Module: OpenSSLExtensions::X509::Certificate
- Defined in:
- lib/openssl-extensions/x509/certificate.rb
Overview
Extends OpenSSL::X509::Certificate with shortcut methods.
Instance Method Summary collapse
-
#==(other) ⇒ Object
(also: #eql?)
Equality is tested by comparing the generated PEM signatures.
-
#allows_certificate_signing? ⇒ Boolean
Returns
true
if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates). -
#authority_info_access ⇒ Object
This can be used for getting OCSP Urls for revocation checks.
- #authority_key_identifier ⇒ Object
- #crl_distribution_points ⇒ Object
-
#hash ⇒ Object
Override the default Object#hash to identify uniqueness of the Certificate.
-
#issuing_certificate?(issuer) ⇒ Boolean
Returns
true
if the certificate given is the issuer certificate for this certificate. -
#root? ⇒ Boolean
Returns
true
if this certificate is a root certificate (it is its own issuer). -
#ssl_version ⇒ Object
Returns the SSL version used by the certificate.
-
#strength ⇒ Object
Returns the bit strength of the public certificate.
-
#subject_alternative_names ⇒ Object
(also: #sans)
Returns a collection of subject alternative names on the certificate.
- #subject_key_identifier ⇒ Object
Instance Method Details
#==(other) ⇒ Object Also known as: eql?
Equality is tested by comparing the generated PEM signatures.
12 13 14 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 12 def ==(other) to_pem == other.to_pem end |
#allows_certificate_signing? ⇒ Boolean
Returns true
if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).
21 22 23 24 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 21 def allows_certificate_signing? usage = read_extension_by_oid('keyUsage') usage.nil? || !!(usage.match(%r{\bCertificate Sign\b})) end |
#authority_info_access ⇒ Object
This can be used for getting OCSP Urls for revocation checks.
83 84 85 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 83 def read_extension_by_oid('authorityInfoAccess') end |
#authority_key_identifier ⇒ Object
26 27 28 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 26 def OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier')) end |
#crl_distribution_points ⇒ Object
87 88 89 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 87 def crl_distribution_points read_extension_by_oid('crlDistributionPoints') end |
#hash ⇒ Object
Override the default Object#hash to identify uniqueness of the Certificate. This uses a hash of the certificate PEM.
34 35 36 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 34 def hash to_pem.hash end |
#issuing_certificate?(issuer) ⇒ Boolean
Returns true
if the certificate given is the issuer certificate for this certificate.
41 42 43 44 45 46 47 48 49 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 41 def issuing_certificate?(issuer) (self..key_id && issuer.subject_key_identifier && self..key_id == issuer.subject_key_identifier) || (!self..key_id && self.issuer.common_name == issuer.subject.common_name && self.issuer.country == issuer.subject.country && self.issuer.organization == issuer.subject.organization) end |
#root? ⇒ Boolean
Returns true
if this certificate is a root certificate (it is its own issuer).
55 56 57 58 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 55 def root? issuer.to_s == subject.to_s && (subject_key_identifier && .key_id ? subject_key_identifier == .key_id : true) end |
#ssl_version ⇒ Object
Returns the SSL version used by the certificate. Most likely, this will return 3
, since version 1
was unreleased, and version 2
was abandoned in 1995.
See en.wikipedia.org/wiki/Secure_Sockets_Layer.
– OPTIMIZE: This should really use a call directly to the OpenSSL library, but will require becoming a compiled gem. ++
102 103 104 105 106 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 102 def ssl_version if to_text =~ %r{^\s+Version: (\d+)}m $1.to_i end end |
#strength ⇒ Object
Returns the bit strength of the public certificate.
63 64 65 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 63 def strength public_key.strength end |
#subject_alternative_names ⇒ Object Also known as: sans
Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.
71 72 73 74 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 71 def subject_alternative_names names_string = read_extension_by_oid('subjectAltName') names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : [] end |
#subject_key_identifier ⇒ Object
77 78 79 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 77 def subject_key_identifier read_extension_by_oid('subjectKeyIdentifier') end |