Class: Ccrypto::X509::CertProfile

Inherits:

Object

• Object
• Ccrypto::X509::CertProfile

Includes:

AlgoConfig, TR::CondUtils, TeLogger::TeLogHelper

Defined in:

lib/ccrypto/configs/x509_cert_profile.rb

Defined Under Namespace

Classes: CertProfileException, ExtKeyUsage, KeyUsage

Instance Attribute Summary

• #auth_key_id ⇒ Object

  Returns the value of attribute auth_key_id.

• #country ⇒ Object

  Returns the value of attribute country.

• #crl_dist_point ⇒ Object

  Returns the value of attribute crl_dist_point.

• #csr ⇒ Object

  Returns the value of attribute csr.

• #dns_name ⇒ Object

  Returns the value of attribute dns_name.

• #email ⇒ Object

  Returns the value of attribute email.

• #hashAlgo ⇒ Object

  Returns the value of attribute hashAlgo.

• #ip_addr ⇒ Object

  Returns the value of attribute ip_addr.

• #issuer_cert ⇒ Object

  Returns the value of attribute issuer_cert.

• #issuer_path_len ⇒ Object

  Returns the value of attribute issuer_path_len.

• #issuer_url ⇒ Object

  Returns the value of attribute issuer_url.

• #locality ⇒ Object

  Returns the value of attribute locality.

• #ocsp_url ⇒ Object

  Returns the value of attribute ocsp_url.

• #org ⇒ Object

  Returns the value of attribute org.

• #org_unit ⇒ Object

  Returns the value of attribute org_unit.

• #owner_name ⇒ Object

  Returns the value of attribute owner_name.

• #public_key ⇒ Object

  , :not_before, :not_after.

• #raise_if_validity_date_not_in_issuer_range ⇒ Object

  Returns the value of attribute raise_if_validity_date_not_in_issuer_range.

• #serial ⇒ Object

  , :not_before, :not_after.

• #subj_key_id ⇒ Object

  Returns the value of attribute subj_key_id.

• #uri ⇒ Object

  Returns the value of attribute uri.

Instance Method Summary

• #add_custom_extension(oid, value, type = :string, critical = false) ⇒ Object (also: #add_domain_extension)
• #add_domain_key_usage(oid, critical = false) ⇒ Object
• #custom_extension ⇒ Object (also: #domain_extension)
• #domain_key_usage ⇒ Object
• #ext_key_usage ⇒ Object
• #gen_auth_key_id=(val) ⇒ Object
• #gen_auth_key_id? ⇒ Boolean
• #gen_issuer_cert=(val) ⇒ Object
• #gen_issuer_cert? ⇒ Boolean
• #gen_subj_key_id=(val) ⇒ Object
• #gen_subj_key_id? ⇒ Boolean
• #initialize ⇒ CertProfile constructor

  A new instance of CertProfile.

• #key_usage ⇒ Object

  extKeyUsage.

• #match_issuer_not_after(issuer_not_after) ⇒ Object
• #match_issuer_not_before(issuer_not_before) ⇒ Object
• #not_after ⇒ Object (also: #valid_until, #valid_to)
• #not_after=(val) ⇒ Object (also: #valid_until=, #valid_to=)
• #not_before ⇒ Object (also: #valid_from)
• #not_before=(val) ⇒ Object (also: #valid_from=)
• #validity(qty, unit = :years) ⇒ Object (also: #valid_for)

Methods included from AlgoConfig

include

Constructor Details

#initialize ⇒ CertProfile

Returns a new instance of CertProfile.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 29

def initialize
  @hashAlgo = :sha256
  @serial = SecureRandom.hex(16)
  @subj_key_id = true
  @auth_key_id = true
  @issuerCert = false
  now = Time.now
  @not_before = Time.new(now.year, now.month, now.day)
  @not_after = Time.new(now.year+2, now.month, now.day)
  @raise_if_validity_date_not_in_issuer_range = false
end

