pki_express 1.3.0 → 1.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitattributes +2 -2
- data/.github/workflows/test.yml +22 -0
- data/.gitignore +27 -27
- data/.rspec +1 -0
- data/CHANGELOG.md +19 -12
- data/Gemfile +9 -4
- data/README.md +24 -24
- data/Rakefile +7 -1
- data/lib/pki_express/auth_complete_result.rb +21 -21
- data/lib/pki_express/auth_start_result.rb +76 -76
- data/lib/pki_express/authentication.rb +284 -284
- data/lib/pki_express/base_signer.rb +54 -54
- data/lib/pki_express/cades_signature.rb +89 -89
- data/lib/pki_express/cades_signature_starter.rb +242 -242
- data/lib/pki_express/check_service_result.rb +15 -15
- data/lib/pki_express/command_error.rb +13 -13
- data/lib/pki_express/commands.rb +24 -24
- data/lib/pki_express/digest_algorithm.rb +118 -118
- data/lib/pki_express/digest_algorithm_and_value.rb +30 -30
- data/lib/pki_express/discovery_service_result.rb +25 -25
- data/lib/pki_express/enum.rb +9 -9
- data/lib/pki_express/error_codes.rb +46 -46
- data/lib/pki_express/installation_not_found_error.rb +8 -8
- data/lib/pki_express/name.rb +47 -47
- data/lib/pki_express/oids.rb +30 -30
- data/lib/pki_express/pades_certification_level.rb +7 -7
- data/lib/pki_express/pades_horizontal_align.rb +9 -9
- data/lib/pki_express/pades_measurement_units.rb +8 -8
- data/lib/pki_express/pades_page_optimization.rb +50 -50
- data/lib/pki_express/pades_page_orientation.rb +9 -9
- data/lib/pki_express/pades_paper_size.rb +21 -21
- data/lib/pki_express/pades_signature.rb +16 -16
- data/lib/pki_express/pades_signature_explorer.rb +30 -30
- data/lib/pki_express/pades_signature_starter.rb +251 -251
- data/lib/pki_express/pades_signer.rb +274 -274
- data/lib/pki_express/pades_signer_info.rb +9 -9
- data/lib/pki_express/pades_size.rb +17 -17
- data/lib/pki_express/pades_text_horizontal_align.rb +8 -8
- data/lib/pki_express/pades_vertical_align.rb +9 -9
- data/lib/pki_express/pades_visual_auto_positioning.rb +21 -21
- data/lib/pki_express/pades_visual_image.rb +51 -51
- data/lib/pki_express/pades_visual_manual_positioning.rb +16 -16
- data/lib/pki_express/pades_visual_positioning.rb +27 -27
- data/lib/pki_express/pades_visual_rectangle.rb +74 -74
- data/lib/pki_express/pades_visual_representation.rb +22 -22
- data/lib/pki_express/pades_visual_text.rb +35 -35
- data/lib/pki_express/pk_algorithms.rb +157 -157
- data/lib/pki_express/pk_certificate.rb +61 -61
- data/lib/pki_express/pki_brazil_certificate_fields.rb +57 -57
- data/lib/pki_express/pki_brazil_certificate_types.rb +19 -19
- data/lib/pki_express/pki_express_config.rb +39 -26
- data/lib/pki_express/pki_express_operator.rb +240 -234
- data/lib/pki_express/pki_italy_certificate_fields.rb +15 -15
- data/lib/pki_express/pki_italy_certificate_types.rb +11 -11
- data/lib/pki_express/signature_algorithm_and_value.rb +34 -34
- data/lib/pki_express/signature_explorer.rb +74 -74
- data/lib/pki_express/signature_finisher.rb +314 -314
- data/lib/pki_express/signature_policy_identifier.rb +20 -20
- data/lib/pki_express/signature_start_result.rb +12 -12
- data/lib/pki_express/signature_starter.rb +116 -116
- data/lib/pki_express/signer.rb +151 -151
- data/lib/pki_express/standard_signature_policies.rb +58 -58
- data/lib/pki_express/timestamp_authority.rb +50 -50
