r509 0.8.1 → 0.9
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +343 -151
- data/Rakefile +26 -23
- data/bin/r509 +126 -112
- data/bin/r509-parse +24 -24
- data/doc/R509.html +169 -7
- data/doc/R509/ASN1.html +370 -0
- data/doc/R509/ASN1/GeneralName.html +1121 -0
- data/doc/R509/ASN1/GeneralNames.html +843 -0
- data/doc/R509/ASN1/NoticeReference.html +392 -0
- data/doc/R509/ASN1/PolicyInformation.html +387 -0
- data/doc/R509/ASN1/PolicyQualifiers.html +455 -0
- data/doc/R509/ASN1/UserNotice.html +386 -0
- data/doc/R509/{Crl.html → CRL.html} +7 -7
- data/doc/R509/CRL/Administrator.html +1559 -0
- data/doc/R509/{Crl/Parser.html → CRL/SignedList.html} +501 -210
- data/doc/R509/{Csr.html → CSR.html} +444 -314
- data/doc/R509/Cert.html +866 -617
- data/doc/R509/Cert/Extensions.html +52 -41
- data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +70 -35
- data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +387 -4
- data/doc/R509/Cert/Extensions/BasicConstraints.html +61 -25
- data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +354 -0
- data/doc/R509/Cert/Extensions/CertificatePolicies.html +340 -0
- data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +440 -49
- data/doc/R509/Cert/Extensions/{CrlDistributionPoints.html → InhibitAnyPolicy.html} +52 -35
- data/doc/R509/Cert/Extensions/KeyUsage.html +247 -121
- data/doc/R509/Cert/Extensions/NameConstraints.html +445 -0
- data/doc/R509/Cert/Extensions/OCSPNoCheck.html +239 -0
- data/doc/R509/Cert/Extensions/PolicyConstraints.html +424 -0
- data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +437 -62
- data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +52 -10
- data/doc/R509/CertificateAuthority.html +4 -4
- data/doc/R509/CertificateAuthority/Signer.html +154 -187
- data/doc/R509/Config.html +6 -6
- data/doc/R509/Config/{CaConfig.html → CAConfig.html} +451 -348
- data/doc/R509/Config/{CaConfigPool.html → CAConfigPool.html} +47 -47
- data/doc/R509/Config/CAProfile.html +1015 -0
- data/doc/R509/Config/SubjectItemPolicy.html +86 -86
- data/doc/R509/IOHelpers.html +22 -22
- data/doc/R509/MessageDigest.html +14 -14
- data/doc/R509/NameSanitizer.html +53 -53
- data/doc/R509/{Ocsp.html → OCSP.html} +9 -9
- data/doc/R509/{Ocsp → OCSP}/Request.html +7 -7
- data/doc/R509/{Ocsp → OCSP}/Request/Nonce.html +56 -11
- data/doc/R509/{Ocsp → OCSP}/Response.html +44 -44
- data/doc/R509/{OidMapper.html → OIDMapper.html} +23 -39
- data/doc/R509/PrivateKey.html +415 -168
- data/doc/R509/R509Error.html +3 -3
- data/doc/R509/{Spki.html → SPKI.html} +354 -192
- data/doc/R509/Subject.html +224 -113
- data/doc/R509/Validity.html +27 -5
- data/doc/R509/Validity/Checker.html +13 -13
- data/doc/R509/Validity/DefaultChecker.html +13 -13
- data/doc/R509/Validity/DefaultWriter.html +14 -14
- data/doc/R509/Validity/Status.html +39 -39
- data/doc/R509/Validity/Writer.html +18 -18
- data/doc/_index.html +138 -35
- data/doc/class_list.html +1 -1
- data/doc/css/style.css +10 -0
- data/doc/file.README.html +368 -171
- data/doc/file.r509.html +92 -69
- data/doc/frames.html +1 -1
- data/doc/index.html +368 -171
- data/doc/method_list.html +910 -390
- data/doc/top-level-namespace.html +3 -3
- data/lib/r509.rb +32 -16
- data/lib/r509/asn1.rb +375 -0
- data/lib/r509/cert.rb +381 -364
- data/lib/r509/cert/extensions.rb +443 -76
- data/lib/r509/certificate_authority.rb +407 -0
- data/lib/r509/config.rb +547 -351
- data/lib/r509/crl.rb +336 -366
- data/lib/r509/csr.rb +278 -289
- data/lib/r509/ec-hack.rb +37 -0
- data/lib/r509/exceptions.rb +3 -3
- data/lib/r509/io_helpers.rb +44 -44
- data/lib/r509/message_digest.rb +53 -0
- data/lib/r509/ocsp.rb +80 -70
- data/lib/r509/oid_mapper.rb +32 -0
- data/lib/r509/private_key.rb +228 -0
- data/lib/r509/spki.rb +145 -93
- data/lib/r509/subject.rb +203 -110
- data/lib/r509/validity.rb +70 -68
- data/lib/r509/version.rb +2 -2
- data/r509.yaml +92 -69
- data/spec/asn1_spec.rb +402 -0
- data/spec/cert/extensions_spec.rb +957 -494
- data/spec/cert_spec.rb +382 -307
- data/spec/certificate_authority_spec.rb +668 -250
- data/spec/config_spec.rb +515 -302
- data/spec/crl_spec.rb +197 -198
- data/spec/csr_spec.rb +334 -289
- data/spec/fixtures.rb +247 -171
- data/spec/fixtures/cert1.der +0 -0
- data/spec/fixtures/cert1.pem +0 -0
- data/spec/fixtures/cert1_public_key_modulus.txt +0 -0
- data/spec/fixtures/cert3.p12 +0 -0
- data/spec/fixtures/cert3.pem +0 -0
- data/spec/fixtures/cert3_key.pem +0 -0
- data/spec/fixtures/cert3_key_des3.pem +0 -0
- data/spec/fixtures/cert4.pem +0 -0
- data/spec/fixtures/cert5.pem +0 -0
- data/spec/fixtures/cert6.pem +0 -0
- data/spec/fixtures/cert_expired.pem +0 -0
- data/spec/fixtures/cert_inhibit.pem +24 -0
- data/spec/fixtures/cert_name_constraints.pem +29 -0
- data/spec/fixtures/cert_not_yet_valid.pem +0 -0
- data/spec/fixtures/cert_ocsp_no_check.pem +18 -0
- data/spec/fixtures/cert_policy_constraints.pem +31 -0
- data/spec/fixtures/cert_san.pem +0 -0
- data/spec/fixtures/cert_san2.pem +0 -0
- data/spec/fixtures/cert_unknown_extension.pem +28 -0
- data/spec/fixtures/config_pool_test_minimal.yaml +11 -11
- data/spec/fixtures/config_test.yaml +54 -36
- data/spec/fixtures/config_test_dsa.yaml +35 -0
- data/spec/fixtures/config_test_ec.yaml +35 -0
- data/spec/fixtures/config_test_engine_key.yaml +5 -5
- data/spec/fixtures/config_test_engine_no_key_name.yaml +4 -4
- data/spec/fixtures/config_test_minimal.yaml +4 -4
- data/spec/fixtures/config_test_password.yaml +5 -5
- data/spec/fixtures/config_test_various.yaml +111 -74
- data/spec/fixtures/crl_list_file.txt +0 -0
- data/spec/fixtures/crl_with_reason.pem +0 -0
- data/spec/fixtures/csr1.der +0 -0
- data/spec/fixtures/csr1.pem +0 -0
- data/spec/fixtures/csr1_key.der +0 -0
- data/spec/fixtures/csr1_key.pem +0 -0
- data/spec/fixtures/csr1_key_encrypted_des3.pem +0 -0
- data/spec/fixtures/csr1_newlines.pem +0 -0
- data/spec/fixtures/csr1_no_begin_end.pem +0 -0
- data/spec/fixtures/csr1_public_key_modulus.txt +0 -0
- data/spec/fixtures/csr2.pem +0 -0
- data/spec/fixtures/csr2_key.pem +0 -0
- data/spec/fixtures/csr3.pem +0 -0
- data/spec/fixtures/csr4.pem +0 -0
- data/spec/fixtures/csr_dsa.pem +0 -0
- data/spec/fixtures/csr_invalid_signature.pem +0 -0
- data/spec/fixtures/dsa_key.pem +0 -0
- data/spec/fixtures/dsa_root.cer +28 -0
- data/spec/fixtures/dsa_root.key +20 -0
- data/spec/fixtures/ec_csr2.der +0 -0
- data/spec/fixtures/ec_csr2.pem +8 -0
- data/spec/fixtures/ec_key1.der +0 -0
- data/spec/fixtures/ec_key1.pem +6 -0
- data/spec/fixtures/ec_key1_encrypted.pem +9 -0
- data/spec/fixtures/ec_key2.pem +6 -0
- data/spec/fixtures/hmacsha1.sig +1 -0
- data/spec/fixtures/hmacsha512.sig +1 -0
- data/spec/fixtures/key4.pem +0 -0
- data/spec/fixtures/key4_encrypted_des3.pem +0 -0
- data/spec/fixtures/missing_key_identifier_ca.cer +0 -0
- data/spec/fixtures/missing_key_identifier_ca.key +0 -0
- data/spec/fixtures/ocsptest.r509.local.pem +0 -0
- data/spec/fixtures/ocsptest.r509.local_ocsp_request.der +0 -0
- data/spec/fixtures/ocsptest2.r509.local.pem +0 -0
- data/spec/fixtures/second_ca.cer +0 -0
- data/spec/fixtures/second_ca.key +0 -0
- data/spec/fixtures/spkac.der +0 -0
- data/spec/fixtures/spkac.txt +0 -0
- data/spec/fixtures/spkac_dsa.txt +1 -1
- data/spec/fixtures/spkac_dsa_no_verify.txt +1 -0
- data/spec/fixtures/spkac_ec.txt +1 -0
- data/spec/fixtures/spkac_rsa_newlines.txt +13 -0
- data/spec/fixtures/stca.pem +0 -0
- data/spec/fixtures/stca_ocsp_request.der +0 -0
- data/spec/fixtures/stca_ocsp_response.der +0 -0
- data/spec/fixtures/test1.csr +0 -0
- data/spec/fixtures/test_ca.cer +0 -0
- data/spec/fixtures/test_ca.key +0 -0
- data/spec/fixtures/test_ca.p12 +0 -0
- data/spec/fixtures/test_ca_des3.key +0 -0
- data/spec/fixtures/test_ca_ec.cer +14 -0
- data/spec/fixtures/test_ca_ec.key +6 -0
- data/spec/fixtures/test_ca_ec_ee.cer +22 -0
- data/spec/fixtures/test_ca_ec_ee.key +6 -0
- data/spec/fixtures/test_ca_ocsp.cer +0 -0
- data/spec/fixtures/test_ca_ocsp.key +0 -0
- data/spec/fixtures/test_ca_ocsp.p12 +0 -0
- data/spec/fixtures/test_ca_ocsp_chain.txt +0 -0
- data/spec/fixtures/test_ca_ocsp_response.der +0 -0
- data/spec/fixtures/test_ca_subroot.cer +0 -0
- data/spec/fixtures/test_ca_subroot.key +0 -0
- data/spec/fixtures/test_ca_subroot_ocsp.cer +0 -0
- data/spec/fixtures/test_ca_subroot_ocsp.key +0 -0
- data/spec/fixtures/test_ca_subroot_ocsp_response.der +0 -0
- data/spec/fixtures/unknown_oid.csr +0 -0
- data/spec/message_digest_spec.rb +104 -84
- data/spec/ocsp_spec.rb +105 -105
- data/spec/oid_mapper_spec.rb +21 -21
- data/spec/private_key_spec.rb +275 -0
- data/spec/r509_spec.rb +35 -0
- data/spec/spec_helper.rb +15 -6
- data/spec/spki_spec.rb +221 -142
- data/spec/subject_spec.rb +232 -164
- data/spec/validity_spec.rb +91 -91
- metadata +79 -25
- data/doc/R509/Config/CaProfile.html +0 -651
- data/doc/R509/Crl/Administrator.html +0 -2073
- data/lib/r509/certificateauthority.rb +0 -290
- data/lib/r509/messagedigest.rb +0 -49
- data/lib/r509/oidmapper.rb +0 -32
- data/lib/r509/privatekey.rb +0 -185
- data/spec/privatekey_spec.rb +0 -198
data/doc/_index.html
CHANGED
@@ -4,7 +4,7 @@
|
|
4
4
|
<head>
|
5
5
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
6
6
|
<title>
|
7
|
-
Documentation by YARD 0.8.
