class SSLCheck::Certificate

Public Class Methods

new(cert, clock=nil) click to toggle source
# File lib/sslcheck/certificate.rb, line 6
def initialize(cert, clock=nil)
  @cert = bootstrap_certificate(cert)
  @clock = clock || DateTime
end

Public Instance Methods

alternate_common_names() click to toggle source
# File lib/sslcheck/certificate.rb, line 50
def alternate_common_names
  ext = @cert.extensions.find{|ext| ext.oid == "subjectAltName" }
  return [] unless ext
  alternates = ext.value.split(",")
  names = alternates.map{|a| a.scan(/DNS:(.*)/)[0][0]}
  names
end
bootstrap_certificate(cert) click to toggle source
# File lib/sslcheck/certificate.rb, line 119
def bootstrap_certificate(cert)
  return cert if cert.is_a?(OpenSSL::X509::Certificate)
  return cert if cert.is_a?(SSLCheck::Certificate)
  OpenSSL::X509::Certificate.new cert
end
common_name() click to toggle source
# File lib/sslcheck/certificate.rb, line 46
def common_name
  subject.scan(/CN=(.*)/)[0][0]
end
expired?() click to toggle source
# File lib/sslcheck/certificate.rb, line 107
def expired?
  @clock.now > not_after
end
expires_in?(num_days) click to toggle source
# File lib/sslcheck/certificate.rb, line 111
def expires_in?(num_days)
  (@clock.now.beginning_of_day + num_days.days) >= not_after.beginning_of_day
end
issued?() click to toggle source
# File lib/sslcheck/certificate.rb, line 115
def issued?
  @clock.now > not_before
end
issued_by() click to toggle source
# File lib/sslcheck/certificate.rb, line 86
def issued_by
  match = issuer.match("CN=(.*)")
  match.captures.first if match
end
issuer() click to toggle source
# File lib/sslcheck/certificate.rb, line 58
def issuer
  @cert.issuer.to_s
end
issuer_common_name() click to toggle source
# File lib/sslcheck/certificate.rb, line 82
def issuer_common_name
  issued_by
end
issuer_country() click to toggle source
# File lib/sslcheck/certificate.rb, line 62
def issuer_country
  match = issuer.match(/C=([\w\s]+)/)
  match.captures.first if match
end
issuer_locality() click to toggle source
# File lib/sslcheck/certificate.rb, line 72
def issuer_locality
  match = issuer.match(/L=([\w\s]+)/)
  match.captures.first if match
end
issuer_organization() click to toggle source
# File lib/sslcheck/certificate.rb, line 77
def issuer_organization
  match = issuer.match(/O=([^\/]+)/)
  match.captures.first if match
end
issuer_state() click to toggle source
# File lib/sslcheck/certificate.rb, line 67
def issuer_state
  match = issuer.match(/ST=([\w\s]+)/)
  match.captures.first if match
end
not_after() click to toggle source
# File lib/sslcheck/certificate.rb, line 103
def not_after
  DateTime.parse(@cert.not_after.to_s)
end
not_before() click to toggle source
# File lib/sslcheck/certificate.rb, line 99
def not_before
  DateTime.parse(@cert.not_before.to_s)
end
organizational_unit() click to toggle source
# File lib/sslcheck/certificate.rb, line 41
def organizational_unit
  match = subject.match(/OU=([\w\s]+)/)
  match.captures.first if match
end
public_key() click to toggle source
# File lib/sslcheck/certificate.rb, line 91
def public_key
  @cert.public_key
end
subject() click to toggle source
# File lib/sslcheck/certificate.rb, line 37
def subject
  @cert.subject.to_s
end
to_h() click to toggle source
# File lib/sslcheck/certificate.rb, line 15
def to_h
  {
    :common_name       => common_name,
    :organization_unit => organizational_unit,
    :not_before        => not_before,
    :not_after         => not_after,
    :issued            => true,
    :expired           => false,
    :issuer            => {
      :common_name  => issuer_common_name,
      :country      => issuer_country,
      :state        => issuer_state,
      :locality     => issuer_locality,
      :organization => issuer_organization
    }
  }
end
to_s() click to toggle source
# File lib/sslcheck/certificate.rb, line 33
def to_s
  @cert.to_s
end
to_x509() click to toggle source
# File lib/sslcheck/certificate.rb, line 11
def to_x509
  OpenSSL::X509::Certificate.new @cert.to_s
end
verify(ca) click to toggle source
# File lib/sslcheck/certificate.rb, line 95
def verify(ca)
  @cert.verify(ca.public_key)
end