From 603f97e47a97de8377005c1d87a8c34c40d92caa Mon Sep 17 00:00:00 2001 From: Tobias Amft Date: Fri, 4 Oct 2024 10:16:17 +0200 Subject: [PATCH 1/7] Allow SP certificates to be OpenSSL::X509::Certificate This allows settings to accept instances of OpenSSL::X509::Certificate as service provider (SP) certificates. --- lib/ruby_saml/settings.rb | 27 ++++++++++++++++++-------- test/settings_test.rb | 41 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 8 deletions(-) diff --git a/lib/ruby_saml/settings.rb b/lib/ruby_saml/settings.rb index 1d90e887..741936b7 100644 --- a/lib/ruby_saml/settings.rb +++ b/lib/ruby_saml/settings.rb @@ -373,28 +373,33 @@ def get_all_sp_certs # Validate certificate, certificate_new, private_key, and sp_cert_multi params. def validate_sp_certs_params! - multi = sp_cert_multi && !sp_cert_multi.empty? - cert = certificate && !certificate.empty? - cert_new = certificate_new && !certificate_new.empty? - pk = private_key && !private_key.empty? - if multi && (cert || cert_new || pk) + has_multi = sp_cert_multi && !sp_cert_multi.empty? + has_pk = private_key && !private_key.empty? + if has_multi && (has_cert?(certificate) || has_cert?(certificate_new) || has_pk) raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters") end end + # Check if a certificate is present. + def has_cert?(cert) + return true if cert.is_a?(OpenSSL::X509::Certificate) + + cert && !cert.empty? + end + # Get certs from certificate, certificate_new, and private_key parameters. def get_sp_certs_single certs = { :signing => [], :encryption => [] } sp_key = RubySaml::Utils.build_private_key_object(private_key) - cert = RubySaml::Utils.build_cert_object(certificate) + cert = build_cert_object(certificate) if cert || sp_key ary = [cert, sp_key].freeze certs[:signing] << ary certs[:encryption] << ary end - cert_new = RubySaml::Utils.build_cert_object(certificate_new) + cert_new = build_cert_object(certificate_new) if cert_new ary = [cert_new, sp_key].freeze certs[:signing] << ary @@ -429,7 +434,7 @@ def get_sp_certs_multi end certs[type] << [ - RubySaml::Utils.build_cert_object(cert), + build_cert_object(cert), RubySaml::Utils.build_private_key_object(key) ].freeze end @@ -438,5 +443,11 @@ def get_sp_certs_multi certs.each { |_, ary| ary.freeze } certs end + + def build_cert_object(cert) + return cert if cert.is_a?(OpenSSL::X509::Certificate) + + OneLogin::RubySaml::Utils.build_cert_object(cert) + end end end diff --git a/test/settings_test.rb b/test/settings_test.rb index 5f8a722a..4cae0f62 100644 --- a/test/settings_test.rb +++ b/test/settings_test.rb @@ -515,6 +515,47 @@ class SettingsTest < Minitest::Test end end + it "handles OpenSSL::X509::Certificate objects for single case" do + @settings.certificate = OpenSSL::X509::Certificate.new(cert_text1) + @settings.private_key = key_text1 + + actual = @settings.get_sp_certs + expected = [[cert_text1, key_text1]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected, actual[:signing].map {|ary| ary.map(&:to_pem) } + assert_equal expected, actual[:encryption].map {|ary| ary.map(&:to_pem) } + end + + it "handles OpenSSL::X509::Certificate objects for single case with new cert" do + @settings.certificate = cert_text1 + @settings.certificate_new = OpenSSL::X509::Certificate.new(cert_text2) + @settings.private_key = key_text1 + + actual = @settings.get_sp_certs + expected = [[cert_text1, key_text1], [cert_text2, key_text1]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected, actual[:signing].map {|ary| ary.map(&:to_pem) } + assert_equal expected, actual[:encryption].map {|ary| ary.map(&:to_pem) } + end + + it "handles OpenSSL::X509::Certificate objects for multi case" do + x509_certificate1 = OpenSSL::X509::Certificate.new(cert_text1) + x509_certificate2 = OpenSSL::X509::Certificate.new(cert_text2) + @settings.sp_cert_multi = { + signing: [{ certificate: x509_certificate1, private_key: key_text1 }, + { certificate: cert_text2, private_key: key_text1 }], + encryption: [{ certificate: x509_certificate2, private_key: key_text1 }, + { certificate: cert_text3, private_key: key_text2 }] + } + + actual = @settings.get_sp_certs + expected_signing = [[cert_text1, key_text1], [cert_text2, key_text1]] + expected_encryption = [[cert_text2, key_text1], [cert_text3, key_text2]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected_signing, actual[:signing].map {|ary| ary.map(&:to_pem) } + assert_equal expected_encryption, actual[:encryption].map {|ary| ary.map(&:to_pem) } + end + it "sp_cert_multi allows sending only signing" do @settings.sp_cert_multi = { signing: [{ certificate: cert_text1, private_key: key_text1 }, From e58c126eb81d6922494907dc2ef626430b42d35c Mon Sep 17 00:00:00 2001 From: Tobias Amft Date: Mon, 7 Oct 2024 10:09:14 +0200 Subject: [PATCH 2/7] Fix rubocop issue --- lib/ruby_saml/settings.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ruby_saml/settings.rb b/lib/ruby_saml/settings.rb index 741936b7..96a0d21e 100644 --- a/lib/ruby_saml/settings.rb +++ b/lib/ruby_saml/settings.rb @@ -375,13 +375,13 @@ def get_all_sp_certs def validate_sp_certs_params! has_multi = sp_cert_multi && !sp_cert_multi.empty? has_pk = private_key && !private_key.empty? - if has_multi && (has_cert?(certificate) || has_cert?(certificate_new) || has_pk) + if has_multi && (cert?(certificate) || cert?(certificate_new) || has_pk) raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters") end end # Check if a certificate is present. - def has_cert?(cert) + def cert?(cert) return true if cert.is_a?(OpenSSL::X509::Certificate) cert && !cert.empty? From 8a6b1ddf1ca76ebf878fc34110c408f21327ce25 Mon Sep 17 00:00:00 2001 From: Tobias Amft Date: Tue, 8 Oct 2024 09:14:26 +0200 Subject: [PATCH 3/7] Return original certificate and key from Utils build functions Return the original certificate from Utils.build_cert_object when an instance of OpenSSL::X509::Certificate is given. And return the original key from Utils.build_private_key_object when an instance of OpenSSL::PKey::PKey is given. --- lib/ruby_saml/settings.rb | 20 +++++++++----------- lib/ruby_saml/utils.rb | 2 ++ test/utils_test.rb | 12 ++++++++++++ 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/lib/ruby_saml/settings.rb b/lib/ruby_saml/settings.rb index 96a0d21e..30462074 100644 --- a/lib/ruby_saml/settings.rb +++ b/lib/ruby_saml/settings.rb @@ -374,12 +374,16 @@ def get_all_sp_certs # Validate certificate, certificate_new, private_key, and sp_cert_multi params. def validate_sp_certs_params! has_multi = sp_cert_multi && !sp_cert_multi.empty? - has_pk = private_key && !private_key.empty? - if has_multi && (cert?(certificate) || cert?(certificate_new) || has_pk) + if has_multi && (cert?(certificate) || cert?(certificate_new) || pk?) raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters") end end + # Check if private key exists and is not empty + def pk? + private_key && !private_key.empty? + end + # Check if a certificate is present. def cert?(cert) return true if cert.is_a?(OpenSSL::X509::Certificate) @@ -392,14 +396,14 @@ def get_sp_certs_single certs = { :signing => [], :encryption => [] } sp_key = RubySaml::Utils.build_private_key_object(private_key) - cert = build_cert_object(certificate) + cert = RubySaml::Utils.build_cert_object(certificate) if cert || sp_key ary = [cert, sp_key].freeze certs[:signing] << ary certs[:encryption] << ary end - cert_new = build_cert_object(certificate_new) + cert_new = RubySaml::Utils.build_cert_object(certificate_new) if cert_new ary = [cert_new, sp_key].freeze certs[:signing] << ary @@ -434,7 +438,7 @@ def get_sp_certs_multi end certs[type] << [ - build_cert_object(cert), + RubySaml::Utils.build_cert_object(cert), RubySaml::Utils.build_private_key_object(key) ].freeze end @@ -443,11 +447,5 @@ def get_sp_certs_multi certs.each { |_, ary| ary.freeze } certs end - - def build_cert_object(cert) - return cert if cert.is_a?