diff options
author | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-03 13:59:03 +0000 |
---|---|---|
committer | GOTOU Yuuzou <gotoyuzo@notwork.org> | 2003-07-03 13:59:03 +0000 |
commit | 79145c311e446c0409ee7986d44f9994cd5c6566 (patch) | |
tree | 12cc4a62fdc3c4c006fc791bfefe1e34a232b894 | |
parent | cc2506848915869c8e3c6c4b0a9a6786a225fb92 (diff) | |
download | ruby-openssl-history-79145c311e446c0409ee7986d44f9994cd5c6566.tar.gz |
*** empty log message ***
-rwxr-xr-x | examples/gen_ca_cert.rb | 16 | ||||
-rwxr-xr-x | examples/gen_cert.rb | 9 | ||||
-rwxr-xr-x | examples/ossl_x509store.rb | 21 |
3 files changed, 30 insertions, 16 deletions
diff --git a/examples/gen_ca_cert.rb b/examples/gen_ca_cert.rb index 1e1b8db..02a0417 100755 --- a/examples/gen_ca_cert.rb +++ b/examples/gen_ca_cert.rb @@ -34,15 +34,19 @@ cert.public_key = key cert.serial = 0 cert.version = 2 # X509v3 +key_usage = [ "cRLSign", "keyCertSign" ] +ext = [] ef = X509::ExtensionFactory.new ef.subject_certificate = cert -ext1 = ef.create_extension("basicConstraints", "CA:TRUE") -ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") -ext3 = ef.create_extension("subjectKeyIdentifier", "hash") -cert.extensions = [ext1, ext2, ext3] +ext << ef.create_extension("basicConstraints", "CA:TRUE", true) +ext << ef.create_extension("keyUsage", key_usage.join(","), true) +ext << ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") +ext << ef.create_extension("subjectKeyIdentifier", "hash") +cert.extensions = ext ef.issuer_certificate = cert # we needed subjectKeyInfo inside, now we have it -ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") -cert.add_extension(ext4) +ext_auth_key_id = + ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") +cert.add_extension(ext_auth_key_id) cert.sign(key, Digest::SHA1.new) cert_file = "./#{cert.serial}cert.pem" diff --git a/examples/gen_cert.rb b/examples/gen_cert.rb index 4706b7a..c9a6c42 100755 --- a/examples/gen_cert.rb +++ b/examples/gen_cert.rb @@ -71,14 +71,11 @@ when "oscp" basic_constraint = "CA:FALSE" key_usage << "nonRepudiation" << "digitalSignature" << "keyEncipherment" key_usage << "dataEncipherment" - ext_key_usage << "serverAuth" - ext_key_usage << "OCSPSigning" + ext_key_usage << "serverAuth" << "OCSPSigning" when "user" basic_constraint = "CA:FALSE" key_usage << "nonRepudiation" << "digitalSignature" << "keyEncipherment" - ext_key_usage << "clientAuth" - ext_key_usage << "codeSigning" - ext_key_usage << "emailProtection" + ext_key_usage << "clientAuth" << "codeSigning" << "emailProtection" else raise "unknonw cert type \"#{cert_type}\" is specified." end @@ -90,7 +87,7 @@ ef.issuer_certificate = ca ext << ef.create_extension("basicConstraints", basic_constraint, true) ext << ef.create_extension("keyUsage", key_usage.join(","), true) if ext_key_usage.size > 0 - ext << ef.create_extension("extendedKeyUsage", ext_key_usage.join(","), true) + ext << ef.create_extension("extendedKeyUsage", ext_key_usage.join(","), false) end ext << ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") ext << ef.create_extension("subjectKeyIdentifier", "hash") diff --git a/examples/ossl_x509store.rb b/examples/ossl_x509store.rb index a569298..86160ef 100755 --- a/examples/ossl_x509store.rb +++ b/examples/ossl_x509store.rb @@ -61,15 +61,28 @@ certfiles = ARGV certs = certfiles.collect{|file| X509::Certificate.new(File.read(file)) } certs.each{|cert| puts "Cert = #{cert.subject}, serial = #{cert.serial}" - cert.extensions.each{|ext| p ext.to_a } + #cert.extensions.each{|ext| p ext.to_a } print "Is Cert signed by CA?..." - puts cert.verify(ca.public_key) ? "Yes" : "No" + puts cert.verify(ca.public_key) ? "OK" : "NG" } puts "========== Create Cert Store and Verify Certs ==========" store = X509::Store.new -store.purpose = X509::PURPOSE_SSL_CLIENT -store.verify_callback = verify_cb if $VERBOSE +#store.purpose = X509::PURPOSE_SSL_CLIENT +#store.purpose = X509::PURPOSE_SSL_SERVER +#store.purpose = X509::PURPOSE_NS_SSL_SERVER +store.purpose = X509::PURPOSE_SMIME_SIGN +#store.purpose = X509::PURPOSE_SMIME_ENCRYPT +#store.purpose = X509::PURPOSE_CRL_SIGN +#store.purpose = X509::PURPOSE_ANY +#store.purpose = X509::PURPOSE_OCSP_HELPER +#store.trust = X509::TRUST_COMPAT +#store.trust = X509::TRUST_SSL_CLIENT +#store.trust = X509::TRUST_SSL_SERVER +#store.trust = X509::TRUST_EMAIL +#store.trust = X509::TRUST_OBJECT_SIGN +#store.trust = X509::TRUST_OCSP_SIGN +#store.trust = X509::TRUST_OCSP_REQUEST store.add_cert(ca) #store.add_path("./cert") #store.add_file("./0cert.pem") |