Instance Attribute Details

#auth_key_id ⇒ Object

Returns the value of attribute auth_key_id.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 21

def auth_key_id
  @auth_key_id
end

#country ⇒ Object

Returns the value of attribute country.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def country
  @country
end

#crl_dist_point ⇒ Object

Returns the value of attribute crl_dist_point.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22

def crl_dist_point
  @crl_dist_point
end

#csr ⇒ Object

Returns the value of attribute csr.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 20

def csr
  @csr
end

#dns_name ⇒ Object

Returns the value of attribute dns_name.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def dns_name
  @dns_name
end

#email ⇒ Object

Returns the value of attribute email.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def email
  @email
end

#hashAlgo ⇒ Object

Returns the value of attribute hashAlgo.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 24

def hashAlgo
  @hashAlgo
end

#ip_addr ⇒ Object

Returns the value of attribute ip_addr.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def ip_addr
  @ip_addr
end

#issuer_cert ⇒ Object

Returns the value of attribute issuer_cert.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 23

def issuer_cert
  @issuer_cert
end

#issuer_path_len ⇒ Object

Returns the value of attribute issuer_path_len.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 27

def issuer_path_len
  @issuer_path_len
end

#issuer_url ⇒ Object

Returns the value of attribute issuer_url.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22

def issuer_url
  @issuer_url
end

#locality ⇒ Object

Returns the value of attribute locality.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 18

def locality
  @locality
end

#ocsp_url ⇒ Object

Returns the value of attribute ocsp_url.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 22

def ocsp_url
  @ocsp_url
end

#org ⇒ Object

Returns the value of attribute org.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16

def org
  @org
end

#org_unit ⇒ Object

Returns the value of attribute org_unit.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def org_unit
  @org_unit
end

#owner_name ⇒ Object

Returns the value of attribute owner_name.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 16

def owner_name
  @owner_name
end

#public_key ⇒ Object

, :not_before, :not_after

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19

def public_key
  @public_key
end

#raise_if_validity_date_not_in_issuer_range ⇒ Object

Returns the value of attribute raise_if_validity_date_not_in_issuer_range.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 25

def raise_if_validity_date_not_in_issuer_range
  @raise_if_validity_date_not_in_issuer_range
end

#serial ⇒ Object

, :not_before, :not_after

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 19

def serial
  @serial
end

#subj_key_id ⇒ Object

Returns the value of attribute subj_key_id.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 21

def subj_key_id
  @subj_key_id
end

#uri ⇒ Object

Returns the value of attribute uri.

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 17

def uri
  @uri
end

Instance Method Details

#add_custom_extension(oid, value, type = :string, critical = false) ⇒ Object Also known as: add_domain_extension

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 372

def add_custom_extension(oid, value, type = :string, critical = false)
  custom_extension[oid] = { type: type, value: value, critical: critical }
end

#add_domain_key_usage(oid, critical = false) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 361

def add_domain_key_usage(oid, critical = false)
  domain_key_usage[oid] = critical
end

#custom_extension ⇒ Object Also known as: domain_extension

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 377

def custom_extension
  if @custom_extension.nil?
    @custom_extension = {  }
  end
  @custom_extension
end

#domain_key_usage ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 365

def domain_key_usage
  if @domainKeyUsage.nil?
    @domainKeyUsage = {  }
  end
  @domainKeyUsage
end

#ext_key_usage ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 354

def ext_key_usage
  if @extKeyUsage.nil?
    @extKeyUsage = ExtKeyUsage.new
  end
  @extKeyUsage
end