|
7
|
+
Documentation by YARD 0.8.5
|
8
8
|
|
9
9
|
</title>
|
10
10
|
|
@@ -56,7 +56,7 @@
|
|
56
56
|
|
57
57
|
<iframe id="search_frame"></iframe>
|
58
58
|
|
59
|
-
<div id="content"><h1 class="noborder title">Documentation by YARD 0.8.
|
59
|
+
<div id="content"><h1 class="noborder title">Documentation by YARD 0.8.5</h1>
|
60
60
|
<div id="listing">
|
61
61
|
<h1 class="alphaindex">Alphabetic Index</h1>
|
62
62
|
|
@@ -88,9 +88,16 @@
|
|
88
88
|
<ul>
|
89
89
|
|
90
90
|
<li>
|
91
|
-
<span class='object_link'><a href="R509/
|
91
|
+
<span class='object_link'><a href="R509/ASN1.html" title="R509::ASN1 (module)">ASN1</a></span>
|
92
92
|
|
93
|
-
<small>(R509
|
93
|
+
<small>(R509)</small>
|
94
|
+
|
95
|
+
</li>
|
96
|
+
|
97
|
+
<li>
|
98
|
+
<span class='object_link'><a href="R509/CRL/Administrator.html" title="R509::CRL::Administrator (class)">Administrator</a></span>
|
99
|
+
|
100
|
+
<small>(R509::CRL)</small>
|
94
101
|
|
95
102
|
</li>
|
96
103
|
|
@@ -132,70 +139,77 @@
|
|
132
139
|
<ul>
|
133
140
|
|
134
141
|
<li>
|
135
|
-
<span class='object_link'><a href="R509/Config/
|
142
|
+
<span class='object_link'><a href="R509/Config/CAConfig.html" title="R509::Config::CAConfig (class)">CAConfig</a></span>
|
136
143
|
|
137
144
|
<small>(R509::Config)</small>
|
138
145
|
|
139
146
|
</li>
|
140
147
|
|
141
148
|
<li>
|
142
|
-
<span class='object_link'><a href="R509/Config/
|
149
|
+
<span class='object_link'><a href="R509/Config/CAConfigPool.html" title="R509::Config::CAConfigPool (class)">CAConfigPool</a></span>
|
143
150
|
|
144
151
|
<small>(R509::Config)</small>
|
145
152
|
|
146
153
|
</li>
|
147
154
|
|
148
155
|
<li>
|
149
|
-
<span class='object_link'><a href="R509/Config/
|
156
|
+
<span class='object_link'><a href="R509/Config/CAProfile.html" title="R509::Config::CAProfile (class)">CAProfile</a></span>
|
150
157
|
|
151
158
|
<small>(R509::Config)</small>
|
152
159
|
|
153
160
|
</li>
|
154
161
|
|
155
162
|
<li>
|
156
|
-
<span class='object_link'><a href="R509/
|
163
|
+
<span class='object_link'><a href="R509/CRL.html" title="R509::CRL (module)">CRL</a></span>
|
157
164
|
|
158
165
|
<small>(R509)</small>
|
159
166
|
|
160
167
|
</li>
|
161
168
|
|
162
169
|
<li>
|
163
|
-
<span class='object_link'><a href="R509/
|
170
|
+
<span class='object_link'><a href="R509/Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">CRLDistributionPoints</a></span>
|
164
171
|
|
165
|
-
<small>(R509)</small>
|
172
|
+
<small>(R509::Cert::Extensions)</small>
|
166
173
|
|
167
174
|
</li>
|
168
175
|
|
169
176
|
<li>
|
170
|
-
<span class='object_link'><a href="R509/
|
177
|
+
<span class='object_link'><a href="R509/CSR.html" title="R509::CSR (class)">CSR</a></span>
|
171
178
|
|
172
|
-
<small>(R509
|
179
|
+
<small>(R509)</small>
|
173
180
|
|
174
181
|
</li>
|
175
182
|
|
176
183
|
<li>
|
177
|
-
<span class='object_link'><a href="R509/
|
184
|
+
<span class='object_link'><a href="R509/Cert.html" title="R509::Cert (class)">Cert</a></span>
|
178
185
|
|
179
186
|
<small>(R509)</small>
|
180
187
|
|
181
188
|
</li>
|
182
189
|
|
183
190
|
<li>
|
184
|
-
<span class='object_link'><a href="R509/
|
191
|
+
<span class='object_link'><a href="R509/CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span>
|
185
192
|
|
186
193
|
<small>(R509)</small>
|
187
194
|
|
188
195
|
</li>
|
189
196
|
|
190
197
|
<li>
|
191
|
-
<span class='object_link'><a href="R509/Cert/Extensions/
|
198
|
+
<span class='object_link'><a href="R509/Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">CertificatePolicies</a></span>
|
192
199
|
|
193
200
|
<small>(R509::Cert::Extensions)</small>
|
194
201
|
|
195
202
|
</li>
|
196
203
|
|
197
204
|
<li>
|
198
|
-
<span class='object_link'><a href="R509/
|
205
|
+
<span class='object_link'><a href="R509/Validity/Checker.html" title="R509::Validity::Checker (class)">Checker</a></span>
|
206
|
+
|
207
|
+
<small>(R509::Validity)</small>
|
208
|
+
|
209
|
+
</li>
|
210
|
+
|
211
|
+
<li>
|
212
|
+
<span class='object_link'><a href="R509/Config.html" title="R509::Config (module)">Config</a></span>
|
199
213
|
|
200
214
|
<small>(R509)</small>
|
201
215
|
|
@@ -249,6 +263,28 @@
|
|
249
263
|
</ul>
|
250
264
|
|
251
265
|
|
266
|
+
<ul id="alpha_G" class="alpha">
|
267
|
+
<li class="letter">G</li>
|
268
|
+
<ul>
|
269
|
+
|
270
|
+
<li>
|
271
|
+
<span class='object_link'><a href="R509/ASN1/GeneralName.html" title="R509::ASN1::GeneralName (class)">GeneralName</a></span>
|
272
|
+
|
273
|
+
<small>(R509::ASN1)</small>
|
274
|
+
|
275
|
+
</li>
|
276
|
+
|
277
|
+
<li>
|
278
|
+
<span class='object_link'><a href="R509/ASN1/GeneralNames.html" title="R509::ASN1::GeneralNames (class)">GeneralNames</a></span>
|
279
|
+
|
280
|
+
<small>(R509::ASN1)</small>
|
281
|
+
|
282
|
+
</li>
|
283
|
+
|
284
|
+
</ul>
|
285
|
+
</ul>
|
286
|
+
|
287
|
+
|
252
288
|
<ul id="alpha_I" class="alpha">
|
253
289
|
<li class="letter">I</li>
|
254
290
|
<ul>
|
@@ -260,10 +296,20 @@
|
|
260
296
|
|
261
297
|
</li>
|
262
298
|
|
299
|
+
<li>
|
300
|
+
<span class='object_link'><a href="R509/Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">InhibitAnyPolicy</a></span>
|
301
|
+
|
302
|
+
<small>(R509::Cert::Extensions)</small>
|
303
|
+
|
304
|
+
</li>
|
305
|
+
|
263
306
|
</ul>
|
264
307
|
</ul>
|
265
308
|
|
266
309
|
|
310
|
+
</td><td valign='top' width="33%">
|
311
|
+
|
312
|
+
|
267
313
|
<ul id="alpha_K" class="alpha">
|
268
314
|
<li class="letter">K</li>
|
269
315
|
<ul>
|
@@ -279,9 +325,6 @@
|
|
279
325
|
</ul>
|
280
326
|
|
281
327
|
|
282
|
-
</td><td valign='top' width="33%">
|
283
|
-
|
284
|
-
|
285
328
|
<ul id="alpha_M" class="alpha">
|
286
329
|
<li class="letter">M</li>
|
287
330
|
<ul>
|
@@ -301,6 +344,13 @@
|
|
301
344
|
<li class="letter">N</li>
|
302
345
|
<ul>
|
303
346
|
|
347
|
+
<li>
|
348
|
+
<span class='object_link'><a href="R509/Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">NameConstraints</a></span>
|
349
|
+
|
350
|
+
<small>(R509::Cert::Extensions)</small>
|
351
|
+
|
352
|
+
</li>
|
353
|
+
|
304
354
|
<li>
|
305
355
|
<span class='object_link'><a href="R509/NameSanitizer.html" title="R509::NameSanitizer (class)">NameSanitizer</a></span>
|
306
356
|
|
@@ -309,9 +359,16 @@
|
|
309
359
|
</li>
|
310
360
|
|
311
361
|
<li>
|
312
|
-
<span class='object_link'><a href="R509/
|
362
|
+
<span class='object_link'><a href="R509/OCSP/Request/Nonce.html" title="R509::OCSP::Request::Nonce (module)">Nonce</a></span>
|
313
363
|
|
314
|
-
<small>(R509::
|
364
|
+
<small>(R509::OCSP::Request)</small>
|
365
|
+
|
366
|
+
</li>
|
367
|
+
|
368
|
+
<li>
|
369
|
+
<span class='object_link'><a href="R509/ASN1/NoticeReference.html" title="R509::ASN1::NoticeReference (class)">NoticeReference</a></span>
|
370
|
+
|
371
|
+
<small>(R509::ASN1)</small>
|
315
372
|
|
316
373
|
</li>
|
317
374
|
|
@@ -324,14 +381,21 @@
|
|
324
381
|
<ul>
|
325
382
|
|
326
383
|
<li>
|
327
|
-
<span class='object_link'><a href="R509/
|
384
|
+
<span class='object_link'><a href="R509/OCSP.html" title="R509::OCSP (module)">OCSP</a></span>
|
328
385
|
|
329
386
|
<small>(R509)</small>
|
330
387
|
|
331
388
|
</li>
|
332
389
|
|
333
390
|
<li>
|
334
|
-
<span class='object_link'><a href="R509/
|
391
|
+
<span class='object_link'><a href="R509/Cert/Extensions/OCSPNoCheck.html" title="R509::Cert::Extensions::OCSPNoCheck (class)">OCSPNoCheck</a></span>
|
392
|
+
|
393
|
+
<small>(R509::Cert::Extensions)</small>
|
394
|
+
|
395
|
+
</li>
|
396
|
+
|
397
|
+
<li>
|
398
|
+
<span class='object_link'><a href="R509/OIDMapper.html" title="R509::OIDMapper (module)">OIDMapper</a></span>
|
335
399
|
|
336
400
|
<small>(R509)</small>
|
337
401
|
|
@@ -346,9 +410,23 @@
|
|
346
410
|
<ul>
|
347
411
|
|
348
412
|
<li>
|
349
|
-
<span class='object_link'><a href="R509/
|
413
|
+
<span class='object_link'><a href="R509/Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">PolicyConstraints</a></span>
|
414
|
+
|
415
|
+
<small>(R509::Cert::Extensions)</small>
|
416
|
+
|
417
|
+
</li>
|
418
|
+
|
419
|
+
<li>
|
420
|
+
<span class='object_link'><a href="R509/ASN1/PolicyInformation.html" title="R509::ASN1::PolicyInformation (class)">PolicyInformation</a></span>
|
421
|
+
|
422
|
+
<small>(R509::ASN1)</small>
|
423
|
+
|
424
|
+
</li>
|
425
|
+
|
426
|
+
<li>
|
427
|
+
<span class='object_link'><a href="R509/ASN1/PolicyQualifiers.html" title="R509::ASN1::PolicyQualifiers (class)">PolicyQualifiers</a></span>
|
350
428
|
|
351
|
-
<small>(R509::
|
429
|
+
<small>(R509::ASN1)</small>
|
352
430
|
|
353
431
|
</li>
|
354
432
|
|
@@ -380,16 +458,16 @@
|
|
380
458
|
</li>
|
381
459
|
|
382
460
|
<li>
|
383
|
-
<span class='object_link'><a href="R509/
|
461
|
+
<span class='object_link'><a href="R509/OCSP/Request.html" title="R509::OCSP::Request (module)">Request</a></span>
|
384
462
|
|
385
|
-
<small>(R509::
|
463
|
+
<small>(R509::OCSP)</small>
|
386
464
|
|
387
465
|
</li>
|
388
466
|
|
389
467
|
<li>
|
390
|
-
<span class='object_link'><a href="R509/
