Class: Ccrypto::X509::CertProfile

Inherits:
Object
  • Object
show all
Includes:
AlgoConfig, TR::CondUtils, TeLogger::TeLogHelper
Defined in:
lib/ccrypto/configs/x509_cert_profile.rb

Defined Under Namespace

Classes: CertProfileException, ExtKeyUsage, KeyUsage

Instance Attribute Summary collapse

Attributes included from AlgoConfig

#provider_config

Instance Method Summary collapse

Methods included from AlgoConfig

include, #provider_info

Constructor Details

#initializeCertProfile

Returns a new instance of CertProfile.



25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 25

def initialize
  @hashAlgo = Ccrypto::SHA256
  @serial = SecureRandom.hex(16)
  @subj_key_id = true
  @auth_key_id = true
  @issuerCert = false
  now = Time.now
  @not_before = Time.new(now.year, now.month, now.day)
  @not_after = Time.new(now.year+2, now.month, now.day)
  @raise_if_validity_date_not_in_issuer_range = false
end

Instance Attribute Details

#auth_key_idObject

Returns the value of attribute auth_key_id.



19
20
21
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19

def auth_key_id
  @auth_key_id
end

#crl_dist_pointObject

Returns the value of attribute crl_dist_point.



20
21
22
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 20

def crl_dist_point
  @crl_dist_point
end

#dns_nameObject

Returns the value of attribute dns_name.



17
18
19
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def dns_name
  @dns_name
end

#emailObject

Returns the value of attribute email.



17
18
19
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def email
  @email
end

#hashAlgoObject

Returns the value of attribute hashAlgo.



22
23
24
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22

def hashAlgo
  @hashAlgo
end

#ip_addrObject

Returns the value of attribute ip_addr.



17
18
19
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def ip_addr
  @ip_addr
end

#issuer_certObject

Returns the value of attribute issuer_cert.



21
22
23
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 21

def issuer_cert
  @issuer_cert
end

#issuer_urlObject

Returns the value of attribute issuer_url.



20
21
22
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 20

def issuer_url
  @issuer_url
end

#not_afterObject

Returns the value of attribute not_after.



18
19
20
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def not_after
  @not_after
end

#not_beforeObject

Returns the value of attribute not_before.



18
19
20
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def not_before
  @not_before
end

#ocsp_urlObject

Returns the value of attribute ocsp_url.



20
21
22
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 20

def ocsp_url
  @ocsp_url
end

#orgObject

Returns the value of attribute org.



16
17
18
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16

def org
  @org
end

#org_unitObject

Returns the value of attribute org_unit.



17
18
19
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def org_unit
  @org_unit
end

#owner_nameObject

Returns the value of attribute owner_name.



16
17
18
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16

def owner_name
  @owner_name
end

#public_keyObject

Returns the value of attribute public_key.



18
19
20
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def public_key
  @public_key
end

#raise_if_validity_date_not_in_issuer_rangeObject

Returns the value of attribute raise_if_validity_date_not_in_issuer_range.



23
24
25
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 23

def raise_if_validity_date_not_in_issuer_range
  @raise_if_validity_date_not_in_issuer_range
end

#serialObject

Returns the value of attribute serial.



18
19
20
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def serial
  @serial
end

#subj_key_idObject

Returns the value of attribute subj_key_id.



19
20
21
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19

def subj_key_id
  @subj_key_id
end

#uriObject

Returns the value of attribute uri.



17
18
19
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def uri
  @uri
end

Instance Method Details

#add_domain_key_usage(oid, critical = false) ⇒ Object 



284
285
286
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 284

def add_domain_key_usage(oid, critical = false)
  domain_key_usage[oid] = critical
end

#domain_key_usageObject 



288
289
290
291
292
293
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 288

def domain_key_usage
  if @domainKeyUsage.nil?
    @domainKeyUsage = {  }
  end
  @domainKeyUsage
end

#ext_key_usageObject 



277
278
279
280
281
282
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 277

def ext_key_usage
  if @extKeyUsage.nil?
    @extKeyUsage = ExtKeyUsage.new
  end
  @extKeyUsage
end