- data/lib/pki_express/trust_service_auth_parameters.rb +20 -20
- data/lib/pki_express/trust_service_info.rb +37 -37
- data/lib/pki_express/trust_service_manager.rb +258 -258
- data/lib/pki_express/trust_service_session_result.rb +29 -29
- data/lib/pki_express/trust_service_session_types.rb +7 -7
- data/lib/pki_express/tsa_authentication_type.rb +14 -14
- data/lib/pki_express/validation_error.rb +8 -8
- data/lib/pki_express/validation_item.rb +43 -43
- data/lib/pki_express/validation_item_types.rb +103 -103
- data/lib/pki_express/validation_results.rb +120 -120
- data/lib/pki_express/version.rb +3 -3
- data/lib/pki_express/version_manager.rb +20 -20
- data/lib/pki_express.rb +69 -69
- data/pki_express.gemspec +26 -26
- data/spec/pki_express/pki_express_config_spec.rb +73 -0
- data/spec/pki_express/pki_express_operator_spec.rb +31 -0
- data/spec/spec_helper.rb +13 -0
- metadata +17 -9
|
@@ -1,44 +1,44 @@
|
|
|
1
|
-
module PkiExpress
|
|
2
|
-
|
|
3
|
-
class ValidationItem
|
|
4
|
-
attr_accessor :type, :message, :detail, :inner_validation_results
|
|
5
|
-
|
|
6
|
-
def initialize(model)
|
|
7
|
-
@type = nil
|
|
8
|
-
@message = nil
|
|
9
|
-
@detail = nil
|
|
10
|
-
@inner_validation_results = nil
|
|
11
|
-
|
|
12
|
-
if model
|
|
13
|
-
@type = model.fetch(:type)
|
|
14
|
-
@message = model.fetch(:message)
|
|
15
|
-
@detail = model.fetch(:detail)
|
|
16
|
-
|
|
17
|
-
inner_validation_results = model.fetch(:innerValidationResults)
|
|
18
|
-
if inner_validation_results
|
|
19
|
-
@inner_validation_results = ValidationResults.new(inner_validation_results)
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def to_str(indentation_level=0)
|
|
25
|
-
to_s(indentation_level)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def to_s(indentation_level=0)
|
|
29
|
-
tab = "\t" * indentation_level
|
|
30
|
-
text = tab + @message
|
|
31
|
-
if @detail
|
|
32
|
-
text += " (#{@detail})"
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
if @inner_validation_results
|
|
36
|
-
text += "\n"
|
|
37
|
-
text += @inner_validation_results.to_s(indentation_level + 1)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
text
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
|
|
1
|
+
module PkiExpress
|
|
2
|
+
|
|
3
|
+
class ValidationItem
|
|
4
|
+
attr_accessor :type, :message, :detail, :inner_validation_results
|
|
5
|
+
|
|
6
|
+
def initialize(model)
|
|
7
|
+
@type = nil
|
|
8
|
+
@message = nil
|
|
9
|
+
@detail = nil
|
|
10
|
+
@inner_validation_results = nil
|
|
11
|
+
|
|
12
|
+
if model
|
|
13
|
+
@type = model.fetch(:type)
|
|
14
|
+
@message = model.fetch(:message)
|
|
15
|
+
@detail = model.fetch(:detail)
|
|
16
|
+
|
|
17
|
+
inner_validation_results = model.fetch(:innerValidationResults)
|
|
18
|
+
if inner_validation_results
|
|
19
|
+
@inner_validation_results = ValidationResults.new(inner_validation_results)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def to_str(indentation_level=0)
|
|
25
|
+
to_s(indentation_level)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def to_s(indentation_level=0)
|
|
29
|
+
tab = "\t" * indentation_level
|
|
30
|
+
text = tab + @message
|
|
31
|
+
if @detail
|
|
32
|
+
text += " (#{@detail})"
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
if @inner_validation_results
|
|
36
|
