class CertValidator::CrlValidator

Attributes

ca[R]
certificate[R]
crl[W]
revoked_time[R]

Public Class Methods

new(cert, ca) click to toggle source
# File lib/cert_validator/crl_validator.rb, line 10
def initialize(cert, ca)
  @certificate = cert
  @ca = ca
end

Public Instance Methods

available?() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 15
def available?
  return true if has_crl_data?
  return false unless extractor.has_distribution_points?

  begin
    return false unless vivified_crl
  rescue OpenSSL::X509::CRLError
    return false
  end

  return true
end
crl() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 44
def crl
  return @crl if defined? @crl
  
  distribution_points = extractor.distribution_points
  distribution_points.first do |dp|
    @crl = fetch dp
  end
end
valid?() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 28
def valid?
  return false unless available?

  begin
    return false unless vivified_crl
  rescue OpenSSL::X509::CRLError
    return false
  end

  return false unless matches_ca?
  
  return false if revoked?

  return true
end

Private Instance Methods

extractor() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 58
def extractor
  @extractor ||= Extractor.new certificate
end
fetch(uri) click to toggle source
# File lib/cert_validator/crl_validator.rb, line 62
def fetch(uri)
  resp = Net::HTTP.get_response URI(uri)
  return resp.body if resp.code == 200

  return nil
end
has_crl_data?() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 54
def has_crl_data?
  !! crl
end
matches_ca?() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 88
def matches_ca?
  vivified_crl.verify ca.public_key
end
revoked?() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 79
def revoked?
  vivified_crl.revoked.find do |entry|
    entry.serial == certificate.serial
  end.tap do |entry|
    next if entry.nil?
    @revoked_time = entry.time
  end
end
vivified_crl() click to toggle source
# File lib/cert_validator/crl_validator.rb, line 69
def vivified_crl
  return @vivified_crl if defined? @vivified_crl

  if crl.is_a? OpenSSL::X509::CRL
    return @vivified_crl = crl
  else
    return @vivified_crl = OpenSSL::X509::CRL.new(crl)
  end
end