|
468
|
+
<span class='object_link'><a href="R509/OCSP/Response.html" title="R509::OCSP::Response (class)">Response</a></span>
|
391
469
|
|
392
|
-
<small>(R509::
|
470
|
+
<small>(R509::OCSP)</small>
|
393
471
|
|
394
472
|
</li>
|
395
473
|
|
@@ -402,16 +480,23 @@
|
|
402
480
|
<ul>
|
403
481
|
|
404
482
|
<li>
|
405
|
-
<span class='object_link'><a href="R509/
|
483
|
+
<span class='object_link'><a href="R509/SPKI.html" title="R509::SPKI (class)">SPKI</a></span>
|
406
484
|
|
407
|
-
<small>(R509
|
485
|
+
<small>(R509)</small>
|
408
486
|
|
409
487
|
</li>
|
410
488
|
|
411
489
|
<li>
|
412
|
-
<span class='object_link'><a href="R509/
|
490
|
+
<span class='object_link'><a href="R509/CRL/SignedList.html" title="R509::CRL::SignedList (class)">SignedList</a></span>
|
413
491
|
|
414
|
-
<small>(R509)</small>
|
492
|
+
<small>(R509::CRL)</small>
|
493
|
+
|
494
|
+
</li>
|
495
|
+
|
496
|
+
<li>
|
497
|
+
<span class='object_link'><a href="R509/CertificateAuthority/Signer.html" title="R509::CertificateAuthority::Signer (class)">Signer</a></span>
|
498
|
+
|
499
|
+
<small>(R509::CertificateAuthority)</small>
|
415
500
|
|
416
501
|
</li>
|
417
502
|
|
@@ -454,6 +539,24 @@
|
|
454
539
|
</ul>
|
455
540
|
|
456
541
|
|
542
|
+
<ul id="alpha_U" class="alpha">
|
543
|
+
<li class="letter">U</li>
|
544
|
+
<ul>
|
545
|
+
|
546
|
+
<li>
|
547
|
+
<span class='object_link'><a href="R509/ASN1/UserNotice.html" title="R509::ASN1::UserNotice (class)">UserNotice</a></span>
|
548
|
+
|
549
|
+
<small>(R509::ASN1)</small>
|
550
|
+
|
551
|
+
</li>
|
552
|
+
|
553
|
+
</ul>
|
554
|
+
</ul>
|
555
|
+
|
556
|
+
|
557
|
+
</td><td valign='top' width="33%">
|
558
|
+
|
559
|
+
|
457
560
|
<ul id="alpha_V" class="alpha">
|
458
561
|
<li class="letter">V</li>
|
459
562
|
<ul>
|
@@ -492,9 +595,9 @@
|
|
492
595
|
</div>
|
493
596
|
|
494
597
|
<div id="footer">
|
495
|
-
Generated on
|
598
|
+
Generated on Tue Apr 16 10:49:55 2013 by
|
496
599
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
497
|
-
0.8.
|
600
|
+
0.8.5 (ruby-1.9.3).
|
498
601
|
</div>
|
499
602
|
|
500
603
|
</body>
|
data/doc/class_list.html
CHANGED
@@ -45,7 +45,7 @@
|
|
45
45
|
|
46
46
|
<ul id="full_list" class="class">
|
47
47
|
<li><span class='object_link'><a href="top-level-namespace.html" title=" (root)">Top Level Namespace</a></span></li>
|
48
|
-
<li><a class='toggle'></a> <span class='object_link'><a href="R509.html" title="R509 (module)">R509</a></span><small class='search_info'>Top Level Namespace</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Cert.html" title="R509::Cert (class)">Cert</a></span> < Object<small class='search_info'>R509</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Cert/Extensions.html" title="R509::Cert::Extensions (module)">Extensions</a></span><small class='search_info'>R509::Cert</small></li><ul><li><span class='object_link'><a href="R509/Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">AuthorityInfoAccess</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">AuthorityKeyIdentifier</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">BasicConstraints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/CrlDistributionPoints.html" title="R509::Cert::Extensions::CrlDistributionPoints (class)">CrlDistributionPoints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">ExtendedKeyUsage</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">KeyUsage</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">SubjectAlternativeName</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">SubjectKeyIdentifier</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li></ul></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/CertificateAuthority/Signer.html" title="R509::CertificateAuthority::Signer (class)">Signer</a></span> < Object<small class='search_info'>R509::CertificateAuthority</small></li></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Config.html" title="R509::Config (module)">Config</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/Config/CaConfig.html" title="R509::Config::CaConfig (class)">CaConfig</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/CaConfigPool.html" title="R509::Config::CaConfigPool (class)">CaConfigPool</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/CaProfile.html" title="R509::Config::CaProfile (class)">CaProfile</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/SubjectItemPolicy.html" title="R509::Config::SubjectItemPolicy (class)">SubjectItemPolicy</a></span> < Object<small class='search_info'>R509::Config</small></li></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Crl.html" title="R509::Crl (module)">Crl</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/Crl/Administrator.html" title="R509::Crl::Administrator (class)">Administrator</a></span> < Object<small class='search_info'>R509::Crl</small></li><li><span class='object_link'><a href="R509/Crl/Parser.html" title="R509::Crl::Parser (class)">Parser</a></span> < Object<small class='search_info'>R509::Crl</small></li></ul><li><span class='object_link'><a href="R509/Csr.html" title="R509::Csr (class)">Csr</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/IOHelpers.html" title="R509::IOHelpers (module)">IOHelpers</a></span><small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/MessageDigest.html" title="R509::MessageDigest (class)">MessageDigest</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/NameSanitizer.html" title="R509::NameSanitizer (class)">NameSanitizer</a></span> < Object<small class='search_info'>R509</small></li><li><a class='toggle'></a> <span class='object_link'><a href="R509/Ocsp.html" title="R509::Ocsp (module)">Ocsp</a></span><small class='search_info'>R509</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Ocsp/Request.html" title="R509::Ocsp::Request (module)">Request</a></span><small class='search_info'>R509::Ocsp</small></li><ul><li><span class='object_link'><a href="R509/Ocsp/Request/Nonce.html" title="R509::Ocsp::Request::Nonce (module)">Nonce</a></span><small class='search_info'>R509::Ocsp::Request</small></li></ul><li><span class='object_link'><a href="R509/Ocsp/Response.html" title="R509::Ocsp::Response (class)">Response</a></span> < Object<small class='search_info'>R509::Ocsp</small></li></ul><li><span class='object_link'><a href="R509/OidMapper.html" title="R509::OidMapper (class)">OidMapper</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/PrivateKey.html" title="R509::PrivateKey (class)">PrivateKey</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/R509Error.html" title="R509::R509Error (class)">R509Error</a></span> < StandardError<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/Spki.html" title="R509::Spki (class)">Spki</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/Subject.html" title="R509::Subject (class)">Subject</a></span> < Object<small class='search_info'>R509</small></li><li><a class='toggle'></a> <span class='object_link'><a href="R509/Validity.html" title="R509::Validity (module)">Validity</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/Validity/Checker.html" title="R509::Validity::Checker (class)">Checker</a></span> < Object<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/DefaultChecker.html" title="R509::Validity::DefaultChecker (class)">DefaultChecker</a></span> < Checker<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/DefaultWriter.html" title="R509::Validity::DefaultWriter (class)">DefaultWriter</a></span> < Writer<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/Status.html" title="R509::Validity::Status (class)">Status</a></span> < Object<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/Writer.html" title="R509::Validity::Writer (class)">Writer</a></span> < Object<small class='search_info'>R509::Validity</small></li></ul></ul>
|
48
|
+
