module Conjur::CertUtils
Constants
- CERT_RE
Public Class Methods
add_chained_cert(store, chained_cert)
click to toggle source
Add a certificate to a given store. If the certificate has more than one certificate in its chain, it will be parsed and added to the store one by one. This is done because ‘OpenSSL::X509::Store.new.add_cert` adds only the intermediate certificate to the store.
# File lib/conjur/cert_utils.rb, line 52 def add_chained_cert store, chained_cert parse_certs(chained_cert).each do |cert| begin store.add_cert cert rescue OpenSSL::X509::StoreError => ex raise unless ex.message == 'cert already in hash table' end end end
parse_certs(certs)
click to toggle source
Parse X509 DER-encoded certificates from a string @param certs [String] certificate(s) to parse in DER form @return [Array<OpenSSL::X509::Certificate>] certificates contained in the string
# File lib/conjur/cert_utils.rb, line 32 def parse_certs certs # fix any mangled namespace certs = certs.gsub /\s+/, "\n" certs.gsub! "-----BEGIN\nCERTIFICATE-----", '-----BEGIN CERTIFICATE-----' certs.gsub! "-----END\nCERTIFICATE-----", '-----END CERTIFICATE-----' certs += "\n" unless certs[-1] == "\n" certs.scan(CERT_RE).map do |cert| begin OpenSSL::X509::Certificate.new cert rescue OpenSSL::X509::CertificateError => exn raise exn, "Invalid certificate:\n#{cert} (#{exn.message})" end end end