module OpenSSLExtensions::X509::Certificate

Extends OpenSSL::X509::Certificate with shortcut methods.

Public Instance Methods

==(other) click to toggle source

Equality is tested by comparing the generated PEM signatures.

# File lib/openssl-extensions/x509/certificate.rb, line 12
def ==(other)
  to_pem == other.to_pem
end
Also aliased as: eql?
allows_certificate_signing?() click to toggle source

Returns true if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).

# File lib/openssl-extensions/x509/certificate.rb, line 21
def allows_certificate_signing?
  usage = read_extension_by_oid('keyUsage')
  usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
end
authority_info_access() click to toggle source

This can be used for getting OCSP Urls for revocation checks.

# File lib/openssl-extensions/x509/certificate.rb, line 83
def authority_info_access
  read_extension_by_oid('authorityInfoAccess')
end
authority_key_identifier() click to toggle source
# File lib/openssl-extensions/x509/certificate.rb, line 26
def authority_key_identifier
  OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
end
crl_distribution_points() click to toggle source
# File lib/openssl-extensions/x509/certificate.rb, line 87
def crl_distribution_points
  read_extension_by_oid('crlDistributionPoints')
end
eql?(other)
Alias for: ==
hash() click to toggle source

Override the default Object#hash to identify uniqueness of the Certificate. This uses a hash of the certificate PEM.

# File lib/openssl-extensions/x509/certificate.rb, line 34
def hash
  to_pem.hash
end
issuing_certificate?(issuer) click to toggle source

Returns true if the certificate given is the issuer certificate for this certificate.

# File lib/openssl-extensions/x509/certificate.rb, line 41
def issuing_certificate?(issuer)
  (self.authority_key_identifier.key_id &&
    issuer.subject_key_identifier &&
    self.authority_key_identifier.key_id == issuer.subject_key_identifier) ||
    (!self.authority_key_identifier.key_id &&
     self.issuer.common_name == issuer.subject.common_name &&
     self.issuer.country == issuer.subject.country &&
     self.issuer.organization == issuer.subject.organization)
end
root?() click to toggle source

Returns true if this certificate is a root certificate (it is its own issuer).

# File lib/openssl-extensions/x509/certificate.rb, line 55
def root?
  issuer.to_s == subject.to_s &&
    (subject_key_identifier && authority_key_identifier.key_id ? subject_key_identifier == authority_key_identifier.key_id : true)
end
sans()
ssl_version() click to toggle source

Returns the SSL version used by the certificate. Most likely, this will return 3, since version 1 was unreleased, and version 2 was abandoned in 1995.

See en.wikipedia.org/wiki/Secure_Sockets_Layer.

# File lib/openssl-extensions/x509/certificate.rb, line 102
def ssl_version
  if to_text =~ %r{^\s+Version: (\d+)}m
    $1.to_i
  end
end
strength() click to toggle source

Returns the bit strength of the public certificate.

# File lib/openssl-extensions/x509/certificate.rb, line 63
def strength
  public_key.strength
end
subject_alternative_names() click to toggle source

Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.

# File lib/openssl-extensions/x509/certificate.rb, line 71
def subject_alternative_names
  names_string = read_extension_by_oid('subjectAltName')
  names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
end
Also aliased as: sans
subject_key_identifier() click to toggle source
# File lib/openssl-extensions/x509/certificate.rb, line 77
def subject_key_identifier
  read_extension_by_oid('subjectKeyIdentifier')
end

Protected Instance Methods

read_extension_by_oid(oid) click to toggle source
# File lib/openssl-extensions/x509/certificate.rb, line 112
def read_extension_by_oid(oid)
  (extensions.detect { |e| e.to_a.first == oid } || []).to_a[1]
end