class ApplicationController < ActionController::Base
  before_filter :require_authentication
  
private

  def require_authentication
    unless current_certificate.verify(public_key)
      head :forbidden
    end
  end
  
  def public_key
    @public_key ||= OpenSSL::PKey::RSA.new(ENV['AUTH_PUBLIC_KEY'])
  end
  
  def current_certificate
    @current_certificate ||= OpenSSL::X509::Certificate.new(request.headers['X-SSL-Auth'])
  end
  
  # Identify the client application for access control
  def current_client
    current_certificate.issuer.to_a.assoc('OU')[1]
  end
end