Module: OpenSSLExtensions::X509::Certificate

Defined in:

lib/openssl-extensions/x509/certificate.rb

Overview

Extends OpenSSL::X509::Certificate with shortcut methods.

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)

  Equality is tested by comparing the generated PEM signatures.

• #allows_certificate_signing? ⇒ Boolean

  Returns true if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).

• #authority_info_access ⇒ Object

  This can be used for getting OCSP Urls for revocation checks.

• #authority_key_identifier ⇒ Object
• #crl_distribution_points ⇒ Object
• #hash ⇒ Object

  Override the default Object#hash to identify uniqueness of the Certificate.

• #issuing_certificate?(issuer) ⇒ Boolean

  Returns true if the certificate given is the issuer certificate for this certificate.

• #root? ⇒ Boolean

  Returns true if this certificate is a root certificate (it is its own issuer).

• #ssl_version ⇒ Object

  Returns the SSL version used by the certificate.

• #strength ⇒ Object

  Returns the bit strength of the public certificate.

• #subject_alternative_names ⇒ Object (also: #sans)

  Returns a collection of subject alternative names on the certificate.

• #subject_key_identifier ⇒ Object

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

Equality is tested by comparing the generated PEM signatures.

# File 'lib/openssl-extensions/x509/certificate.rb', line 12

def ==(other)
  to_pem == other.to_pem
end

#allows_certificate_signing? ⇒ Boolean

Returns true if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 21

def allows_certificate_signing?
  usage = read_extension_by_oid('keyUsage')
  usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
end

#authority_info_access ⇒ Object

This can be used for getting OCSP Urls for revocation checks.

# File 'lib/openssl-extensions/x509/certificate.rb', line 83

def authority_info_access
  read_extension_by_oid('authorityInfoAccess')
end

#authority_key_identifier ⇒ Object

# File 'lib/openssl-extensions/x509/certificate.rb', line 26

def authority_key_identifier
  OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
end

#crl_distribution_points ⇒ Object

# File 'lib/openssl-extensions/x509/certificate.rb', line 87

def crl_distribution_points
  read_extension_by_oid('crlDistributionPoints')
end

#hash ⇒ Object

Override the default Object#hash to identify uniqueness of the Certificate. This uses a hash of the certificate PEM.

# File 'lib/openssl-extensions/x509/certificate.rb', line 34

def hash
  to_pem.hash
end

#issuing_certificate?(issuer) ⇒ Boolean

Returns true if the certificate given is the issuer certificate for this certificate.

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 41

def issuing_certificate?(issuer)
  (self.authority_key_identifier.key_id &&
    issuer.subject_key_identifier &&
    self.authority_key_identifier.key_id == issuer.subject_key_identifier) ||
    (!self.authority_key_identifier.key_id &&
     self.issuer.common_name == issuer.subject.common_name &&
     self.issuer.country == issuer.subject.country &&
     self.issuer.organization == issuer.subject.organization)
end

#root? ⇒ Boolean

Returns true if this certificate is a root certificate (it is its own issuer).

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 55

def root?
  issuer.to_s == subject.to_s &&
    (subject_key_identifier && authority_key_identifier.key_id ? subject_key_identifier == authority_key_identifier.key_id : true)
end

#ssl_version ⇒ Object

Returns the SSL version used by the certificate. Most likely, this will return 3, since version 1 was unreleased, and version 2 was abandoned in 1995.

See en.wikipedia.org/wiki/Secure_Sockets_Layer.

– OPTIMIZE: This should really use a call directly to the OpenSSL library, but will require becoming a compiled gem. ++

# File 'lib/openssl-extensions/x509/certificate.rb', line 102

def ssl_version
  if to_text =~ %r{^\s+Version: (\d+)}m
    $1.to_i
  end
end

#strength ⇒ Object

Returns the bit strength of the public certificate.

# File 'lib/openssl-extensions/x509/certificate.rb', line 63

def strength
  public_key.strength
end

#subject_alternative_names ⇒ Object Also known as: sans

Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.

# File 'lib/openssl-extensions/x509/certificate.rb', line 71

def subject_alternative_names
  names_string = read_extension_by_oid('subjectAltName')
  names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
end

#subject_key_identifier ⇒ Object

# File 'lib/openssl-extensions/x509/certificate.rb', line 77

def subject_key_identifier
  read_extension_by_oid('subjectKeyIdentifier')
end