(OpenSSL::X509::Certificate) - - OneLogin::RubySaml::Utils.build_cert_object(cert) - end end end diff --git a/lib/ruby_saml/utils.rb b/lib/ruby_saml/utils.rb index fa71174f..ee7c5e7f 100644 --- a/lib/ruby_saml/utils.rb +++ b/lib/ruby_saml/utils.rb @@ -119,6 +119,7 @@ def format_private_key(key, multi: false) # @param pem [String] The original certificate # @return [OpenSSL::X509::Certificate] The certificate object def build_cert_object(pem) + return pem if pem.is_a?(OpenSSL::X509::Certificate) return unless (pem = PemFormatter.format_cert(pem, multi: false)) OpenSSL::X509::Certificate.new(pem) @@ -129,6 +130,7 @@ def build_cert_object(pem) # @param pem [String] The original private key. # @return [OpenSSL::PKey::PKey] The private key object. def build_private_key_object(pem) + return pem if pem.is_a?(OpenSSL::PKey::PKey) return unless (pem = PemFormatter.format_private_key(pem, multi: false)) error = nil diff --git a/test/utils_test.rb b/test/utils_test.rb index 028ab069..69d6e864 100644 --- a/test/utils_test.rb +++ b/test/utils_test.rb @@ -156,6 +156,11 @@ def result(duration, reference = 0) end end + it 'returns the original certificate when an OpenSSL::X509::Certificate is given' do + certificate = OpenSSL::X509::Certificate.new + assert_same certificate, RubySaml::Utils.build_cert_object(certificate) + end + it 'returns nil for nil certificate string' do assert_nil RubySaml::Utils.build_cert_object(nil) end @@ -180,6 +185,13 @@ def result(duration, reference = 0) end end + [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, OpenSSL::PKey::EC].each do |key_class| + it 'returns the original private key when an instance of OpenSSL::PKey::PKey is given' do + private_key = key_class.new + assert_same private_key, RubySaml::Utils.build_private_key_object(private_key) + end + end + it 'returns nil for nil private key string' do assert_nil RubySaml::Utils.build_private_key_object(nil) end From 8a5135825c40c4dd889eaad61a77cf013b65f652 Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Sat, 11 Jan 2025 12:08:50 +0900 Subject: [PATCH 4/7] - Return the original certificate from Utils.build_cert_object when an instance of OpenSSL::X509::Certificate is given. And return the original key from Utils.build_private_key_object when an instance of OpenSSL::PKey::PKey is given. - Allow SP certificates / private_key settings to be OpenSSL::X509::Certificate / OpenSSL::PKey::PKey objects. --- CHANGELOG.md | 2 + lib/ruby_saml/settings.rb | 25 ++++++-- test/settings_test.rb | 116 ++++++++++++++++++++++++++++++++++++++ test/utils_test.rb | 12 ++++ 4 files changed, 150 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6281f88..17972ad0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,8 @@ * [#715](https://github.com/SAML-Toolkits/ruby-saml/pull/715) Fix typo in error when SPNameQualifier value does not match the SP entityID. * [#718](https://github.com/SAML-Toolkits/ruby-saml/pull/718/) Add support to retrieve from SAMLResponse the AuthnInstant and AuthnContextClassRef values * [#711](https://github.com/SAML-Toolkits/ruby-saml/pull/711) Standardize how RubySaml reads and formats certificate and private_key PEM values, including the `RubySaml::Util#format_cert` and `#format_private_key` methods. +* [#732](https://github.com/SAML-Toolkits/ruby-saml/pull/732) Return