Class: R509::CertificateAuthority::OptionsBuilder

Inherits:

Object

• Object
• R509::CertificateAuthority::OptionsBuilder

Defined in:

lib/r509/certificate_authority/options_builder.rb

Overview

A class to build hashes to send to the R509::CertificateAuthority::Signer. These are built from R509::Config::CertProfile objects and additional data supplied to the #build_and_enforce method.

Instance Method Summary

• #build_and_enforce(options) ⇒ Hash

  Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer.

• #initialize(config) ⇒ OptionsBuilder constructor

  A new instance of OptionsBuilder.

Constructor Details

#initialize(config) ⇒ OptionsBuilder

Returns a new instance of OptionsBuilder

# File 'lib/r509/certificate_authority/options_builder.rb', line 4

def initialize(config)
  unless config.is_a?(R509::Config::CAConfig)
    raise ArgumentError, "You must supply a R509::Config::CAConfig object to this class at instantiation"
  end
  @config = config
end

Instance Method Details

#build_and_enforce(options) ⇒ Hash

Returns Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer

Parameters:

• options (Hash) —

  a customizable set of options

Options Hash (options):

• :profile_name (String) —

  Name of profile to use

• :csr (R509::CSR)
• :spki (R509::SPKI)
• :subject (R509::Subject, OpenSSL::X509::Subject, Array) — default: optional for R509::CSR, required for R509::SPKI
• :message_digest (String) —

  the message digest to use for this certificate instead of the default (see R509::MessageDigest::DEFAULT_MD).

• :extensions (Array) —

  An optional array of R509::Cert::Extensions::* objects. These will be merged with the extensions from the profile. If an extension in this array is also present in the profile, *the supplied extension will override the profile*.

• :not_before (Time) —

  the notBefore for the certificate

• :not_after (Time) —

  the notAfter for the certificate

Returns:

• (Hash) —

  Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer

# File 'lib/r509/certificate_authority/options_builder.rb', line 20

def build_and_enforce(options)
  profile = @config.profile(options[:profile_name])

  R509::CertificateAuthority::Signer.check_options(options)

  if (options.key?(:csr) && !options[:csr].verify_signature) ||
     (options.key?(:spki) && !options[:spki].verify_signature)
    raise R509::R509Error, "Request signature is invalid."
  end

  raw_subject, public_key = R509::CertificateAuthority::Signer.extract_public_key_subject(options)

  message_digest = enforce_md(options[:message_digest], profile)
  subject = enforce_subject_item_policy(raw_subject, profile)
  enforce_not_after(options[:not_after])

  extensions = build_and_merge_extensions(options, profile, public_key)

  build_hash(subject, extensions, message_digest, options)
end