+
text += "\n"
|
|
37
|
+
text += @inner_validation_results.to_s(indentation_level + 1)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
text
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
44
|
end
|
|
@@ -1,103 +1,103 @@
|
|
|
1
|
-
module PkiExpress
|
|
2
|
-
class ValidationItemTypes < Enum
|
|
3
|
-
SUCCESS = 'Success'
|
|
4
|
-
CERTIFICATE_NOT_YET_VALID = 'CertificateNotYetValid'
|
|
5
|
-
CERTIFICATE_EXPIRED = 'CertificateExpired'
|
|
6
|
-
CERTIFICATE_REVOKED = 'CertificateRevoked'
|
|
7
|
-
CERTIFICATE_ISSUER_NOT_FOUND = 'CertificateIssuerNotFound'
|
|
8
|
-
CERTIFICATE_REVOCATION_STATUS_UNKNOWN = 'CertificateRevocationStatusUnknown'
|
|
9
|
-
CERTIFICATE_CHAIN_ROOT_NOT_TRUSTED = 'CertificateChainRootNotTrusted'
|
|
10
|
-
INVALID_CERTIFICATE_SIGNATURE = 'InvalidCertificateSignature'
|
|
11
|
-
DECODE_ERROR = 'DecodeError'
|
|
12
|
-
REQUIRED_SIGNED_ATTRIBUTE_MISSING = 'RequiredSignedAttributeMissing'
|
|
13
|
-
FORBIDDEN_SIGNED_ATTRIBUTE_PRESENT = 'ForbiddenSignedAttributePresent'
|
|
14
|
-
REQUIRED_UNSIGNED_ATTRIBUTE_MISSING = 'RequiredUnsignedAttributeMissing'
|
|
15
|
-
FORBIDDEN_UNSIGNED_ATTRIBUTE_PRESENT = 'ForbiddenUnsignedAttributePresent'
|
|
16
|
-
CONTENT_TYPE_MISMATCH = 'ContentTypeMismatch'
|
|
17
|
-
MESSAGE_DIGEST_MISMATCH = 'MessageDigestMismatch'
|
|
18
|
-
SIGNING_CERTIFICATE_DIGEST_MISMATCH = 'SigningCertificateDigestMismatch'
|
|
19
|
-
SIGNATURE_ALGORITHM_VALIDATION_FAILED = 'SignatureAlgorithmValidationFailed'
|
|
20
|
-
REVOCATION_DATA_ISSUED_BEFORE_GRACE_PERIOD = 'RevocationDataIssuedBeforeGracePeriod'
|
|
21
|
-
UNCERTIFIED_DATE_REFERENCE = 'UncertifiedDateReference'
|
|
22
|
-
SIGNATURE_POLICY_MISMATCH = 'SignaturePolicyMismatch'
|
|
23
|
-
SIGNING_TIME_OUT_OF_CERTIFICATE_VALIDITY = 'SigningTimeOutOfCertificateValidity'
|
|
24
|
-
UNKNOWN_SIGNED_ATTRIBUTES_PRESENT = 'UnknownSignedAttributesPresent'
|
|
25
|
-
UNKNOWN_UNSIGNED_ATTRIBUTES_PRESENT = 'UnknownUnsignedAttributesPresent'
|
|
26
|
-
TIMESTAMP_WITH_MORE_THAN_ONE_SIGNED = 'TimestampWithMoreThanOneSigned'
|
|
27
|
-
TIMESTAMP_MESSAGE_IMPRINT_MISMATCH = 'TimestampMessageImprintMismatch'
|
|
28
|
-
TIMESTAMP_VALIDATION_EXCEPTION = 'TimestampValidationException'
|
|
29
|
-
COMPLETE_REFERENCES_MISMATCH = 'CompleteReferencesMismatch'
|
|
30
|
-
INVALID_SIGNATURE_TIMESTAMP = 'InvalidSignatureTimestamp'
|
|
31
|
-
INVALID_REFERENCES_TIMESTAMP = 'InvalidReferencesTimestamp'
|
|
32
|
-
INVALID_ARCHIVE_TIMESTAMP = 'InvalidArchiveTimestamp'
|
|
33
|
-
INVALID_KEY_USAGE = 'InvalidKeyUsage'
|
|
34
|
-
INVALID_OCSP_RESPONSE = 'InvalidOcspResponse'
|
|
35
|
-
UNAUTHORIZED_ISSUER = 'UnauthorizedIssuer'
|
|
36
|
-
UNKNOWN_ROOT_TRUST_STATUS = 'UnknownRootTrustStatus'
|
|
37
|
-
INVALID_TSL = 'InvalidTsl'
|
|
38
|
-
INVALID_CRL = 'InvalidCrl'
|
|
39
|
-
CERTIFICATE_ISSUER_VALID = 'CertificateIssuerValid'
|
|
40
|
-
CERTIFICATE_ISSUER_INVALID = 'CertificateIssuerInvalid'
|
|
41
|
-
CERTIFICATE_VALIDATION_FAILED = 'CertificateValidationFailed'
|
|
42
|
-
SIGNATURE_VULNERABLE_TO_SIGNER_SUBSTITUTION = 'SignatureVulnerableToSignerSubstitution'
|
|
43
|
-
INVALID_XML_SIGNATURE_SCHEME = 'InvalidXmlSignatureScheme'
|
|
44
|
-
XML_DSIG_CORE_VALIDATION_FAILED = 'XmlDSigCoreValidationFailed'
|
|
45
|
-
SIGNATURE_TIMESTAMP_IGNORED = 'SignatureTimestampIgnored'
