class Rails::Auth::X509::Certificate
X.509 client certificates obtained from HTTP requests
Attributes
certificate[R]
Public Class Methods
new(certificate)
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 10 def initialize(certificate) unless certificate.is_a?(OpenSSL::X509::Certificate) raise TypeError, "expecting OpenSSL::X509::Certificate, got #{certificate.class}" end @certificate = certificate.freeze @subject = {} @certificate.subject.to_a.each do |name, data, _type| @subject[name.freeze] = data.freeze end @subject_alt_names = SubjectAltNameExtension.new(certificate) @subject_alt_names.freeze @subject.freeze end
Public Instance Methods
==(other)
click to toggle source
Compare ourself to another object by ensuring that it has the same type and that its certificate pem is the same as ours
# File lib/rails/auth/x509/certificate.rb, line 81 def ==(other) other.is_a?(self.class) && other.certificate.to_der == certificate.to_der end
Also aliased as: eql?
[](component)
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 26 def [](component) @subject[component.to_s.upcase] end
attributes()
click to toggle source
Generates inspectable attributes for debugging
@return [Hash] hash containing parts of the certificate subject (cn, ou)
and subject alternative name extension (uris, dns_names) as well as SPIFFE ID (spiffe_id), which is just a convenience since those are already included in the uris
# File lib/rails/auth/x509/certificate.rb, line 68 def attributes { cn: cn, dns_names: dns_names, ips: ips, ou: ou, spiffe_id: spiffe_id, uris: uris }.reject { |_, v| v.nil? || v.empty? } end
cn()
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 30 def cn @subject["CN"] end
Also aliased as: common_name
dns_names()
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 35 def dns_names @subject_alt_names.dns_names end
ips()
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 39 def ips @subject_alt_names.ips end
ou()
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 43 def ou @subject["OU"] end
Also aliased as: organizational_unit
spiffe_id()
click to toggle source
According to the SPIFFE standard only one SPIFFE ID can exist in the URI SAN: (github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md#2-spiffe-id)
@return [String, nil] string containing SPIFFE ID if one is present
in the certificate
# File lib/rails/auth/x509/certificate.rb, line 58 def spiffe_id uris.detect { |uri| uri.start_with?("spiffe://") } end
uris()
click to toggle source
# File lib/rails/auth/x509/certificate.rb, line 48 def uris @subject_alt_names.uris end