r509 0.10.0 → 1.0

data/lib/r509/cert/extensions/authority_info_access.rb

@@ -14,8 +14,8 @@ module R509
       # cRLDistributionPoints extension.)  This extension may be included in
       # end entity or CA certificates.  Conforming CAs MUST mark this
       # extension as non-critical.
-      # You can use this extension to parse an existing extension for easy access
-      # to the contents or create a new one.
+      # You can use this extension to parse an existing extension for easy
+      # access to the contents or create a new one.
       class AuthorityInfoAccess < OpenSSL::X509::Extension
         include R509::Cert::Extensions::ValidationMixin
 
@@ -23,32 +23,46 @@ module R509
         OID = "authorityInfoAccess"
         Extensions.register_class(self)
 
-        # An R509::ASN1::GeneralNames object of OCSP endpoints (or nil if not present)
+        # An R509::ASN1::GeneralNames object of OCSP endpoints (or nil if not
+        #   present)
         # @return [R509::ASN1::GeneralNames,nil]
         attr_reader :ocsp
-        # An R509::ASN1::GeneralNames object of CA Issuers (or nil if not present)
+        # An R509::ASN1::GeneralNames object of CA Issuers (or nil if not
+        #   present)
         # @return [R509::ASN1::GeneralNames,nil]
         attr_reader :ca_issuers
 
-        # This method takes a hash or an existing Extension object to parse. If passing
-        # a hash you must supply :ocsp_location and/or :ca_issuers_location. These values
-        # must be in the form seen in the examples below.
+        # This method takes a hash or an existing Extension object to parse. If
+        # passing a hash you must supply :ocsp_location and/or
+        # :ca_issuers_location. These values must be in the form seen in the
+        # examples below.
         #
-        # @option arg :ocsp_location [Array,R509::ASN1::GeneralNames] Array of hashes (see examples) or GeneralNames object
-        # @option arg :ca_issuers_location [Array] Array of hashes (see examples) or GeneralNames object
+        # @option arg :ocsp_location [Array,R509::ASN1::GeneralNames] Array of
+        #   hashes (see examples) or GeneralNames object
+        # @option arg :ca_issuers_location [Array] Array of hashes (see
+        #   examples) or GeneralNames object
         # @option arg :critical [Boolean] (false)
         # @example
         #   R509::Cert::Extensions::AuthorityInfoAccess.new(
-        #     :ocsp_location => [ { :type => "URI", :value => "http://ocsp.domain.com" } ],
-        #     :ca_issuers_location => [ { :type => "dirName", :value => { :CN => 'myCN', :O => 'some Org' } ]
+        #     :ocsp_location => [
+        #       { :type => "URI", :value => "http://ocsp.domain.com" }
+        #     ],
+        #     :ca_issuers_location => [
+        #       {
+        #         :type => "dirName",
+        #         :value => { :CN => 'myCN', :O => 'some Org' }
+        #       }
+        #     ]
         #   )
         # @example
-        #   name = R509::ASN1::GeneralName.new(:type => "IP", :value => "127.0.0.1")
+        #   name = R509::ASN1::GeneralName.new(
+        #     :type => "IP", :value => "127.0.0.1"
+        #   )
         #   R509::Cert::Extensions::AuthorityInfoAccess.new(
         #     :ca_issuers_location => [name]
         #   )
         def initialize(arg)
-          if not R509::Cert::Extensions.is_extension?(arg)
+          unless R509::Cert::Extensions.is_extension?(arg)
             arg = build_extension(arg)
           end
 
@@ -59,8 +73,16 @@ module R509
         # @return [Hash]
         def to_h
           hash = { :critical => self.critical? }
-          hash[:ocsp_location] = R509::Cert::Extensions.names_to_h(@ocsp.names) unless @ocsp.names.empty?
-          hash[:ca_issuers_location] = R509::Cert::Extensions.names_to_h(@ca_issuers.names) unless @ca_issuers.names.empty?
+          unless @ocsp.names.empty?
+            hash[:ocsp_location] = R509::Cert::Extensions.names_to_h(
+              @ocsp.names
+            )
+          end
+          unless @ca_issuers.names.empty?
+            hash[:ca_issuers_location] = R509::Cert::Extensions.names_to_h(
+              @ca_issuers.names
+            )
+          end
           hash
         end
 
