add helper to retrieve OCSP URIs from Certificate

add helper to access information and services for the issuer of the Certificate
author: thekuwayama <thekuwayama@gmail.com> 2019-11-16 11:21:10 +0900
committer: Samuel Williams <samuel.williams@oriontransfer.co.nz> 2019-11-19 18:11:11 +0900
commit: dad064cfcebb25f76df0aafeb17ba746a6a6b1a2 (patch)
tree: 9921ff2b63dd45c41b65c843b8e2f664e8743758 /lib
parent: 1eacf2961342e6ef2f6079870aa664049dabc28a (diff)
download: ruby-openssl-dad064cfcebb25f76df0aafeb17ba746a6a6b1a2.tar.gz
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
index 9f6a5cd6..8ef55925 100644
--- a/lib/openssl/x509.rb
+++ b/lib/openssl/x509.rb
@@ -164,6 +164,49 @@ module OpenSSL
           crl_uris&.map(&:value)
         end
       end
+
+      module AuthorityInfoAccess
+        include Helpers
+
+        def ca_issuer_uris
+          aia_asn1 = parse_aia_asn1
+          return nil if aia_asn1.nil?
+
+          if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
+            raise ASN1::ASN1Error, "invalid extension"
+          end
+
+          ca_issuer = aia_asn1.value.select do |authority_info_access|
+            authority_info_access.value.first.value == "caIssuers"
+          end
+
+          ca_issuer&.map(&:value)&.map(&:last)&.map(&:value)
+        end
+
+        def ocsp_uris
+          aia_asn1 = parse_aia_asn1
+          return nil if aia_asn1.nil?
+
+          ocsp = aia_asn1.value.select do |authority_info_access|
+            authority_info_access.value.first.value == "OCSP"
+          end
+
+          ocsp&.map(&:value)&.map(&:last)&.map(&:value)
+        end
+
+        private
+        def parse_aia_asn1
+          ext = find_extension("authorityInfoAccess")
+          return nil if ext.nil?
+
+          aia_asn1 = ASN1.decode(ext.value_der)
+          if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
+            raise ASN1::ASN1Error, "invalid extension"
+          end
+
+          aia_asn1
+        end
+      end
     end
 
     class Name
@@ -291,6 +334,7 @@ module OpenSSL
       include Extension::SubjectKeyIdentifier
       include Extension::AuthorityKeyIdentifier
       include Extension::CRLDistributionPoints
+      include Extension::AuthorityInfoAccess
 
       def pretty_print(q)
         q.object_group(self) {
author	thekuwayama <thekuwayama@gmail.com>	2019-11-16 11:21:10 +0900
committer	Samuel Williams <samuel.williams@oriontransfer.co.nz>	2019-11-19 18:11:11 +0900
commit	dad064cfcebb25f76df0aafeb17ba746a6a6b1a2 (patch)
tree	9921ff2b63dd45c41b65c843b8e2f664e8743758 /lib
parent	1eacf2961342e6ef2f6079870aa664049dabc28a (diff)
download	ruby-openssl-dad064cfcebb25f76df0aafeb17ba746a6a6b1a2.tar.gz