module OpenSSLExtensions::X509::Certificate
Extends OpenSSL::X509::Certificate with shortcut methods.
Public Instance Methods
Equality is tested by comparing the generated PEM signatures.
# File lib/openssl-extensions/x509/certificate.rb, line 12 def ==(other) to_pem == other.to_pem end
Returns true
if this certificate is authorized to sign for other certificates (useful for determining CA roots and intermediary certificates).
# File lib/openssl-extensions/x509/certificate.rb, line 21 def allows_certificate_signing? usage = read_extension_by_oid('keyUsage') usage.nil? || !!(usage.match(%r{\bCertificate Sign\b})) end
# File lib/openssl-extensions/x509/certificate.rb, line 87 def crl_distribution_points read_extension_by_oid('crlDistributionPoints') end
Override the default Object#hash to identify uniqueness of the Certificate
. This uses a hash of the certificate PEM.
# File lib/openssl-extensions/x509/certificate.rb, line 34 def hash to_pem.hash end
Returns true
if the certificate given is the issuer certificate for this certificate.
# File lib/openssl-extensions/x509/certificate.rb, line 41 def issuing_certificate?(issuer) (self.authority_key_identifier.key_id && issuer.subject_key_identifier && self.authority_key_identifier.key_id == issuer.subject_key_identifier) || (!self.authority_key_identifier.key_id && self.issuer.common_name == issuer.subject.common_name && self.issuer.country == issuer.subject.country && self.issuer.organization == issuer.subject.organization) end
Returns true
if this certificate is a root certificate (it is its own issuer).
# File lib/openssl-extensions/x509/certificate.rb, line 55 def root? issuer.to_s == subject.to_s && (subject_key_identifier && authority_key_identifier.key_id ? subject_key_identifier == authority_key_identifier.key_id : true) end
Returns the SSL
version used by the certificate. Most likely, this will return 3
, since version 1
was unreleased, and version 2
was abandoned in 1995.
See en.wikipedia.org/wiki/Secure_Sockets_Layer.
# File lib/openssl-extensions/x509/certificate.rb, line 102 def ssl_version if to_text =~ %r{^\s+Version: (\d+)}m $1.to_i end end
Returns the bit strength of the public certificate.
# File lib/openssl-extensions/x509/certificate.rb, line 63 def strength public_key.strength end
Returns a collection of subject alternative names on the certificate. If no alternative names were provided, then this returns an empty set.
# File lib/openssl-extensions/x509/certificate.rb, line 71 def subject_alternative_names names_string = read_extension_by_oid('subjectAltName') names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : [] end
# File lib/openssl-extensions/x509/certificate.rb, line 77 def subject_key_identifier read_extension_by_oid('subjectKeyIdentifier') end
Protected Instance Methods
# File lib/openssl-extensions/x509/certificate.rb, line 112 def read_extension_by_oid(oid) (extensions.detect { |e| e.to_a.first == oid } || []).to_a[1] end