module Conjur::CertUtils

Constants

CERT_RE

Public Class Methods

add_chained_cert(store, chained_cert) click to toggle source

Add a certificate to a given store. If the certificate has more than one certificate in its chain, it will be parsed and added to the store one by one. This is done because ‘OpenSSL::X509::Store.new.add_cert` adds only the intermediate certificate to the store.

# File lib/conjur/cert_utils.rb, line 52
def add_chained_cert store, chained_cert
  parse_certs(chained_cert).each do |cert|
    begin
      store.add_cert cert
    rescue OpenSSL::X509::StoreError => ex
      raise unless ex.message == 'cert already in hash table'
    end
  end
end
parse_certs(certs) click to toggle source

Parse X509 DER-encoded certificates from a string @param certs [String] certificate(s) to parse in DER form @return [Array<OpenSSL::X509::Certificate>] certificates contained in the string

# File lib/conjur/cert_utils.rb, line 32
def parse_certs certs
  # fix any mangled namespace
  certs = certs.gsub /\s+/, "\n"
  certs.gsub! "-----BEGIN\nCERTIFICATE-----", '-----BEGIN CERTIFICATE-----'
  certs.gsub! "-----END\nCERTIFICATE-----", '-----END CERTIFICATE-----'
  certs += "\n" unless certs[-1] == "\n"

  certs.scan(CERT_RE).map do |cert|
    begin
      OpenSSL::X509::Certificate.new cert
    rescue OpenSSL::X509::CertificateError => exn
      raise exn, "Invalid certificate:\n#{cert} (#{exn.message})"
    end
  end
end