Class: R509::Cert::Extensions::AuthorityInfoAccess

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::AuthorityInfoAccess

Includes:

ValidationMixin

Defined in:

lib/r509/cert/extensions/authority_info_access.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The authority information access extension indicates how to access information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. (The location of CRLs is not specified in this extension; that information is provided by the cRLDistributionPoints extension.) This extension may be included in end entity or CA certificates. Conforming CAs MUST mark this extension as non-critical. You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for AIA OID

"authorityInfoAccess"

Instance Attribute Summary

• #ca_issuers ⇒ R509::ASN1::GeneralNames^? readonly

  An R509::ASN1::GeneralNames object of CA Issuers (or nil if not present).

• #ocsp ⇒ R509::ASN1::GeneralNames^? readonly

  An R509::ASN1::GeneralNames object of OCSP endpoints (or nil if not present).

Instance Method Summary

• #initialize(arg) ⇒ AuthorityInfoAccess constructor

  This method takes a hash or an existing Extension object to parse.

• #to_h ⇒ Hash
• #to_yaml ⇒ YAML

Constructor Details

#initialize(arg) ⇒ AuthorityInfoAccess

This method takes a hash or an existing Extension object to parse. If passing a hash you must supply :ocsp_location and/or :ca_issuers_location. These values must be in the form seen in the examples below.

Examples:

R509::Cert::Extensions::AuthorityInfoAccess.new(
  :ocsp_location => [
    { :type => "URI", :value => "http://ocsp.domain.com" }
  ],
  :ca_issuers_location => [
    {
      :type => "dirName",
      :value => { :CN => 'myCN', :O => 'some Org' }
    }
  ]
)

name = R509::ASN1::GeneralName.new(
  :type => "IP", :value => "127.0.0.1"
)
R509::Cert::Extensions::AuthorityInfoAccess.new(
  :ca_issuers_location => [name]
)

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :ocsp_location (Array, R509::ASN1::GeneralNames) —

  Array of hashes (see examples) or GeneralNames object

• :ca_issuers_location (Array) —

  Array of hashes (see examples) or GeneralNames object

• :critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/authority_info_access.rb', line 64

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

#ca_issuers ⇒ R509::ASN1::GeneralNames^? (readonly)

An R509::ASN1::GeneralNames object of CA Issuers (or nil if not

present)

Returns:

• (R509::ASN1::GeneralNames, nil)

# File 'lib/r509/cert/extensions/authority_info_access.rb', line 33

def ca_issuers
  @ca_issuers
end

#ocsp ⇒ R509::ASN1::GeneralNames^? (readonly)

An R509::ASN1::GeneralNames object of OCSP endpoints (or nil if not

present)

Returns:

• (R509::ASN1::GeneralNames, nil)

# File 'lib/r509/cert/extensions/authority_info_access.rb', line 29

def ocsp
  @ocsp
end

Instance Method Details

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/cert/extensions/authority_info_access.rb', line 74

def to_h
  hash = { :critical => self.critical? }
  unless @ocsp.names.empty?
    hash[:ocsp_location] = R509::Cert::Extensions.names_to_h(
      @ocsp.names
    )
  end
  unless @ca_issuers.names.empty?
    hash[:ca_issuers_location] = R509::Cert::Extensions.names_to_h(
      @ca_issuers.names
    )
  end
  hash
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/cert/extensions/authority_info_access.rb', line 90

def to_yaml
  self.to_h.to_yaml
end