Class: Xml::Kit::Certificate

Inherits:
Object
  • Object
show all
Includes:
Templatable
Defined in:
lib/xml/kit/certificate.rb

Overview

Constant Summary collapse

BASE64_FORMAT = 
%r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
BEGIN_CERT = 
/-----BEGIN CERTIFICATE-----/.freeze
END_CERT = 
/-----END CERTIFICATE-----/.freeze

Instance Attribute Summary collapse

Attributes included from Templatable

#digest_method, #embed_signature, #encrypt, #encryption_certificate, #signature_method, #signing_key_pair

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Templatable

#asymmetric_cipher, #encrypt_data_for, #encrypt_key_for, #encrypt_with, #encryption_for, #render, #sign_with, #signature_for, #symmetric_cipher, #to_xml

Constructor Details

#initialize(value, use: nil) ⇒ Certificate

Returns a new instance of Certificate.



19
20
21
22
 
# File 'lib/xml/kit/certificate.rb', line 19

def initialize(value, use: nil)
  @value = value
  @use = use.nil? ? use : use.downcase.to_sym
end

Instance Attribute Details

#useObject (readonly)

The use can be ‘:signing` or `:encryption`. Use `nil` for both.



14
15
16
 
# File 'lib/xml/kit/certificate.rb', line 14

def use
  @use
end

#valueObject (readonly)

The raw certificate value. This can be a Base64 encoded PEM or just a PEM format.



17
18
19
 
# File 'lib/xml/kit/certificate.rb', line 17

def value
  @value
end

Class Method Details

.base64?(value) ⇒ Boolean

Returns:

  • (Boolean) 


127
128
129
130
131
132
 
# File 'lib/xml/kit/certificate.rb', line 127

def base64?(value)
  return unless value.is_a?(String)

  sanitized_value = strip(value)
  !!sanitized_value.match(BASE64_FORMAT)
end

.strip(value) ⇒ Object 



134
135
136
137
138
139
 
# File 'lib/xml/kit/certificate.rb', line 134

def strip(value)
  value
    .gsub(BEGIN_CERT, '')
    .gsub(END_CERT, '')
    .gsub(/[\r\n]|\\r|\\n|\s/, '')
end

.to_x509(value) ⇒ Object 



120
121
122
123
124
125
 
# File 'lib/xml/kit/certificate.rb', line 120

def to_x509(value)
  return value if value.is_a?(OpenSSL::X509::Certificate)

  value = Base64.decode64(strip(value)) if base64?(value)
  OpenSSL::X509::Certificate.new(value)
end

Instance Method Details

#==(other) ⇒ Object 



67
68
69
 
# File 'lib/xml/kit/certificate.rb', line 67

def ==(other)
  fingerprint == other.fingerprint
end

#active?(time = Time.now) ⇒ Boolean

Returns:

  • (Boolean) 


103
104
105
 
# File 'lib/xml/kit/certificate.rb', line 103

def active?(time = Time.now)
  x509.not_before <= time && !expired?(time)
end

#encryption?Boolean

Returns true if this certificate is used for encryption.

return [Boolean] true or false.

Returns:

  • (Boolean) 


42
43
44
 
# File 'lib/xml/kit/certificate.rb', line 42

def encryption?
  for?(:encryption)
end

#eql?(other) ⇒ Boolean

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/xml/kit/certificate.rb', line 71

def eql?(other)
  self == other
end

#expired?(time = Time.now) ⇒ Boolean

Returns:

  • (Boolean) 


99
100
101
 
# File 'lib/xml/kit/certificate.rb', line 99

def expired?(time = Time.now)
  x509.not_after <= time
end

#fingerprintXml::Kit::Fingerprint

Returns the certificate fingerprint.

Returns:



25
26
27
 
# File 'lib/xml/kit/certificate.rb', line 25

def fingerprint
  Fingerprint.new(value)
end

#for?(use) ⇒ Boolean

Returns true if this certificate is for the specified use.

Parameters:

  • use (Symbol)

    ‘:signing` or `:encryption`.

Returns:

  • (Boolean)

    true or false.



33
34
35
36
37
 
# File 'lib/xml/kit/certificate.rb', line 33

def for?(use)
  return true if self.use.nil?

  self.use == use.to_sym
end

#hashObject 



75
76
77
 
# File 'lib/xml/kit/certificate.rb', line 75

def hash
  value.hash
end

#inspectObject 



87
88
89
 
# File 'lib/xml/kit/certificate.rb', line 87

def inspect
  to_h.inspect
end

#key_infoObject 



115
116
117
 
# File 'lib/xml/kit/certificate.rb', line 115

def key_info
  @key_info ||= KeyInfo.new(x509: x509)
end

#not_afterObject 



107
108
109
 
# File 'lib/xml/kit/certificate.rb', line 107

def not_after
  x509.not_after
end

#not_beforeObject 



111
112
113
 
# File 'lib/xml/kit/certificate.rb', line 111

def not_before
  x509.not_before
end

#public_keyOpenSSL::PKey::RSA

Returns the public key.

Returns:

  • (OpenSSL::PKey::RSA)

    the RSA public key.



63
64
65
 
# File 'lib/xml/kit/certificate.rb', line 63

def public_key
  x509.public_key
end

#signing?Boolean

Returns true if this certificate is used for signing.

return [Boolean] true or false.

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/xml/kit/certificate.rb', line 49

def signing?
  for?(:signing)
end

#strippedObject 



91
92
93
 
# File 'lib/xml/kit/certificate.rb', line 91

def stripped
  self.class.strip(x509.to_pem)
end

#to_hObject 



83
84
85
 
# File 'lib/xml/kit/certificate.rb', line 83

def to_h
  { use: @use, fingerprint: fingerprint.to_s }
end

#to_key_pair(private_key, passphrase: nil, use: nil) ⇒ Object 



95
96
97
 
# File 'lib/xml/kit/certificate.rb', line 95

def to_key_pair(private_key, passphrase: nil, use: nil)
  KeyPair.new(x509.to_pem, private_key.to_s, passphrase, use)
end

#to_sObject 



79
80
81
 
# File 'lib/xml/kit/certificate.rb', line 79

def to_s
  value
end

#x509Object

Returns the x509 form.

return [OpenSSL::X509::Certificate] the OpenSSL equivalent.



56
57
58
 
# File 'lib/xml/kit/certificate.rb', line 56

def x509
  @x509 ||= self.class.to_x509(value)
end