Class: Inspec::Resources::X509CertificateResource
- Inherits:
-
Object
- Object
- Inspec::Resources::X509CertificateResource
- Includes:
- FileReader
- Defined in:
- lib/inspec/resources/x509_certificate.rb
Instance Method Summary collapse
- #certificate? ⇒ Boolean
- #extensions ⇒ Object
- #fingerprint ⇒ Object
-
#initialize(filename) ⇒ X509CertificateResource
constructor
A new instance of X509CertificateResource.
- #issuer ⇒ Object
- #issuer_dn ⇒ Object
- #key_length ⇒ Object
- #serial ⇒ Object
- #subject ⇒ Object
- #subject_dn ⇒ Object
- #to_s ⇒ Object
- #valid? ⇒ Boolean
- #validity_in_days ⇒ Object
Methods included from FileReader
Constructor Details
#initialize(filename) ⇒ X509CertificateResource
Returns a new instance of X509CertificateResource.
37 38 39 40 41 42 43 44 |
# File 'lib/inspec/resources/x509_certificate.rb', line 37 def initialize(filename) @certpath = filename @issuer = nil @parsed_subject = nil @parsed_issuer = nil @extensions = nil @cert = OpenSSL::X509::Certificate.new read_file_content(@certpath) end |
Instance Method Details
#certificate? ⇒ Boolean
53 54 55 |
# File 'lib/inspec/resources/x509_certificate.rb', line 53 def certificate? !@cert.nil? end |
#extensions ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/inspec/resources/x509_certificate.rb', line 114 def extensions # Return cached Mash if we already parsed the certificate extensions return @extensions if @extensions # Return the exception class if we failed to instantiate a Cert from file return @cert unless @cert.respond_to? :extensions # Use a Mash to make it easier to access hash elements in "its('entensions') {should ...}" @extensions = Hashie::Mash.new({}) # Make sure standard extensions exist so we don't get nil for nil:NilClass # when the user tests for extensions which aren't present %w{ keyUsage extendedKeyUsage basicConstraints subjectKeyIdentifier authorityKeyIdentifier subjectAltName issuerAltName authorityInfoAccess crlDistributionPoints issuingDistributionPoint certificatePolicies policyConstraints nameConstraints noCheck tlsfeature nsComment }.each { |extension| @extensions[extension] ||= [] } # Now parse the extensions into the Mash extension_array = @cert.extensions.map(&:to_s) extension_array.each do |extension| kv = extension.split(/ *= */, 2) @extensions[kv.first] = kv.last.split(/ *, */) end @extensions end |
#fingerprint ⇒ Object
57 58 59 60 61 |
# File 'lib/inspec/resources/x509_certificate.rb', line 57 def fingerprint return if @cert.nil? OpenSSL::Digest::SHA1.new(@cert.to_der).to_s end |
#issuer ⇒ Object
90 91 92 93 94 95 96 97 |
# File 'lib/inspec/resources/x509_certificate.rb', line 90 def issuer return if @cert.nil? # Return cached subject if we have already parsed it return @parsed_issuer if @parsed_issuer # Use a Mash to make it easier to access hash elements in "its('issuer') {should ...}" @parsed_issuer = Hashie::Mash.new(Hash[@cert.issuer.to_a.map { |k, v, _| [k, v] }]) end |
#issuer_dn ⇒ Object
84 85 86 87 88 |
# File 'lib/inspec/resources/x509_certificate.rb', line 84 def issuer_dn return if @cert.nil? @cert.issuer.to_s end |
#key_length ⇒ Object
99 100 101 102 103 |
# File 'lib/inspec/resources/x509_certificate.rb', line 99 def key_length return if @cert.nil? @cert.public_key.n.num_bytes * 8 end |
#serial ⇒ Object
63 64 65 66 67 |
# File 'lib/inspec/resources/x509_certificate.rb', line 63 def serial return if @cert.nil? @cert.serial.to_i end |
#subject ⇒ Object
75 76 77 78 79 80 81 82 |
# File 'lib/inspec/resources/x509_certificate.rb', line 75 def subject return if @cert.nil? # Return cached subject if we have already parsed it return @parsed_subject if @parsed_subject # Use a Mash to make it easier to access hash elements in "its('subject') {should ...}" @parsed_subject = Hashie::Mash.new(Hash[@cert.subject.to_a.map { |k, v, _| [k, v] }]) end |
#subject_dn ⇒ Object
69 70 71 72 73 |
# File 'lib/inspec/resources/x509_certificate.rb', line 69 def subject_dn return if @cert.nil? @cert.subject.to_s end |
#to_s ⇒ Object
139 140 141 |
# File 'lib/inspec/resources/x509_certificate.rb', line 139 def to_s "x509_certificate #{@certpath}" end |
#valid? ⇒ Boolean
109 110 111 112 |
# File 'lib/inspec/resources/x509_certificate.rb', line 109 def valid? now = Time.now certificate? && (now >= not_before && now <= not_after) end |
#validity_in_days ⇒ Object
105 106 107 |
# File 'lib/inspec/resources/x509_certificate.rb', line 105 def validity_in_days (not_after - Time.now.utc) / 86400 end |