<li><a class='toggle'></a> <span class='object_link'><a href="R509.html" title="R509 (module)">R509</a></span><small class='search_info'>Top Level Namespace</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/ASN1.html" title="R509::ASN1 (module)">ASN1</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/ASN1/GeneralName.html" title="R509::ASN1::GeneralName (class)">GeneralName</a></span> < Object<small class='search_info'>R509::ASN1</small></li><li><span class='object_link'><a href="R509/ASN1/GeneralNames.html" title="R509::ASN1::GeneralNames (class)">GeneralNames</a></span> < Object<small class='search_info'>R509::ASN1</small></li><li><span class='object_link'><a href="R509/ASN1/NoticeReference.html" title="R509::ASN1::NoticeReference (class)">NoticeReference</a></span> < Object<small class='search_info'>R509::ASN1</small></li><li><span class='object_link'><a href="R509/ASN1/PolicyInformation.html" title="R509::ASN1::PolicyInformation (class)">PolicyInformation</a></span> < Object<small class='search_info'>R509::ASN1</small></li><li><span class='object_link'><a href="R509/ASN1/PolicyQualifiers.html" title="R509::ASN1::PolicyQualifiers (class)">PolicyQualifiers</a></span> < Object<small class='search_info'>R509::ASN1</small></li><li><span class='object_link'><a href="R509/ASN1/UserNotice.html" title="R509::ASN1::UserNotice (class)">UserNotice</a></span> < Object<small class='search_info'>R509::ASN1</small></li></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/CRL.html" title="R509::CRL (module)">CRL</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/CRL/Administrator.html" title="R509::CRL::Administrator (class)">Administrator</a></span> < Object<small class='search_info'>R509::CRL</small></li><li><span class='object_link'><a href="R509/CRL/SignedList.html" title="R509::CRL::SignedList (class)">SignedList</a></span> < Object<small class='search_info'>R509::CRL</small></li></ul><li><span class='object_link'><a href="R509/CSR.html" title="R509::CSR (class)">CSR</a></span> < Object<small class='search_info'>R509</small></li><li><a class='toggle'></a> <span class='object_link'><a href="R509/Cert.html" title="R509::Cert (class)">Cert</a></span> < Object<small class='search_info'>R509</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Cert/Extensions.html" title="R509::Cert::Extensions (module)">Extensions</a></span><small class='search_info'>R509::Cert</small></li><ul><li><span class='object_link'><a href="R509/Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">AuthorityInfoAccess</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">AuthorityKeyIdentifier</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">BasicConstraints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">CRLDistributionPoints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">CertificatePolicies</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">ExtendedKeyUsage</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">InhibitAnyPolicy</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">KeyUsage</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">NameConstraints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/OCSPNoCheck.html" title="R509::Cert::Extensions::OCSPNoCheck (class)">OCSPNoCheck</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">PolicyConstraints</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">SubjectAlternativeName</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li><li><span class='object_link'><a href="R509/Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">SubjectKeyIdentifier</a></span> < Extension<small class='search_info'>R509::Cert::Extensions</small></li></ul></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/CertificateAuthority/Signer.html" title="R509::CertificateAuthority::Signer (class)">Signer</a></span> < Object<small class='search_info'>R509::CertificateAuthority</small></li></ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/Config.html" title="R509::Config (module)">Config</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/Config/CAConfig.html" title="R509::Config::CAConfig (class)">CAConfig</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/CAConfigPool.html" title="R509::Config::CAConfigPool (class)">CAConfigPool</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/CAProfile.html" title="R509::Config::CAProfile (class)">CAProfile</a></span> < Object<small class='search_info'>R509::Config</small></li><li><span class='object_link'><a href="R509/Config/SubjectItemPolicy.html" title="R509::Config::SubjectItemPolicy (class)">SubjectItemPolicy</a></span> < Object<small class='search_info'>R509::Config</small></li></ul><li><span class='object_link'><a href="R509/IOHelpers.html" title="R509::IOHelpers (module)">IOHelpers</a></span><small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/MessageDigest.html" title="R509::MessageDigest (class)">MessageDigest</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/NameSanitizer.html" title="R509::NameSanitizer (class)">NameSanitizer</a></span> < Object<small class='search_info'>R509</small></li><li><a class='toggle'></a> <span class='object_link'><a href="R509/OCSP.html" title="R509::OCSP (module)">OCSP</a></span><small class='search_info'>R509</small></li><ul><li><a class='toggle'></a> <span class='object_link'><a href="R509/OCSP/Request.html" title="R509::OCSP::Request (module)">Request</a></span><small class='search_info'>R509::OCSP</small></li><ul><li><span class='object_link'><a href="R509/OCSP/Request/Nonce.html" title="R509::OCSP::Request::Nonce (module)">Nonce</a></span><small class='search_info'>R509::OCSP::Request</small></li></ul><li><span class='object_link'><a href="R509/OCSP/Response.html" title="R509::OCSP::Response (class)">Response</a></span> < Object<small class='search_info'>R509::OCSP</small></li></ul><li><span class='object_link'><a href="R509/OIDMapper.html" title="R509::OIDMapper (module)">OIDMapper</a></span><small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/PrivateKey.html" title="R509::PrivateKey (class)">PrivateKey</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/R509Error.html" title="R509::R509Error (class)">R509Error</a></span> < StandardError<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/SPKI.html" title="R509::SPKI (class)">SPKI</a></span> < Object<small class='search_info'>R509</small></li><li><span class='object_link'><a href="R509/Subject.html" title="R509::Subject (class)">Subject</a></span> < Object<small class='search_info'>R509</small></li><li><a class='toggle'></a> <span class='object_link'><a href="R509/Validity.html" title="R509::Validity (module)">Validity</a></span><small class='search_info'>R509</small></li><ul><li><span class='object_link'><a href="R509/Validity/Checker.html" title="R509::Validity::Checker (class)">Checker</a></span> < Object<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/DefaultChecker.html" title="R509::Validity::DefaultChecker (class)">DefaultChecker</a></span> < Checker<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/DefaultWriter.html" title="R509::Validity::DefaultWriter (class)">DefaultWriter</a></span> < Writer<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/Status.html" title="R509::Validity::Status (class)">Status</a></span> < Object<small class='search_info'>R509::Validity</small></li><li><span class='object_link'><a href="R509/Validity/Writer.html" title="R509::Validity::Writer (class)">Writer</a></span> < Object<small class='search_info'>R509::Validity</small></li></ul></ul>
|
49
49
|
|
50
50
|
</ul>
|
51
51
|
</div>
|
data/doc/css/style.css
CHANGED
@@ -27,6 +27,16 @@ h2 small { font-weight: normal; font-size: 0.7em; display: block; float: right;
|
|
27
27
|
.rdoc-term { padding-right: 25px; font-weight: bold; }
|
28
28
|
.rdoc-list p { margin: 0; padding: 0; margin-bottom: 4px; }
|
29
29
|
|
30
|
+
/* style for <table> */
|
31
|
+
#filecontents table, .docstring table { border-collapse: collapse; }
|
32
|
+
#filecontents table th, #filecontents table td,
|
33
|
+
.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; }
|
34
|
+
#filecontents table tr:nth-child(odd),
|
35
|
+
.docstring table tr:nth-child(odd) { background: #eee; }
|
36
|
+
#filecontents table tr:nth-child(even),
|
37
|
+
.docstring table tr:nth-child(even) { background: #fff; }
|
38
|
+
#filecontents table th, .docstring table th { background: #fff; }
|
39
|
+
|
30
40
|
/* style for <ul> */
|
31
41
|
#filecontents li > p, .docstring li > p { margin: 0px; }
|
32
42
|
#filecontents ul, .docstring ul { padding-left: 20px; }
|
data/doc/file.README.html
CHANGED
@@ -2,11 +2,11 @@
|
|
2
2
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
3
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
4
4
|
<head>
|
5
|
-
<meta http-equiv="Content-Type" content="text/html; charset=
|
5
|
+
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
|
6
6
|
<title>
|
7
7
|
File: README
|
8
8
|
|
9
|
-
— Documentation by YARD 0.8.
|
9
|
+
— Documentation by YARD 0.8.5
|
10
10
|
|
11
11
|
</title>
|
12
12
|
|
@@ -63,12 +63,21 @@
|
|
63
63
|
|
64
64
|
<div id="content"><div id='filecontents'><h1>r509 <a href="http://travis-ci.org/reaperhulk/r509"><img src="https://secure.travis-ci.org/reaperhulk/r509.png" alt="Build Status"></a></h1>
|
65
65
|
|
66
|
-
<p>r509 is a
|
66
|
+
<p>r509 is a Ruby gem built using OpenSSL that is designed to ease management of a public key infrastructure. The r509 API facilitates easy creation of CSRs, signing of certificates, revocation (CRL/OCSP), and much more. Together with projects like <a href="https://github.com/reaperhulk/r509-ocsp-responder">r509-ocsp-responder</a> and <a href="https://github.com/sirsean/r509-ca-http">r509-ca-http</a> it is intended to be a complete <a href="http://www.ietf.org/rfc/rfc5280.txt">RFC 5280</a>-compliant certificate authority for use in production environments.</p>
|
67
67
|
|
68
|
-
<h2>Requirements
|
68
|
+
<h2>Requirements</h2>
|
69
69
|
|
70
|
-
<p>r509 requires the Ruby OpenSSL bindings as well as yaml support (present by default in modern Ruby builds).