|
|
46
|
-
INVALID_CERTIFICATION_PATH_LEN = 'InvalidCertificationPathLen'
|
|
47
|
-
SIGNING_CERTIFICATE_NOT_FOUND = 'SigningCertificateNotFound'
|
|
48
|
-
UNAUTHORIZED_AC_ISSUER = 'UnauthorizedACIssuer'
|
|
49
|
-
ALGORITHM_NOT_ALLOWED = 'AlgorithmNotAllowed'
|
|
50
|
-
UNACCEPTABLE_SIGNATURE_POLICY = 'UnacceptableSignaturePolicy'
|
|
51
|
-
|
|
52
|
-
VALUES = [
|
|
53
|
-
SUCCESS,
|
|
54
|
-
CERTIFICATE_NOT_YET_VALID,
|
|
55
|
-
CERTIFICATE_EXPIRED,
|
|
56
|
-
CERTIFICATE_REVOKED,
|
|
57
|
-
CERTIFICATE_ISSUER_NOT_FOUND,
|
|
58
|
-
CERTIFICATE_REVOCATION_STATUS_UNKNOWN,
|
|
59
|
-
CERTIFICATE_CHAIN_ROOT_NOT_TRUSTED,
|
|
60
|
-
INVALID_CERTIFICATE_SIGNATURE,
|
|
61
|
-
DECODE_ERROR,
|
|
62
|
-
REQUIRED_SIGNED_ATTRIBUTE_MISSING,
|
|
63
|
-
FORBIDDEN_SIGNED_ATTRIBUTE_PRESENT,
|
|
64
|
-
REQUIRED_UNSIGNED_ATTRIBUTE_MISSING,
|
|
65
|
-
FORBIDDEN_UNSIGNED_ATTRIBUTE_PRESENT,
|
|
66
|
-
CONTENT_TYPE_MISMATCH,
|
|
67
|
-
MESSAGE_DIGEST_MISMATCH,
|
|
68
|
-
SIGNING_CERTIFICATE_DIGEST_MISMATCH,
|
|
69
|
-
SIGNATURE_ALGORITHM_VALIDATION_FAILED,
|
|
70
|
-
REVOCATION_DATA_ISSUED_BEFORE_GRACE_PERIOD,
|
|
71
|
-
UNCERTIFIED_DATE_REFERENCE,
|
|
72
|
-
SIGNATURE_POLICY_MISMATCH,
|
|
73
|
-
SIGNING_TIME_OUT_OF_CERTIFICATE_VALIDITY,
|
|
74
|
-
UNKNOWN_SIGNED_ATTRIBUTES_PRESENT,
|
|
75
|
-
UNKNOWN_UNSIGNED_ATTRIBUTES_PRESENT,
|
|
76
|
-
TIMESTAMP_WITH_MORE_THAN_ONE_SIGNED,
|
|
77
|
-
TIMESTAMP_MESSAGE_IMPRINT_MISMATCH,
|
|
78
|
-
TIMESTAMP_VALIDATION_EXCEPTION,
|
|
79
|
-
COMPLETE_REFERENCES_MISMATCH,
|
|
80
|
-
INVALID_SIGNATURE_TIMESTAMP,
|
|
81
|
-
INVALID_REFERENCES_TIMESTAMP,
|
|
82
|
-
INVALID_ARCHIVE_TIMESTAMP,
|
|
83
|
-
INVALID_KEY_USAGE,
|
|
84
|
-
INVALID_OCSP_RESPONSE,
|
|
85
|
-
UNAUTHORIZED_ISSUER,
|
|
86
|
-
UNKNOWN_ROOT_TRUST_STATUS,
|
|
87
|
-
INVALID_TSL,
|
|
88
|
-
INVALID_CRL,
|
|
89
|
-
CERTIFICATE_ISSUER_VALID,
|
|
90
|
-
CERTIFICATE_ISSUER_INVALID,
|
|
91
|
-
CERTIFICATE_VALIDATION_FAILED,
|
|
92
|
-
SIGNATURE_VULNERABLE_TO_SIGNER_SUBSTITUTION,
|
|
93
|
-
INVALID_XML_SIGNATURE_SCHEME,
|
|
94
|
-
XML_DSIG_CORE_VALIDATION_FAILED,
|
|
95
|
-
SIGNATURE_TIMESTAMP_IGNORED,
|
|
96
|
-
INVALID_CERTIFICATION_PATH_LEN,
|
|
97
|
-
SIGNING_CERTIFICATE_NOT_FOUND,
|
|
98
|
-
UNAUTHORIZED_AC_ISSUER,
|
|
99
|
-
ALGORITHM_NOT_ALLOWED,
|
|
100
|
-
UNACCEPTABLE_SIGNATURE_POLICY
|
|
101
|
-
]
|
|
102
|
-
end
|
|
103
|
-
end
|
|
1
|
+
module PkiExpress
|
|
2
|
+
class ValidationItemTypes < Enum
|
|
3
|
+
SUCCESS = 'Success'
|
|
4
|
+
CERTIFICATE_NOT_YET_VALID = 'CertificateNotYetValid'
|
|
5
|
+
CERTIFICATE_EXPIRED = 'CertificateExpired'
|
|
6
|
+
CERTIFICATE_REVOKED = 'CertificateRevoked'
|
|
7
|
+
CERTIFICATE_ISSUER_NOT_FOUND = 'CertificateIssuerNotFound'
|
|
8
|
+
CERTIFICATE_REVOCATION_STATUS_UNKNOWN = 'CertificateRevocationStatusUnknown'
|
|
9
|
+
CERTIFICATE_CHAIN_ROOT_NOT_TRUSTED = 'CertificateChainRootNotTrusted'
|
|
10
|
+
INVALID_CERTIFICATE_SIGNATURE = 'InvalidCertificateSignature'
|
|
11
|
+
DECODE_ERROR = 'DecodeError'
|
|
12
|
+
REQUIRED_SIGNED_ATTRIBUTE_MISSING = 'RequiredSignedAttributeMissing'
|
|
13
|
+
FORBIDDEN_SIGNED_ATTRIBUTE_PRESENT = 'ForbiddenSignedAttributePresent'
|
|
14
|
+
REQUIRED_UNSIGNED_ATTRIBUTE_MISSING = 'RequiredUnsignedAttributeMissing'
|
|
15
|
+
FORBIDDEN_UNSIGNED_ATTRIBUTE_PRESENT = 'ForbiddenUnsignedAttributePresent'
