diff options
author | Ben Toews <mastahyeti@gmail.com> | 2019-06-27 09:15:39 -0600 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-09-27 17:57:31 +1200 |
commit | 1219f70f4a5e0cf463f4929278d10943af18f6eb (patch) | |
tree | 7b176ea883f2d7cbcef9d9cbfb6e73c52be853c8 /lib | |
parent | ea702a106d3d8136c48f244593de95666be0edf9 (diff) | |
download | ruby-openssl-1219f70f4a5e0cf463f4929278d10943af18f6eb.tar.gz |
simplify AKI parsing to only return keyIdentifier field
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl/x509.rb | 70 |
1 files changed, 10 insertions, 60 deletions
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 89f15933..4f3a4337 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -65,28 +65,16 @@ module OpenSSL def find_extension(oid) extensions.find { |e| e.oid == oid } end - - def x509_name_from_general_name(gn_asn1) - unless gn_asn1.tag_class == :CONTEXT_SPECIFIC - raise ASN1::ASN1Error "invalid GeneralName" - end - - if gn_asn1.tag == 4 - Name.new(gn_asn1.value.first.to_der) - else - # TODO: raise error instead of returning nil? - # this is some other kind of general name. - nil - end - end end module SubjectKeyIdentifier include Helpers - # Described in RFC5280 Section 4.2.1.2 + # Get the subject's key identifier from the subjectKeyIdentifier + # exteension, as described in RFC5280 Section 4.2.1.2. # - # Returns a binary String key identifier or nil. + # Returns the binary String key identifier or nil or raises + # ASN1::ASN1Error. def subject_key_identifier ext = find_extension("subjectKeyIdentifier") return nil if ext.nil? @@ -103,10 +91,12 @@ module OpenSSL module AuthorityKeyIdentifier include Helpers - # Described in RFC5280 Section 4.2.1.1 + # Get the issuing certificate's key identifier from the + # authorityKeyIdentifier extension, as described in RFC5280 + # Section 4.2.1.1 # - # Returns a Hash with keys :key_identifier, :authority_cert_issuer, - # and :authority_cert_serial_number. + # Returns the binary String keyIdentifier or nil or raises + # ASN1::ASN1Error. def authority_key_identifier ext = find_extension("authorityKeyIdentifier") return nil if ext.nil? @@ -116,51 +106,11 @@ module OpenSSL raise ASN1::ASN1Error "invalid extension" end - fields = {} - key_id = aki_asn1.value.find do |v| v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0 end - issuer = aki_asn1.value.find do |v| - v.tag_class == :CONTEXT_SPECIFIC && v.tag == 1 - end - - serial = aki_asn1.value.find do |v| - v.tag_class == :CONTEXT_SPECIFIC && v.tag == 2 - end - - # must have neither or both of issuer and serial - if (!issuer.nil? && serial.nil?) || (issuer.nil? && !serial.nil?) - raise ASN1::ASN1Error "invalid extension" - end - - fields[:key_identifier] = if !key_id.nil? - key_id.value - else - nil - end - - fields[:authority_cert_issuer] = if !issuer.nil? - # TODO raise if there are more than one values? GeneralNames is a - # SEQUENCE. - x509_name_from_general_name(issuer.value.first) - else - nil - end - - fields[:authority_cert_serial_number] = if !serial.nil? - # encode/decode as integer to get value parsed as BN - ASN1.decode(ASN1::ASN1Data.new( - serial.value, - ASN1::INTEGER, - :UNIVERSAL - ).to_der).value - else - nil - end - - fields + key_id.nil? ? nil : key_id.value end end end |