Class: Xml::Kit::Certificate

Inherits:

Object

• Object
• Xml::Kit::Certificate

Defined in:

lib/xml/kit/certificate.rb

Overview

Constant Summary

BASE64_FORMAT =

%r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze

BEGIN_CERT =

/-----BEGIN CERTIFICATE-----/.freeze

END_CERT =

/-----END CERTIFICATE-----/.freeze

Instance Attribute Summary

• #use ⇒ Object readonly

  The use can be ‘:signing` or `:encryption`.

• #value ⇒ Object readonly

  The raw certificate value.

Class Method Summary

• .base64?(value) ⇒ Boolean
• .strip(value) ⇒ Object
• .to_x509(value) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #active?(time = Time.now) ⇒ Boolean
• #encryption? ⇒ Boolean

  Returns true if this certificate is used for encryption.

• #eql?(other) ⇒ Boolean
• #expired?(time = Time.now) ⇒ Boolean
• #fingerprint ⇒ Xml::Kit::Fingerprint

  The certificate fingerprint.

• #for?(use) ⇒ Boolean

  Returns true if this certificate is for the specified use.

• #hash ⇒ Object
• #initialize(value, use: nil) ⇒ Certificate constructor

  A new instance of Certificate.

• #inspect ⇒ Object
• #not_after ⇒ Object
• #not_before ⇒ Object
• #public_key ⇒ OpenSSL::PKey::RSA

  Returns the public key.

• #signing? ⇒ Boolean

  Returns true if this certificate is used for signing.

• #stripped ⇒ Object
• #to_h ⇒ Object
• #to_key_pair(private_key, passphrase: nil, use: nil) ⇒ Object
• #to_s ⇒ Object
• #to_xml(pretty: false, xml: ::Builder::XmlMarkup.new) ⇒ Object
• #x509 ⇒ Object

  Returns the x509 form.

Constructor Details

#initialize(value, use: nil) ⇒ Certificate

Returns a new instance of Certificate.

# File 'lib/xml/kit/certificate.rb', line 16

def initialize(value, use: nil)
  @value = value
  @use = use.nil? ? use : use.downcase.to_sym
end

Instance Attribute Details

#use ⇒ Object (readonly)

The use can be ‘:signing` or `:encryption`. Use `nil` for both.

# File 'lib/xml/kit/certificate.rb', line 11

def use
  @use
end

#value ⇒ Object (readonly)

The raw certificate value. This can be a Base64 encoded PEM or just a PEM format.

# File 'lib/xml/kit/certificate.rb', line 14

def value
  @value
end

Class Method Details

.base64?(value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 125

def base64?(value)
  return unless value.is_a?(String)

  sanitized_value = strip(value)
  !!sanitized_value.match(BASE64_FORMAT)
end

.strip(value) ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 132

def strip(value)
  value
    .gsub(BEGIN_CERT, '')
    .gsub(END_CERT, '')
    .gsub(/[\r\n]|\\r|\\n|\s/, '')
end

.to_x509(value) ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 118

def to_x509(value)
  return value if value.is_a?(OpenSSL::X509::Certificate)

  value = Base64.decode64(strip(value)) if base64?(value)
  OpenSSL::X509::Certificate.new(value)
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 64

def ==(other)
  fingerprint == other.fingerprint
end

#active?(time = Time.now) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 100

def active?(time = Time.now)
  x509.not_before <= time && !expired?(time)
end

#encryption? ⇒ Boolean

Returns true if this certificate is used for encryption.

return [Boolean] true or false.

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 39

def encryption?
  for?(:encryption)
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 68

def eql?(other)
  self == other
end

#expired?(time = Time.now) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 96

def expired?(time = Time.now)
  x509.not_after <= time
end

#fingerprint ⇒ Xml::Kit::Fingerprint

Returns the certificate fingerprint.

Returns:

• (Xml::Kit::Fingerprint) —

  the certificate fingerprint.

# File 'lib/xml/kit/certificate.rb', line 22

def fingerprint
  Fingerprint.new(value)
end

#for?(use) ⇒ Boolean

Returns true if this certificate is for the specified use.

Parameters:

• use (Symbol) —

  ‘:signing` or `:encryption`.

Returns:

• (Boolean) —

  true or false.

# File 'lib/xml/kit/certificate.rb', line 30

def for?(use)
  return true if self.use.nil?

  self.use == use.to_sym
end

#hash ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 72

def hash
  value.hash
end

#inspect ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 84

def inspect
  to_h.inspect
end

#not_after ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 104

def not_after
  x509.not_after
end

#not_before ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 108

def not_before
  x509.not_before
end

#public_key ⇒ OpenSSL::PKey::RSA

Returns the public key.

Returns:

• (OpenSSL::PKey::RSA) —

  the RSA public key.

# File 'lib/xml/kit/certificate.rb', line 60

def public_key
  x509.public_key
end

#signing? ⇒ Boolean

Returns true if this certificate is used for signing.

return [Boolean] true or false.

Returns:

• (Boolean)

# File 'lib/xml/kit/certificate.rb', line 46

def signing?
  for?(:signing)
end

#stripped ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 88

def stripped
  self.class.strip(x509.to_pem)
end

#to_h ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 80

def to_h
  { use: @use, fingerprint: fingerprint.to_s }
end

#to_key_pair(private_key, passphrase: nil, use: nil) ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 92

def to_key_pair(private_key, passphrase: nil, use: nil)
  KeyPair.new(x509.to_pem, private_key.to_s, passphrase, use)
end

#to_s ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 76

def to_s
  value
end

#to_xml(pretty: false, xml: ::Builder::XmlMarkup.new) ⇒ Object

# File 'lib/xml/kit/certificate.rb', line 112

def to_xml(pretty: false, xml: ::Builder::XmlMarkup.new)
  xml = ::Xml::Kit::Template.new(self).to_xml(xml: xml)
  pretty ? Nokogiri::XML(xml).to_xml(indent: 2) : xml
end

#x509 ⇒ Object

Returns the x509 form.

return [OpenSSL::X509::Certificate] the OpenSSL equivalent.

# File 'lib/xml/kit/certificate.rb', line 53

def x509
  @x509 ||= self.class.to_x509(value)
end