require 'c_rehash' require 'crlstore' class CertStore include OpenSSL include X509 attr_reader :self_signed_ca attr_reader :other_ca attr_reader :ee attr_reader :crl attr_reader :request def initialize(certs_dir) @certs_dir = certs_dir @c_store = CHashDir.new(@certs_dir) @c_store.hash_dir(true) @crl_store = CrlStore.new(@c_store) @x509store = Store.new @self_signed_ca = @other_ca = @ee = @crl = nil # Uncomment this line to let OpenSSL to check CRL for each certs. # @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL add_path scan_certs end def generate_cert(filename) @c_store.load_pem_file(filename) end def verify(cert) error, crl_map = do_verify(cert) if error [[false, cert, crl_map[cert.subject], error]] else @x509store.chain.collect { |c| [true, c, crl_map[c.subject], nil] } end end def match_cert(cert1, cert2) (cert1.issuer.cmp(cert2.issuer) == 0) and cert1.serial == cert2.serial end def is_ca?(cert) case guess_cert_type(cert) when CERT_TYPE_SELF_SIGNED true when CERT_TYPE_OTHER true else false end end def scan_certs @self_signed_ca = [] @other_ca = [] @ee = [] @crl = [] @request = [] load_certs end private def add_path @x509store.add_path(@certs_dir) end def do_verify(cert) error_map = {} crl_map = {} result = @x509store.verify(cert) do |ok, ctx| cert = ctx.current_cert if ctx.current_crl crl_map[cert.subject] = true end if ok if !ctx.current_crl if crl = @crl_store.find_crl(cert) crl_map[cert.subject] = true if crl.revoked.find { |revoked| revoked.serial == cert.serial } ok = false error_string = 'certification revoked' end end end end error_map[cert.subject] = error_string if error_string ok end error = if result nil else error_map[cert.subject] || @x509store.error_string end return error, crl_map end def load_certs @c_store.get_certs.each do |certfile| cert = generate_cert(certfile) case guess_cert_type(cert) when CERT_TYPE_SELF_SIGNED @self_signed_ca << cert when CERT_TYPE_OTHER @other_ca << cert when CERT_TYPE_EE @ee << cert else raise "Unknown cert type." end end @c_store.get_crls.each do |crlfile| @crl << generate_cert(crlfile) end end CERT_TYPE_SELF_SIGNED = 0 CERT_TYPE_OTHER = 1 CERT_TYPE_EE = 2 def guess_cert_type(cert) ca = self_signed = is_cert_self_signed(cert) cert.extensions.each do |ext| # Ignores criticality of extensions. It's 'guess'ing. case ext.oid when 'basicConstraints' /CA:(TRUE|FALSE), pathlen:(\d+)/ =~ ext.value ca = ($1 == 'TRUE') unless ca when 'keyUsage' usage = ext.value.split(/\s*,\s*/) ca = usage.include?('Certificate Sign') unless ca when 'nsCertType' usage = ext.value.split(/\s*,\s*/) ca = usage.include?('SSL CA') unless ca end end if ca if self_signed CERT_TYPE_SELF_SIGNED else CERT_TYPE_OTHER end else CERT_TYPE_EE end end def is_cert_self_signed(cert) # cert.subject.cmp(cert.issuer) == 0 cert.subject.to_s == cert.issuer.to_s end end if $0 == __FILE__ c = CertStore.new("trust_certs") end ruby.git/log/prelude.rb?h=v1_8_5_90&id=60e19a0b5fc9c067ee88751192dc56da618f5060&showmsg=1'>Expand)Author 2023-03-08Fix ruby_testoptions on RubyCITakashi Kokubun 2022-02-18Make Set a builtin feature [Feature #16989]Akinori MUSHA 2020-08-31Thread.exclusive: delete卜部昌平 2019-11-08Define IO#read/write_nonblock with builtins.Koichi Sasada 2019-11-08use builtin for TracePoint.Koichi Sasada 2019-10-12Use `warn` with `uplevel:` instead of `caller`Kazuhiro NISHIYAMA 2019-07-23Document that non-blocking mode isn't always supported on Windows [ci skip]Jesús Burgos Maciá 2019-06-30[DOC] update target_thread to TracePoint#enableNobuyoshi Nakada 2019-05-04Fix typos, grammar, and styleMarcus Stollsteimer 2019-03-20Improve TracePoint docs.hsbt 2018-12-29`TracePoint#enable(target_thraed:)` [Feature #15473]ko1 2018-11-26`TracePoint#enable(target_line:)` is supported. [Feature #15289]ko1 2018-11-26Support targetting TracePoint [Feature #15289]ko1 2018-10-26Do not :stopdoc: entire classes/modulesnobu 2018-10-11prelude.rb (Kernel#pp): make it privatemame 2018-01-07prelude.rb: eliminate a private constantnobu 2017-12-25prelude.rb: block passingnobu 2017-12-14prelude.rb: remove duplicate rdocnobu 2017-12-01prelude.rb: suppress redefinition warningsnobu 2017-11-30prelude.rb (Kernel#pp): Fix a delegation bugmame 2017-11-30prelude.rb: Add Kernel#pp, a trigger for lib/pp.rbmame 2017-02-23Revert r57690 except for read_nonblocknobu 2017-02-23[DOC] mark up literalsnobu 2017-02-23[DOC] keyword argument _exception_nobu 2017-02-23[DOC] {read,write}_nonblock with exception: falsenobu 2017-01-06prelude.rb: Binding#irb [ci skip]nobu 2016-12-07fix typo in `IO#write_nonblock` example [ci skip]kazu 2016-08-30Use qualified namesnobu 2015-12-07add missing options to call-seq of IO#read_nonblockkazu 2015-11-13prelude.rb: deprecate Thread.exclusivenobu 2015-11-12io.c: avoid kwarg parsing in C APInormal 2014-04-17* prelude.rb: [DOC] Update Thread::exclusive docs by @stevenharman.hsbt 2012-11-19* prelude.rb: Moved Mutex#synchronize tokosaki 2011-05-15* remove trailing spaces.nobu 2010-04-10Fix :nodoc: definition. [ruby-dev:40949]naruse 2010-03-29* prelude.rb, .document: Stuff in prelude.rb should be documentedknu 2010-03-16* compile.c, iseq.c, ruby.c, vm.c, vm_core.h, vm_eval.c: add absolutemame 2010-01-12* prelude.rb (require_relative): use File.realpath. [ruby-dev:40040]akr 2009-10-16* prelude.rb (require_relative): defined as a module function ofakr 2008-04-12* prelude.rb (require_relative): move require_relative frommatz 2008-01-10* prelude.rb (Mutex::synchronize): capture exception from unlock.matz 2007-08-27* thread.c: fix Mutex to be interruptable lock.ko1 2007-08-25* prelude.rb: add Thread.exclusive. This class methodko1 2007-08-24* prelude.rb: fix Mutex#synchronize definition.ko1 2007-08-24* prelude.rb: added. run this script on startup.ko1