class CertValidator::CrlValidator
Attributes
ca[R]
certificate[R]
crl[W]
revoked_time[R]
Public Class Methods
new(cert, ca)
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 10 def initialize(cert, ca) @certificate = cert @ca = ca end
Public Instance Methods
available?()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 15 def available? return true if has_crl_data? return false unless extractor.has_distribution_points? begin return false unless vivified_crl rescue OpenSSL::X509::CRLError return false end return true end
crl()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 44 def crl return @crl if defined? @crl distribution_points = extractor.distribution_points distribution_points.first do |dp| @crl = fetch dp end end
valid?()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 28 def valid? return false unless available? begin return false unless vivified_crl rescue OpenSSL::X509::CRLError return false end return false unless matches_ca? return false if revoked? return true end
Private Instance Methods
extractor()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 58 def extractor @extractor ||= Extractor.new certificate end
fetch(uri)
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 62 def fetch(uri) resp = Net::HTTP.get_response URI(uri) return resp.body if resp.code == 200 return nil end
has_crl_data?()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 54 def has_crl_data? !! crl end
matches_ca?()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 88 def matches_ca? vivified_crl.verify ca.public_key end
revoked?()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 79 def revoked? vivified_crl.revoked.find do |entry| entry.serial == certificate.serial end.tap do |entry| next if entry.nil? @revoked_time = entry.time end end
vivified_crl()
click to toggle source
# File lib/cert_validator/crl_validator.rb, line 69 def vivified_crl return @vivified_crl if defined? @vivified_crl if crl.is_a? OpenSSL::X509::CRL return @vivified_crl = crl else return @vivified_crl = OpenSSL::X509::CRL.new(crl) end end