@@ -73,8 +95,8 @@ module R509
 
         def parse_extension
           data = R509::ASN1.get_extension_payload(self)
-          @ocsp= R509::ASN1::GeneralNames.new
-          @ca_issuers= R509::ASN1::GeneralNames.new
+          @ocsp = R509::ASN1::GeneralNames.new
+          @ca_issuers = R509::ASN1::GeneralNames.new
           data.entries.each do |access_description|
             #   AccessDescription  ::=  SEQUENCE {
             #           accessMethod          OBJECT IDENTIFIER,
@@ -99,9 +121,9 @@ module R509
           ]
 
           locations.each do |pair|
-            validate_location(pair[:key].to_s,arg[pair[:key]])
+            validate_location(pair[:key].to_s, arg[pair[:key]])
             data = arg[pair[:key]]
-            if not data.nil?
+            unless data.nil?
               elements = R509::ASN1::GeneralNames.new(data)
               elements.names.each do |name|
                 serialize = name.serialize_name
@@ -113,13 +135,17 @@ module R509
 
           ef = OpenSSL::X509::ExtensionFactory.new
           ef.config = OpenSSL::Config.parse(aia_conf.join("\n"))
-          critical = R509::Cert::Extensions.calculate_critical(arg[:critical], false)
-          return ef.create_extension("authorityInfoAccess",aia.join(","),critical)
+          critical = R509::Cert::Extensions.calculate_critical(
+            arg[:critical], false
+          )
+          ef.create_extension("authorityInfoAccess", aia.join(","), critical)
         end
 
         def validate_authority_info_access(aia)
-          if not aia.kind_of?(Hash) or (aia[:ocsp_location].nil? and aia[:ca_issuers_location].nil?)
-            raise ArgumentError, "You must pass a hash with at least one of the following two keys (:ocsp_location, :ca_issuers_location)"
+          if !aia.is_a?(Hash) ||
+             (aia[:ocsp_location].nil? && aia[:ca_issuers_location].nil?)
+            raise ArgumentError, "You must pass a hash with at least one of "\
+            "the following two keys (:ocsp_location, :ca_issuers_location)"
           end
         end
       end

data/lib/r509/cert/extensions/authority_key_identifier.rb

@@ -16,7 +16,6 @@ module R509
       # You can use this extension to parse an existing extension for easy access
       # to the contents or create a new one.
       class AuthorityKeyIdentifier < OpenSSL::X509::Extension
-
         # friendly name for Authority Key Identifier OID
         OID = "authorityKeyIdentifier"
         # default extension behavior when generating
@@ -33,13 +32,13 @@ module R509
         # @return [String,nil]
         attr_reader :authority_cert_serial_number
 
-
         # @option arg :public_key [OpenSSL::PKey] Required if embedding keyid
-        # @option arg :issuer_subject [R509::Subject] Required if embedding issuer
-        # @option arg :value [String] (keyid) For the rules of :value see: http://www.openssl.org/docs/apps/x509v3_config.html#Authority_Key_Identifier_. If you want to embed issuer you MUST supply :issuer_certificate and not :public_key
+        # @option arg :issuer_subject [R509::Subject] Required if embedding issuer. This should be the issuing certificate's issuer subject name.
+        # @option arg :issuer_serial [Integer] Required if embedding issuer. This should be the issuing certificate's issuer serial number.
+        # @option arg :value [String] (keyid) For the rules of :value see: http://www.openssl.org/docs/apps/x509v3_config.html#Authority_Key_Identifier_. If you want to embed issuer you MUST supply :issuer_subject and :issuer_serial and not :public_key
         # @option arg :critical [Boolean] (false)
         def initialize(arg)
-          if not R509::Cert::Extensions.is_extension?(arg)
+          unless R509::Cert::Extensions.is_extension?(arg)
             arg = build_extension(arg)
           end
 
