openssl-extensions 0.0.7 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
@@ -3,5 +3,6 @@ OpenSSLExtensions.check_dependencies!
|
|
3
3
|
|
4
4
|
require 'openssl-extensions/x509/certificate'
|
5
5
|
require 'openssl-extensions/x509/certificate_chain'
|
6
|
+
require 'openssl-extensions/x509/request'
|
6
7
|
require 'openssl-extensions/x509/name'
|
7
8
|
require 'openssl-extensions/ssl/ssl_socket'
|
@@ -6,31 +6,13 @@ require 'openssl-extensions/x509/authority_key_identifier'
|
|
6
6
|
#
|
7
7
|
module OpenSSLExtensions::X509::Certificate
|
8
8
|
|
9
|
-
def subject_alternative_names
|
10
|
-
names_string = read_extension_by_oid('subjectAltName')
|
11
|
-
names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
|
12
|
-
end
|
13
|
-
alias :sans :subject_alternative_names
|
14
|
-
|
15
9
|
##
|
16
|
-
#
|
10
|
+
# Equality is tested by comparing the generated PEM signatures.
|
17
11
|
#
|
18
|
-
def
|
19
|
-
|
20
|
-
end
|
21
|
-
|
22
|
-
def subject_key_identifier
|
23
|
-
read_extension_by_oid('subjectKeyIdentifier')
|
24
|
-
end
|
25
|
-
|
26
|
-
def authority_key_identifier
|
27
|
-
OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
|
28
|
-
end
|
29
|
-
|
30
|
-
def read_extension_by_oid(oid)
|
31
|
-
(extensions.detect { |e| e.to_a.first == oid } || []).to_a[1]
|
12
|
+
def ==(other)
|
13
|
+
to_pem == other.to_pem
|
32
14
|
end
|
33
|
-
|
15
|
+
alias_method :eql?, :==
|
34
16
|
|
35
17
|
##
|
36
18
|
# Returns +true+ if this certificate is authorized to sign for other certificates (useful for determining CA roots
|
@@ -41,6 +23,18 @@ module OpenSSLExtensions::X509::Certificate
|
|
41
23
|
usage.nil? || !!(usage.match(%r{\bCertificate Sign\b}))
|
42
24
|
end
|
43
25
|
|
26
|
+
def authority_key_identifier
|
27
|
+
OpenSSLExtensions::X509::AuthorityKeyIdentifier.new(read_extension_by_oid('authorityKeyIdentifier'))
|
28
|
+
end
|
29
|
+
|
30
|
+
##
|
31
|
+
# Override the default Object#hash to identify uniqueness of the
|
32
|
+
# Certificate. This uses a hash of the certificate PEM.
|
33
|
+
#
|
34
|
+
def hash
|
35
|
+
to_pem.hash
|
36
|
+
end
|
37
|
+
|
44
38
|
##
|
45
39
|
# Returns +true+ if the certificate given is the issuer certificate for this certificate.
|
46
40
|
#
|
@@ -54,6 +48,11 @@ module OpenSSLExtensions::X509::Certificate
|
|
54
48
|
self.issuer.organization == issuer.subject.organization)
|
55
49
|
end
|
56
50
|
|
51
|
+
def read_extension_by_oid(oid)
|
52
|
+
(extensions.detect { |e| e.to_a.first == oid } || []).to_a[1]
