Module: OpenSSLExtensions::X509::Certificate
- Defined in:
- lib/openssl-extensions/x509/certificate.rb
Overview
Extends OpenSSL::X509::Certificate with shortcut methods.
Instance Method Summary collapse
-
#==(other) ⇒ Object
(also: #eql?)
Equality is tested by comparing the generated PEM signatures.
-
#allows_certificate_signing? ⇒ Boolean
Returns
true
if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates). - #authority_key_identifier ⇒ Object
-
#hash ⇒ Object
Override the default Object#hash to identify uniqueness of the Certificate.
-
#issuing_certificate?(issuer) ⇒ Boolean
Returns
true
if the certificate given is the issuer certificate for this certificate. -
#root? ⇒ Boolean
Returns
true
if this certificate is a root certificate (it is its own issuer). -
#strength ⇒ Object
Returns the bit strength of the public certificate.
-
#subject_alternative_names ⇒ Object
(also: #sans)
Returns a collection of subject alternative names on the certificate.
- #subject_key_identifier ⇒ Object
Instance Method Details
#==(other) ⇒ Object Also known as: eql?
Equality is tested by comparing the generated PEM signatures.
12 13 14 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 12 def ==(other) to_pem == other.to_pem end |
#allows_certificate_signing? ⇒ Boolean
Returns true
if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).
21 22 23 24 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 21 def allows_certificate_signing? usage = read_extension_by_oid('keyUsage') usage.nil? || !!(usage.match(%r{\bCertificate Sign\b})) end |
#authority_key_identifier ⇒ Object
26 27 28 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 26 def OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier')) end |
#hash ⇒ Object
Override the default Object#hash to identify uniqueness of the Certificate. This uses a hash of the certificate PEM.
34 35 36 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 34 def hash to_pem.hash end |
#issuing_certificate?(issuer) ⇒ Boolean
Returns true
if the certificate given is the issuer certificate for this certificate.
41 42 43 44 45 46 47 48 49 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 41 def issuing_certificate?(issuer) (self..key_id && issuer.subject_key_identifier && self..key_id == issuer.subject_key_identifier) || (!self..key_id && self.issuer.common_name == issuer.subject.common_name && self.issuer.country == issuer.subject.country && self.issuer.organization == issuer.subject.organization) end |
#root? ⇒ Boolean
Returns true
if this certificate is a root certificate (it is its own issuer).
60 61 62 63 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 60 def root? issuer.to_s == subject.to_s && (subject_key_identifier && .key_id ? subject_key_identifier == .key_id : true) end |
#strength ⇒ Object
Returns the bit strength of the public certificate.
68 69 70 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 68 def strength public_key.n.num_bits end |
#subject_alternative_names ⇒ Object Also known as: sans
Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.
76 77 78 79 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 76 def subject_alternative_names names_string = read_extension_by_oid('subjectAltName') names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : [] end |
#subject_key_identifier ⇒ Object
82 83 84 |
# File 'lib/openssl-extensions/x509/certificate.rb', line 82 def subject_key_identifier read_extension_by_oid('subjectKeyIdentifier') end |