@@ -74,23 +73,29 @@ module R509
         end
 
         def build_extension(arg)
-          arg[:value] = AKI_EXTENSION_DEFAULT unless not arg[:value].nil?
+          arg[:value] = AKI_EXTENSION_DEFAULT if arg[:value].nil?
           validate_authority_key_identifier(arg)
           ef = OpenSSL::X509::ExtensionFactory.new
           fake_cert = OpenSSL::X509::Certificate.new
           fake_cert.extensions = [R509::Cert::Extensions::SubjectKeyIdentifier.new(:public_key => arg[:public_key])] unless arg[:public_key].nil?
-          fake_cert.subject = arg[:issuer_subject].name unless arg[:issuer_subject].nil?
+          fake_cert.issuer = arg[:issuer_subject].name unless arg[:issuer_subject].nil?
+          fake_cert.serial = arg[:issuer_serial] unless arg[:issuer_serial].nil?
           ef.issuer_certificate = fake_cert
           critical = R509::Cert::Extensions.calculate_critical(arg[:critical], false)
-          return ef.create_extension("authorityKeyIdentifier", arg[:value], critical) # this could also be keyid:always,issuer:always
+          ef.create_extension("authorityKeyIdentifier", arg[:value], critical) # this could also be keyid:always,issuer:always
         end
 
         def validate_authority_key_identifier(aki)
-          if aki[:value].downcase.include?("keyid") and aki[:public_key].nil?
+          if aki[:value].downcase.include?("keyid") && aki[:public_key].nil?
             raise ArgumentError, "You must supply an OpenSSL::PKey object to :public_key if aki value contains keyid (present by default)"
           end
-          if aki[:value].downcase.include?("issuer") and not aki[:issuer_subject].kind_of?(R509::Subject)
-            raise ArgumentError, "You must supply an R509::Subject object to :issuer_subject if aki value contains issuer"
+          if aki[:value].downcase.include?("issuer")
+            unless aki[:issuer_subject].is_a?(R509::Subject)
+              raise ArgumentError, "You must supply an R509::Subject object to :issuer_subject if aki value contains issuer"
+            end
+            unless aki[:issuer_serial].is_a?(Integer)
+              raise ArgumentError, "You must supply an integer to :issuer_serial if aki value contains issuer"
+            end
           end
           aki
         end

data/lib/r509/cert/extensions/base.rb

@@ -14,32 +14,32 @@ module R509
       # R509::Cert::Extensions object, and returns them in a hash. The hash is
       # keyed with the R509 extension class. Extensions without an R509
       # implementation are ignored (see #get_unknown_extensions).
-      def self.wrap_openssl_extensions( extensions )
+      def self.wrap_openssl_extensions(extensions)
         r509_extensions = {}
         extensions.each do |openssl_extension|
           R509_EXTENSION_CLASSES.each do |r509_class|
-            if ( r509_class::OID.downcase == openssl_extension.oid.downcase )
-              if r509_extensions.has_key?(r509_class)
-                raise ArgumentError.new("Only one extension object allowed per OID")
+            if  r509_class::OID.downcase == openssl_extension.oid.downcase
+              if r509_extensions.key?(r509_class)
+                raise ArgumentError, "Only one extension object allowed per OID"
               end
 
-              r509_extensions[r509_class] = r509_class.new( openssl_extension )
+              r509_extensions[r509_class] = r509_class.new(openssl_extension)
               break
             end
           end
         end
 
-        return r509_extensions
+        r509_extensions
       end
 
       # Given a list of OpenSSL::X509::Extension objects, returns those without
       # an R509 implementation.
-      def self.get_unknown_extensions( extensions )
+      def self.get_unknown_extensions(extensions)
         unknown_extensions = []
         extensions.each do |openssl_extension|
           match_found = false
           R509_EXTENSION_CLASSES.each do |r509_class|
-            if ( r509_class::OID.downcase == openssl_extension.oid.downcase )
+            if  r509_class::OID.downcase == openssl_extension.oid.downcase
               match_found = true
               break
             end
@@ -48,21 +48,20 @@ module R509
           unknown_extensions << openssl_extension unless match_found
         end
 
-        return unknown_extensions
+        unknown_extensions
       end
 
-
       # Takes an array of R509::ASN1::GeneralName objects and returns a hash that can be
       # encoded to YAML (used by #to_yaml methods)
       def self.names_to_h(array)
         data = []
         array.each do |name|
-          value = (name.value.kind_of?(R509::Subject))? name.value.to_h : name.value
+          value = (name.value.is_a?(R509::Subject)) ? name.value.to_h : name.value
           data.push(
-            {
+
               :type => name.short_type,
               :value => value
-            }
+
           )
         end
         data
@@ -80,13 +79,13 @@ module R509
         def ip_addresses
           @general_names.ip_addresses
         end
-        alias :ips :ip_addresses
+        alias_method :ips, :ip_addresses
 
