Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 0d519f4847
Branches Tags
zammad
/
lib
/
certificate
/
x509
/
ssl.rb

ssl.rb 1.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. class Certificate::X509::SSL < Certificate::X509
    4. 

  4. 

  5.   def applicable?
    6. 

  6.     return true if ca?
    7. 

  7. 

  8.     # This is necessary because some legacy certificates may not have an extended key usage.
    9. 

  9.     return false if !extensions_as_hash.fetch('keyUsage', ['Digital Signature']).intersect?(['Digital Signature', 'Certificate Sign']) # rubocop:disable Zammad/DetectTranslatableString
    10. 

  10. 

  11.     tls_web_server_authentication? || tls_web_client_authentication?
    12. 

  12.   end
    13. 

  13. 

  14.   def valid_ssl_certificate!
    15. 

  15.     return if applicable? && usable?
    16. 

  16. 

  17.     message = __('The certificate is not valid for SSL usage. Please check e.g. the validity period or the extensions.')
    18. 

  18. 

  19.     Rails.logger.error { "Certificate::X509::SSL: #{message}" }
    20. 

  20.     Rails.logger.error { "Certificate::X509::SSL:\n #{to_text}" }
    21. 

  21. 

  22.     raise Exceptions::UnprocessableEntity, message
    23. 

  23.   end
    24. 

  24. 

  25.   private
    26. 

  26. 

  27.   def tls_web_client_authentication?
    28. 

  28.     extensions_as_hash.fetch('extendedKeyUsage', ['TLS Web Client Authentication']).include?('TLS Web Client Authentication')
    29. 

  29.   end
    30. 

  30. 

  31.   def tls_web_server_authentication?
    32. 

  32.     extensions_as_hash.fetch('extendedKeyUsage', ['TLS Web Server Authentication']).include?('TLS Web Server Authentication')
    33. 

  33.   end
    34. 

  34. end
    35.