Class: EzCrypto::Certificate

Inherits:
Verifier show all
Defined in:
lib/ezsig.rb

Overview

Certificate provides functionality to make it easy to extract information from a Certificate.

This also provides all the same functionality as a Verifier.

Instance Method Summary collapse

Methods inherited from Verifier

decode, #digest, #dsa?, from_file, from_pkyp, load_all_from_file, #public_key, #rsa?, #verify

Constructor Details

#initialize(cert) ⇒ Certificate

Intialize with a OpenSSL cert object.



278
279
280
281
# File 'lib/ezsig.rb', line 278

def initialize(cert)
  super(cert.public_key)
  @cert=cert
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method) ⇒ Object

Any methods defined in Name can be used here. This means you can do cert.email rather than cert.subject.email.



371
372
373
# File 'lib/ezsig.rb', line 371

def method_missing(method)
  subject.send method
end

Instance Method Details

#certObject

Returns the OpenSSL Certificate object



330
331
332
# File 'lib/ezsig.rb', line 330

def cert
  @cert
end

#cert?Boolean

Returns true

Returns:

  • (Boolean)


286
287
288
# File 'lib/ezsig.rb', line 286

def cert?
  true
end

#cert_digestObject

Returns the SHA1 hex digest of a the DER encoded certificate. This is useful as a unique identifier.



300
301
302
# File 'lib/ezsig.rb', line 300

def cert_digest
  Digest::SHA1.hexdigest(@cert.to_der)
end

#extensionsObject

Returns the hash of extensions available in the certificate. These are not always present.



360
361
362
363
364
365
366
# File 'lib/ezsig.rb', line 360

def extensions
  unless @extensions
    @extensions={}
    cert.extensions.each {|e| @extensions[e.oid]=e.value} if cert.extensions
  end
  @extensions
end

#issuerObject

Returns a Name object containt the issuer of the certificate.



315
316
317
318
# File 'lib/ezsig.rb', line 315

def issuer
  @issuer=EzCrypto::Name.new(@cert.issuer) unless @issuer
  @issuer
end

#not_afterObject

Returns the certificates valid not after date.



344
345
346
# File 'lib/ezsig.rb', line 344

def not_after
  @cert.not_after
end

#not_beforeObject

Returns the certificates valid not before date.



337
338
339
# File 'lib/ezsig.rb', line 337

def not_before
  @cert.not_before
end

#register_with_pkypObject

Register the certificate at PKYP



293
294
295
# File 'lib/ezsig.rb', line 293

def register_with_pkyp
  send_to_pkyp(@cert.to_s)
end

#serialObject

Returns the issuers serial number for this certificate



323
324
325
# File 'lib/ezsig.rb', line 323

def serial
  @cert.serial
end

#subjectObject

Returns a Name object containt the subject of the certificate. The subject in X509 speak is the details of the certificate owner.



307
308
309
310
# File 'lib/ezsig.rb', line 307

def subject
  @subject=EzCrypto::Name.new(@cert.subject) unless @subject
  @subject
end

#valid?(time = Time.now.utc) ⇒ Boolean

Is this certificate valid at this point in time. Note this only checks if it is valid with respect to time.

It is important to realize that it does not check with any CRL or OCSP services to see if the certificate was 
revoked.

Returns:

  • (Boolean)


353
354
355
# File 'lib/ezsig.rb', line 353

def valid?(time=Time.now.utc)
  time>not_before && time<self.not_after
end