Module: OpenSSL::X509::Extension::CRLDistributionPoints

Includes:
Helpers
Included in:
Certificate
Defined in:
lib/openssl/x509.rb

Instance Method Summary collapse

Methods included from Helpers

#find_extension

Instance Method Details

#crl_urisObject

Get the distributionPoint fullName URI from the certificate’s CRL distribution points extension, as described in RFC 5280 Section 4.2.1.13.

Returns an array of strings or nil or raises ASN1::ASN1Error.



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'lib/openssl/x509.rb', line 129

def crl_uris
  ext = find_extension("crlDistributionPoints")
  return nil if ext.nil?

  cdp_asn1 = ASN1.decode(ext.value_der)
  if cdp_asn1.tag_class != :UNIVERSAL || cdp_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  crl_uris = cdp_asn1.flat_map do |crl_distribution_point|
    distribution_point = crl_distribution_point.value.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name = distribution_point&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name&.value&.select do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 6 # uniformResourceIdentifier
    end
  end

  crl_uris.empty? ? nil : crl_uris.map(&:value)
end