diff options
Diffstat (limited to 'sample/openssl')
| -rw-r--r-- | sample/openssl/c_rehash.rb | 38 | ||||
| -rw-r--r-- | sample/openssl/certstore.rb | 52 | ||||
| -rw-r--r-- | sample/openssl/crlstore.rb | 32 |
3 files changed, 61 insertions, 61 deletions
diff --git a/sample/openssl/c_rehash.rb b/sample/openssl/c_rehash.rb index afbb654517..cd6c9d5fd4 100644 --- a/sample/openssl/c_rehash.rb +++ b/sample/openssl/c_rehash.rb @@ -54,13 +54,13 @@ class CHashDir OpenSSL::X509::Certificate.new(str) rescue begin - OpenSSL::X509::CRL.new(str) + OpenSSL::X509::CRL.new(str) rescue - begin - OpenSSL::X509::Request.new(str) - rescue - nil - end + begin + OpenSSL::X509::Request.new(str) + rescue + nil + end end end end @@ -75,15 +75,15 @@ private Dir.chdir(@dirpath) do delete_symlink Dir.glob('*.pem') do |pemfile| - cert = load_pem_file(pemfile) - case cert - when OpenSSL::X509::Certificate - link_hash_cert(pemfile, cert) - when OpenSSL::X509::CRL - link_hash_crl(pemfile, cert) - else - STDERR.puts("WARNING: #{pemfile} does not contain a certificate or CRL: skipping") unless @silent - end + cert = load_pem_file(pemfile) + case cert + when OpenSSL::X509::Certificate + link_hash_cert(pemfile, cert) + when OpenSSL::X509::CRL + link_hash_crl(pemfile, cert) + else + STDERR.puts("WARNING: #{pemfile} does not contain a certificate or CRL: skipping") unless @silent + end end end end @@ -103,7 +103,7 @@ private } unless filepath unless @silent - STDERR.puts("WARNING: Skipping duplicate certificate #{org_filename}") + STDERR.puts("WARNING: Skipping duplicate certificate #{org_filename}") end else (@cert_cache[name_hash] ||= []) << path(filepath) @@ -118,7 +118,7 @@ private } unless filepath unless @silent - STDERR.puts("WARNING: Skipping duplicate CRL #{org_filename}") + STDERR.puts("WARNING: Skipping duplicate CRL #{org_filename}") end else (@crl_cache[name_hash] ||= []) << path(filepath) @@ -132,7 +132,7 @@ private filepath = yield(idx) break unless FileTest.symlink?(filepath) or FileTest.exist?(filepath) if @fingerprint_cache[filepath] == fingerprint - return false + return false end idx += 1 end @@ -147,7 +147,7 @@ private File.symlink(from, to) rescue File.open(to, "w") do |f| - f << File.read(from) + f << File.read(from) end end end diff --git a/sample/openssl/certstore.rb b/sample/openssl/certstore.rb index c0bc21bcbb..c6e8f816bc 100644 --- a/sample/openssl/certstore.rb +++ b/sample/openssl/certstore.rb @@ -76,27 +76,27 @@ private result = @x509store.verify(cert) do |ok, ctx| cert = ctx.current_cert if ctx.current_crl - crl_map[cert.subject] = true + crl_map[cert.subject] = true end if ok - if !ctx.current_crl - if crl = @crl_store.find_crl(cert) - crl_map[cert.subject] = true - if crl.revoked.find { |revoked| revoked.serial == cert.serial } - ok = false - error_string = 'certification revoked' - end - end - end + if !ctx.current_crl + if crl = @crl_store.find_crl(cert) + crl_map[cert.subject] = true + if crl.revoked.find { |revoked| revoked.serial == cert.serial } + ok = false + error_string = 'certification revoked' + end + end + end end error_map[cert.subject] = error_string if error_string ok end error = if result - nil - else - error_map[cert.subject] || @x509store.error_string - end + nil + else + error_map[cert.subject] || @x509store.error_string + end return error, crl_map end @@ -105,13 +105,13 @@ private cert = generate_cert(certfile) case guess_cert_type(cert) when CERT_TYPE_SELF_SIGNED - @self_signed_ca << cert + @self_signed_ca << cert when CERT_TYPE_OTHER - @other_ca << cert + @other_ca << cert when CERT_TYPE_EE - @ee << cert + @ee << cert else - raise "Unknown cert type." + raise "Unknown cert type." end end @c_store.get_crls.each do |crlfile| @@ -128,21 +128,21 @@ private # Ignores criticality of extensions. It's 'guess'ing. case ext.oid when 'basicConstraints' - /CA:(TRUE|FALSE), pathlen:(\d+)/ =~ ext.value - ca = ($1 == 'TRUE') unless ca + /CA:(TRUE|FALSE), pathlen:(\d+)/ =~ ext.value + ca = ($1 == 'TRUE') unless ca when 'keyUsage' - usage = ext.value.split(/\s*,\s*/) - ca = usage.include?('Certificate Sign') unless ca + usage = ext.value.split(/\s*,\s*/) + ca = usage.include?('Certificate Sign') unless ca when 'nsCertType' - usage = ext.value.split(/\s*,\s*/) - ca = usage.include?('SSL CA') unless ca + usage = ext.value.split(/\s*,\s*/) + ca = usage.include?('SSL CA') unless ca end end if ca if self_signed - CERT_TYPE_SELF_SIGNED + CERT_TYPE_SELF_SIGNED else - CERT_TYPE_OTHER + CERT_TYPE_OTHER end else CERT_TYPE_EE diff --git a/sample/openssl/crlstore.rb b/sample/openssl/crlstore.rb index b305913eb0..e3a592567c 100644 --- a/sample/openssl/crlstore.rb +++ b/sample/openssl/crlstore.rb @@ -24,22 +24,22 @@ private end unless crlfiles = @c_store.get_crls(ca.subject) if crl = renew_crl(cert, ca) - @c_store.add_crl(crl) - return crl + @c_store.add_crl(crl) + return crl end return nil end crlfiles.each do |crlfile| next unless crl = load_crl(crlfile) if crl.next_update < Time.now - if new_crl = renew_crl(cert, ca) - @c_store.delete_crl(crl) - @c_store.add_crl(new_crl) - crl = new_crl - end + if new_crl = renew_crl(cert, ca) + @c_store.delete_crl(crl) + @c_store.add_crl(new_crl) + crl = new_crl + end end if check_valid(crl, ca) - return crl + return crl end end nil @@ -49,7 +49,7 @@ private @c_store.get_certs(cert.issuer).each do |cafile| ca = load_cert(cafile) if cert.verify(ca.public_key) - return ca + return ca end end nil @@ -58,10 +58,10 @@ private def fetch(location) if /\AURI:(.*)\z/ =~ location begin - c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY']) - c.get_content($1) + c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY']) + c.get_content($1) rescue NameError, StandardError - nil + nil end else nil @@ -103,10 +103,10 @@ private def renew_crl(cert, ca) if cdp = get_cdp(cert) if new_crl_str = fetch(cdp) - new_crl = load_crl_str(new_crl_str) - if check_valid(new_crl, ca) - return new_crl - end + new_crl = load_crl_str(new_crl_str) + if check_valid(new_crl, ca) + return new_crl + end end end false |