|
|
16
|
+
CONTENT_TYPE_MISMATCH = 'ContentTypeMismatch'
|
|
17
|
+
MESSAGE_DIGEST_MISMATCH = 'MessageDigestMismatch'
|
|
18
|
+
SIGNING_CERTIFICATE_DIGEST_MISMATCH = 'SigningCertificateDigestMismatch'
|
|
19
|
+
SIGNATURE_ALGORITHM_VALIDATION_FAILED = 'SignatureAlgorithmValidationFailed'
|
|
20
|
+
REVOCATION_DATA_ISSUED_BEFORE_GRACE_PERIOD = 'RevocationDataIssuedBeforeGracePeriod'
|
|
21
|
+
UNCERTIFIED_DATE_REFERENCE = 'UncertifiedDateReference'
|
|
22
|
+
SIGNATURE_POLICY_MISMATCH = 'SignaturePolicyMismatch'
|
|
23
|
+
SIGNING_TIME_OUT_OF_CERTIFICATE_VALIDITY = 'SigningTimeOutOfCertificateValidity'
|
|
24
|
+
UNKNOWN_SIGNED_ATTRIBUTES_PRESENT = 'UnknownSignedAttributesPresent'
|
|
25
|
+
UNKNOWN_UNSIGNED_ATTRIBUTES_PRESENT = 'UnknownUnsignedAttributesPresent'
|
|
26
|
+
TIMESTAMP_WITH_MORE_THAN_ONE_SIGNED = 'TimestampWithMoreThanOneSigned'
|
|
27
|
+
TIMESTAMP_MESSAGE_IMPRINT_MISMATCH = 'TimestampMessageImprintMismatch'
|
|
28
|
+
TIMESTAMP_VALIDATION_EXCEPTION = 'TimestampValidationException'
|
|
29
|
+
COMPLETE_REFERENCES_MISMATCH = 'CompleteReferencesMismatch'
|
|
30
|
+
INVALID_SIGNATURE_TIMESTAMP = 'InvalidSignatureTimestamp'
|
|
31
|
+
INVALID_REFERENCES_TIMESTAMP = 'InvalidReferencesTimestamp'
|
|
32
|
+
INVALID_ARCHIVE_TIMESTAMP = 'InvalidArchiveTimestamp'
|
|
33
|
+
INVALID_KEY_USAGE = 'InvalidKeyUsage'
|
|
34
|
+
INVALID_OCSP_RESPONSE = 'InvalidOcspResponse'
|
|
35
|
+
UNAUTHORIZED_ISSUER = 'UnauthorizedIssuer'
|
|
36
|
+
UNKNOWN_ROOT_TRUST_STATUS = 'UnknownRootTrustStatus'
|
|
37
|
+
INVALID_TSL = 'InvalidTsl'
|
|
38
|
+
INVALID_CRL = 'InvalidCrl'
|
|
39
|
+
CERTIFICATE_ISSUER_VALID = 'CertificateIssuerValid'
|
|
40
|
+
CERTIFICATE_ISSUER_INVALID = 'CertificateIssuerInvalid'
|
|
41
|
+
CERTIFICATE_VALIDATION_FAILED = 'CertificateValidationFailed'
|
|
42
|
+
SIGNATURE_VULNERABLE_TO_SIGNER_SUBSTITUTION = 'SignatureVulnerableToSignerSubstitution'
|
|
43
|
+
INVALID_XML_SIGNATURE_SCHEME = 'InvalidXmlSignatureScheme'
|
|
44
|
+
XML_DSIG_CORE_VALIDATION_FAILED = 'XmlDSigCoreValidationFailed'
|
|
45
|
+
SIGNATURE_TIMESTAMP_IGNORED = 'SignatureTimestampIgnored'
|
|
46
|
+
INVALID_CERTIFICATION_PATH_LEN = 'InvalidCertificationPathLen'
|
|
47
|
+
SIGNING_CERTIFICATE_NOT_FOUND = 'SigningCertificateNotFound'
|
|
48
|
+
UNAUTHORIZED_AC_ISSUER = 'UnauthorizedACIssuer'
|
|
49
|
+
ALGORITHM_NOT_ALLOWED = 'AlgorithmNotAllowed'
|
|
50
|
+
UNACCEPTABLE_SIGNATURE_POLICY = 'UnacceptableSignaturePolicy'
|
|
51
|
+
|
|
52
|
+
VALUES = [
|
|
53
|
+
SUCCESS,
|
|
54
|
+
CERTIFICATE_NOT_YET_VALID,
|
|
55
|
+
CERTIFICATE_EXPIRED,
|
|
56
|
+
CERTIFICATE_REVOKED,
|
|
57
|
+
CERTIFICATE_ISSUER_NOT_FOUND,
|
|
58
|
+
CERTIFICATE_REVOCATION_STATUS_UNKNOWN,
|
|
59
|
+
CERTIFICATE_CHAIN_ROOT_NOT_TRUSTED,
|
|
60
|
+
INVALID_CERTIFICATE_SIGNATURE,
|
|
61
|
+
DECODE_ERROR,
|
|
62
|
+
REQUIRED_SIGNED_ATTRIBUTE_MISSING,
|
|
63
|
+
FORBIDDEN_SIGNED_ATTRIBUTE_PRESENT,
|
|
64
|
+
REQUIRED_UNSIGNED_ATTRIBUTE_MISSING,
|
|
65
|
+
FORBIDDEN_UNSIGNED_ATTRIBUTE_PRESENT,
|
|
66
|
+
CONTENT_TYPE_MISMATCH,
|
|
67
|
+
MESSAGE_DIGEST_MISMATCH,
|
|
68
|
+
SIGNING_CERTIFICATE_DIGEST_MISMATCH,
|
|
69
|
+
SIGNATURE_ALGORITHM_VALIDATION_FAILED,
|
|
70
|
+
REVOCATION_DATA_ISSUED_BEFORE_GRACE_PERIOD,
|
|
71
|
+
UNCERTIFIED_DATE_REFERENCE,
|
|
72
|
+
