openssl-extensions 0.0.7 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/lib/openssl-extensions/all.rb +1 -0
  2. data/lib/openssl-extensions/version.rb +1 -1
  3. data/lib/openssl-extensions/x509/certificate.rb +36 -31
  4. data/lib/openssl-extensions/x509/request.rb +68 -0
  5. metadata +24 -9
data/lib/openssl-extensions/all.rb CHANGED
@@ -3,5 +3,6 @@ OpenSSLExtensions.check_dependencies!
3
3
 
4
4
  require 'openssl-extensions/x509/certificate'
5
5
  require 'openssl-extensions/x509/certificate_chain'
6
+ require 'openssl-extensions/x509/request'
6
7
  require 'openssl-extensions/x509/name'
7
8
  require 'openssl-extensions/ssl/ssl_socket'
data/lib/openssl-extensions/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module OpenSSLExtensions
2
- Version = '0.0.7'
2
+ Version = '0.0.8'
3
3
  end
data/lib/openssl-extensions/x509/certificate.rb CHANGED
@@ -6,31 +6,13 @@ require 'openssl-extensions/x509/authority_key_identifier'
6
6
  #
7
7
  module OpenSSLExtensions::X509::Certificate
8
8
 
9
- def subject_alternative_names
10
- names_string = read_extension_by_oid('subjectAltName')
11
- names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
12
- end
13
- alias :sans :subject_alternative_names
14
-
15
9
  ##
16
- # Returns the bit strength of the public certificate.
10
+ # Equality is tested by comparing the generated PEM signatures.
17
11
  #
18
- def strength
19
- public_key.n.num_bits
20
- end
21
-
22
- def subject_key_identifier
23
- read_extension_by_oid('subjectKeyIdentifier')
24
- end
25
-
26
- def authority_key_identifier
27
- OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
28
- end
29
-
30
- def read_extension_by_oid(oid)
31
- (extensions.detect { |e| e.to_a.first == oid } || []).to_a[1]
12
+ def ==(other)
13
+ to_pem == other.to_pem
32
14
  end
33
- protected :read_extension_by_oid
15
+ alias_method :eql?, :==
34
16
 
35
17
  ##
36
18
  # Returns +true+ if this certificate is authorized to sign for other certificates (useful for determining CA roots
@@ -41,6 +23,18 @@ module OpenSSLExtensions::X509::Certificate
41
23
  usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
42
24
  end
43
25
 
26
+ def authority_key_identifier
27
+ OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
28
+ end
29
+
30
+ ##
31
+ # Override the default Object#hash to identify uniqueness of the
32
+ # Certificate. This uses a hash of the certificate PEM.
33
+ #
34
+ def hash
35
+ to_pem.hash
36
+ end
37
+
44
38
  ##
45
39
  # Returns +true+ if the certificate given is the issuer certificate for this certificate.
46
40
  #
@@ -54,6 +48,11 @@ module OpenSSLExtensions::X509::Certificate
54
48
  self.issuer.organization == issuer.subject.organization)
55
49
  end
56
50
 
51
+ def read_extension_by_oid(oid)
52
+ (extensions.detect { |e| e.to_a.first == oid } || []).to_a[1]
53
+ end
54
+ protected :read_extension_by_oid
55
+
57
56
  ##
58
57
  # Returns +true+ if this certificate is a root certificate (it is its
59
58
  # own issuer).
@@ -64,20 +63,26 @@ module OpenSSLExtensions::X509::Certificate
64
63
  end
65
64
 
66
65
  ##
67
- # Equality is tested by comparing the generated PEM signatures.
66
+ # Returns the bit strength of the public certificate.
68
67
  #
69
- def ==(other)
70
- to_pem == other.to_pem
68
+ def strength
69
+ public_key.n.num_bits
71
70
  end
72
- alias_method :eql?, :==
73
71
 
74
72
  ##
75
- # Override the default Object#hash to identify uniqueness of the
76
- # Certificate. This uses a hash of the certificate PEM.
77
- #
78
- def hash
79
- to_pem.hash
73
+ # Returns a collection of subject alternative names on the certificate.
74
+ # If no alternative names were provided, then this returns an empty set.
75
+ #
76
+ def subject_alternative_names
77
+ names_string = read_extension_by_oid('subjectAltName')
78
+ names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
79
+ end
80
+ alias :sans :subject_alternative_names
81
+
82
+ def subject_key_identifier
83
+ read_extension_by_oid('subjectKeyIdentifier')
80
84
  end
85
+
81
86
  end
82
87
 
