Class: Serverspec::Type::X509Certificate

Inherits:

Base

• Object
• Base
• Serverspec::Type::X509Certificate

Defined in:

lib/serverspec/type/x509_certificate.rb

Instance Attribute Summary

Attributes inherited from Base

#name

Instance Method Summary

• #alias ⇒ Object
• #certificate? ⇒ Boolean
• #email ⇒ Object
• #fingerprint ⇒ Object
• #has_purpose?(p) ⇒ Boolean
• #issuer ⇒ Object
• #keylength ⇒ Object

  Modern openssl use following output format for key length: Public-Key: (4096 bit) while ancient (0.9.8 for example) use RSA Public Key: (2048 bit).

• #subject ⇒ Object
• #subject_alt_names ⇒ Object
• #valid? ⇒ Boolean
• #validity_in_days ⇒ Object

Methods inherited from Base

#initialize, #inspect, #to_ary, #to_s

Constructor Details

This class inherits a constructor from Serverspec::Type::Base

Instance Method Details

#alias ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 25

def alias
  run_openssl_command_with("-alias -noout").stdout.chomp
end

#certificate? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/serverspec/type/x509_certificate.rb', line 5

def certificate?
  (run_openssl_command_with("-noout").exit_status == 0)
end

#email ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 17

def email
  run_openssl_command_with("-email -noout").stdout.chomp
end

#fingerprint ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 21

def fingerprint
  run_openssl_command_with("-fingerprint -noout").stdout.chomp
end

#has_purpose?(p) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/serverspec/type/x509_certificate.rb', line 38

def has_purpose?(p)
  grep_str = "#{p} : Yes"
  ( run_openssl_command_with("-purpose -noout | grep -wq \"#{grep_str}\"").
      exit_status == 0 )
end

#issuer ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 13

def issuer
  run_openssl_command_with("-issuer -noout").stdout.chomp.gsub(/^issuer= */,'')
end

#keylength ⇒ Object

Modern openssl use following output format for key length: Public-Key: (4096 bit) while ancient (0.9.8 for example) use RSA Public Key: (2048 bit)

# File 'lib/serverspec/type/x509_certificate.rb', line 33

def keylength
  len_str = run_openssl_command_with("-text -noout | grep -E 'Public(-| )Key: \\([[:digit:]]+ bit\\)'").stdout.chomp
  len_str.gsub(/^.*\(/,'').gsub(/ bit\)$/,'').to_i
end

#subject ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 9

def subject
  run_openssl_command_with("-subject -noout").stdout.chomp.gsub(/^subject= */,'')
end

#subject_alt_names ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 63

def subject_alt_names
  text = run_openssl_command_with('-text -noout').stdout
  # X509v3 Subject Alternative Name:
  #     DNS:*.example.com, DNS:www.example.net, IP:192.0.2.10
  if text =~ /^ *X509v3 Subject Alternative Name:.*\n *(.*)$/
    $1.split(/, +/)
  end
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/serverspec/type/x509_certificate.rb', line 44

def valid?
  runner_res = run_openssl_command_with("-startdate -enddate -noout")
  return false if runner_res.exit_status != 0

  date_map = parse_dates_str_to_map(runner_res.stdout)

  now = Time.now
  ( now >= date_map[:notBefore] && now <= date_map[:notAfter])
end

#validity_in_days ⇒ Object

# File 'lib/serverspec/type/x509_certificate.rb', line 54

def validity_in_days
  runner_res = run_openssl_command_with("-enddate -noout")
  return 0 if runner_res.exit_status != 0

  date_map = parse_dates_str_to_map(runner_res.stdout)
  diff = date_map[:notAfter] - Time.now
  ( diff/(60*60*24) )
end