SIGNATURE_POLICY_MISMATCH,
|
|
73
|
+
SIGNING_TIME_OUT_OF_CERTIFICATE_VALIDITY,
|
|
74
|
+
UNKNOWN_SIGNED_ATTRIBUTES_PRESENT,
|
|
75
|
+
UNKNOWN_UNSIGNED_ATTRIBUTES_PRESENT,
|
|
76
|
+
TIMESTAMP_WITH_MORE_THAN_ONE_SIGNED,
|
|
77
|
+
TIMESTAMP_MESSAGE_IMPRINT_MISMATCH,
|
|
78
|
+
TIMESTAMP_VALIDATION_EXCEPTION,
|
|
79
|
+
COMPLETE_REFERENCES_MISMATCH,
|
|
80
|
+
INVALID_SIGNATURE_TIMESTAMP,
|
|
81
|
+
INVALID_REFERENCES_TIMESTAMP,
|
|
82
|
+
INVALID_ARCHIVE_TIMESTAMP,
|
|
83
|
+
INVALID_KEY_USAGE,
|
|
84
|
+
INVALID_OCSP_RESPONSE,
|
|
85
|
+
UNAUTHORIZED_ISSUER,
|
|
86
|
+
UNKNOWN_ROOT_TRUST_STATUS,
|
|
87
|
+
INVALID_TSL,
|
|
88
|
+
INVALID_CRL,
|
|
89
|
+
CERTIFICATE_ISSUER_VALID,
|
|
90
|
+
CERTIFICATE_ISSUER_INVALID,
|
|
91
|
+
CERTIFICATE_VALIDATION_FAILED,
|
|
92
|
+
SIGNATURE_VULNERABLE_TO_SIGNER_SUBSTITUTION,
|
|
93
|
+
INVALID_XML_SIGNATURE_SCHEME,
|
|
94
|
+
XML_DSIG_CORE_VALIDATION_FAILED,
|
|
95
|
+
SIGNATURE_TIMESTAMP_IGNORED,
|
|
96
|
+
INVALID_CERTIFICATION_PATH_LEN,
|
|
97
|
+
SIGNING_CERTIFICATE_NOT_FOUND,
|
|
98
|
+
UNAUTHORIZED_AC_ISSUER,
|
|
99
|
+
ALGORITHM_NOT_ALLOWED,
|
|
100
|
+
UNACCEPTABLE_SIGNATURE_POLICY
|
|
101
|
+
]
|
|
102
|
+
end
|
|
103
|
+
end
|
|
@@ -1,121 +1,121 @@
|
|
|
1
|
-
module PkiExpress
|
|
2
|
-
|
|
3
|
-
class ValidationResults
|
|
4
|
-
attr_accessor :errors, :warnings, :passed_checks
|
|
5
|
-
|
|
6
|
-
def initialize(model)
|
|
7
|
-
@errors = []
|
|
8
|
-
@warnings = []
|
|
9
|
-
@passed_checks = []
|
|
10
|
-
|
|
11
|
-
if model
|
|
12
|
-
errors = model.fetch(:errors)
|
|
13
|
-
if errors
|
|
14
|
-
@errors = convert_items(errors)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
warnings = model.fetch(:warnings)
|
|
18
|
-
if warnings
|
|
19
|
-
@warnings = convert_items(warnings)
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
passed_checks = model.fetch(:passedChecks)
|
|
23
|
-
if passed_checks
|
|
24
|
-
@passed_checks = convert_items(passed_checks)
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def to_str(indentation_level = 0)
|
|
30
|
-
to_s(indentation_level)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def to_s(indentation_level = 0)
|
|
34
|
-
item_indent = "\t" * indentation_level
|
|
35
|
-
text = ''
|
|
36
|
-
|
|
37
|
-
text += get_summary(indentation_level)
|
|
38
|
-
if has_errors
|
|
39
|
-
text += "\n#{item_indent}Errors:\n"
|
|
40
|
-
text += join_items(@errors, indentation_level)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
if has_warnings
|
|
44
|
-
text += "\n#{item_indent}Warnings:\n"
|
|
45
|
-
text += join_items(@warnings, indentation_level)
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
if not @passed_checks.nil? and @passed_checks.length > 0
|
|
49
|
-
text += "\n#{item_indent}Passed Checks:\n"
|
|
50
|
-
text += join_items(@passed_checks, indentation_level)
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
text
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
def is_valid
|
|
57
|
-
not has_errors
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def checks_performed
|
|
61
|
-
@errors.length + @warnings.length + @passed_checks.length
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
def has_errors
|
|
65
|
-
@errors && @errors.length > 0
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
def has_warnings