         # @return [Array<String>] email addresses
         def rfc_822_names
           @general_names.rfc_822_names
         end
-        alias :email_names :rfc_822_names
+        alias_method :email_names, :rfc_822_names
 
         # @return [Array<String>] URIs (not typically found in SAN extensions)
         def uris
@@ -97,7 +96,7 @@ module R509
         def directory_names
           @general_names.directory_names
         end
-        alias :dir_names :directory_names
+        alias_method :dir_names, :directory_names
 
         # @return [Array] array of GeneralName objects preserving order found in the extension
         def names
@@ -106,18 +105,19 @@ module R509
       end
 
       private
+
       R509_EXTENSION_CLASSES = Set.new
 
       # Registers a class as being an R509 certificate extension class. Registered
       # classes are used by #wrap_openssl_extensions to wrap OpenSSL extensions
       # in R509 extensions, based on the OID.
-      def self.register_class( r509_ext_class )
-        raise ArgumentError.new("R509 certificate extensions must have an OID") if r509_ext_class::OID.nil?
+      def self.register_class(r509_ext_class)
+        raise(ArgumentError, "R509 certificate extensions must have an OID") if r509_ext_class::OID.nil?
         R509_EXTENSION_CLASSES << r509_ext_class
       end
 
-      def self.calculate_critical(critical,default)
-        if critical.kind_of?(TrueClass) or critical.kind_of?(FalseClass)
+      def self.calculate_critical(critical, default)
+        if critical.is_a?(TrueClass) || critical.is_a?(FalseClass)
           critical
         else
           default
@@ -127,8 +127,8 @@ module R509
       # Method attempts to determine if data being passed to an extension is already
       # an extension/asn.1 data or not.
       def self.is_extension?(data)
-        return true if data.kind_of?(OpenSSL::X509::Extension)
-        return false if not data.kind_of?(String)
+        return true if data.is_a?(OpenSSL::X509::Extension)
+        return false unless data.is_a?(String)
         begin
           OpenSSL::X509::Extension.new(data)
           return true
@@ -136,7 +136,6 @@ module R509
           return false
         end
       end
-
     end
   end
 end

data/lib/r509/cert/extensions/basic_constraints.rb

@@ -12,7 +12,6 @@ module R509
       # You can use this extension to parse an existing extension for easy access
       # to the contents or create a new one.
       class BasicConstraints < OpenSSL::X509::Extension
-
         # friendly name for BasicConstraints OID
         OID = "basicConstraints"
         Extensions.register_class(self)
@@ -26,7 +25,7 @@ module R509
         # @option arg :path_length optional [Integer] This option is only allowed if ca is set to TRUE. path_length allows you to define the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. For example, if you set this value to 0 then the certificate issued can only issue end entity certificates, not additional subroots. This must be a non-negative integer (>=0).
         # @option arg :critical [Boolean] (true)
         def initialize(arg)
-          if not R509::Cert::Extensions.is_extension?(arg)
+          unless R509::Cert::Extensions.is_extension?(arg)
             arg = build_extension(arg)
           end
 
@@ -37,7 +36,7 @@ module R509
         # Check whether the extension value would make the parent certificate a CA
         # @return [Boolean]
         def is_ca?
-          return @is_ca == true
+          @is_ca == true
         end
 
         # Returns true if the path length allows this certificate to be used to
@@ -47,13 +46,13 @@ module R509
         def allows_sub_ca?
           return false unless is_ca?
           return true if @path_length.nil?
-          return @path_length > 0
+          @path_length > 0
         end
 
         # @return [Hash]
         def to_h
           hash = { :ca => @is_ca, :critical => self.critical? }
-          hash[:path_length] = @path_length unless @path_length.nil? or not is_ca?
+          hash[:path_length] = @path_length unless @path_length.nil? || !is_ca?
           hash
         end
 
