class SSLTool::ChainResolution
Public Class Methods
new(original_chain, certificate_store)
click to toggle source
# File lib/ssltool/chain_resolution.rb, line 30 def initialize(original_chain, certificate_store) @original_chain = CertificateBundle.new(original_chain.uniq).freeze @certificate_store = certificate_store @domain_certs, @other_certs = @original_chain.partition(&:for_domain_name?) @original_chain.empty? and raise ZeroCertsChainResolutionError case @domain_certs.length when 1; # pass when 0; raise ZeroHeadsChainResolutionError else ; raise TooManyHeadsChainResolutionError.new(@domain_certs) end @base_cert = @domain_certs.first @ordered_chain = CertificateBundle.new(@base_cert.chain_from(@other_certs)).freeze @resolved_chain = CertificateBundle.new(@base_cert.chain_from(@certificate_store.combined_trusted_pool_set)) .take_while { |c| ! is_trusted_root? c } .freeze @unused_certs = CertificateBundle.new(@other_certs - @resolved_chain).freeze @domain_names = @base_cert.domain_names.freeze @originally_ordered = @original_chain == @ordered_chain @originally_trusted = @certificate_store.trust? @ordered_chain @ordered = true @trusted = @certificate_store.trust? @resolved_chain @self_signed_untrusted = @resolved_chain.last.self_signed? && !@trusted @recommended_chain = case \ when @originally_ordered && @originally_trusted ; @original_chain when @originally_trusted ; @ordered_chain else ; self end end
Public Instance Methods
is_trusted_root?(cert)
click to toggle source
# File lib/ssltool/chain_resolution.rb, line 24 def is_trusted_root? cert cert.certificate_authority? && cert.self_signed? && @certificate_store.trusted_pool.include?(cert) end