4
STDERR.puts("Cannot load http-access2. CRL might not be fetched.")
10
def initialize(c_store)
12
@c_store.hash_dir(true)
22
unless ca = find_ca(cert)
25
unless crlfiles = @c_store.get_crls(ca.subject)
26
if crl = renew_crl(cert, ca)
32
crlfiles.each do |crlfile|
33
next unless crl = load_crl(crlfile)
34
if crl.next_update < Time.now
35
if new_crl = renew_crl(cert, ca)
36
@c_store.delete_crl(crl)
37
@c_store.add_crl(new_crl)
41
if check_valid(crl, ca)
49
@c_store.get_certs(cert.issuer).each do |cafile|
50
ca = load_cert(cafile)
51
if cert.verify(ca.public_key)
59
if /\AURI:(.*)\z/ =~ location
61
c = HTTPAccess2::Client.new(ENV['http_proxy'] || ENV['HTTP_PROXY'])
63
rescue NameError, StandardError
71
def load_cert(certfile)
72
load_cert_str(File.read(certfile))
76
load_crl_str(File.read(crlfile))
79
def load_cert_str(cert_str)
80
OpenSSL::X509::Certificate.new(cert_str)
83
def load_crl_str(crl_str)
84
OpenSSL::X509::CRL.new(crl_str)
87
def check_valid(crl, ca)
88
unless crl.verify(ca.public_key)
91
crl.last_update <= Time.now
94
RE_CDP = /\AcrlDistributionPoints\z/
96
if cdp_ext = cert.extensions.find { |ext| RE_CDP =~ ext.oid }
103
def renew_crl(cert, ca)
104
if cdp = get_cdp(cert)
105
if new_crl_str = fetch(cdp)
106
new_crl = load_crl_str(new_crl_str)
107
if check_valid(new_crl, ca)
118
c_store = CHashDir.new(dir)
119
s = CrlStore.new(c_store)
120
c = OpenSSL::X509::Certificate.new(File.read("cert_store/google_codesign.pem"))