|
53
|
+
end
|
54
|
+
protected :read_extension_by_oid
|
55
|
+
|
57
56
|
##
|
58
57
|
# Returns +true+ if this certificate is a root certificate (it is its
|
59
58
|
# own issuer).
|
@@ -64,20 +63,26 @@ module OpenSSLExtensions::X509::Certificate
|
|
64
63
|
end
|
65
64
|
|
66
65
|
##
|
67
|
-
#
|
66
|
+
# Returns the bit strength of the public certificate.
|
68
67
|
#
|
69
|
-
def
|
70
|
-
|
68
|
+
def strength
|
69
|
+
public_key.n.num_bits
|
71
70
|
end
|
72
|
-
alias_method :eql?, :==
|
73
71
|
|
74
72
|
##
|
75
|
-
#
|
76
|
-
#
|
77
|
-
#
|
78
|
-
def
|
79
|
-
|
73
|
+
# Returns a collection of subject alternative names on the certificate.
|
74
|
+
# If no alternative names were provided, then this returns an empty set.
|
75
|
+
#
|
76
|
+
def subject_alternative_names
|
77
|
+
names_string = read_extension_by_oid('subjectAltName')
|
78
|
+
names_string ? names_string.scan(%r{DNS:([^,]+)}).flatten : []
|
79
|
+
end
|
80
|
+
alias :sans :subject_alternative_names
|
81
|
+
|
82
|
+
def subject_key_identifier
|
83
|
+
read_extension_by_oid('subjectKeyIdentifier')
|
80
84
|
end
|
85
|
+
|
81
86
|
end
|
82
87
|
|
83
88
|
OpenSSL::X509::Certificate.send(:include, OpenSSLExtensions::X509::Certificate)
|
@@ -0,0 +1,68 @@
|
|
1
|
+
require 'openssl-extensions/x509'
|
2
|
+
|
3
|
+
##
|
4
|
+
# Extends OpenSSL::X509::Request with shortcut methods.
|
5
|
+
#
|
6
|
+
module OpenSSLExtensions::X509::Request
|
7
|
+
|
8
|
+
##
|
9
|
+
# Equality is tested by comparing the generated PEM signatures.
|
10
|
+
#
|
11
|
+
def ==(other)
|
12
|
+
to_pem == other.to_pem
|
13
|
+
end
|
14
|
+
alias_method :eql?, :==
|
15
|
+
|
16
|
+
##
|
17
|
+
# Returns +true+ if the signing request were generated with a challenge
|
18
|
+
# password.
|
19
|
+
#
|
20
|
+
def challenge_password?
|
21
|
+
!read_attributes_by_oid('challengePassword').nil?
|
22
|
+
end
|
23
|
+
|
24
|
+
##
|
25
|
+
# Override the default Object#hash to identify uniqueness of the
|
26
|
+
# Request. This uses a hash of the PEM.
|
27
|
+
#
|
28
|
+
def hash
|
29
|
+
to_pem.hash
|
30
|
+
end
|
31
|
+
|
32
|
+
def read_attributes_by_oid(*oids)
|
33
|
+
attributes.detect { |a| oids.include?(a.oid) }
|
34
|
+
end
|
35
|
+
protected :read_attributes_by_oid
|
36
|
+
|
37
|
+
##
|
38
|
+
# Returns the bit strength of the public key used for the signing
|
39
|
+
# request.
|
40
|
+
#
|
41
|
+
def strength
|
42
|
+
public_key.n.num_bits
|
43
|
+
end
|
44
|
+
|
45
|
+
##
|
46
|
+
# Returns a collection of subject alternative names requested. If no
|
47
|
+
# alternative names were requested, this returns an empty set.
|
48
|
+
#
|
49
|
+
def subject_alternative_names
|
50
|
+
@_subject_alternative_names ||= begin
|
51
|
+
if attribute = read_attributes_by_oid('extReq', 'msExtReq')
|
52
|
+
set = OpenSSL::ASN1.decode(attribute.value)
|
53
|
+
seq = set.value.first
|
54
|
+
if sans = seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.detect { |e| e.first == 'subjectAltName' }
|
55
|
+
sans[1].gsub(/DNS:/,'').split(', ')
|
56
|
+
else
|
57
|
+
[]
|
58
|
+
end
|
59
|
+
else
|
60
|
+
[]
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
alias :sans :subject_alternative_names
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
OpenSSL::X509::Request.send(:include, OpenSSLExtensions::X509::Request)
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openssl-extensions
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 15
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 8
|
10
|
+
version: 0.0.8
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Nathaniel Bibler
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-11-
|
18
|
+
date: 2010-11-18 00:00:00 -05:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -26,16 +26,30 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
hash:
|
29
|
+
hash: 11
|
30
30
|
segments:
|
31
31
|
- 2
|
32
|
+
- 1
|
32
33
|
- 0
|
33
|
-
|
34
|
-
- beta
|
35
|
-
- 19
|
36
|
-
version: 2.0.0.beta.19
|
34
|
+
version: 2.1.0
|
37
35
|
type: :development
|
38
36
|
version_requirements: *id001
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: fuubar
|
39
|
+
prerelease: false
|
40
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ">="
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
hash: 29
|
46
|
+
segments:
|
47
|
+
- 0
|
48
|
+
- 0
|
49
|
+
- 1
|
50
|
+
version: 0.0.1
|
51
|
+
type: :development
|
52
|
+
version_requirements: *id002
|
39
53
|
description: This library patches OpenSSL to add helper methods and extensions to OpenSSL objects with the intention of making the interface more intuitive.
|
40
54
|
email:
|
41
55
|
- nate@envylabs.com
|
@@ -54,6 +68,7 @@ files:
|
|
54
68
|
- lib/openssl-extensions/x509/certificate.rb
|
55
69
|
- lib/openssl-extensions/x509/certificate_chain.rb
|
56
70
|
- lib/openssl-extensions/x509/name.rb
|
71
|
+
- lib/openssl-extensions/x509/request.rb
|
57
72
|
- lib/openssl-extensions/x509.rb
|
58
73
|
- lib/openssl-extensions.rb
|
59
74
|
has_rdoc: true
|