|
71
|
-
|
70
|
+
<p>r509 requires the Ruby OpenSSL bindings as well as yaml support (present by default in modern Ruby builds). It is recommended that you compile Ruby against OpenSSL 1.0.0+ (with elliptic curve support enabled). Red Hat-derived distributions ship with EC disabled in OpenSSL, so if you need EC support you will need to recompile.</p>
|
71
|
+
|
72
|
+
<h2>Installation</h2>
|
73
|
+
|
74
|
+
<p>You can install via rubygems with <code>gem install r509</code></p>
|
75
|
+
|
76
|
+
<p>To install the gem from your own clone (you will need to satisfy the dependencies via <code>bundle install</code> or other means):</p>
|
77
|
+
|
78
|
+
<pre class="code bash"><code class="bash">rake gem:build
|
79
|
+
rake gem:install
|
80
|
+
</code></pre>
|
72
81
|
|
73
82
|
<h2>Running Tests/Building Gem</h2>
|
74
83
|
|
@@ -76,11 +85,15 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
76
85
|
|
77
86
|
<h2>Continuous Integration</h2>
|
78
87
|
|
79
|
-
<p>We run continuous integration tests (using Travis-CI) against 1.
|
88
|
+
<p>We run continuous integration tests (using Travis-CI) against 1.9.3, 2.0.0, ruby-head, and rubinius(rbx) 2.0 in 1.9 mode. 1.8.7 is no longer a supported configuration due to issues with its elliptic curve methods. 0.8.1 was the last official r509 release with 1.8.7 support.</p>
|
80
89
|
|
81
90
|
<h2>Executable</h2>
|
82
91
|
|
83
|
-
<p>Inside the gem there is a
|
92
|
+
<p>Inside the gem there is a binary named <code>r509</code>. Type <code>r509 -h</code> to see a list of options.</p>
|
93
|
+
|
94
|
+
<h2>Basic Certificate Authority Howto</h2>
|
95
|
+
|
96
|
+
<p><a href="http://langui.sh/2012/11/02/building-a-ca-r509-howto/">This guide</a> provides instructions on building a basic CA using r509, <a href="https://github.com/sirsean/r509-ca-http">r509-ca-http</a>, and <a href="https://github.com/reaperhulk/r509-ocsp-responder">r509-ocsp-responder</a>. In it you will learn how to create a root, set up the configuration profiles, issue certificates, revoke certificates, and see responses from an OCSP responder.</p>
|
84
97
|
|
85
98
|
<h2>Usage</h2>
|
86
99
|
|
@@ -88,36 +101,47 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
88
101
|
|
89
102
|
<p>To generate a 2048-bit RSA CSR</p>
|
90
103
|
|
91
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
104
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
105
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='lbracket'>[</span>
|
106
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>somedomain.com</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
107
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>O</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>My Org</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
108
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>L</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>City</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
109
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ST</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>State</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
110
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>C</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>US</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
111
|
+
<span class='rbracket'>]</span>
|
99
112
|
<span class='rparen'>)</span>
|
100
113
|
</code></pre>
|
101
114
|
|
115
|
+
<p>Another way to build the subject:</p>
|
116
|
+
|
117
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Subject</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
|
118
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>CN</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>somedomain.com</span><span class='tstring_end'>"</span></span>
|
119
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>O</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>My Org</span><span class='tstring_end'>"</span></span>
|
120
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>L</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>City</span><span class='tstring_end'>"</span></span>
|
121
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>ST</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>State</span><span class='tstring_end'>"</span></span>
|
122
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>C</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>US</span><span class='tstring_end'>"</span></span>
|
123
|
+
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span> <span class='rparen'>)</span>
|
124
|
+
</code></pre>
|
125
|
+
|
102
126
|
<p>To load an existing CSR (without private key)</p>
|
103
127
|
|
104
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_csr_pem'>csr_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/csr</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
105
|
-
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
128
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_csr_pem'>csr_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/csr</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
129
|
+
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:csr</span> <span class='op'>=></span> <span class='id identifier rubyid_csr_pem'>csr_pem</span><span class='rparen'>)</span>
|
106
130
|
<span class='comment'># or
|
107
|
-
</span><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
131
|
+
</span><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_load_from_file'>load_from_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/csr</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
108
132
|
</code></pre>
|
109
133
|
|
110
134
|
<p>To create a new CSR from the subject of a certificate</p>
|
111
135
|
|
112
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
113
|
-
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
136
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
137
|
+
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert_pem'>cert_pem</span><span class='rparen'>)</span>
|
114
138
|
</code></pre>
|
115
139
|
|
116
140
|
<p>To create a CSR with SAN names</p>
|
117
141
|
|
118
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
119
|
-
|
120
|
-
|
142
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
143
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='lbracket'>[</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>something.com</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='rbracket'>]</span><span class='comma'>,</span>
|
144
|
+
<span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>something2.com</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>something3.com</span><span class='tstring_end'>"</span></span><span class='rbracket'>]</span>
|
121
145
|
<span class='rparen'>)</span>
|
122
146
|
</code></pre>
|
123
147
|
|
@@ -125,7 +149,7 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
125
149
|
|
126
150
|
<p>To load an existing certificate</p>
|
127
151
|
|
128
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
152
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
129
153
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert_pem'>cert_pem</span><span class='rparen'>)</span>
|
130
154
|
<span class='comment'># or
|
131
155
|
</span><span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_load_from_file'>load_from_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
@@ -133,150 +157,202 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
133
157
|
|
134
158
|
<p>Load a cert and key</p>
|
135
159
|
|
136
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
160
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
137
161
|
<span class='id identifier rubyid_key_pem'>key_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/key</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
138
162
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
139
|
-
|
140
|
-
|
163
|
+
<span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert_pem'>cert_pem</span><span class='comma'>,</span>
|
164
|
+
<span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_key_pem'>key_pem</span>
|
141
165
|
<span class='rparen'>)</span>
|
142
166
|
</code></pre>
|
143
167
|
|
144
168
|
<p>Load an encrypted private key</p>
|
145
169
|
|
146
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
170
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
147
171
|
<span class='id identifier rubyid_key_pem'>key_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/key</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
148
172
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
149
|
-
|
150
|
-
|
151
|
-
|
173
|
+
<span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert_pem'>cert_pem</span><span class='comma'>,</span>
|
174
|
+
<span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_key_pem'>key_pem</span><span class='comma'>,</span>
|
175
|
+
<span class='symbol'>:password</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>private_key_password</span><span class='tstring_end'>"</span></span>
|
152
176
|
<span class='rparen'>)</span>
|
153
177
|
</code></pre>
|
154
178
|
|
155
179
|
<p>Load a PKCS12 file</p>
|
156
180
|
|
157
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_pkcs12_der'>pkcs12_der</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/p12</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
181
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_pkcs12_der'>pkcs12_der</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/p12</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
158
182
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
159
|
-
|
160
|
-
|
183
|
+
<span class='symbol'>:pkcs12</span> <span class='op'>=></span> <span class='id identifier rubyid_pkcs12_der'>pkcs12_der</span><span class='comma'>,</span>
|
184
|
+
<span class='symbol'>:password</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>password</span><span class='tstring_end'>"</span></span>
|
185
|
+
<span class='rparen'>)</span>
|
186
|
+
</code></pre>
|
187
|
+
|
188
|
+
<h3>PrivateKey</h3>
|
189
|
+
|
190
|
+
<p>Generate a 1536-bit RSA key</p>
|
191
|
+
|
192
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:type</span> <span class='op'>=></span> <span class='symbol'>:rsa</span><span class='comma'>,</span> <span class='symbol'>:bit_strength</span> <span class='op'>=></span> <span class='int'>1536</span><span class='rparen'>)</span>
|
193
|
+
</code></pre>
|
194
|
+
|
195
|
+
<p>Encrypt the private key</p>
|
196
|
+
|
197
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:type</span> <span class='op'>=></span> <span class='symbol'>:rsa</span><span class='comma'>,</span> <span class='symbol'>:bit_strength</span> <span class='op'>=></span> <span class='int'>2048</span><span class='rparen'>)</span>
|
198
|
+
<span class='id identifier rubyid_encrypted_pem'>encrypted_pem</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_to_encrypted_pem'>to_encrypted_pem</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>aes256</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>my-password</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
199
|
+
<span class='comment'># or write it to disk
|
200
|
+
</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_write_encrypted_pem'>write_encrypted_pem</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/tmp/path</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>aes256</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>my-password</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
201
|
+
</code></pre>
|
202
|
+
|
203
|
+
<h4>Load Hardware Engines in PrivateKey</h4>
|
204
|
+
|
205
|
+
<p>The engine you want to load must already be available to OpenSSL. How to compile/install OpenSSL engines is outside the scope of this document.</p>
|
206
|
+
|
207
|
+
<pre class="code ruby"><code class="ruby"><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Engine</span><span class='period'>.</span><span class='id identifier rubyid_load'>load</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>engine_name</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
208
|
+
<span class='id identifier rubyid_engine'>engine</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Engine</span><span class='period'>.</span><span class='id identifier rubyid_by_id'>by_id</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>engine_name</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
209
|
+
<span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='lparen'>(</span>
|
210
|
+
<span class='symbol'>:engine</span> <span class='op'>=></span> <span class='id identifier rubyid_engine'>engine</span><span class='comma'>,</span>
|
211
|
+
<span class='symbol'>:key_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>my_key_name</span><span class='tstring_end'>"</span></span>
|
161
212
|
<span class='rparen'>)</span>
|
162
213
|
</code></pre>
|
163
214
|
|
215
|
+
<p>You can then use this key for signing.</p>
