openssl-extensions 0.0.1 → 0.0.2

data/lib/openssl-extensions.rb

@@ -1,5 +1,8 @@
 module OpenSSLExtensions
 
+  ##
+  # Ensures that the current Ruby was compiled with OpenSSL support enabled.
+  #
   def self.check_dependencies!
     begin
       require 'openssl'

data/lib/openssl-extensions/all.rb

@@ -2,4 +2,5 @@ require 'openssl-extensions'
 OpenSSLExtensions.check_dependencies!
 
 require 'openssl-extensions/x509/certificate'
+require 'openssl-extensions/x509/certificate_chain'
 require 'openssl-extensions/x509/name'

data/lib/openssl-extensions/version.rb

@@ -1,3 +1,3 @@
 module OpenSSLExtensions
-  Version = '0.0.1'
+  Version = '0.0.2'
 end

data/lib/openssl-extensions/x509/authority_key_identifier.rb

@@ -1,12 +1,17 @@
 require 'openssl-extensions/x509'
 
+##
+# Returned with requesting an OpenSSLExtensions::X509::Certificate.authority_key_identifier.
+# If available, this collects the issuer_name (issuer's common name),
+# serial_number, and key_id (fingerprint).
+#
 class OpenSSLExtensions::X509::AuthorityKeyIdentifier
 
   attr_reader :issuer_name, :serial_number, :key_id
   alias :serial :serial_number
 
   def initialize(extension_string)
-    parse(extension_string.dup)
+    parse(extension_string.dup) if extension_string
   end
 
   def parse(string)

data/lib/openssl-extensions/x509/certificate.rb

@@ -1,12 +1,16 @@
 require 'openssl-extensions/x509'
 require 'openssl-extensions/x509/authority_key_identifier'
 
+##
+# Extends OpenSSL::X509::Certificate with shortcut methods.
+#
 module OpenSSLExtensions::X509::Certificate
 
   def subject_alternative_names
     names_string = read_extension_by_oid('subjectAltName')
     names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
   end
+  alias :sans :subject_alternative_names
 
   def subject_key_identifier
     read_extension_by_oid('subjectKeyIdentifier')
@@ -21,6 +25,35 @@ module OpenSSLExtensions::X509::Certificate
   end
   protected :read_extension_by_oid
 
+  ##
+  # Returns +true+ if this certificate is authorized to sign for other certificates (useful for determining CA roots
+  # and intermediary certificates).
+  #
+  def allows_certificate_signing?
+    usage = read_extension_by_oid('keyUsage')
+    usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
+  end
+
+  ##
+  # Returns +true+ if the certificate given is the issuer certificate for this certificate.
+  #
+  def issuing_certificate?(issuer)
+    (self.authority_key_identifier.key_id &&
+      issuer.subject_key_identifier &&
+      self.authority_key_identifier.key_id == issuer.subject_key_identifier) ||
+      (!self.authority_key_identifier.key_id &&
+       self.issuer.common_name == issuer.subject.common_name &&
+       self.issuer.country == issuer.subject.country &&
+       self.issuer.organization == issuer.subject.organization)
+  end
+
+  ##
+  # Equality is tested by comparing the generated PEM signatures.
+  #
+  def ==(other)
+    to_pem == other.to_pem
+  end
+
 end
 
 OpenSSL::X509::Certificate.send(:include, OpenSSLExtensions::X509::Certificate)

data/lib/openssl-extensions/x509/certificate_chain.rb

@@ -0,0 +1,44 @@
+require 'openssl-extensions/x509'
+require 'openssl-extensions/x509/certificate'
+
+##
+# Provides a thin wrapper to an Array which contains the full certificate
+# chain.  This array, however, has been reorganized to be in the proper
+# order for the chain as follows:
+#
+#     [Site Certificate, Intermediary #1, ..., CA Root]
+#
+# Where +Intermediary #1+ is the issuing certificate of the
+# +Site Certificate+, followed by +#2+ which issued +#1+, down to the
+# final root signing certificate in last position.
+#
+class OpenSSLExtensions::X509::CertificateChain
+  instance_methods.each { |m| undef_method m unless m =~ /(^__|^send$|^object_id$)/ }
+
+  def initialize(peer_certificate, certificates)
+    @certificates = []
+    reorganize!(peer_certificate, certificates)
+  end
+
+  def method_missing(method, *args, &block)
+    @certificates.send(method, *args, &block)
+  end
+  private :method_missing
+
+  def reorganize!(site_certificate, certificates)
+    return unless site_certificate && !certificates.empty?
+    certificate = nil
+
+    @certificates << (certificates.delete(site_certificate) || site_certificate || certificates.delete(certificates.detect { |c| c.subject_key_identifier.nil? }))
+    certificate = @certificates.first
+
+    until certificate.nil?
+      if certificate = certificates.detect { |authority| authority.allows_certificate_signing? && certificate.issuing_certificate?(authority) }
+        @certificates << certificates.delete(certificate)
+      else
+        authority = nil
+      end
+    end
+  end
+  private :reorganize!
+end

data/lib/openssl-extensions/x509/name.rb

@@ -1,5 +1,8 @@
 require 'openssl-extensions/x509'
 
+##
+# Extends OpenSSL::X509::Name with additional shortcut methods.
+#
 module OpenSSLExtensions::X509::Name
   def organization
     read_entry_by_oid('O')
@@ -21,6 +24,10 @@ module OpenSSLExtensions::X509::Name
     read_entry_by_oid('L')
   end
 
+  def location
+    [locality, state, country].compact.join(', ')
+  end
+
   def state
     read_entry_by_oid('ST')
   end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Nathaniel Bibler
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-01 00:00:00 -04:00
+date: 2010-10-04 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -47,6 +47,7 @@ files:
 - lib/openssl-extensions/version.rb
 - lib/openssl-extensions/x509/authority_key_identifier.rb
 - lib/openssl-extensions/x509/certificate.rb
+- lib/openssl-extensions/x509/certificate_chain.rb
 - lib/openssl-extensions/x509/name.rb
 - lib/openssl-extensions/x509.rb
 - lib/openssl-extensions.rb