Class: Xml::Kit::Certificate

Inherits:
Object
  • Object
show all
Includes:
Templatable
Defined in:
lib/xml/kit/certificate.rb

Overview

Constant Summary collapse

BASE64_FORMAT =

rubocop:disable Metrics/LineLength

%r(\A([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?\Z).freeze
BEGIN_CERT =

rubocop:enable Metrics/LineLength

/-----BEGIN CERTIFICATE-----/.freeze
END_CERT = 
/-----END CERTIFICATE-----/.freeze

Instance Attribute Summary collapse

Attributes included from Templatable

#embed_signature, #encrypt, #encryption_certificate, #signing_key_pair

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Templatable

#asymmetric_cipher, #encrypt_data_for, #encrypt_key_for, #encrypt_with, #encryption_for, #render, #sign_with, #signature_for, #symmetric_cipher, #to_xml

Constructor Details

#initialize(value, use: nil) ⇒ Certificate

Returns a new instance of Certificate.



21
22
23
24
 
# File 'lib/xml/kit/certificate.rb', line 21

def initialize(value, use: nil)
  @value = value
  @use = use.nil? ? use : use.downcase.to_sym
end

Instance Attribute Details

#useObject (readonly)

The use can be ‘:signing` or `:encryption`. Use `nil` for both.



16
17
18
 
# File 'lib/xml/kit/certificate.rb', line 16

def use
  @use
end

#valueObject (readonly)

The raw certificate value. This can be a Base64 encoded PEM or just a PEM format.



19
20
21
 
# File 'lib/xml/kit/certificate.rb', line 19

def value
  @value
end

Class Method Details

.base64?(value) ⇒ Boolean

Returns:

  • (Boolean) 


129
130
131
132
133
134
 
# File 'lib/xml/kit/certificate.rb', line 129

def base64?(value)
  return unless value.is_a?(String)

  sanitized_value = strip(value)
  !!sanitized_value.match(BASE64_FORMAT)
end

.strip(value) ⇒ Object 



136
137
138
139
140
141
 
# File 'lib/xml/kit/certificate.rb', line 136

def strip(value)
  value
    .gsub(BEGIN_CERT, '')
    .gsub(END_CERT, '')
    .gsub(/[\r\n]|\\r|\\n|\s/, '')
end

.to_x509(value) ⇒ Object 



122
123
124
125
126
127
 
# File 'lib/xml/kit/certificate.rb', line 122

def to_x509(value)
  return value if value.is_a?(OpenSSL::X509::Certificate)

  value = Base64.decode64(strip(value)) if base64?(value)
  OpenSSL::X509::Certificate.new(value)
end

Instance Method Details

#==(other) ⇒ Object 



69
70
71
 
# File 'lib/xml/kit/certificate.rb', line 69

def ==(other)
  fingerprint == other.fingerprint
end

#active?(time = Time.now) ⇒ Boolean

Returns:

  • (Boolean) 


105
106
107
 
# File 'lib/xml/kit/certificate.rb', line 105

def active?(time = Time.now)
  x509.not_before <= time && !expired?(time)
end

#encryption?Boolean

Returns true if this certificate is used for encryption.

return [Boolean] true or false.

Returns:

  • (Boolean) 


44
45
46
 
# File 'lib/xml/kit/certificate.rb', line 44

def encryption?
  for?(:encryption)
end

#eql?(other) ⇒ Boolean

Returns:

  • (Boolean) 


73
74
75
 
# File 'lib/xml/kit/certificate.rb', line 73

def eql?(other)
  self == other
end

#expired?(time = Time.now) ⇒ Boolean

Returns:

  • (Boolean) 


101
102
103
 
# File 'lib/xml/kit/certificate.rb', line 101

def expired?(time = Time.now)
  x509.not_after <= time
end

#fingerprintXml::Kit::Fingerprint

Returns the certificate fingerprint.

Returns:



27
28
29
 
# File 'lib/xml/kit/certificate.rb', line 27

def fingerprint
  Fingerprint.new(value)
end

#for?(use) ⇒ Boolean

Returns true if this certificate is for the specified use.

Parameters:

  • use (Symbol)

    ‘:signing` or `:encryption`.

Returns:

  • (Boolean)

    true or false.



35
36
37
38
39
 
# File 'lib/xml/kit/certificate.rb', line 35

def for?(use)
  return true if self.use.nil?

  self.use == use.to_sym
end

#hashObject 



77
78
79
 
# File 'lib/xml/kit/certificate.rb', line 77

def hash
  value.hash
end

#inspectObject 



89
90
91
 
# File 'lib/xml/kit/certificate.rb', line 89

def inspect
  to_h.inspect
end

#key_infoObject 



117
118
119
 
# File 'lib/xml/kit/certificate.rb', line 117

def key_info
  @key_info ||= KeyInfo.new(x509: x509)
end

#not_afterObject 



109
110
111
 
# File 'lib/xml/kit/certificate.rb', line 109

def not_after
  x509.not_after
end

#not_beforeObject 



113
114
115
 
# File 'lib/xml/kit/certificate.rb', line 113

def not_before
  x509.not_before
end

#public_keyOpenSSL::PKey::RSA

Returns the public key.

Returns:

  • (OpenSSL::PKey::RSA)

    the RSA public key.



65
66
67
 
# File 'lib/xml/kit/certificate.rb', line 65

def public_key
  x509.public_key
end

#signing?Boolean

Returns true if this certificate is used for signing.

return [Boolean] true or false.

Returns:

  • (Boolean) 


51
52
53
 
# File 'lib/xml/kit/certificate.rb', line 51

def signing?
  for?(:signing)
end

#strippedObject 



93
94
95
 
# File 'lib/xml/kit/certificate.rb', line 93

def stripped
  self.class.strip(x509.to_pem)
end

#to_hObject 



85
86
87
 
# File 'lib/xml/kit/certificate.rb', line 85

def to_h
  { use: @use, fingerprint: fingerprint.to_s }
end

#to_key_pair(private_key, passphrase: nil, use: nil) ⇒ Object 



97
98
99
 
# File 'lib/xml/kit/certificate.rb', line 97

def to_key_pair(private_key, passphrase: nil, use: nil)
  KeyPair.new(x509.to_pem, private_key.to_s, passphrase, use)
end

#to_sObject 



81
82
83
 
# File 'lib/xml/kit/certificate.rb', line 81

def to_s
  value
end

#x509Object

Returns the x509 form.

return [OpenSSL::X509::Certificate] the OpenSSL equivalent.



58
59
60
 
# File 'lib/xml/kit/certificate.rb', line 58

def x509
  @x509 ||= self.class.to_x509(value)
end