class SmartId::Utils::CertificateValidator
Public Class Methods
new(hash_data, signature, certificate)
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 9 def initialize(hash_data, signature, certificate) @hash_data = hash_data @signature = signature begin @certificate = certificate.cert rescue Exception debugger end end
validate!(hash_data, signature, certificate)
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 3 def self.validate!(hash_data, signature, certificate) obj = new(hash_data, signature, certificate) obj.validate_certificate! obj.validate_signature! end
Public Instance Methods
cert_chain()
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 36 def cert_chain [ OpenSSL::X509::Certificate.new( File.read(File.dirname(__FILE__)+"/../../../trusted_certs/EID-SK_2016.pem.crt") ), OpenSSL::X509::Certificate.new( File.read(File.dirname(__FILE__)+"/../../../trusted_certs/NQ-SK_2016.pem.crt") ) ] end
certificate_valid?()
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 19 def certificate_valid? ### TODO: Currently not working, because of error "unable to get local issuer certificate" - same error in bash with openssl # cert_store = OpenSSL::X509::Store.new # cert_chain.each {|c| cert_store.add_cert(c) } # cert_store.add_dir(File.dirname(__FILE__)+"/../../../trusted_certs/") # cert_store.purpose = OpenSSL::X509::PURPOSE_ANY # OpenSSL::X509::Store.new.verify(@certificate) && @certificate.not_before.to_date < Date.today && @certificate.not_after.to_date > Date.today end
validate_certificate!()
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 30 def validate_certificate! unless certificate_valid? raise SmartId::InvalidResponseCertificate end end
validate_signature!()
click to toggle source
# File lib/smart_id/utils/certificate_validator.rb, line 47 def validate_signature! public_key = @certificate.public_key unless public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(@signature), @hash_data) raise SmartId::InvalidResponseSignature end end