|
216
|
+
|
217
|
+
<h3>SPKI/SPKAC</h3>
|
218
|
+
|
219
|
+
<p>To generate a 2048-bit RSA SPKI</p>
|
220
|
+
|
221
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:type</span> <span class='op'>=></span> <span class='symbol'>:rsa</span><span class='comma'>,</span> <span class='symbol'>:bit_strength</span> <span class='op'>=></span> <span class='int'>1024</span><span class='rparen'>)</span>
|
222
|
+
<span class='id identifier rubyid_spki'>spki</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>SPKI</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
|
223
|
+
</code></pre>
|
224
|
+
|
164
225
|
<h3>Self-Signed Certificate</h3>
|
165
226
|
|
166
227
|
<p>To create a self-signed certificate</p>
|
167
228
|
|
168
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
|
229
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
|
169
230
|
<span class='id identifier rubyid_not_after'>not_after</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='op'>+</span><span class='int'>3600</span><span class='op'>*</span><span class='int'>24</span><span class='op'>*</span><span class='int'>7300</span>
|
170
|
-
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
171
|
-
|
231
|
+
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
232
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='lbracket'>[</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>C</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>US</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>O</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>r509 LLC</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>r509 Self-Signed CA Test</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='rbracket'>]</span>
|
172
233
|
<span class='rparen'>)</span>
|
173
234
|
<span class='id identifier rubyid_ca'>ca</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
|
174
235
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_ca'>ca</span><span class='period'>.</span><span class='id identifier rubyid_selfsign'>selfsign</span><span class='lparen'>(</span>
|
175
|
-
|
176
|
-
|
177
|
-
|
236
|
+
<span class='symbol'>:csr</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span>
|
237
|
+
<span class='symbol'>:not_before</span> <span class='op'>=></span> <span class='id identifier rubyid_not_before'>not_before</span><span class='comma'>,</span>
|
238
|
+
<span class='symbol'>:not_after</span> <span class='op'>=></span> <span class='id identifier rubyid_not_after'>not_after</span>
|
178
239
|
<span class='rparen'>)</span>
|
179
240
|
</code></pre>
|
180
241
|
|
181
242
|
<h3>Config</h3>
|
182
243
|
|
183
|
-
<p>Create a basic
|
244
|
+
<p>Create a basic CAConfig object</p>
|
184
245
|
|
185
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
246
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_cert_pem'>cert_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/cert</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
186
247
|
<span class='id identifier rubyid_key_pem'>key_pem</span> <span class='op'>=</span> <span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>/path/to/key</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
187
248
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
188
|
-
|
189
|
-
|
249
|
+
<span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert_pem'>cert_pem</span><span class='comma'>,</span>
|
250
|
+
<span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_key_pem'>key_pem</span>
|
190
251
|
<span class='rparen'>)</span>
|
191
|
-
<span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>
|
192
|
-
|
252
|
+
<span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CAConfig</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
253
|
+
<span class='symbol'>:ca_cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span>
|
193
254
|
<span class='rparen'>)</span>
|
194
255
|
</code></pre>
|
195
256
|
|
196
|
-
<p>Add a signing profile named "server" (
|
257
|
+
<p>Add a signing profile named "server" (CAProfile) to a config object</p>
|
197
258
|
|
198
|
-
<pre class="code ruby"><code
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
259
|
+
<pre class="code ruby"><code class="ruby">profile = R509::Config::CAProfile.new(
|
260
|
+
:basic_constraints => {"ca" : false},
|
261
|
+
:key_usage => ["digitalSignature","keyEncipherment"],
|
262
|
+
:extended_key_usage => ["serverAuth"],
|
263
|
+
:certificate_policies => [
|
264
|
+
{ "policy_identifier" => "2.16.840.1.99999.21.234",
|
265
|
+
"cps_uris" => ["http://example.com/cps","http://haha.com"],
|
266
|
+
"user_notices" => [ { "explicit_text" => "this is a great thing", "organization" => "my org", "notice_numbers" => "1,2,3" } ]
|
267
|
+
}
|
268
|
+
],
|
269
|
+
:subject_item_policy => nil,
|
270
|
+
:ocsp_no_check => false # this should only be true if you are setting OCSPSigning EKU
|
271
|
+
)
|
272
|
+
# config object from above assumed
|
273
|
+
config.set_profile("server",profile)
|
207
274
|
</code></pre>
|
208
275
|
|
209
276
|
<p>Set up a subject item policy (required/optional). The keys must match OpenSSL's shortnames!</p>
|
210
277
|
|
211
|
-
<pre class="code ruby"><code
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_set_profile'>set_profile</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>server</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
|
278
|
+
<pre class="code ruby"><code class="ruby">profile = R509::Config::CAProfile.new(
|
279
|
+
:basic_constraints => {"ca" : false},
|
280
|
+
:key_usage => ["digitalSignature","keyEncipherment"],
|
281
|
+
:extended_key_usage => ["serverAuth"],
|
282
|
+
:subject_item_policy => {
|
283
|
+
"CN" => "required",
|
284
|
+
"O" => "optional"
|
285
|
+
}
|
286
|
+
)
|
287
|
+
# config object from above assumed
|
288
|
+
config.set_profile("server",profile)
|
223
289
|
</code></pre>
|
224
290
|
|
225
|
-
<p>Load
|
291
|
+
<p>Load CAConfig + Profile from YAML</p>
|
226
292
|
|
227
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>
|
293
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CAConfig</span><span class='period'>.</span><span class='id identifier rubyid_from_yaml'>from_yaml</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>test_ca</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>config_test.yaml</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
228
294
|
</code></pre>
|
229
295
|
|
230
296
|
<p>Example YAML (more options are supported than this example)</p>
|
231
297
|
|
232
|
-
<pre class="code yaml"><code>test_ca: {
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
298
|
+
<pre class="code yaml"><code class="yaml">test_ca: {
|
299
|
+
ca_cert: {
|
300
|
+
cert: '/path/to/test_ca.cer',
|
301
|
+
key: '/path/to/test_ca.key'
|
302
|
+
},
|
303
|
+
crl_list: "crl_list_file.txt",
|
304
|
+
crl_number: "crl_number_file.txt",
|
305
|
+
cdp_location: ['http://crl.domain.com/test_ca.crl'],
|
306
|
+
crl_validity_hours: 168, #7 days
|
307
|
+
ocsp_location: ['http://ocsp.domain.com'],
|
308
|
+
ca_issuers_location: ['http://www.domain.com/my_roots.html'],
|
309
|
+
message_digest: 'SHA1', #SHA1, SHA224, SHA256, SHA384, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
|
310
|
+
profiles: {
|
311
|
+
server: {
|
312
|
+
basic_constraints: {"ca" : false},
|
313
|
+
key_usage: [digitalSignature,keyEncipherment],
|
314
|
+
extended_key_usage: [serverAuth],
|
315
|
+
certificate_policies: [
|
316
|
+
{ policy_identifier: "2.16.840.1.99999.21.234",
|
317
|
+
cps_uris: ["http://example.com/cps","http://haha.com"],
|
318
|
+
user_notices: [ { explicit_text: "this is a great thing", organization: "my org", notice_numbers: "1,2,3" } ]
|
319
|
+
},
|
320
|
+
{ policy_identifier: "2.16.840.1.99999.21.235",
|
321
|
+
cps_uris: ["http://example.com/cps2"],
|
322
|
+
user_notices: [ { explicit_text: "this is a bad thing", organization: "another org", notice_numbers: "3,2,1" },{ explicit_text: "another user notice"} ]
|
255
323
|
}
|
324
|
+
],
|
325
|
+
subject_item_policy: {
|
326
|
+
"CN" : "required",
|
327
|
+
"O" : "optional",
|
328
|
+
"ST" : "required",
|
329
|
+
"C" : "required",
|
330
|
+
"OU" : "optional" }
|
256
331
|
}
|
332
|
+
}
|
257
333
|
}
|
258
334
|
</code></pre>
|
259
335
|
|
260
|
-
<p>Load multiple
|
336
|
+
<p>Load multiple CAConfigs using a CAConfigPool</p>
|
261
337
|
|
262
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_pool'>pool</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>
|
338
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_pool'>pool</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CAConfigPool</span><span class='period'>.</span><span class='id identifier rubyid_from_yaml'>from_yaml</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>certificate_authorities</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>config_pool.yaml</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
263
339
|
</code></pre>
|
264
340
|
|
265
341
|
<p>Example (Minimal) Config Pool YAML</p>
|
266
342
|
|
267
|
-
<pre class="code yaml"><code>certificate_authorities: {
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
}
|
273
|
-
},
|
274
|
-
second_ca: {
|
275
|
-
ca_cert: {
|
276
|
-
cert: 'second_ca.cer',
|
277
|
-
key: 'second_ca.key'
|
278
|
-
}
|
343
|
+
<pre class="code yaml"><code class="yaml">certificate_authorities: {
|
344
|
+
test_ca: {
|
345
|
+
ca_cert: {
|
346
|
+
cert: 'test_ca.cer',
|
347
|
+
key: 'test_ca.key'
|
279
348
|
}
|
349
|
+
},
|
350
|
+
second_ca: {
|
351
|
+
ca_cert: {
|
352
|
+
cert: 'second_ca.cer',
|
353
|
+
key: 'second_ca.key'
|
354
|
+
}
|
355
|
+
}
|
280
356
|
}
|
281
357
|
</code></pre>
|
282
358
|
|
@@ -284,79 +360,120 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
284
360
|
|
285
361
|
<p>Sign a CSR</p>
|
286
362
|
|
287
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
363
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
364
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='lbracket'>[</span>
|
365
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>somedomain.com</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
366
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>O</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>My Org</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
367
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>L</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>City</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
368
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ST</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>State</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
369
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>C</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>US</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
370
|
+
<span class='rbracket'>]</span>
|
295
371
|
<span class='rparen'>)</span>
|
296
372
|
<span class='comment'># assume config from yaml load above
|
297
373
|
</span><span class='id identifier rubyid_ca'>ca</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='rparen'>)</span>
|
298
374
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_ca'>ca</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span>
|
299
|
-
|
300
|
-
|
375
|
+
<span class='symbol'>:profile_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>server</span><span class='tstring_end'>"</span></span><span class='comma'>,</span>
|
376
|
+
<span class='symbol'>:csr</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span>
|
301
377
|
<span class='rparen'>)</span>
|
302
378
|
</code></pre>
|
303
379
|
|
304
380
|
<p>Override a CSR's subject or SAN names when signing</p>
|
305
381
|
|
306
|
-
<pre class="code ruby"><code><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
382
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CSR</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
|
383
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='lbracket'>[</span>
|
384
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>somedomain.com</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
385
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>O</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>My Org</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
386
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>L</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>City</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
387
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>ST</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>State</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span><span class='comma'>,</span>
|
388
|
+
<span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>C</span><span class='tstring_end'>'</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>US</span><span class='tstring_end'>'</span></span><span class='rbracket'>]</span>
|
389
|
+
<span class='rbracket'>]</span>
|
314
390
|
<span class='rparen'>)</span>
|
315
|
-
<span class='id identifier
