Class: R509::Cert::Extensions::NameConstraints

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::NameConstraints

show all

Defined in:

lib/r509/cert/extensions.rb

Overview

Constant Summary

OID =

friendly name for CP OID

"nameConstraints"

Instance Attribute Summary (collapse)

• - (Object) excluded_names readonly

  Returns the value of attribute excluded_names.

• - (Object) permitted_names readonly

  Returns the value of attribute permitted_names.

Instance Method Summary (collapse)

• - (NameConstraints) initialize(*args) constructor

  id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }.

NameConstraints ::= SEQUENCE {
     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }

GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

GeneralSubtree ::= SEQUENCE {
     base                    GeneralName,
     minimum         [0]     BaseDistance DEFAULT 0,
     maximum         [1]     BaseDistance OPTIONAL }

BaseDistance ::= INTEGER (0..MAX)

605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624

# File 'lib/r509/cert/extensions.rb', line 605

def initialize(*args)
  super(*args)

  @permitted_names = []
  @excluded_names = []

  data = R509::ASN1.get_extension_payload(self)
  data.each do |gs|
    gs.value.each do |asn_data|
      asn_data.value.each do |obj|
        gn = R509::ASN1::GeneralName.new(obj)
        if gs.tag == 0 # permittedSubtrees
        @permitted_names << gn
        elsif gs.tag == 1 #excludedSubtrees
          @excluded_names << gn
        end
      end
    end
  end
end

586
587
588

# File 'lib/r509/cert/extensions.rb', line 586

def excluded_names
  @excluded_names
end

586
587
588

# File 'lib/r509/cert/extensions.rb', line 586

def permitted_names
  @permitted_names
end