Module: OpenSSLExtensions::X509::Certificate

Defined in:

lib/openssl-extensions/x509/certificate.rb

Overview

Extends OpenSSL::X509::Certificate with shortcut methods.

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)

  Equality is tested by comparing the generated PEM signatures.

• #allows_certificate_signing? ⇒ Boolean

  Returns true if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).

• #authority_key_identifier ⇒ Object
• #hash ⇒ Object

  Override the default Object#hash to identify uniqueness of the Certificate.

• #issuing_certificate?(issuer) ⇒ Boolean

  Returns true if the certificate given is the issuer certificate for this certificate.

• #root? ⇒ Boolean

  Returns true if this certificate is a root certificate (it is its own issuer).

• #strength ⇒ Object

  Returns the bit strength of the public certificate.

• #subject_alternative_names ⇒ Object (also: #sans)

  Returns a collection of subject alternative names on the certificate.

• #subject_key_identifier ⇒ Object

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

Equality is tested by comparing the generated PEM signatures.

# File 'lib/openssl-extensions/x509/certificate.rb', line 12

def ==(other)
  to_pem == other.to_pem
end

#allows_certificate_signing? ⇒ Boolean

Returns true if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 21

def allows_certificate_signing?
  usage = read_extension_by_oid('keyUsage')
  usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
end

#authority_key_identifier ⇒ Object

# File 'lib/openssl-extensions/x509/certificate.rb', line 26

def authority_key_identifier
  OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
end

#hash ⇒ Object

Override the default Object#hash to identify uniqueness of the Certificate. This uses a hash of the certificate PEM.

# File 'lib/openssl-extensions/x509/certificate.rb', line 34

def hash
  to_pem.hash
end

#issuing_certificate?(issuer) ⇒ Boolean

Returns true if the certificate given is the issuer certificate for this certificate.

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 41

def issuing_certificate?(issuer)
  (self.authority_key_identifier.key_id &&
    issuer.subject_key_identifier &&
    self.authority_key_identifier.key_id == issuer.subject_key_identifier) ||
    (!self.authority_key_identifier.key_id &&
     self.issuer.common_name == issuer.subject.common_name &&
     self.issuer.country == issuer.subject.country &&
     self.issuer.organization == issuer.subject.organization)
end

#root? ⇒ Boolean

Returns true if this certificate is a root certificate (it is its own issuer).

Returns:

• (Boolean)

# File 'lib/openssl-extensions/x509/certificate.rb', line 60

def root?
  issuer.to_s == subject.to_s &&
    (subject_key_identifier && authority_key_identifier.key_id ? subject_key_identifier == authority_key_identifier.key_id : true)
end

#strength ⇒ Object

Returns the bit strength of the public certificate.

# File 'lib/openssl-extensions/x509/certificate.rb', line 68

def strength
  public_key.n.num_bits
end

#subject_alternative_names ⇒ Object Also known as: sans

Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.

# File 'lib/openssl-extensions/x509/certificate.rb', line 76

def subject_alternative_names
  names_string = read_extension_by_oid('subjectAltName')
  names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
end

#subject_key_identifier ⇒ Object

# File 'lib/openssl-extensions/x509/certificate.rb', line 82

def subject_key_identifier
  read_extension_by_oid('subjectKeyIdentifier')
end