Class: CertificateAuthority::CertificateRevocationList

Inherits:

Object

• Object
• CertificateAuthority::CertificateRevocationList

Includes:

ActiveModel::Validations

Defined in:

lib/certificate_authority/certificate_revocation_list.rb

Instance Attribute Summary

• #certificates ⇒ Object

  Returns the value of attribute certificates.

• #crl_body ⇒ Object

  Returns the value of attribute crl_body.

• #next_update ⇒ Object

  Returns the value of attribute next_update.

• #parent ⇒ Object

  Returns the value of attribute parent.

Instance Method Summary

• #<<(cert) ⇒ Object
• #initialize ⇒ CertificateRevocationList constructor

  A new instance of CertificateRevocationList.

• #sign! ⇒ Object
• #to_pem ⇒ Object

Constructor Details

#initialize ⇒ CertificateRevocationList

Returns a new instance of CertificateRevocationList.

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 15

def initialize
  self.certificates = []
  self.next_update = 60 * 60 * 4 # 4 hour default
end

Instance Attribute Details

#certificates ⇒ Object

Returns the value of attribute certificates.

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 5

def certificates
  @certificates
end

#crl_body ⇒ Object

Returns the value of attribute crl_body.

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 7

def crl_body
  @crl_body
end

#next_update ⇒ Object

Returns the value of attribute next_update.

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 8

def next_update
  @next_update
end

#parent ⇒ Object

Returns the value of attribute parent.

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 6

def parent
  @parent
end

Instance Method Details

#<<(cert) ⇒ Object

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 20

def <<(cert)
  raise "Only revoked certificates can be added to a CRL" unless cert.revoked?
  self.certificates << cert
end

#sign! ⇒ Object

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 25

def sign!
  raise "No parent entity has been set!" if self.parent.nil?
  raise "Invalid CRL" unless self.valid?

  revocations = self.certificates.collect do |certificate|
    revocation = OpenSSL::X509::Revoked.new
    x509_cert = OpenSSL::X509::Certificate.new(certificate.to_pem)
    revocation.serial = x509_cert.serial
    revocation.time = certificate.revoked_at
    revocation
  end

  crl = OpenSSL::X509::CRL.new
  revocations.each do |revocation|
    crl.add_revoked(revocation)
  end

  crl.version = 1
  crl.last_update = Time.now
  crl.next_update = Time.now + self.next_update

  signing_cert = OpenSSL::X509::Certificate.new(self.parent.to_pem)
  digest = OpenSSL::Digest::Digest.new("SHA512")
  crl.issuer = signing_cert.subject
  self.crl_body = crl.sign(self.parent.key_material.private_key, digest)

  self.crl_body
end

#to_pem ⇒ Object

# File 'lib/certificate_authority/certificate_revocation_list.rb', line 54

def to_pem
  raise "No signed CRL body" if self.crl_body.nil?
  self.crl_body.to_pem
end