|
|
69
|
-
@warnings && @warnings.length > 0
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def get_summary(indentation_level=0)
|
|
73
|
-
item_indent = "\t" * indentation_level
|
|
74
|
-
text = "#{item_indent}Validation Results: "
|
|
75
|
-
|
|
76
|
-
if checks_performed == 0
|
|
77
|
-
text += 'no checks performed'
|
|
78
|
-
else
|
|
79
|
-
text += "#{checks_performed} checks performed"
|
|
80
|
-
if has_errors
|
|
81
|
-
text += ", #{@errors.length} errors"
|
|
82
|
-
end
|
|
83
|
-
if has_warnings
|
|
84
|
-
text += ", #{@warnings.length} warnings"
|
|
85
|
-
end
|
|
86
|
-
if not @passed_checks.nil? and @passed_checks.length
|
|
87
|
-
if not has_errors and not has_warnings
|
|
88
|
-
text += ', all passed'
|
|
89
|
-
else
|
|
90
|
-
text += ", #{@passed_checks.length} passed"
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
text
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
def convert_items(items)
|
|
99
|
-
items.map { |i| ValidationItem.new(i) }
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
def join_items(items, indentation_level=0)
|
|
103
|
-
text = ''
|
|
104
|
-
is_first = true
|
|
105
|
-
item_indent = "\t" * indentation_level
|
|
106
|
-
|
|
107
|
-
items.each do |i|
|
|
108
|
-
if is_first
|
|
109
|
-
is_first = false
|
|
110
|
-
else
|
|
111
|
-
text += "\n"
|
|
112
|
-
end
|
|
113
|
-
text += item_indent + '- '
|
|
114
|
-
text += i.to_s(indentation_level)
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
text
|
|
118
|
-
end
|
|
119
|
-
end
|
|
120
|
-
|
|
1
|
+
module PkiExpress
|
|
2
|
+
|
|
3
|
+
class ValidationResults
|
|
4
|
+
attr_accessor :errors, :warnings, :passed_checks
|
|
5
|
+
|
|
6
|
+
def initialize(model)
|
|
7
|
+
@errors = []
|
|
8
|
+
@warnings = []
|
|
9
|
+
@passed_checks = []
|
|
10
|
+
|
|
11
|
+
if model
|
|
12
|
+
errors = model.fetch(:errors)
|
|
13
|
+
if errors
|
|
14
|
+
@errors = convert_items(errors)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
warnings = model.fetch(:warnings)
|
|
18
|
+
if warnings
|
|
19
|
+
@warnings = convert_items(warnings)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
passed_checks = model.fetch(:passedChecks)
|
|
23
|
+
if passed_checks
|
|
24
|
+
@passed_checks = convert_items(passed_checks)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def to_str(indentation_level = 0)
|
|
30
|
+
to_s(indentation_level)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def to_s(indentation_level = 0)
|
|
34
|
+
item_indent = "\t" * indentation_level
|
|
35
|
+
text = ''
|
|
36
|
+
|
|
37
|
+
text += get_summary(indentation_level)
|
|
38
|
+
if has_errors
|
|
39
|
+
text += "\n#{item_indent}Errors:\n"
|
|
40
|
+
text += join_items(@errors, indentation_level)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
if has_warnings
|
|
44
|
+
text += "\n#{item_indent}Warnings:\n"
|
|
45
|
+
text += join_items(@warnings, indentation_level)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
if not @passed_checks.nil? and @passed_checks.length > 0
|
|
49
|
+
text += "\n#{item_indent}Passed Checks:\n"
|
|
50
|
+
text += join_items(@passed_checks, indentation_level)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
text
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def is_valid
|
|
57
|
+
not has_errors
