Class: CertificateTransparency::CertificateChain

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Includes:
Enumerable
Defined in:
lib/certificate-transparency/certificate_chain.rb

Overview

A chain of certificates, from an end-entity certificate to a root certificate presumably trusted by the log.

This is a fairly thin wrapper around an Array, with methods for serialization and deserialization.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeCertificateChain

Returns a new instance of CertificateChain.



44
45
46
 
# File 'lib/certificate-transparency/certificate_chain.rb', line 44

def initialize
  @chain = []
end

Class Method Details

.from_blob(blob) ⇒ CT::CertificateChain

Create a CertificateTransparency::CertificateChain instance from a binary blob.

You have to be slightly careful with this; for different types of MerkleTreeLeaf, the serialized data that comes out of /get-entries is different.

Parameters:

Returns:



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/certificate-transparency/certificate_chain.rb', line 25

def self.from_blob(blob)
  new.tap do |cc|
    chain, rest = TLS::Opaque.from_blob(blob, 2**24-1)

    unless rest.empty?
      raise ArgumentError,
            "Malformed CertificateChain blob: " +
            "unexpected additional data: #{rest.inspect}"
    end

    chain = chain.value
    until chain.empty?
      cert_blob, chain = TLS::Opaque.from_blob(chain, 2**24-1)

      cc << OpenSSL::X509::Certificate.new(cert_blob.value)
    end
  end
end

Instance Method Details

#to_blobString

Generate an encoded blob of this certificate chain.

Returns:



52
53
54
 
# File 'lib/certificate-transparency/certificate_chain.rb', line 52

def to_blob
  TLS::Opaque.new(@chain.map { |c| TLS::Opaque.new(c.to_der, 2**24-1).to_blob }.join, 2**24-1).to_blob
end