|
316
|
-
<span class='id identifier
|
317
|
-
<span class='id identifier
|
318
|
-
<span class='id identifier
|
391
|
+
<span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_dup'>dup</span>
|
392
|
+
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>sannames.com</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>domain2.com</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>128.128.128.128</span><span class='tstring_end'>"</span></span><span class='rbracket'>]</span>
|
393
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_common_name'>common_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>newdomain.com</span><span class='tstring_end'>"</span></span>
|
394
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_organization'>organization</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Org 2.0</span><span class='tstring_end'>"</span></span>
|
319
395
|
<span class='comment'># assume config from yaml load above
|
320
396
|
</span><span class='id identifier rubyid_ca'>ca</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='rparen'>)</span>
|
321
397
|
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_ca'>ca</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span>
|
322
|
-
|
323
|
-
|
324
|
-
|
398
|
+
<span class='symbol'>:profile_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>server</span><span class='tstring_end'>"</span></span><span class='comma'>,</span>
|
399
|
+
<span class='symbol'>:csr</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='comma'>,</span>
|
400
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span>
|
401
|
+
<span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span>
|
325
402
|
<span class='rparen'>)</span>
|
326
403
|
</code></pre>
|
327
404
|
|
328
|
-
<
|
329
|
-
|
330
|
-
<
|
331
|
-
|
332
|
-
<
|
333
|
-
|
334
|
-
<span class='id identifier
|
335
|
-
|
336
|
-
|
405
|
+
<p>Sign an SPKI/SPKAC object</p>
|
406
|
+
|
407
|
+
<pre class="code ruby"><code class="ruby"><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:type</span> <span class='op'>=></span> <span class='symbol'>:rsa</span><span class='comma'>,</span> <span class='symbol'>:bit_strength</span> <span class='op'>=></span> <span class='int'>2048</span><span class='rparen'>)</span>
|
408
|
+
<span class='id identifier rubyid_spki'>spki</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>SPKI</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
|
409
|
+
<span class='comment'># SPKI objects do not contain subject or san name data so it must be specified
|
410
|
+
</span><span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Subject</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
|
411
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>CN</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>mydomain.com</span><span class='tstring_end'>"</span></span>
|
412
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>L</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Locality</span><span class='tstring_end'>"</span></span>
|
413
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>ST</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>State</span><span class='tstring_end'>"</span></span>
|
414
|
+
<span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='const'>C</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>US</span><span class='tstring_end'>"</span></span>
|
415
|
+
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>domain2.com</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>128.128.128.128</span><span class='tstring_end'>"</span></span><span class='rbracket'>]</span>
|
416
|
+
<span class='comment'># assume config from yaml load above
|
417
|
+
</span><span class='id identifier rubyid_ca'>ca</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='rparen'>)</span>
|
418
|
+
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_ca'>ca</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span>
|
419
|
+
<span class='symbol'>:profile_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>server</span><span class='tstring_end'>"</span></span><span class='comma'>,</span>
|
420
|
+
<span class='symbol'>:spki</span> <span class='op'>=></span> <span class='id identifier rubyid_spki'>spki</span><span class='comma'>,</span>
|
421
|
+
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span>
|
422
|
+
<span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span>
|
337
423
|
<span class='rparen'>)</span>
|
338
|
-
</code></pre>
|
339
424
|
|
340
|
-
|
425
|
+
</code></pre>
|
341
426
|
|
342
427
|
<h3>OID Mapping</h3>
|
343
428
|
|
344
429
|
<p>Register one</p>
|
345
430
|
|
346
|
-
<pre class="code ruby"><code><span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
431
|
+
<pre class="code ruby"><code class="ruby"><span class='const'>R509</span><span class='op'>::</span><span class='const'>OIDMapper</span><span class='period'>.</span><span class='id identifier rubyid_register'>register</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>1.3.5.6.7.8.3.23.3</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>short_name</span><span class='tstring_end'>"</span></span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>optional_long_name</span><span class='tstring_end'>"</span></span><span class='rparen'>)</span>
|
347
432
|
</code></pre>
|
348
433
|
|
349
434
|
<p>Register in batch</p>
|
350
435
|
|
351
|
-
<pre class="code ruby"><code><span class='const'>R509</span><span class='op'>::</span><span class='const'>
|
352
|
-
|
353
|
-
|
436
|
+
<pre class="code ruby"><code class="ruby"><span class='const'>R509</span><span class='op'>::</span><span class='const'>OIDMapper</span><span class='period'>.</span><span class='id identifier rubyid_batch_register'>batch_register</span><span class='lparen'>(</span><span class='lbracket'>[</span>
|
437
|
+
<span class='lbrace'>{</span><span class='symbol'>:oid</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>1.3.5.6.7.8.3.23.3</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='symbol'>:short_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>short_name</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='symbol'>:long_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>optional_long_name</span><span class='tstring_end'>"</span></span><span class='rbrace'>}</span><span class='comma'>,</span>
|
438
|
+
<span class='lbrace'>{</span><span class='symbol'>:oid</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>1.3.5.6.7.8.3.23.5</span><span class='tstring_end'>"</span></span><span class='comma'>,</span> <span class='symbol'>:short_name</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>another_name</span><span class='tstring_end'>"</span></span><span class='rbrace'>}</span>
|
354
439
|
<span class='rbracket'>]</span><span class='rparen'>)</span>
|
355
440
|
</code></pre>
|
356
441
|
|
442
|
+
<h3>Alternate Key Algorithms</h3>
|
443
|
+
|
444
|
+
<p>In addition to the default RSA objects that are created above, r509 supports DSA and elliptic curve (EC). EC support is present only if Ruby has been linked against a version of OpenSSL compiled with EC enabled. This excludes Red Hat-based distributions at this time (unless you build it yourself). Take a look at the documentation for R509::PrivateKey, R509::Cert, and R509::CSR to see how to create DSA and EC types. You can test if elliptic curve support is available in your Ruby with:</p>
|
445
|
+
|
446
|
+
<pre class="code ruby"><code class="ruby"><span class='const'>R509</span><span class='period'>.</span><span class='id identifier rubyid_ec_supported?'>ec_supported?</span>
|
447
|
+
</code></pre>
|
448
|
+
|
449
|
+
<h4>NIST Recommended Elliptic Curves</h4>
|
450
|
+
|
451
|
+
<p>These curves are set via <code>:curve_name</code>. The system defaults to using <code>secp384r1</code></p>
|
452
|
+
|
453
|
+
<ul>
|
454
|
+
<li>secp224r1 -- NIST/SECG curve over a 224 bit prime field</li>
|
455
|
+
<li>secp384r1 -- NIST/SECG curve over a 384 bit prime field</li>
|
456
|
+
<li>secp521r1 -- NIST/SECG curve over a 521 bit prime field</li>
|
457
|
+
<li>prime192v1 -- NIST/X9.62/SECG curve over a 192 bit prime field</li>
|
458
|
+
<li>sect163k1 -- NIST/SECG/WTLS curve over a 163 bit binary field</li>
|
459
|
+
<li>sect163r2 -- NIST/SECG curve over a 163 bit binary field</li>
|
460
|
+
<li>sect233k1 -- NIST/SECG/WTLS curve over a 233 bit binary field</li>
|
461
|
+
<li>sect233r1 -- NIST/SECG/WTLS curve over a 233 bit binary field</li>
|
462
|
+
<li>sect283k1 -- NIST/SECG curve over a 283 bit binary field</li>
|
463
|
+
<li>sect283r1 -- NIST/SECG curve over a 283 bit binary field</li>
|
464
|
+
<li>sect409k1 -- NIST/SECG curve over a 409 bit binary field</li>
|
465
|
+
<li>sect409r1 -- NIST/SECG curve over a 409 bit binary field</li>
|
466
|
+
<li>sect571k1 -- NIST/SECG curve over a 571 bit binary field</li>
|
467
|
+
<li>sect571r1 -- NIST/SECG curve over a 571 bit binary field</li>
|
468
|
+
</ul>
|
469
|
+
|
357
470
|
<h2>Documentation</h2>
|
358
471
|
|
359
|
-
<p>There is
|
472
|
+
<p>There is documentation available for every method and class in r509 available via yardoc. If you installed via gem it should be pre-generated in the doc directory. If you cloned this repo, just type <code>rake yard</code> with the yard gem installed. You will also need the redcarpet and github-markup gems to properly parse the Readme.md. Alternately you can view pre-generated documentation at <a href="http://r509.org">r509.org</a></p>
|
473
|
+
|
474
|
+
<h2>Created by...</h2>
|
475
|
+
|
476
|
+
<p><a href="https://github.com/reaperhulk">Paul Kehrer</a></p>
|
360
477
|
|
361
478
|
<h2>Thanks to...</h2>
|
362
479
|
|
@@ -371,7 +488,7 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
371
488
|
|
372
489
|
<h1>YAML Config Options</h1>
|
373
490
|
|
374
|
-
<p>r509 configs are nested hashes of key:values that define the behavior of each CA. See r509.yaml for a full example config.</p>
|
491
|
+
<p>r509 configs are nested hashes of key:values that define the behavior of each CA. See r509.yaml for a full example config. These options can also be defined programmatically via R509::CAConfig and R509::CAProfile.</p>
|
375
492
|
|
376
493
|
<h2>ca_name</h2>
|
377
494
|
|
@@ -381,7 +498,7 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
381
498
|
|
382
499
|
<ul>
|
383
500
|
<li>cert (cannot use with pkcs12)</li>
|
384
|
-
<li>key (cannot use with
|
501
|
+
<li>key (optional, cannot use with pkcs12)</li>
|
385
502
|
<li>engine (optional, cannot be used with key or pkcs12)</li>
|
386
503
|
<li>key_name (required when using engine)</li>
|
387
504
|
<li>pkcs12 (optional, cannot be used with key or cert)</li>
|
@@ -394,7 +511,7 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
394
511
|
|
395
512
|
<ul>
|
396
513
|
<li>cert (cannot use with pkcs12)</li>
|
397
|
-
<li>key (cannot use with
|
514
|
+
<li>key (optional, cannot use with pkcs12)</li>
|
398
515
|
<li>engine (optional, cannot be used with key or pkcs12)</li>
|
399
516
|
<li>key_name (required when using engine)</li>
|
400
517
|
<li>pkcs12 (optional, cannot be used with key or cert)</li>
|
@@ -403,9 +520,10 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
403
520
|
|
404
521
|
<h3>cdp_location</h3>
|
405
522
|
|
406
|
-
<p>
|
523
|
+
<p>An array of CRL distribution points for certificates issued from this CA.</p>
|
407
524
|
|
408
|
-
<
|
525
|
+
<pre class="code yaml"><code class="yaml">['http://crl.r509.org/myca.crl']
|
526
|
+
</code></pre>
|
409
527
|
|
410
528
|
<h3>crl_list</h3>
|
411
529
|
|
@@ -425,9 +543,17 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
425
543
|
|
426
544
|
<h3>ocsp_location</h3>
|
427
545
|
|
428
|
-
<p>
|
546
|
+
<p>An array of URIs for client OCSP checks. These strings will be scanned and automatically processed to determine their proper type in the certificate.</p>
|
429
547
|
|
430
|
-
<
|
548
|
+
<pre class="code yaml"><code class="yaml">['http://ocsp.r509.org']
|
549
|
+
</code></pre>
|
550
|
+
|
551
|
+
<h3>ca_issuers_location</h3>
|
552
|
+
|
553
|
+
<p>An array of ca issuer locations. These strings will be scanned and automatically processed to determine their proper type in the certificate.</p>
|
554
|
+
|
555
|
+
<pre class="code yaml"><code class="yaml">['http://www.r509.org/some_roots.html']
|
556
|
+
</code></pre>
|
431
557
|
|
432
558
|
<h3>ocsp_chain</h3>
|
433
559
|
|
@@ -447,7 +573,9 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
447
573
|
|
448
574
|
<ul>
|
449
575
|
<li>SHA1 (default)</li>
|
576
|
+
<li>SHA224</li>
|
450
577
|
<li>SHA256</li>
|
578
|
+
<li>SHA384</li>
|
451
579
|
<li>SHA512</li>
|
452
580
|
<li>MD5 (Don't use this unless you have a really, really good reason. Even then, you shouldn't)</li>
|
453
581
|
</ul>
|
@@ -458,11 +586,24 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
458
586
|
|
459
587
|
<h4>basic_constraints</h4>
|
460
588
|
|
461
|
-
<p>All basic constraints are encoded with the critical bit set to true.
