Class: Ccrypto::X509::CertProfile
- Inherits:
-
Object
- Object
- Ccrypto::X509::CertProfile
- Includes:
- AlgoConfig, TR::CondUtils, TeLogger::TeLogHelper
- Defined in:
- lib/ccrypto/configs/x509_cert_profile.rb
Defined Under Namespace
Classes: CertProfileException, ExtKeyUsage, KeyUsage
Instance Attribute Summary collapse
-
#auth_key_id ⇒ Object
Returns the value of attribute auth_key_id.
-
#country ⇒ Object
Returns the value of attribute country.
-
#crl_dist_point ⇒ Object
Returns the value of attribute crl_dist_point.
-
#csr ⇒ Object
Returns the value of attribute csr.
-
#dns_name ⇒ Object
Returns the value of attribute dns_name.
-
#email ⇒ Object
Returns the value of attribute email.
-
#hashAlgo ⇒ Object
Returns the value of attribute hashAlgo.
-
#ip_addr ⇒ Object
Returns the value of attribute ip_addr.
-
#issuer_cert ⇒ Object
Returns the value of attribute issuer_cert.
-
#issuer_path_len ⇒ Object
Returns the value of attribute issuer_path_len.
-
#issuer_url ⇒ Object
Returns the value of attribute issuer_url.
-
#locality ⇒ Object
Returns the value of attribute locality.
-
#ocsp_url ⇒ Object
Returns the value of attribute ocsp_url.
-
#org ⇒ Object
Returns the value of attribute org.
-
#org_unit ⇒ Object
Returns the value of attribute org_unit.
-
#owner_name ⇒ Object
Returns the value of attribute owner_name.
-
#public_key ⇒ Object
, :not_before, :not_after.
-
#raise_if_validity_date_not_in_issuer_range ⇒ Object
Returns the value of attribute raise_if_validity_date_not_in_issuer_range.
-
#serial ⇒ Object
, :not_before, :not_after.
-
#subj_key_id ⇒ Object
Returns the value of attribute subj_key_id.
-
#uri ⇒ Object
Returns the value of attribute uri.
Instance Method Summary collapse
- #add_custom_extension(oid, value, type = :string, critical = false) ⇒ Object (also: #add_domain_extension)
- #add_domain_key_usage(oid, critical = false) ⇒ Object
- #custom_extension ⇒ Object (also: #domain_extension)
- #domain_key_usage ⇒ Object
- #ext_key_usage ⇒ Object
- #gen_auth_key_id=(val) ⇒ Object
- #gen_auth_key_id? ⇒ Boolean
- #gen_issuer_cert=(val) ⇒ Object
- #gen_issuer_cert? ⇒ Boolean
- #gen_subj_key_id=(val) ⇒ Object
- #gen_subj_key_id? ⇒ Boolean
-
#initialize ⇒ CertProfile
constructor
A new instance of CertProfile.
-
#key_usage ⇒ Object
extKeyUsage.
- #match_issuer_not_after(issuer_not_after) ⇒ Object
- #match_issuer_not_before(issuer_not_before) ⇒ Object
- #not_after ⇒ Object (also: #valid_until, #valid_to)
- #not_after=(val) ⇒ Object (also: #valid_until=, #valid_to=)
- #not_before ⇒ Object (also: #valid_from)
- #not_before=(val) ⇒ Object (also: #valid_from=)
- #validity(qty, unit = :years) ⇒ Object (also: #valid_for)
Methods included from AlgoConfig
Constructor Details
#initialize ⇒ CertProfile
Returns a new instance of CertProfile.
29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 29 def initialize @hashAlgo = :sha256 @serial = SecureRandom.hex(16) @subj_key_id = true @auth_key_id = true @issuerCert = false now = Time.now @not_before = Time.new(now.year, now.month, now.day) @not_after = Time.new(now.year+2, now.month, now.day) @raise_if_validity_date_not_in_issuer_range = false end |
Instance Attribute Details
#auth_key_id ⇒ Object
Returns the value of attribute auth_key_id.
