Class: R509::Config::CaConfig
- Inherits:
-
Object
- Object
- R509::Config::CaConfig
- Extended by:
- IOHelpers
- Includes:
- IOHelpers
- Defined in:
- lib/r509/config.rb
Overview
Stores a configuration for our CA.
Instance Attribute Summary (collapse)
-
- (Object) ca_cert
Returns the value of attribute ca_cert.
-
- (Object) cdp_location
Returns the value of attribute cdp_location.
-
- (Object) crl_list_file
Returns the value of attribute crl_list_file.
-
- (Object) crl_number_file
Returns the value of attribute crl_number_file.
-
- (Object) crl_start_skew_seconds
Returns the value of attribute crl_start_skew_seconds.
-
- (Object) crl_validity_hours
Returns the value of attribute crl_validity_hours.
-
- (Object) message_digest
Returns the value of attribute message_digest.
-
- (Object) ocsp_chain
Returns the value of attribute ocsp_chain.
-
- (Object) ocsp_location
Returns the value of attribute ocsp_location.
-
- (Object) ocsp_start_skew_seconds
Returns the value of attribute ocsp_start_skew_seconds.
-
- (Object) ocsp_validity_hours
Returns the value of attribute ocsp_validity_hours.
Class Method Summary (collapse)
-
+ (Object) from_yaml(conf_name, yaml_data, opts = {})
Loads the named configuration config from a yaml string.
-
+ (Object) load_from_hash(conf, opts = {})
Load the configuration from a data hash.
-
+ (Object) load_yaml(conf_name, yaml_file, opts = {})
Loads the named configuration config from a yaml file.
Instance Method Summary (collapse)
-
- (CaConfig) initialize(opts = {})
constructor
OCSP signing delegate that constitutes the chain to attach to an OCSP response.
-
- (Integer) num_profiles
The number of profiles.
-
- (R509::Cert) ocsp_cert
Either a custom OCSP cert or the ca_cert.
-
- (R509::Config::CaProfile) profile(prof)
The config profile.
- - (Object) set_profile(name, prof)
Methods included from IOHelpers
read_data, read_data, write_data, write_data
Constructor Details
- (CaConfig) initialize(opts = {})
OCSP signing delegate that constitutes the chain to attach to an OCSP response
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 |
# File 'lib/r509/config.rb', line 150 def initialize(opts = {} ) if not opts.has_key?(:ca_cert) then raise ArgumentError, 'Config object requires that you pass :ca_cert' end @ca_cert = opts[:ca_cert] if not @ca_cert.kind_of?(R509::Cert) then raise ArgumentError, ':ca_cert must be of type R509::Cert' end #ocsp data if opts.has_key?(:ocsp_cert) and not opts[:ocsp_cert].kind_of?(R509::Cert) and not opts[:ocsp_cert].nil? raise ArgumentError, ':ocsp_cert, if provided, must be of type R509::Cert' end if opts.has_key?(:ocsp_cert) and not opts[:ocsp_cert].nil? and not opts[:ocsp_cert].has_private_key? raise ArgumentError, ':ocsp_cert must contain a private key, not just a certificate' end @ocsp_cert = opts[:ocsp_cert] unless opts[:ocsp_cert].nil? @ocsp_location = opts[:ocsp_location] @ocsp_chain = opts[:ocsp_chain] if opts[:ocsp_chain].kind_of?(Array) @ocsp_validity_hours = opts[:ocsp_validity_hours] || 168 @ocsp_start_skew_seconds = opts[:ocsp_start_skew_seconds] || 3600 @crl_validity_hours = opts[:crl_validity_hours] || 168 @crl_start_skew_seconds = opts[:crl_start_skew_seconds] || 3600 @crl_number_file = opts[:crl_number_file] || nil @crl_list_file = opts[:crl_list_file] || nil @cdp_location = opts[:cdp_location] @message_digest = opts[:message_digest] || "SHA1" @profiles = {} if opts[:profiles] opts[:profiles].each_pair do |name, prof| set_profile(name, prof) end end end |
Instance Attribute Details
- (Object) ca_cert
Returns the value of attribute ca_cert
130 131 132 |
# File 'lib/r509/config.rb', line 130 def ca_cert @ca_cert end |
- (Object) cdp_location
Returns the value of attribute cdp_location
130 131 132 |
# File 'lib/r509/config.rb', line 130 def cdp_location @cdp_location end |
- (Object) crl_list_file
Returns the value of attribute crl_list_file
130 131 132 |
# File 'lib/r509/config.rb', line 130 def crl_list_file @crl_list_file end |
- (Object) crl_number_file
Returns the value of attribute crl_number_file
130 131 132 |