|
589
|
+
<p>All basic constraints are encoded with the critical bit set to true. The basic constraints config expects a hash with between one and two keys.</p>
|
590
|
+
|
591
|
+
<h5>ca</h5>
|
592
|
+
|
593
|
+
<p>The ca key is required and must be set to true (for an issuing CA) or false (everything else).</p>
|
594
|
+
|
595
|
+
<h5>path_length</h5>
|
596
|
+
|
597
|
+
<p>This option is only allowed if ca is set to TRUE. path_length allows you to define the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. For example, if you set this value to 0 then the certificate issued can only issue end entity certificates, not additional subroots. This must be a non-negative integer (>=0).</p>
|
598
|
+
|
599
|
+
<pre class="code yaml"><code class="yaml">{ca : true}
|
600
|
+
{ca : false}
|
601
|
+
{ca : true, path_length: 3}
|
602
|
+
</code></pre>
|
462
603
|
|
463
604
|
<h4>key_usage</h4>
|
464
605
|
|
465
|
-
<p>An array of strings that conform to the OpenSSL naming scheme for available key usage OIDs
|
606
|
+
<p>An array of strings that conform to the OpenSSL naming scheme for available key usage OIDs.</p>
|
466
607
|
|
467
608
|
<ul>
|
468
609
|
<li>digitalSignature</li>
|
@@ -487,24 +628,80 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
487
628
|
<li>emailProtection</li>
|
488
629
|
<li>OCSPSigning</li>
|
489
630
|
<li>timeStamping</li>
|
490
|
-
<li>msCodeInd</li>
|
491
|
-
<li>msCodeCom</li>
|
492
|
-
<li>msCTLSign</li>
|
493
|
-
<li>msSGC</li>
|
494
|
-
<li>msEFS</li>
|
495
|
-
<li>nsSGC</li>
|
631
|
+
<li>msCodeInd (not part of RFC 5280)</li>
|
632
|
+
<li>msCodeCom (not part of RFC 5280)</li>
|
633
|
+
<li>msCTLSign (not part of RFC 5280)</li>
|
634
|
+
<li>msSGC (not part of RFC 5280)</li>
|
635
|
+
<li>msEFS (not part of RFC 5280)</li>
|
636
|
+
<li>nsSGC (not part of RFC 5280)</li>
|
496
637
|
</ul>
|
497
638
|
|
498
639
|
<h4>certificate_policies</h4>
|
499
640
|
|
500
|
-
<p>An array of
|
641
|
+
<p>An array of hashes containing policy identifiers, CPS URI(s), and user notice(s)</p>
|
501
642
|
|
502
|
-
<pre class="code yaml"><code>[
|
643
|
+
<pre class="code yaml"><code class="yaml">[
|
644
|
+
{ policy_identifier: "2.16.840.1.99999.21.234",
|
645
|
+
cps_uris: ["http://example.com/cps"]
|
646
|
+
}
|
647
|
+
]
|
503
648
|
</code></pre>
|
504
649
|
|
505
650
|
<p>or</p>
|
506
651
|
|
507
|
-
<pre class="code yaml"><code
|
652
|
+
<pre class="code yaml"><code class="yaml">[
|
653
|
+
{ policy_identifier: "2.16.840.1.99999.21.234",
|
654
|
+
cps_uris: ["http://example.com/cps","http://haha.com"],
|
655
|
+
user_notices: [ { explicit_text: "this is a great thing", organization: "my org", notice_numbers: "1,2,3" } ]
|
656
|
+
},
|
657
|
+
{ policy_identifier: "2.16.840.1.99999.21.235",
|
658
|
+
cps_uris: ["http://example.com/cps2"],
|
659
|
+
user_notices: [ { explicit_text: "this is a bad thing", organization: "another org", notice_numbers: "3,2,1" },{ explicit_text: "another user notice"} ]
|
660
|
+
}
|
661
|
+
]
|
662
|
+
</code></pre>
|
663
|
+
|
664
|
+
<h4>ocsp_no_check</h4>
|
665
|
+
|
666
|
+
<p>This is a boolean option that determines whether the OCSPNoCheck extension should be encoded in certificates issued by the profile. This flag is <em>only</em> meaningful on certificates that contain the OCSPSigning EKU.</p>
|
667
|
+
|
668
|
+
<h4>inhibit_any_policy</h4>
|
669
|
+
|
670
|
+
<p>A non-negative integer value. From RFC 5280: "The inhibit anyPolicy extension can be used in certificates issued to CAs. The inhibit anyPolicy extension indicates that the special anyPolicy OID, with the value { 2 5 29 32 0 }, is not considered an explicit match for other certificate policies except when it appears in an intermediate self-issued CA certificate."</p>
|
671
|
+
|
672
|
+
<h4>policy_constraints</h4>
|
673
|
+
|
674
|
+
<p>A hash with two optional keys (one or both may be present). From RFC 5280: "The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier"</p>
|
675
|
+
|
676
|
+
<pre class="code yaml"><code class="yaml"> { require_explicit_policy: 0, inhibit_policy_mapping: 0 }
|
677
|
+
</code></pre>
|
678
|
+
|
679
|
+
<p>or if you only need one of the keys</p>
|
680
|
+
|
681
|
+
<pre class="code yaml"><code class="yaml"> { inhibit_policy_mapping: 0 }
|
682
|
+
</code></pre>
|
683
|
+
|
684
|
+
<h3>name_constraints</h3>
|
685
|
+
|
686
|
+
<p>From RFC 5280: "The name constraints extension, which MUST be used only in a CA certificate, indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located. Restrictions apply to the subject distinguished name and apply to subject alternative names. Restrictions apply only when the specified name form is present. If no name of the type is in the certificate, the certificate is acceptable.".</p>
|
687
|
+
|
688
|
+
<p>This section is made up of a hash that contains permitted and excluded keys. Each (optional) key in turn has an array of hashes that declare a type and value. Types allowed are defined by R509::ASN1::GeneralName.map_type_to_tag. (examples: DNS, URI, IP, email, dirName)</p>
|
689
|
+
|
690
|
+
<p>Notes:
|
691
|
+
* When supplying IP you <em>must</em> supply a full netmask in addition to an IP.
|
692
|
+
* When supplying dirName the value is an array of arrays structured the same way as input to :subject in R509::CSR.new</p>
|
693
|
+
|
694
|
+
<pre class="code yaml"><code class="yaml">{
|
695
|
+
permitted: [
|
696
|
+
{type: "IP", value: "192.168.0.0/255.255.0.0"},
|
697
|
+
{type: "dirName", value: [['CN','myCN'],['O','Org']]}
|
698
|
+
],
|
699
|
+
excluded: [
|
700
|
+
{type: "email", value: "domain.com"},
|
701
|
+
{type: "URI", value: ".net"},
|
702
|
+
{type: "DNS", value: "test.us"}
|
703
|
+
]
|
704
|
+
}
|
508
705
|
</code></pre>
|
509
706
|
|
510
707
|
<h4>subject_item_policy</h4>
|
@@ -512,7 +709,7 @@ To install the gem: <code>gem install r509-(version).gem</code></p>
|
|
512
709
|
<p>Hash of required/optional subject items. These must be in OpenSSL shortname format. If subject_item_policy is excluded from the profile then all subject items will be used. If it is included, <strong>only items listed in the policy will be copied to the certificate</strong>.
|
513
710
|
Example:</p>
|
514
711
|
|
515
|
-
<pre class="code yaml"><code>CN : "required",
|
712
|
+
<pre class="code yaml"><code class="yaml">CN : "required",
|
516
713
|
O: "required",
|
517
714
|
OU: "optional",
|
518
715
|
ST: "required",
|
@@ -521,13 +718,13 @@ L: "required",
|
|
521
718
|
emailAddress: "optional"
|
522
719
|
</code></pre>
|
523
720
|
|
524
|
-
<p>If you use the R509::
|
721
|
+
<p>If you use the R509::OIDMapper you can create new shortnames that are allowed within this directive.</p>
|
525
722
|
</div></div>
|
526
723
|
|
527
724
|
<div id="footer">
|
528
|
-
Generated on
|
725
|
+
Generated on Tue Apr 16 10:49:55 2013 by
|
529
726
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
530
|
-
0.8.
|
727
|
+
0.8.5 (ruby-1.9.3).
|
531
728
|
</div>
|
532
729
|
|
533
730
|
</body>
|