21 22 23 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 21 def auth_key_id @auth_key_id end |
#country ⇒ Object
Returns the value of attribute country.
18 19 20 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18 def country @country end |
#crl_dist_point ⇒ Object
Returns the value of attribute crl_dist_point.
22 23 24 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22 def crl_dist_point @crl_dist_point end |
#csr ⇒ Object
Returns the value of attribute csr.
20 21 22 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 20 def csr @csr end |
#dns_name ⇒ Object
Returns the value of attribute dns_name.
17 18 19 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17 def dns_name @dns_name end |
#email ⇒ Object
Returns the value of attribute email.
17 18 19 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17 def email @email end |
#hashAlgo ⇒ Object
Returns the value of attribute hashAlgo.
24 25 26 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 24 def hashAlgo @hashAlgo end |
#ip_addr ⇒ Object
Returns the value of attribute ip_addr.
17 18 19 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17 def ip_addr @ip_addr end |
#issuer_cert ⇒ Object
Returns the value of attribute issuer_cert.
23 24 25 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 23 def issuer_cert @issuer_cert end |
#issuer_path_len ⇒ Object
Returns the value of attribute issuer_path_len.
27 28 29 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 27 def issuer_path_len @issuer_path_len end |
#issuer_url ⇒ Object
Returns the value of attribute issuer_url.
22 23 24 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22 def issuer_url @issuer_url end |
#locality ⇒ Object
Returns the value of attribute locality.
18 19 20 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18 def locality @locality end |
#ocsp_url ⇒ Object
Returns the value of attribute ocsp_url.
22 23 24 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22 def ocsp_url @ocsp_url end |
#org ⇒ Object
Returns the value of attribute org.
16 17 18 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16 def org @org end |
#org_unit ⇒ Object
Returns the value of attribute org_unit.
17 18 19 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17 def org_unit @org_unit end |
#owner_name ⇒ Object
Returns the value of attribute owner_name.
16 17 18 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16 def owner_name @owner_name end |
#public_key ⇒ Object
, :not_before, :not_after
19 20 21 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19 def public_key @public_key end |
#raise_if_validity_date_not_in_issuer_range ⇒ Object
Returns the value of attribute raise_if_validity_date_not_in_issuer_range.
25 26 27 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 25 def raise_if_validity_date_not_in_issuer_range @raise_if_validity_date_not_in_issuer_range end |
#serial ⇒ Object
, :not_before, :not_after
19 20 21 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19 def serial @serial end |
#subj_key_id ⇒ Object
Returns the value of attribute subj_key_id.
21 22 23 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 21 def subj_key_id @subj_key_id end |
#uri ⇒ Object
Returns the value of attribute uri.
17 18 19 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17 def uri @uri end |
Instance Method Details
#add_custom_extension(oid, value, type = :string, critical = false) ⇒ Object Also known as: add_domain_extension
372 373 374 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 372 def add_custom_extension(oid, value, type = :string, critical = false) custom_extension[oid] = { type: type, value: value, critical: critical } end |
#add_domain_key_usage(oid, critical = false) ⇒ Object
361 362 363 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 361 def add_domain_key_usage(oid, critical = false) domain_key_usage[oid] = critical end |
#custom_extension ⇒ Object Also known as: domain_extension
377 378 379 380 381 382 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 377 def custom_extension if @custom_extension.nil? @custom_extension = { } end @custom_extension end |
#domain_key_usage ⇒ Object
365 366 367 368 369 370 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 365 def domain_key_usage if @domainKeyUsage.nil? @domainKeyUsage = { } end @domainKeyUsage end |
#ext_key_usage ⇒ Object
354 355 356 357 358 359 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 354 def ext_key_usage if @extKeyUsage.nil? @extKeyUsage = ExtKeyUsage.new end @extKeyUsage end |