@@ -71,7 +70,7 @@ module R509
           #        cA                      BOOLEAN DEFAULT FALSE,
           #        pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
           data.entries.each do |entry|
-            if entry.kind_of?(OpenSSL::ASN1::Boolean)
+            if entry.is_a?(OpenSSL::ASN1::Boolean)
               @is_ca = entry.value
             else
               # There are only two kinds of entries permitted so anything
@@ -87,28 +86,28 @@ module R509
           ef = OpenSSL::X509::ExtensionFactory.new
           if arg[:ca] == true
             bc_value = "CA:TRUE"
-            if not arg[:path_length].nil?
+            unless arg[:path_length].nil?
               bc_value += ",pathlen:#{arg[:path_length]}"
             end
           else
             bc_value = "CA:FALSE"
           end
           critical = R509::Cert::Extensions.calculate_critical(arg[:critical], true)
-          return ef.create_extension("basicConstraints", bc_value, critical)
+          ef.create_extension("basicConstraints", bc_value, critical)
         end
 
         # validates the structure of the certificate policies array
         def validate_basic_constraints(constraints)
-          if constraints.nil? or not constraints.respond_to?(:has_key?) or not constraints.has_key?(:ca)
+          if constraints.nil? || !constraints.respond_to?(:has_key?) || !constraints.key?(:ca)
             raise ArgumentError, "You must supply a hash with a key named :ca with a boolean value"
           end
-          if constraints[:ca].nil? or (not constraints[:ca].kind_of?(TrueClass) and not constraints[:ca].kind_of?(FalseClass))
+          if constraints[:ca].nil? || (!constraints[:ca].is_a?(TrueClass) && !constraints[:ca].is_a?(FalseClass))
             raise ArgumentError, "You must supply true/false for the :ca key when specifying basic constraints"
           end
-          if constraints[:ca] == false and not constraints[:path_length].nil?
+          if constraints[:ca] == false && constraints[:path_length]
             raise ArgumentError, ":path_length is not allowed when :ca is false"
           end
-          if constraints[:ca] == true and not constraints[:path_length].nil? and (constraints[:path_length] < 0 or not constraints[:path_length].kind_of?(Integer))
+          if constraints[:ca] == true && constraints[:path_length] && (constraints[:path_length] < 0 || !constraints[:path_length].is_a?(Integer))
             raise ArgumentError, "Path length must be a positive integer (>= 0)"
           end
           constraints

data/lib/r509/cert/extensions/certificate_policies.rb

@@ -15,7 +15,6 @@ module R509
       # You can use this extension to parse an existing extension for easy access
       # to the contents or create a new one.
       class CertificatePolicies < OpenSSL::X509::Extension
-
         # friendly name for CP OID
         OID = "certificatePolicies"
         Extensions.register_class(self)
@@ -35,7 +34,7 @@ module R509
         #   }
         #  ])
         def initialize(arg)
-          if not R509::Cert::Extensions.is_extension?(arg)
+          unless R509::Cert::Extensions.is_extension?(arg)
             arg = build_extension(arg)
           end
 
@@ -57,6 +56,7 @@ module R509
         end
 
         private
+
         def parse_extension
           @policies = []
           data = R509::ASN1.get_extension_payload(self)
@@ -72,32 +72,32 @@ module R509
           validate_certificate_policies(arg[:value])
           conf = []
           policy_names = ["ia5org"]
-          arg[:value].each_with_index do |policy,i|
-            conf << build_conf("certPolicies#{i}",policy,i)
+          arg[:value].each_with_index do |policy, i|
+            conf << build_conf("certPolicies#{i}", policy, i)
             policy_names << "@certPolicies#{i}"
           end
           ef = OpenSSL::X509::ExtensionFactory.new
           ef.config = OpenSSL::Config.parse(conf.join("\n"))
           critical = R509::Cert::Extensions.calculate_critical(arg[:critical], false)
-          return ef.create_extension("certificatePolicies", policy_names.join(","),critical)
+          ef.create_extension("certificatePolicies", policy_names.join(","), critical)
         end
 
-        def build_conf(section,hash,index)
+        def build_conf(section, hash, index)
           conf = ["[#{section}]"]
           conf.push "policyIdentifier=#{hash[:policy_identifier]}" unless hash[:policy_identifier].nil?
-          hash[:cps_uris].each_with_index do |cps,idx|
-            conf.push "CPS.#{idx+1}=\"#{cps}\""
+          hash[:cps_uris].each_with_index do |cps, idx|
+            conf.push "CPS.#{idx + 1}=\"#{cps}\""
           end if hash[:cps_uris].respond_to?(:each_with_index)
 