#gen_auth_key_id=(val) ⇒ Object 



54
55
56
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 54

def gen_auth_key_id=(val)
  @auth_key_id = val
end

#gen_auth_key_id?Boolean

Returns:

  • (Boolean) 


51
52
53
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 51

def gen_auth_key_id?
  @auth_key_id
end

#gen_issuer_cert=(val) ⇒ Object 



40
41
42
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 40

def gen_issuer_cert=(val)
  @issuerCert = val
end

#gen_issuer_cert?Boolean

Returns:

  • (Boolean) 


37
38
39
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 37

def gen_issuer_cert?
  @issuerCert
end

#gen_subj_key_id=(val) ⇒ Object 



47
48
49
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 47

def gen_subj_key_id=(val)
  @subj_key_id = val
end

#gen_subj_key_id?Boolean

Returns:

  • (Boolean) 


44
45
46
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 44

def gen_subj_key_id?
  @subj_key_id
end

#key_usageObject

extKeyUsage



270
271
272
273
274
275
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 270

def key_usage
  if @keyUsage.nil?
    @keyUsage = KeyUsage.new
  end
  @keyUsage
end

#match_issuer_not_after(issuer_not_after) ⇒ Object 



178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 178

def match_issuer_not_after(issuer_not_after)
  if not_empty?(issuer_not_after)
    if issuer_not_after.is_a?(Time)
      if @not_after > issuer_not_after
        if @raise_if_validity_date_not_in_issuer_range
          raise X509CertNotAfterException, "Issuer not_after '#{issuer_not_after.localtime}' < To-be-signed cert not_after '#{@not_after.localtime}'"
        else
          teLogger.info "Issuer has not_after at #{issuer_not_after.localtime} but to-be-signed certificate has not_after at #{@not_after.localtime}. To-be-signed certificate cannot has not_after later than issuer not_after. Auto adjusting the to-be-signed certificate to #{issuer_not_after.localtime}."
          @not_after = issuer_not_after
        end
      else
        teLogger.debug "to-be-signed certificate has valid not_after value (#{@not_after}): before issuer not_after (#{issuer_not_after})"
      end
    else
      teLogger.warn "issuer_not_after is not a Time object. It is a '#{issuer_not_after.class}'"
    end
  end
end

#match_issuer_not_before(issuer_not_before) ⇒ Object 



159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 159

def match_issuer_not_before(issuer_not_before)
  if not_empty?(issuer_not_before)
    if issuer_not_before.is_a?(Time)
      if issuer_not_before > @not_before
        if @raise_if_validity_date_not_in_issuer_range
          raise X509CertNotBeforeException, "Issuer not_before '#{issuer_not_before.localtime}' > To-be-signed cert not_before '#{@not_before.localtime}'"
        else
          teLogger.info "Issuer has not_before at #{issuer_not_before.localtime} but to-be-signed certificate has not_before at #{@not_before.localtime}. To-be-signed certificate cannot has not_before earlier than issuer not_before. Auto adjusting the to-be-signed certificate to #{issuer_not_before.localtime}."
          @not_before = issuer_not_before
        end
      else
        teLogger.debug "to-be-signed certificate has valid not_before value (#{@not_before}) : after issuer not_before (#{issuer_not_before})"
      end
    else
      teLogger.warn "issuer_not_before is not a Time object. It is a '#{issuer_not_before.class}'"
    end
  end
end

#validity(qty, unit = :years) ⇒ Object

Raises:



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 138

def validity(qty, unit = :years)
     
  raise CertProfileException, "not_before has to set before validity can be set" if is_empty?(@not_before)

  case unit
  when :days, :day
    adv = { days: qty }
  when :months, :month
    adv = { months: qty }
  when :weeks, :week
    adv = { weeks: qty }
  when :years, :year
    adv = { years: qty }
  else
    raise CertProfileException, "Unknown unit '#{unit}'"
  end

  @not_after = @not_before.advance(adv)

end