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def checks_performed
|
|
61
|
+
@errors.length + @warnings.length + @passed_checks.length
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def has_errors
|
|
65
|
+
@errors && @errors.length > 0
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def has_warnings
|
|
69
|
+
@warnings && @warnings.length > 0
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def get_summary(indentation_level=0)
|
|
73
|
+
item_indent = "\t" * indentation_level
|
|
74
|
+
text = "#{item_indent}Validation Results: "
|
|
75
|
+
|
|
76
|
+
if checks_performed == 0
|
|
77
|
+
text += 'no checks performed'
|
|
78
|
+
else
|
|
79
|
+
text += "#{checks_performed} checks performed"
|
|
80
|
+
if has_errors
|
|
81
|
+
text += ", #{@errors.length} errors"
|
|
82
|
+
end
|
|
83
|
+
if has_warnings
|
|
84
|
+
text += ", #{@warnings.length} warnings"
|
|
85
|
+
end
|
|
86
|
+
if not @passed_checks.nil? and @passed_checks.length
|
|
87
|
+
if not has_errors and not has_warnings
|
|
88
|
+
text += ', all passed'
|
|
89
|
+
else
|
|
90
|
+
text += ", #{@passed_checks.length} passed"
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
text
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def convert_items(items)
|
|
99
|
+
items.map { |i| ValidationItem.new(i) }
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def join_items(items, indentation_level=0)
|
|
103
|
+
text = ''
|
|
104
|
+
is_first = true
|
|
105
|
+
item_indent = "\t" * indentation_level
|
|
106
|
+
|
|
107
|
+
items.each do |i|
|
|
108
|
+
if is_first
|
|
109
|
+
is_first = false
|
|
110
|
+
else
|
|
111
|
+
text += "\n"
|
|
112
|
+
end
|
|
113
|
+
text += item_indent + '- '
|
|
114
|
+
text += i.to_s(indentation_level)
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
text
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
121
121
|
end
|
data/lib/pki_express/version.rb
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
module PkiExpress
|
|
2
|
-
VERSION = '1.3.
|
|
3
|
-
end
|
|
1
|
+
module PkiExpress
|
|
2
|
+
VERSION = '1.3.2'
|
|
3
|
+
end
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
module PkiExpress
|
|
2
|
-
|
|
3
|
-
class VersionManager
|
|
4
|
-
attr_reader :min_version
|
|
5
|
-
|
|
6
|
-
def initialize
|
|
7
|
-
@min_version = '0.0.0'
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def require_version(candidate)
|
|
11
|
-
if Gem::Version.new(candidate) > Gem::Version.new(@min_version)
|
|
12
|
-
@min_version = candidate
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def require_min_version_flag?
|
|
17
|
-
Gem::Version.new(@min_version) > Gem::Version.new('1.3')
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
|
|
1
|
+
module PkiExpress
|
|
2
|
+
|
|
3
|
+
class VersionManager
|
|
4
|
+
attr_reader :min_version
|
|
5
|
+
|
|
6
|
+
def initialize
|
|
7
|
+
@min_version = '0.0.0'
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def require_version(candidate)
|
|
11
|
+
if Gem::Version.new(candidate) > Gem::Version.new(@min_version)
|
|
12
|
+
@min_version = candidate
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def require_min_version_flag?
|
|
17
|
+
Gem::Version.new(@min_version) > Gem::Version.new('1.3')
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
21
|
end
|