Class: Inspec::Resources::X509CertificateResource
- Inherits:
-
Object
- Object
- Inspec::Resources::X509CertificateResource
- Includes:
- FileReader
- Defined in:
- lib/inspec/resources/x509_certificate.rb
Instance Method Summary collapse
- #certificate? ⇒ Boolean
- #extensions ⇒ Object
- #fingerprint ⇒ Object
-
#initialize(opts) ⇒ X509CertificateResource
constructor
A new instance of X509CertificateResource.
- #issuer ⇒ Object
- #issuer_dn ⇒ Object
- #key_length ⇒ Object
- #serial ⇒ Object
- #subject ⇒ Object
- #subject_dn ⇒ Object
- #to_s ⇒ Object
- #valid? ⇒ Boolean
- #validity_in_days ⇒ Object
Methods included from FileReader
Constructor Details
#initialize(opts) ⇒ X509CertificateResource
Returns a new instance of X509CertificateResource.
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/inspec/resources/x509_certificate.rb', line 37 def initialize(opts) @opts = (opts) @issuer = nil @parsed_subject = nil @parsed_issuer = nil @extensions = nil @content = @opts[:content] @content ||= read_file_content(@opts[:filepath]) @cert = OpenSSL::X509::Certificate.new @content end |
Instance Method Details
#certificate? ⇒ Boolean
55 56 57 |
# File 'lib/inspec/resources/x509_certificate.rb', line 55 def certificate? !@cert.nil? end |
#extensions ⇒ Object
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'lib/inspec/resources/x509_certificate.rb', line 116 def extensions # Return cached Mash if we already parsed the certificate extensions return @extensions if @extensions # Return the exception class if we failed to instantiate a Cert from file return @cert unless @cert.respond_to? :extensions # Use a Mash to make it easier to access hash elements in "its('entensions') {should ...}" @extensions = Hashie::Mash.new({}) # Make sure standard extensions exist so we don't get nil for nil:NilClass # when the user tests for extensions which aren't present %w{ keyUsage extendedKeyUsage basicConstraints subjectKeyIdentifier authorityKeyIdentifier subjectAltName issuerAltName authorityInfoAccess crlDistributionPoints issuingDistributionPoint certificatePolicies policyConstraints nameConstraints noCheck tlsfeature nsComment }.each { |extension| @extensions[extension] ||= [] } # Now parse the extensions into the Mash extension_array = @cert.extensions.map(&:to_s) extension_array.each do |extension| kv = extension.split(/ *= */, 2) @extensions[kv.first] = kv.last.split(/ *, */) end @extensions end |
#fingerprint ⇒ Object
59 60 61 62 63 |
# File 'lib/inspec/resources/x509_certificate.rb', line 59 def fingerprint return if @cert.nil? OpenSSL::Digest.new("SHA1", @cert.to_der).to_s end |
#issuer ⇒ Object
92 93 94 95 96 97 98 99 |
# File 'lib/inspec/resources/x509_certificate.rb', line 92 def issuer return if @cert.nil? # Return cached subject if we have already parsed it return @parsed_issuer if @parsed_issuer # Use a Mash to make it easier to access hash elements in "its('issuer') {should ...}" @parsed_issuer = Hashie::Mash.new(Hash[@cert.issuer.to_a.map { |k, v, _| [k, v] }]) end |
#issuer_dn ⇒ Object
86 87 88 89 90 |
# File 'lib/inspec/resources/x509_certificate.rb', line 86 def issuer_dn return if @cert.nil? @cert.issuer.to_s end |
#key_length ⇒ Object
101 102 103 104 105 |
# File 'lib/inspec/resources/x509_certificate.rb', line 101 def key_length return if @cert.nil? @cert.public_key.n.num_bytes * 8 end |
#serial ⇒ Object
65 66 67 68 69 |
# File 'lib/inspec/resources/x509_certificate.rb', line 65 def serial return if @cert.nil? @cert.serial.to_i end |
#subject ⇒ Object
77 78 79 80 81 82 83 84 |
# File 'lib/inspec/resources/x509_certificate.rb', line 77 def subject return if @cert.nil? # Return cached subject if we have already parsed it return @parsed_subject if @parsed_subject # Use a Mash to make it easier to access hash elements in "its('subject') {should ...}" @parsed_subject = Hashie::Mash.new(Hash[@cert.subject.to_a.map { |k, v, _| [k, v] }]) end |
#subject_dn ⇒ Object
71 72 73 74 75 |
# File 'lib/inspec/resources/x509_certificate.rb', line 71 def subject_dn return if @cert.nil? @cert.subject.to_s end |
#to_s ⇒ Object
141 142 143 144 145 |
# File 'lib/inspec/resources/x509_certificate.rb', line 141 def to_s cert = @opts[:filepath] cert ||= subject.CN "x509_certificate #{cert}" end |
#valid? ⇒ Boolean
111 112 113 114 |
# File 'lib/inspec/resources/x509_certificate.rb', line 111 def valid? now = Time.now certificate? && (now >= not_before && now <= not_after) end |
#validity_in_days ⇒ Object
107 108 109 |
# File 'lib/inspec/resources/x509_certificate.rb', line 107 def validity_in_days (not_after - Time.now.utc) / 86400 end |