Class: JWT::X5cKeyFinder

Inherits:
Object
  • Object
show all
Defined in:
lib/jwt/x5c_key_finder.rb

Overview

If the x5c header certificate chain can be validated by trusted root certificates, and none of the certificates are revoked, returns the public key from the first certificate. See tools.ietf.org/html/rfc7515#section-4.1.6

Instance Method Summary collapse

Constructor Details

#initialize(root_certificates, crls = nil) ⇒ X5cKeyFinder

Returns a new instance of X5cKeyFinder.

Raises:

  • (ArgumentError)


9
10
11
12
13
# File 'lib/jwt/x5c_key_finder.rb', line 9

def initialize(root_certificates, crls = nil)
  raise ArgumentError, 'Root certificates must be specified' unless root_certificates

  @store = build_store(root_certificates, crls)
end

Instance Method Details

#from(x5c_header_or_certificates) ⇒ Object



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/jwt/x5c_key_finder.rb', line 15

def from(x5c_header_or_certificates)
  signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
  store_context = OpenSSL::X509::StoreContext.new(@store, signing_certificate, certificate_chain)

  if store_context.verify
    signing_certificate.public_key
  else
    error = "Certificate verification failed: #{store_context.error_string}."
    if (current_cert = store_context.current_cert)
      error = "#{error} Certificate subject: #{current_cert.subject}."
    end

    raise JWT::VerificationError, error
  end
end