#gen_auth_key_id=(val) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 80

def gen_auth_key_id=(val)
  @auth_key_id = val
end

#gen_auth_key_id? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 77

def gen_auth_key_id?
  @auth_key_id
end

#gen_issuer_cert=(val) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 66

def gen_issuer_cert=(val)
  @issuerCert = val
end

#gen_issuer_cert? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 63

def gen_issuer_cert?
  @issuerCert
end

#gen_subj_key_id=(val) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 73

def gen_subj_key_id=(val)
  @subj_key_id = val
end

#gen_subj_key_id? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 70

def gen_subj_key_id?
  @subj_key_id
end

#key_usage ⇒ Object

extKeyUsage

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 347

def key_usage
  if @keyUsage.nil?
    @keyUsage = KeyUsage.new
  end
  @keyUsage
end

#match_issuer_not_after(issuer_not_after) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 255

def match_issuer_not_after(issuer_not_after)
  if not_empty?(issuer_not_after)
    if issuer_not_after.is_a?(Time)
      if @not_after > issuer_not_after
        if @raise_if_validity_date_not_in_issuer_range
          raise X509CertNotAfterException, "Issuer not_after '#{issuer_not_after.localtime}' < To-be-signed cert not_after '#{@not_after.localtime}'"
        else
          teLogger.info "Issuer has not_after at #{issuer_not_after.localtime} but to-be-signed certificate has not_after at #{@not_after.localtime}. To-be-signed certificate cannot has not_after later than issuer not_after. Auto adjusting the to-be-signed certificate to #{issuer_not_after.localtime}."
          @not_after = issuer_not_after
        end
      else
        teLogger.debug "to-be-signed certificate has valid not_after value (#{@not_after}): before issuer not_after (#{issuer_not_after})"
      end
    else
      teLogger.warn "issuer_not_after is not a Time object. It is a '#{issuer_not_after.class}'"
    end
  end
end

#match_issuer_not_before(issuer_not_before) ⇒ Object

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 236

def match_issuer_not_before(issuer_not_before)
  if not_empty?(issuer_not_before)
    if issuer_not_before.is_a?(Time)
      if issuer_not_before > @not_before
        if @raise_if_validity_date_not_in_issuer_range
          raise X509CertNotBeforeException, "Issuer not_before '#{issuer_not_before.localtime}' > To-be-signed cert not_before '#{@not_before.localtime}'"
        else
          teLogger.info "Issuer has not_before at #{issuer_not_before.localtime} but to-be-signed certificate has not_before at #{@not_before.localtime}. To-be-signed certificate cannot has not_before earlier than issuer not_before. Auto adjusting the to-be-signed certificate to #{issuer_not_before.localtime}."
          @not_before = issuer_not_before
        end
      else
        teLogger.debug "to-be-signed certificate has valid not_before value (#{@not_before}) : after issuer not_before (#{issuer_not_before})"
      end
    else
      teLogger.warn "issuer_not_before is not a Time object. It is a '#{issuer_not_before.class}'"
    end
  end
end

#not_after ⇒ Object Also known as: valid_until, valid_to

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 57

def not_after
  @not_after
end

#not_after=(val) ⇒ Object Also known as: valid_until=, valid_to=

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 51

def not_after=(val)
  @not_after = val
end

#not_before ⇒ Object Also known as: valid_from

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 46

def not_before
  @not_before
end

#not_before=(val) ⇒ Object Also known as: valid_from=

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 41

def not_before=(val)
  @not_before = val
end

#validity(qty, unit = :years) ⇒ Object Also known as: valid_for

Raises:

• (CertProfileException)

# File 'lib/ccrypto/configs/x509_cert_profile.rb', line 214

def validity(qty, unit = :years)
     
  raise CertProfileException, "not_before has to set before validity can be set" if is_empty?(@not_before)

  case unit
  when :days, :day
    adv = { days: qty }
  when :months, :month
    adv = { months: qty }
  when :weeks, :week
    adv = { weeks: qty }
  when :years, :year
    adv = { years: qty }
  else
    raise CertProfileException, "Unknown unit '#{unit}'"
  end

  @not_after = @not_before.advance(adv)

end