Class: R509::Config::SubjectItemPolicy

Inherits:

Object

• Object
• R509::Config::SubjectItemPolicy

Defined in:

lib/r509/config/subject_item_policy.rb

Overview

The Subject Item Policy allows you to define what subject fields are allowed in a certificate. Required means that field must be supplied, optional means it will be encoded if provided, and match means the field must be present and must match the value specified.

Using R509::OIDMapper you can create new shortnames that will be usable inside this class.

Instance Attribute Summary

• #match ⇒ Array readonly
• #match_values ⇒ Array readonly
• #optional ⇒ Array readonly
• #required ⇒ Array readonly

Instance Method Summary

• #initialize(hash = {}) ⇒ SubjectItemPolicy constructor

  A new instance of SubjectItemPolicy.

• #to_h ⇒ Hash
• #to_yaml ⇒ YAML
• #validate_subject(subject) ⇒ R509::Subject

  Validated version of the subject or error.

Constructor Details

#initialize(hash = {}) ⇒ SubjectItemPolicy

Returns a new instance of SubjectItemPolicy

Examples:

sample hash

{"CN" => { :policy => "required" },
"O" => { :policy => "required" },
"OU" => { :policy => "optional" },
"ST" => { :policy => "required" },
"C" => { :policy => "required" },
"L" => { :policy => "match", :value => "Chicago" },
"emailAddress" => { :policy => "optional" }

Parameters:

• hash (Hash) (defaults to: {}) —

  of required/optional/matching subject items. These must be in OpenSSL shortname format.

# File 'lib/r509/config/subject_item_policy.rb', line 33

def initialize(hash = {})
  unless hash.is_a?(Hash)
    raise ArgumentError, "Must supply a hash in form 'shortname'=>hash_with_policy_info"
  end
  @required = []
  @optional = []
  @match_values = {}
  @match = []
  return if hash.empty?
  hash.each_pair do |key, value|
    unless value.is_a?(Hash)
      raise ArgumentError, "Each value must be a hash with a :policy key"
    end
    case value[:policy]
    when 'required' then @required.push(key)
    when 'optional' then @optional.push(key)
    when 'match' then
      @match_values[key] = value[:value]
      @match.push(key)
    else
      raise ArgumentError, "Unknown subject item policy value. Allowed values are required, optional, or match"
    end
  end
end

Instance Attribute Details

#match ⇒ Array (readonly)

Returns:

• (Array)

# File 'lib/r509/config/subject_item_policy.rb', line 22

def match
  @match
end

#match_values ⇒ Array (readonly)

Returns:

• (Array)

# File 'lib/r509/config/subject_item_policy.rb', line 22

def match_values
  @match_values
end

#optional ⇒ Array (readonly)

Returns:

• (Array)

# File 'lib/r509/config/subject_item_policy.rb', line 22

def optional
  @optional
end

#required ⇒ Array (readonly)

Returns:

• (Array)

# File 'lib/r509/config/subject_item_policy.rb', line 22

def required
  @required
end

Instance Method Details

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/config/subject_item_policy.rb', line 73

def to_h
  hash = {}
  @required.each { |r| hash[r] = { :policy => "required" } }
  @optional.each { |o| hash[o] = { :policy => "optional" } }
  @match.each { |m| hash[m] = { :policy => "match", :value => @match_values[m] } }
  hash
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/config/subject_item_policy.rb', line 82

def to_yaml
  self.to_h.to_yaml
end

#validate_subject(subject) ⇒ R509::Subject

Returns validated version of the subject or error

Parameters:

• subject (R509::Subject)

Returns:

• (R509::Subject) —

  validated version of the subject or error

# File 'lib/r509/config/subject_item_policy.rb', line 60

def validate_subject(subject)
  # check if match components are present and match
  validate_match(subject)
  validate_required_match(subject)

  # the validated subject contains only those subject components that are either
  # required, optional, or match
  R509::Subject.new(subject.to_a.select do |item|
    @required.include?(item[0]) || @optional.include?(item[0]) || @match.include?(item[0])
  end)
end