Class: R509::Cert::Extensions::KeyUsage

Inherits:
OpenSSL::X509::Extension
  • Object
show all
Defined in:
lib/r509/cert/extensions.rb

Overview

Implements the KeyUsage certificate extension, with methods to provide access to the components and meaning of the extension's contents.

Constant Summary

OID =

friendly name for KeyUsage OID

"keyUsage"
AU_DIGITAL_SIGNATURE =

OpenSSL short name for Digital Signature

"digitalSignature"
AU_NON_REPUDIATION =

OpenSSL short name for Non Repudiation (also known as content commitment)

"nonRepudiation"
AU_KEY_ENCIPHERMENT =

OpenSSL short name for Key Encipherment

"keyEncipherment"
AU_DATA_ENCIPHERMENT =

OpenSSL short name for Data Encipherment

"dataEncipherment"
AU_KEY_AGREEMENT =

OpenSSL short name for Key Agreement

"keyAgreement"
AU_KEY_CERT_SIGN =

OpenSSL short name for Certificate Sign

"keyCertSign"
AU_CRL_SIGN =

OpenSSL short name for CRL Sign

"cRLSign"
AU_ENCIPHER_ONLY =

OpenSSL short name for Encipher Only

"encipherOnly"
AU_DECIPHER_ONLY =

OpenSSL short name for Decipher Only

"decipherOnly"

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (KeyUsage) initialize(*args)

See OpenSSL::X509::Extension#initialize



96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/r509/cert/extensions.rb', line 96

def initialize(*args)
  super(*args)

  data = R509::ASN1.get_extension_payload(self)

  # There are 9 possible bits, which means we need 2 bytes
  # to represent them all. When the last bit is not set
  # the second byte is not encoded. let's add it back so we can
  # have the full bitmask for comparison
  if data.size == 1
    data = data + "\0"
  end
  bit_mask = data.unpack('n')[0] # treat it as a 16-bit unsigned big endian
  #      KeyUsage ::= BIT STRING {
  #           digitalSignature        (0),
  #           nonRepudiation          (1), -- recent editions of X.509 have
  #                                -- renamed this bit to contentCommitment
  #           keyEncipherment         (2),
  #           dataEncipherment        (3),
  #           keyAgreement            (4),
  #           keyCertSign             (5),
  #           cRLSign                 (6),
  #           encipherOnly            (7),
  #           decipherOnly            (8) }
  @allowed_uses = []
  if bit_mask & 0b1000000000000000 > 0
    @digital_signature = true
    @allowed_uses << AU_DIGITAL_SIGNATURE
  end
  if bit_mask & 0b0100000000000000 > 0
    @non_repudiation = true
    @allowed_uses << AU_NON_REPUDIATION
  end
  if bit_mask & 0b0010000000000000 > 0
    @key_encipherment = true
    @allowed_uses << AU_KEY_ENCIPHERMENT
  end
  if bit_mask & 0b0001000000000000 > 0
    @data_encipherment = true
    @allowed_uses << AU_DATA_ENCIPHERMENT
  end
  if bit_mask & 0b0000100000000000 > 0
    @key_agreement = true
    @allowed_uses << AU_KEY_AGREEMENT
  end
  if bit_mask & 0b0000010000000000 > 0
    @key_cert_sign = true
    @allowed_uses << AU_KEY_CERT_SIGN
  end
  if bit_mask & 0b0000001000000000 > 0
    @crl_sign = true
    @allowed_uses << AU_CRL_SIGN
  end
  if bit_mask & 0b0000000100000000 > 0
    @encipher_only = true
    @allowed_uses << AU_ENCIPHER_ONLY
  end
  if bit_mask & 0b0000000010000000 > 0
    @decipher_only = true
    @allowed_uses << AU_DECIPHER_ONLY
  end
end

Instance Attribute Details

- (Object) allowed_uses (readonly)

An array of the key uses allowed.



74
75
76
 
# File 'lib/r509/cert/extensions.rb', line 74

def allowed_uses
  @allowed_uses
end

Instance Method Details

- (Boolean) allows?(friendly_use_name)

Returns true if the given use is allowed by this extension.

Parameters:

  • friendly_use_name (String)

    key usage short name (e.g. digitalSignature, cRLSign, etc) or one of the AU_* constants in this class

Returns:

  • (Boolean) 


163
164
165
 
# File 'lib/r509/cert/extensions.rb', line 163

def allows?( friendly_use_name )
  @allowed_uses.include?( friendly_use_name )
end

- (Boolean) crl_sign?

Returns:

  • (Boolean) 


191
192
193
 
# File 'lib/r509/cert/extensions.rb', line 191

def crl_sign?
  (@crl_sign == true)
end

- (Boolean) data_encipherment?

Returns:

  • (Boolean) 


179
180
181
 
# File 'lib/r509/cert/extensions.rb', line 179

def data_encipherment?
  (@data_encipherment == true)
end

- (Boolean) decipher_only?

Returns:

  • (Boolean) 


199
200
201
 
# File 'lib/r509/cert/extensions.rb', line 199

def decipher_only?
  (@decipher_only == true)
end

- (Boolean) digital_signature?

Returns:

  • (Boolean) 


167
168
169
 
# File 'lib/r509/cert/extensions.rb', line 167

def digital_signature?
  (@digital_signature == true)
end

- (Boolean) encipher_only?

Returns:

  • (Boolean) 


195
196
197
 
# File 'lib/r509/cert/extensions.rb', line 195

def encipher_only?
  (@encipher_only == true)
end

- (Boolean) key_agreement?

Returns:

  • (Boolean) 


183
184
185
 
# File 'lib/r509/cert/extensions.rb', line 183

def key_agreement?
  (@key_agreement == true)
end

- (Boolean) key_cert_sign?

Returns:

  • (Boolean) 


187
188
189
 
# File 'lib/r509/cert/extensions.rb', line 187

def key_cert_sign?
  (@key_cert_sign == true)
end

- (Boolean) key_encipherment?

Returns:

  • (Boolean) 


175
176
177
 
# File 'lib/r509/cert/extensions.rb', line 175

def key_encipherment?
  (@key_encipherment == true)
end

- (Boolean) non_repudiation?

Returns:

  • (Boolean) 


171
172
173
 
# File 'lib/r509/cert/extensions.rb', line 171

def non_repudiation?
  (@non_repudiation == true)
end