def validate_certificate(client_cert, certid)
cert_file = @config.pluginconf.fetch("aes.ca_cert", nil)
begin
ssl_cert = OpenSSL::X509::Certificate.new(client_cert)
rescue OpenSSL::X509::CertificateError
Log.warn("Received public key that is not a X509 certficate")
return false
end
ssl_certname = certname_from_certificate(ssl_cert)
if certid != ssl_certname
Log.warn("certname '#{certid}' doesn't match certificate '#{ssl_certname}'")
return false
end
Log.debug("Loading CA Cert for verification")
ca_cert = OpenSSL::X509::Store.new
ca_cert.add_file cert_file
if ca_cert.verify(ssl_cert)
Log.debug("Verified certificate '#{ssl_certname}' against CA")
else
Log.warn("Unable to validate certificate '#{ssl_certname}'' against CA")
return false
end
return true
end