Class: SSLCheck::Certificate

Inherits:

Object

• Object
• SSLCheck::Certificate

Defined in:

lib/sslcheck/certificate.rb

Instance Method Summary

• #alternate_common_names ⇒ Object
• #bootstrap_certificate(cert) ⇒ Object
• #common_name ⇒ Object
• #expired? ⇒ Boolean
• #expires_in?(num_days) ⇒ Boolean
• #initialize(cert, clock = nil) ⇒ Certificate constructor

  A new instance of Certificate.

• #issued? ⇒ Boolean
• #issued_by ⇒ Object
• #issuer ⇒ Object
• #issuer_common_name ⇒ Object
• #issuer_country ⇒ Object
• #issuer_locality ⇒ Object
• #issuer_organization ⇒ Object
• #issuer_state ⇒ Object
• #not_after ⇒ Object
• #not_before ⇒ Object
• #organizational_unit ⇒ Object
• #public_key ⇒ Object
• #subject ⇒ Object
• #to_h ⇒ Object
• #to_s ⇒ Object
• #to_x509 ⇒ Object
• #verify(ca) ⇒ Object

Constructor Details

#initialize(cert, clock = nil) ⇒ Certificate

Returns a new instance of Certificate.

# File 'lib/sslcheck/certificate.rb', line 6

def initialize(cert, clock=nil)
  @cert = bootstrap_certificate(cert)
  @clock = clock || DateTime
end

Instance Method Details

#alternate_common_names ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 50

def alternate_common_names
  ext = @cert.extensions.find{|ext| ext.oid == "subjectAltName" }
  return [] unless ext
  alternates = ext.value.split(",")
  names = alternates.map{|a| a.scan(/DNS:(.*)/)[0][0]}
  names
end

#bootstrap_certificate(cert) ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 119

def bootstrap_certificate(cert)
  return cert if cert.is_a?(OpenSSL::X509::Certificate)
  return cert if cert.is_a?(SSLCheck::Certificate)
  OpenSSL::X509::Certificate.new cert
end

#common_name ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 46

def common_name
  subject.scan(/CN=(.*)/)[0][0]
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sslcheck/certificate.rb', line 107

def expired?
  @clock.now > not_after
end

#expires_in?(num_days) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sslcheck/certificate.rb', line 111

def expires_in?(num_days)
  (@clock.now.beginning_of_day + num_days.days) >= not_after.beginning_of_day
end

#issued? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sslcheck/certificate.rb', line 115

def issued?
  @clock.now > not_before
end

#issued_by ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 86

def issued_by
  match = issuer.match("CN=(.*)")
  match.captures.first if match
end

#issuer ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 58

def issuer
  @cert.issuer.to_s
end

#issuer_common_name ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 82

def issuer_common_name
  issued_by
end

#issuer_country ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 62

def issuer_country
  match = issuer.match(/C=([\w\s]+)/)
  match.captures.first if match
end

#issuer_locality ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 72

def issuer_locality
  match = issuer.match(/L=([\w\s]+)/)
  match.captures.first if match
end

#issuer_organization ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 77

def issuer_organization
  match = issuer.match(/O=([^\/]+)/)
  match.captures.first if match
end

#issuer_state ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 67

def issuer_state
  match = issuer.match(/ST=([\w\s]+)/)
  match.captures.first if match
end

#not_after ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 103

def not_after
  DateTime.parse(@cert.not_after.to_s)
end

#not_before ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 99

def not_before
  DateTime.parse(@cert.not_before.to_s)
end

#organizational_unit ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 41

def organizational_unit
  match = subject.match(/OU=([\w\s]+)/)
  match.captures.first if match
end

#public_key ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 91

def public_key
  @cert.public_key
end

#subject ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 37

def subject
  @cert.subject.to_s
end

#to_h ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 15

def to_h
  {
    :common_name       => common_name,
    :organization_unit => organizational_unit,
    :not_before        => not_before,
    :not_after         => not_after,
    :issued            => true,
    :expired           => false,
    :issuer            => {
      :common_name  => issuer_common_name,
      :country      => issuer_country,
      :state        => issuer_state,
      :locality     => issuer_locality,
      :organization => issuer_organization
    }
  }
end

#to_s ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 33

def to_s
  @cert.to_s
end

#to_x509 ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 11

def to_x509
  OpenSSL::X509::Certificate.new @cert.to_s
end

#verify(ca) ⇒ Object

# File 'lib/sslcheck/certificate.rb', line 95

def verify(ca)
  @cert.verify(ca.public_key)
end