original certificate and private key objects from `RubySaml::Utils` build functions. +* [#732](https://github.com/SAML-Toolkits/ruby-saml/pull/732) Allow SP `certificate`, `certificate_new`, and `private_key` settings to be `OpenSSL::X509::Certificate` and `OpenSSL::PKey::PKey` objects respectively. ### 1.18.0 (???) * [#718](https://github.com/SAML-Toolkits/ruby-saml/pull/718) Add support to retrieve from SAMLResponse the AuthnInstant and AuthnContextClassRef values diff --git a/lib/ruby_saml/settings.rb b/lib/ruby_saml/settings.rb index 1d90e887..70623668 100644 --- a/lib/ruby_saml/settings.rb +++ b/lib/ruby_saml/settings.rb @@ -363,6 +363,24 @@ def compress_deprecation(old_param, new_param) '"HTTP-Redirect" will always be compressed, and "HTTP-POST" will always be uncompressed.' end + # Quick check if a certificate value is present as a string or OpenSSL::X509::Certificate. + # Does not check if the string can actually be parsed. + # + # @param cert [OpenSSL::X509::Certificate|String] The x509 certificate. + # @return [true|false] Whether the certificate value is present. + def cert?(cert) + !!cert && (cert.is_a?(OpenSSL::X509::Certificate) || !cert.empty?) + end + + # Quick check if a private key value is present as a string or OpenSSL::PKey::PKey. + # Does not check if the string can actually be parsed. + # + # @param private_key [OpenSSL::PKey::PKey|String] The private key. + # @return [true|false] Whether the private key value is present. + def private_key?(private_key) + !!private_key && (private_key.is_a?(OpenSSL::PKey::PKey) || !private_key.empty?) + end + # @return [Hash>>] # Build the SP certificates and private keys from the settings. Returns all # certificates and private keys, even if they are expired. @@ -373,11 +391,8 @@ def get_all_sp_certs # Validate certificate, certificate_new, private_key, and sp_cert_multi params. def validate_sp_certs_params! - multi = sp_cert_multi && !sp_cert_multi.empty? - cert = certificate && !certificate.empty? - cert_new = certificate_new && !certificate_new.empty? - pk = private_key && !private_key.empty? - if multi && (cert || cert_new || pk) + has_multi = sp_cert_multi && !sp_cert_multi.empty? + if has_multi && (cert?(certificate) || cert?(certificate_new) || private_key?(private_key)) raise ArgumentError.new("Cannot specify both sp_cert_multi and certificate, certificate_new, private_key parameters") end end diff --git a/test/settings_test.rb b/test/settings_test.rb index 5f8a722a..f5097b66 100644 --- a/test/settings_test.rb +++ b/test/settings_test.rb @@ -515,6 +515,78 @@ class SettingsTest < Minitest::Test end end + it 'handles OpenSSL::X509::Certificate objects for single case' do + @settings.certificate = OpenSSL::X509::Certificate.new(cert_text1) + @settings.private_key = key_text1 + + actual = @settings.get_sp_certs + expected = [[cert_text1, key_text1]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected, actual[:signing].map { |ary| ary.map(&:to_pem) } + assert_equal expected, actual[:encryption].map { |ary| ary.map(&:to_pem) } + end + + it 'handles OpenSSL::X509::Certificate objects for single case with new cert' do + @settings.certificate = cert_text1 + @settings.certificate_new = OpenSSL::X509::Certificate.new(cert_text2) + @settings.private_key = key_text1 + + actual = @settings.get_sp_certs + expected = [[cert_text1, key_text1], [cert_text2, key_text1]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected, actual[:signing].map { |ary| ary.map(&:to_pem) } + assert_equal expected, actual[:encryption].map { |ary| ary.map(&:to_pem) } + end + + it 'handles OpenSSL::X509::Certificate objects for multi case' do + x509_certificate1 = OpenSSL::X509::Certificate.new(cert_text1) + x509_certificate2 = OpenSSL::X509::Certificate.new(cert_text2) + @settings.sp_cert_multi = { + signing: [{ certificate: x509_certificate1, private_key: key_text1 }, + { certificate: cert_text2, private_key: key_text1 }], + encryption: [{ certificate: x509_certificate2, private_key: key_text1 }, + { certificate: cert_text3, private_key: key_text2 }] + } + + actual = @settings.get_sp_certs + expected_signing = [[cert_text1, key_text1], [cert_text2, key_text1]] + expected_encryption = [[cert_text2, key_text1], [cert_text3, key_text2]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected_signing, actual[:signing].map { |ary| ary.map(&:to_pem) } + assert_equal expected_encryption, actual[:encryption].map { |ary| ary.map(&:to_pem) } + end + + + it 'handles OpenSSL::PKey::PKey objects for single case' do + @settings.certificate = cert_text1 + @settings.private_key = OpenSSL::PKey::RSA.new(key_text1) + + actual = @settings.get_sp_certs + expected = [[cert_text1, key_text1]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected, actual[:signing].map { |ary| ary.map(&:to_pem) } + assert_equal expected, actual[:encryption].map { |ary| ary.map(&:to_pem) } + end + + it 'handles OpenSSL::PKey::PKey objects for multi case' do + pkey2 = OpenSSL::PKey::RSA.new(key_text2) + pkey3 = CertificateHelper.generate_private_key(:dsa) + pkey4 = CertificateHelper.generate_private_key(:ecdsa) + @settings.sp_cert_multi = { + signing: [{ certificate: cert_text1, private_key: pkey3 }, + { certificate: cert_text2, private_key: pkey4 }], + encryption: [{ certificate: cert_text2, private_key: key_text1 }, + { certificate: cert_text3, private_key: pkey2 }] + } + + actual = @settings.get_sp_certs + expected_signing = [[cert_text1, pkey3.to_pem], [cert_text2, pkey4.to_pem]] + expected_encryption = [[cert_text2, key_text1], [cert_text3, key_text2]] + assert_equal [:signing, :encryption], actual.keys + assert_equal expected_signing, actual[:signing].map { |ary| ary.map(&:to_pem) } + assert_equal expected_encryption, actual[:encryption].map { |ary| ary.map(&:to_pem) } + end + it "sp_cert_multi allows sending only signing" do @settings.sp_cert_multi = { signing: [{ certificate: cert_text1, private_key: key_text1 }, @@ -920,5 +992,49 @@ class SettingsTest < Minitest::Test end end end + + describe '.cert?' do + it 'returns true for a valid OpenSSL::X509::Certificate object' do + cert = CertificateHelper.generate_cert + assert @settings.send(:cert?, cert) + end + + it 'returns true for a non-empty certificate string' do + cert_string = '-----BEGIN CERTIFICATE-----\nVALID_CERTIFICATE\n-----END CERTIFICATE-----' + assert @settings.send(:cert?, cert_string) + end + + it 'returns false for an empty certificate string' do + cert_string = '' + refute @settings.send(:cert?, cert_string) + end + + it 'returns false for nil' do + cert = nil + refute @settings.send(:cert?, cert) + end + end + + describe '.private_key?' do + it 'returns true for a valid OpenSSL::PKey::PKey object' do + private_key = CertificateHelper.generate_private_key + assert @settings.send(:private_key?, private_key) + end + + it 'returns true for a non-empty private key string' do + private_key_string = '-----BEGIN PRIVATE KEY-----\nVALID_PRIVATE_KEY\n-----END PRIVATE KEY-----' + assert @settings.send(:private_key?, private_key_string) + end + + it 'returns false for an empty private key string' do + private_key_string = '' + refute @settings.send(:private_key?, private_key_string) + end + + it 'returns false for nil' do + private_key = nil + refute @settings.send(:private_key?, private_key) + end + end end end diff --git a/test/utils_test.rb b/test/utils_test.rb index 4ea5cb8f..d85fab7f 100644 --- a/test/utils_test.rb +++ b/test/utils_test.rb @@ -156,6 +156,11 @@ def result(duration, reference = 0) end end + it 'returns the original certificate when an OpenSSL::X509::Certificate is given' do + certificate = OpenSSL::X509::Certificate.new + assert_same certificate, RubySaml::Utils.build_cert_object(certificate) + end + it 'returns nil for nil certificate string' do assert_nil RubySaml::Utils.build_cert_object(nil) end @@ -180,6 +185,13 @@ def result(duration, reference = 0) end end + [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, OpenSSL::PKey::EC].each do |key_class| + it 'returns the original private key when an instance of OpenSSL::PKey::PKey is given' do + private_key = key_class.new + assert_same private_key, RubySaml::Utils.build_private_key_object(private_key) + end + end + it 'returns nil for nil private key string' do assert_nil RubySaml::Utils.build_private_key_object(nil) end From 07019ce6a0296eb0b3a9379ebf2cba7463f01efb Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Sat, 11 Jan 2025 12:23:42 +0900 Subject: [PATCH 5/7] Missed commit --- lib/ruby_saml/utils.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ruby_saml/utils.rb b/lib/ruby_saml/utils.rb index fa71174f..ee7c5e7f 100644 --- a/lib/ruby_saml/utils.rb +++ b/lib/ruby_saml/utils.rb @@ -119,6 +119,7 @@ def format_private_key(key, multi: false) # @param pem [String] The original certificate # @return [OpenSSL::X509::Certificate] The certificate object def build_cert_object(pem) + return pem if pem.is_a?(OpenSSL::X509::Certificate) return unless (pem = PemFormatter.format_cert(pem, multi: false)) OpenSSL::X509::Certificate.new(pem) @@ -129,6 +130,7 @@ def build_cert_object(pem) # @param pem [String] The original private key. # @return [OpenSSL::PKey::PKey] The private key object. def build_private_key_object(pem) + return pem if pem.is_a?(OpenSSL::PKey::PKey) return unless (pem = PemFormatter.format_private_key(pem, multi: false)) error = nil From e3a81cd5f9049b2e168f79b9566010e1fa419115 Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Sat, 11 Jan 2025 12:27:53 +0900 Subject: [PATCH 6/7] Disable rubocop Metrics/ModuleLength for RubySaml::Utils --- lib/ruby_saml/utils.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ruby_saml/utils.rb b/lib/ruby_saml/utils.rb index ee7c5e7f..bc1fb606 100644 --- a/lib/ruby_saml/utils.rb +++ b/lib/ruby_saml/utils.rb @@ -8,7 +8,7 @@ module RubySaml # SAML2 Auxiliary class # - module Utils + module Utils # rubocop:disable Metrics/ModuleLength extend self BINDINGS = { post: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", From c5ac21afa6a106424af1771d6f39b630916e1d6b Mon Sep 17 00:00:00 2001 From: johnnyshields <27655+johnnyshields@users.noreply.github.com> Date: Sat, 11 Jan 2025 13:05:22 +0900 Subject: [PATCH 7/7] Remove unnecessary string check --- lib/ruby_saml/utils.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ruby_saml/utils.rb b/lib/ruby_saml/utils.rb index bc1fb606..cc577d40 100644 --- a/lib/ruby_saml/utils.rb +++ b/lib/ruby_saml/utils.rb @@ -37,7 +37,7 @@ module Utils # rubocop:disable Metrics/ModuleLength # @param cert [OpenSSL::X509::Certificate|String] The x509 certificate. # @return [true|false] Whether the certificate is expired. def is_cert_expired(cert) - cert = build_cert_object(cert) if cert.is_a?(String) + cert = build_cert_object(cert) cert.not_after < Time.now end @@ -46,7 +46,7 @@ def is_cert_expired(cert) # @param cert [OpenSSL::X509::Certificate|String] The x509 certificate. # @return [true|false] Whether the certificate is currently active. def is_cert_active(cert) - cert = build_cert_object(cert) if cert.is_a?(String) + cert = build_cert_object(cert) now = Time.now cert.not_before <= now && cert.not_after >= now end