diff options
author | thekuwayama <thekuwayama@gmail.com> | 2019-11-16 11:21:10 +0900 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-19 18:11:11 +0900 |
commit | dad064cfcebb25f76df0aafeb17ba746a6a6b1a2 (patch) | |
tree | 9921ff2b63dd45c41b65c843b8e2f664e8743758 /lib | |
parent | 1eacf2961342e6ef2f6079870aa664049dabc28a (diff) | |
download | ruby-openssl-dad064cfcebb25f76df0aafeb17ba746a6a6b1a2.tar.gz |
add helper to retrieve OCSP URIs from Certificate
add helper to access information and services for the issuer of the Certificate
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl/x509.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 9f6a5cd6..8ef55925 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -164,6 +164,49 @@ module OpenSSL crl_uris&.map(&:value) end end + + module AuthorityInfoAccess + include Helpers + + def ca_issuer_uris + aia_asn1 = parse_aia_asn1 + return nil if aia_asn1.nil? + + if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE + raise ASN1::ASN1Error, "invalid extension" + end + + ca_issuer = aia_asn1.value.select do |authority_info_access| + authority_info_access.value.first.value == "caIssuers" + end + + ca_issuer&.map(&:value)&.map(&:last)&.map(&:value) + end + + def ocsp_uris + aia_asn1 = parse_aia_asn1 + return nil if aia_asn1.nil? + + ocsp = aia_asn1.value.select do |authority_info_access| + authority_info_access.value.first.value == "OCSP" + end + + ocsp&.map(&:value)&.map(&:last)&.map(&:value) + end + + private + def parse_aia_asn1 + ext = find_extension("authorityInfoAccess") + return nil if ext.nil? + + aia_asn1 = ASN1.decode(ext.value_der) + if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE + raise ASN1::ASN1Error, "invalid extension" + end + + aia_asn1 + end + end end class Name @@ -291,6 +334,7 @@ module OpenSSL include Extension::SubjectKeyIdentifier include Extension::AuthorityKeyIdentifier include Extension::CRLDistributionPoints + include Extension::AuthorityInfoAccess def pretty_print(q) q.object_group(self) { |