Module: OpenSSL::X509::Extension::AuthorityKeyIdentifier

Includes:
Helpers
Included in:
CRL, Certificate
Defined in:
lib/openssl/x509.rb

Instance Method Summary collapse

Methods included from Helpers

#find_extension

Instance Method Details

#authority_key_identifierObject

Get the issuing certificate's key identifier from the authorityKeyIdentifier extension, as described in RFC5280 Section 4.2.1.1

Returns the binary String keyIdentifier or nil or raises ASN1::ASN1Error.


104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'lib/openssl/x509.rb', line 104

def authority_key_identifier
  ext = find_extension("authorityKeyIdentifier")
  return nil if ext.nil?

  aki_asn1 = ASN1.decode(ext.value_der)
  if ext.critical? || aki_asn1.tag_class != :UNIVERSAL || aki_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  key_id = aki_asn1.value.find do |v|
    v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
  end

  key_id.nil? ? nil : key_id.value
end