#gen_auth_key_id=(val) ⇒ Object
80 81 82 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 80 def gen_auth_key_id=(val) @auth_key_id = val end |
#gen_auth_key_id? ⇒ Boolean
77 78 79 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 77 def gen_auth_key_id? @auth_key_id end |
#gen_issuer_cert=(val) ⇒ Object
66 67 68 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 66 def gen_issuer_cert=(val) @issuerCert = val end |
#gen_issuer_cert? ⇒ Boolean
63 64 65 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 63 def gen_issuer_cert? @issuerCert end |
#gen_subj_key_id=(val) ⇒ Object
73 74 75 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 73 def gen_subj_key_id=(val) @subj_key_id = val end |
#gen_subj_key_id? ⇒ Boolean
70 71 72 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 70 def gen_subj_key_id? @subj_key_id end |
#key_usage ⇒ Object
extKeyUsage
347 348 349 350 351 352 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 347 def key_usage if @keyUsage.nil? @keyUsage = KeyUsage.new end @keyUsage end |
#match_issuer_not_after(issuer_not_after) ⇒ Object
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 255 def match_issuer_not_after(issuer_not_after) if not_empty?(issuer_not_after) if issuer_not_after.is_a?(Time) if @not_after > issuer_not_after if @raise_if_validity_date_not_in_issuer_range raise X509CertNotAfterException, "Issuer not_after '#{issuer_not_after.localtime}' < To-be-signed cert not_after '#{@not_after.localtime}'" else teLogger.info "Issuer has not_after at #{issuer_not_after.localtime} but to-be-signed certificate has not_after at #{@not_after.localtime}. To-be-signed certificate cannot has not_after later than issuer not_after. Auto adjusting the to-be-signed certificate to #{issuer_not_after.localtime}." @not_after = issuer_not_after end else teLogger.debug "to-be-signed certificate has valid not_after value (#{@not_after}): before issuer not_after (#{issuer_not_after})" end else teLogger.warn "issuer_not_after is not a Time object. It is a '#{issuer_not_after.class}'" end end end |
#match_issuer_not_before(issuer_not_before) ⇒ Object
236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 236 def match_issuer_not_before(issuer_not_before) if not_empty?(issuer_not_before) if issuer_not_before.is_a?(Time) if issuer_not_before > @not_before if @raise_if_validity_date_not_in_issuer_range raise X509CertNotBeforeException, "Issuer not_before '#{issuer_not_before.localtime}' > To-be-signed cert not_before '#{@not_before.localtime}'" else teLogger.info "Issuer has not_before at #{issuer_not_before.localtime} but to-be-signed certificate has not_before at #{@not_before.localtime}. To-be-signed certificate cannot has not_before earlier than issuer not_before. Auto adjusting the to-be-signed certificate to #{issuer_not_before.localtime}." @not_before = issuer_not_before end else teLogger.debug "to-be-signed certificate has valid not_before value (#{@not_before}) : after issuer not_before (#{issuer_not_before})" end else teLogger.warn "issuer_not_before is not a Time object. It is a '#{issuer_not_before.class}'" end end end |
#not_after ⇒ Object Also known as: valid_until, valid_to
57 58 59 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 57 def not_after @not_after end |
#not_after=(val) ⇒ Object Also known as: valid_until=, valid_to=
51 52 53 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 51 def not_after=(val) @not_after = val end |
#not_before ⇒ Object Also known as: valid_from
46 47 48 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 46 def not_before @not_before end |
#not_before=(val) ⇒ Object Also known as: valid_from=
41 42 43 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 41 def not_before=(val) @not_before = val end |
#validity(qty, unit = :years) ⇒ Object Also known as: valid_for
214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 |
# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 214 def validity(qty, unit = :years) raise CertProfileException, "not_before has to set before validity can be set" if is_empty?(@not_before) case unit when :days, :day adv = { days: qty } when :months, :month adv = { months: qty } when :weeks, :week adv = { weeks: qty } when :years, :year adv = { years: qty } else raise CertProfileException, "Unknown unit '#{unit}'" end @not_after = @not_before.advance(adv) end |