class R509::Cert::Extensions::InhibitAnyPolicy
The inhibit anyPolicy extension indicates that the special anyPolicy OID
, with the value { 2 5 29 32 0 }, is not considered an explicit match for other certificate policies except when it appears in an intermediate self-issued CA certificate. The value indicates the number of additional non-self-issued certificates that may appear in the path before anyPolicy is no longer permitted. For example, a value of one indicates that anyPolicy may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.
You can use this extension to parse an existing extension for easy access to the contents or create a new one.
Constants
- OID
friendly name for CP
OID
Attributes
@return [Integer]
Public Class Methods
This method takes a hash or an existing Extension object to parse
@option arg :value [Integer] @option arg :critical [Boolean] (true)
# File lib/r509/cert/extensions/inhibit_any_policy.rb, line 33 def initialize(arg) unless R509::Cert::Extensions.is_extension?(arg) arg = build_extension(arg) end super(arg) parse_extension end
Public Instance Methods
@return [Hash]
# File lib/r509/cert/extensions/inhibit_any_policy.rb, line 43 def to_h { :critical => self.critical?, :value => @value } end
@return [YAML]
# File lib/r509/cert/extensions/inhibit_any_policy.rb, line 48 def to_yaml self.to_h.to_yaml end
Private Instance Methods
# File lib/r509/cert/extensions/inhibit_any_policy.rb, line 61 def build_extension(arg) validate_non_negative_integer("Inhibit any policy", arg[:value]) ef = OpenSSL::X509::ExtensionFactory.new critical = R509::Cert::Extensions.calculate_critical(arg[:critical], true) # must be set critical per RFC 5280 ef.create_extension("inhibitAnyPolicy", arg[:value].to_s, critical) end
# File lib/r509/cert/extensions/inhibit_any_policy.rb, line 54 def parse_extension # id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } # InhibitAnyPolicy ::= SkipCerts # SkipCerts ::= INTEGER (0..MAX) @value = R509::ASN1.get_extension_payload(self).to_i # returns a non-negative integer end