83
88
  OpenSSL::X509::Certificate.send(:include, OpenSSLExtensions::X509::Certificate)
data/lib/openssl-extensions/x509/request.rb ADDED
@@ -0,0 +1,68 @@
1
+ require 'openssl-extensions/x509'
2
+
3
+ ##
4
+ # Extends OpenSSL::X509::Request with shortcut methods.
5
+ #
6
+ module OpenSSLExtensions::X509::Request
7
+
8
+ ##
9
+ # Equality is tested by comparing the generated PEM signatures.
10
+ #
11
+ def ==(other)
12
+ to_pem == other.to_pem
13
+ end
14
+ alias_method :eql?, :==
15
+
16
+ ##
17
+ # Returns +true+ if the signing request were generated with a challenge
18
+ # password.
19
+ #
20
+ def challenge_password?
21
+ !read_attributes_by_oid('challengePassword').nil?
22
+ end
23
+
24
+ ##
25
+ # Override the default Object#hash to identify uniqueness of the
26
+ # Request. This uses a hash of the PEM.
27
+ #
28
+ def hash
29
+ to_pem.hash
30
+ end
31
+
32
+ def read_attributes_by_oid(*oids)
33
+ attributes.detect { |a| oids.include?(a.oid) }
34
+ end
35
+ protected :read_attributes_by_oid
36
+
37
+ ##
38
+ # Returns the bit strength of the public key used for the signing
39
+ # request.
40
+ #
41
+ def strength
42
+ public_key.n.num_bits
43
+ end
44
+
45
+ ##
46
+ # Returns a collection of subject alternative names requested. If no
47
+ # alternative names were requested, this returns an empty set.
48
+ #
49
+ def subject_alternative_names
50
+ @_subject_alternative_names ||= begin
51
+ if attribute = read_attributes_by_oid('extReq', 'msExtReq')
52
+ set = OpenSSL::ASN1.decode(attribute.value)
53
+ seq = set.value.first
54
+ if sans = seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.detect { |e| e.first == 'subjectAltName' }
55
+ sans[1].gsub(/DNS:/,'').split(', ')
56
+ else
57
+ []
58
+ end
59
+ else
60
+ []
61
+ end
62
+ end
63
+ end
64
+ alias :sans :subject_alternative_names
65
+
66
+ end
67
+
68
+ OpenSSL::X509::Request.send(:include, OpenSSLExtensions::X509::Request)
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openssl-extensions
3
3
  version: !ruby/object:Gem::Version
4
- hash: 17
4
+ hash: 15
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 7
10
- version: 0.0.7
9
+ - 8
10
+ version: 0.0.8
11
11
  platform: ruby
12
12
  authors:
13
13
  - Nathaniel Bibler
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-11-02 00:00:00 -04:00
18
+ date: 2010-11-18 00:00:00 -05:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -26,16 +26,30 @@ dependencies:
26
26
  requirements:
27
27
  - - ">="
28
28
  - !ruby/object:Gem::Version
29
- hash: 62196421
29
+ hash: 11
30
30
  segments:
31
31
  - 2
32
+ - 1
32
33
  - 0
33
- - 0
34
- - beta
35
- - 19
36
- version: 2.0.0.beta.19
34
+ version: 2.1.0
37
35
  type: :development
38
36
  version_requirements: *id001
37
+ - !ruby/object:Gem::Dependency
38
+ name: fuubar
39
+ prerelease: false
40
+ requirement: &id002 !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ">="
44
+ - !ruby/object:Gem::Version
45
+ hash: 29
46
+ segments:
47
+ - 0
48
+ - 0
49
+ - 1
50
+ version: 0.0.1
51
+ type: :development
52
+ version_requirements: *id002
39
53
  description: This library patches OpenSSL to add helper methods and extensions to OpenSSL objects with the intention of making the interface more intuitive.
40
54
  email:
41
55
  - nate@envylabs.com
@@ -54,6 +68,7 @@ files:
54
68
  - lib/openssl-extensions/x509/certificate.rb
55
69
  - lib/openssl-extensions/x509/certificate_chain.rb
56
70
  - lib/openssl-extensions/x509/name.rb
71
+ - lib/openssl-extensions/x509/request.rb
57
72
  - lib/openssl-extensions/x509.rb
58
73
  - lib/openssl-extensions.rb
59
74
  has_rdoc: true