From d464704f111d211c1f1ff9ef23ef1d755054be00 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 15 Aug 2007 19:08:43 +0000
Subject: add tag v1_8_5_54

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_8_5_54@12952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ruby_1_8_5/sample/openssl/crlstore.rb | 122 ++++++++++++++++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 ruby_1_8_5/sample/openssl/crlstore.rb

(limited to 'ruby_1_8_5/sample/openssl/crlstore.rb')

diff --git a/ruby_1_8_5/sample/openssl/crlstore.rb b/ruby_1_8_5/sample/openssl/crlstore.rb
new file mode 100644
index 0000000000..b305913eb0
--- /dev/null
+++ b/ruby_1_8_5/sample/openssl/crlstore.rb
@@ -0,0 +1,122 @@
+begin
+  require 'http-access2'
+rescue LoadError
+  STDERR.puts("Cannot load http-access2.  CRL might not be fetched.")
+end
+require 'c_rehash'
+
+
+class CrlStore
+  def initialize(c_store)
+    @c_store = c_store
+    @c_store.hash_dir(true)
+  end
+
+  def find_crl(cert)
+    do_find_crl(cert)
+  end
+
+private
+
+  def do_find_crl(cert)
+    unless ca = find_ca(cert)
+      return nil
+    end
+    unless crlfiles = @c_store.get_crls(ca.subject)
+      if crl = renew_crl(cert, ca)
+	@c_store.add_crl(crl)
+	return crl
+      end
+      return nil
+    end
+    crlfiles.each do |crlfile|
+      next unless crl = load_crl(crlfile)
+      if crl.next_update < Time.now
+	if new_crl = renew_crl(cert, ca)
+	  @c_store.delete_crl(crl)
+	  @c_store.add_crl(new_crl)
+	  crl = new_crl
+	end
+      end
+      if check_valid(crl, ca)
+	return crl
+      end
+    end
+    nil
+  end
+
+  def find_ca(cert)
+    @c_store.get_certs(cert.issuer).each do |cafile|
+      ca = load_cert(cafile)
+      if cert.verify(ca.public_key)
+	return ca
+      end
+    end
+    nil
+  end
+
+  def fetch(location)
+    if /\AURI:(.*)\z/ =~ location
+      begin
+	c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY'])
+	c.get_content($1)
+      rescue NameError, StandardError
+	nil
+      end
+    else
+      nil
+    end
+  end
+
+  def load_cert(certfile)
+    load_cert_str(File.read(certfile))
+  end
+
+  def load_crl(crlfile)
+    load_crl_str(File.read(crlfile))
+  end
+
+  def load_cert_str(cert_str)
+    OpenSSL::X509::Certificate.new(cert_str)
+  end
+
+  def load_crl_str(crl_str)
+    OpenSSL::X509::CRL.new(crl_str)
+  end
+
+  def check_valid(crl, ca)
+    unless crl.verify(ca.public_key)
+      return false
+    end
+    crl.last_update <= Time.now
+  end
+
+  RE_CDP = /\AcrlDistributionPoints\z/
+  def get_cdp(cert)
+    if cdp_ext = cert.extensions.find { |ext| RE_CDP =~ ext.oid }
+      cdp_ext.value.chomp
+    else
+      false
+    end
+  end
+
+  def renew_crl(cert, ca)
+    if cdp = get_cdp(cert)
+      if new_crl_str = fetch(cdp)
+	new_crl = load_crl_str(new_crl_str)
+	if check_valid(new_crl, ca)
+	  return new_crl
+	end
+      end
+    end
+    false
+  end
+end
+
+if $0 == __FILE__
+  dir = "trust_certs"
+  c_store = CHashDir.new(dir)
+  s = CrlStore.new(c_store)
+  c = OpenSSL::X509::Certificate.new(File.read("cert_store/google_codesign.pem"))
+  p s.find_crl(c)
+end
-- 
cgit v1.2.3