           user_notice_confs = []
-          hash[:user_notices].each_with_index do |un,k|
-            conf.push "userNotice.#{k+1}=@user_notice#{k+1}#{index}"
-            user_notice_confs.push "[user_notice#{k+1}#{index}]"
+          hash[:user_notices].each_with_index do |un, k|
+            conf.push "userNotice.#{k + 1}=@user_notice#{k + 1}#{index}"
+            user_notice_confs.push "[user_notice#{k + 1}#{index}]"
             user_notice_confs.push "explicitText=\"#{un[:explicit_text]}\"" unless un[:explicit_text].nil?
             # if org is supplied notice numbers is also required (and vice versa). enforced in CAProfile
             user_notice_confs.push "organization=\"#{un[:organization]}\"" unless un[:organization].nil?
             user_notice_confs.push "noticeNumbers=\"#{un[:notice_numbers].join(",")}\"" unless un[:notice_numbers].nil?
-          end unless not hash[:user_notices].kind_of?(Array)
+          end if hash[:user_notices].is_a?(Array)
 
           conf.concat(user_notice_confs)
           conf.join "\n"
@@ -105,16 +105,16 @@ module R509
 
         # validates the structure of the certificate policies array
         def validate_certificate_policies(policies)
-          raise ArgumentError, "Not a valid certificate policy structure. Must be an array of hashes" unless policies.kind_of?(Array)
+          raise ArgumentError, "Not a valid certificate policy structure. Must be an array of hashes" unless policies.is_a?(Array)
 
           policies.each do |policy|
             raise ArgumentError, "Each policy requires a policy identifier" if policy[:policy_identifier].nil?
-            raise ArgumentError, "CPS URIs must be an array of strings" if not policy[:cps_uris].nil? and not policy[:cps_uris].respond_to?(:each)
-            if not policy[:user_notices].nil?
-              raise ArgumentError, "User notices must be an array of hashes" if not policy[:user_notices].respond_to?(:each)
+            raise ArgumentError, "CPS URIs must be an array of strings" if policy[:cps_uris] && !policy[:cps_uris].respond_to?(:each)
+            unless policy[:user_notices].nil?
+              raise ArgumentError, "User notices must be an array of hashes" unless policy[:user_notices].respond_to?(:each)
               policy[:user_notices].each do |un|
-                raise ArgumentError, "If you provide an organization you must provide notice numbers" if not un[:organization].nil? and un[:notice_numbers].nil?
-                raise ArgumentError, "If you provide notice numbers you must provide an organization" if not un[:notice_numbers].nil? and un[:organization].nil?
+                raise ArgumentError, "If you provide an organization you must provide notice numbers" if un[:organization] && un[:notice_numbers].nil?
+                raise ArgumentError, "If you provide notice numbers you must provide an organization" if un[:notice_numbers] && un[:organization].nil?
               end
             end
           end
@@ -131,12 +131,12 @@ module R509
         def initialize(data)
           # store the policy identifier OID
           @policy_identifier = data.entries[0].value
+
           # iterate the policy qualifiers if any exist
-          if not data.entries[1].nil?
-            @policy_qualifiers = PolicyQualifiers.new
-            data.entries[1].each do |pq|
-              @policy_qualifiers.parse(pq)
-            end
+          return if data.entries[1].nil?
+          @policy_qualifiers = PolicyQualifiers.new
+          data.entries[1].each do |pq|
+            @policy_qualifiers.parse(pq)
           end
         end
 
@@ -199,8 +199,8 @@ module R509
         attr_reader :notice_reference, :explicit_text
         def initialize(data)
           data.each do |qualifier|
-            #if we find another sequence, that's a noticeReference, otherwise it's explicitText
-            if qualifier.kind_of?(OpenSSL::ASN1::Sequence)
+            # if we find another sequence, that's a noticeReference, otherwise it's explicitText
+            if qualifier.is_a?(OpenSSL::ASN1::Sequence)
               @notice_reference = NoticeReference.new(qualifier)
             else
               @explicit_text = qualifier.value
@@ -233,7 +233,7 @@ module R509
           data.each do |notice_reference|
             # if it's displaytext then it's the organization
             # if it's YET ANOTHER ASN1::Sequence, then it's noticeNumbers
-            if notice_reference.kind_of?(OpenSSL::ASN1::Sequence)
+            if notice_reference.is_a?(OpenSSL::ASN1::Sequence)
               @notice_numbers = []
               notice_reference.each do |ints|
                 @notice_numbers << ints.value.to_i