to_date < Date.today && 
    @certificate.not_after.to_date > Date.today
end
validate_certificate!() click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 30
def validate_certificate!
  unless certificate_valid?
    raise SmartId::InvalidResponseCertificate
  end
end
validate_signature!() click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 47
def validate_signature!
  public_key = @certificate.public_key
  
  unless public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(@signature), @hash_data)
    raise SmartId::InvalidResponseSignature
  end
end