# File 'lib/r509/config.rb', line 130 def crl_number_file @crl_number_file end |
- (Object) crl_start_skew_seconds
Returns the value of attribute crl_start_skew_seconds
130 131 132 |
# File 'lib/r509/config.rb', line 130 def crl_start_skew_seconds @crl_start_skew_seconds end |
- (Object) crl_validity_hours
Returns the value of attribute crl_validity_hours
130 131 132 |
# File 'lib/r509/config.rb', line 130 def crl_validity_hours @crl_validity_hours end |
- (Object) message_digest
Returns the value of attribute message_digest
130 131 132 |
# File 'lib/r509/config.rb', line 130 def @message_digest end |
- (Object) ocsp_chain
Returns the value of attribute ocsp_chain
130 131 132 |
# File 'lib/r509/config.rb', line 130 def ocsp_chain @ocsp_chain end |
- (Object) ocsp_location
Returns the value of attribute ocsp_location
130 131 132 |
# File 'lib/r509/config.rb', line 130 def ocsp_location @ocsp_location end |
- (Object) ocsp_start_skew_seconds
Returns the value of attribute ocsp_start_skew_seconds
130 131 132 |
# File 'lib/r509/config.rb', line 130 def ocsp_start_skew_seconds @ocsp_start_skew_seconds end |
- (Object) ocsp_validity_hours
Returns the value of attribute ocsp_validity_hours
130 131 132 |
# File 'lib/r509/config.rb', line 130 def ocsp_validity_hours @ocsp_validity_hours end |
Class Method Details
+ (Object) from_yaml(conf_name, yaml_data, opts = {})
Loads the named configuration config from a yaml string.
331 332 333 334 |
# File 'lib/r509/config.rb', line 331 def self.from_yaml(conf_name, yaml_data, opts = {}) conf = YAML.load(yaml_data) self.load_from_hash(conf[conf_name], opts) end |
+ (Object) load_from_hash(conf, opts = {})
Load the configuration from a data hash. The same type that might be used when loading from a YAML file.
228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 |
# File 'lib/r509/config.rb', line 228 def self.load_from_hash(conf, opts = {}) if conf.nil? raise ArgumentError, "conf not found" end unless conf.kind_of?(Hash) raise ArgumentError, "conf must be a Hash" end ca_root_path = Pathname.new(opts[:ca_root_path] || FileUtils.getwd) unless File.directory?(ca_root_path) raise R509Error, "ca_root_path is not a directory: #{ca_root_path}" end ca_cert_hash = conf['ca_cert'] if ca_cert_hash.has_key?('engine') ca_cert = self.load_with_engine(ca_cert_hash,ca_root_path) end if ca_cert.nil? and ca_cert_hash.has_key?('pkcs12') ca_cert = self.load_with_pkcs12(ca_cert_hash,ca_root_path) end if ca_cert.nil? and ca_cert_hash.has_key?('cert') ca_cert = self.load_with_key(ca_cert_hash,ca_root_path) end if conf.has_key?("ocsp_cert") if conf["ocsp_cert"].has_key?('engine') ocsp_cert = self.load_with_engine(conf["ocsp_cert"],ca_root_path) end if ocsp_cert.nil? and conf["ocsp_cert"].has_key?('pkcs12') ocsp_cert = self.load_with_pkcs12(conf["ocsp_cert"],ca_root_path) end if ocsp_cert.nil? and conf["ocsp_cert"].has_key?('cert') ocsp_cert = self.load_with_key(conf["ocsp_cert"],ca_root_path) end end ocsp_chain = [] if conf.has_key?("ocsp_chain") ocsp_chain_data = read_data(ca_root_path+conf["ocsp_chain"]) cert_regex = /-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----/m ocsp_chain_data.scan(cert_regex) do |cert| ocsp_chain.push(OpenSSL::X509::Certificate.new(cert)) end end opts = { :ca_cert => ca_cert, :ocsp_cert => ocsp_cert, :ocsp_chain => ocsp_chain, :crl_validity_hours => conf['crl_validity_hours'], :ocsp_validity_hours => conf['ocsp_validity_hours'], :ocsp_start_skew_seconds => conf['ocsp_start_skew_seconds'], :ocsp_location => conf['ocsp_location'], :cdp_location => conf['cdp_location'], :message_digest => conf['message_digest'], } if conf.has_key?("crl_list") opts[:crl_list_file] = (ca_root_path + conf['crl_list']).to_s end if conf.has_key?("crl_number") opts[:crl_number_file] = (ca_root_path + conf['crl_number']).to_s end profs = {} conf['profiles'].keys.each do |profile| data = conf['profiles'][profile] if not data["subject_item_policy"].nil? subject_item_policy = R509::Config::SubjectItemPolicy.new(data["subject_item_policy"]) end profs[profile] = R509::Config::CaProfile.new(:key_usage => data["key_usage"], :extended_key_usage => data["extended_key_usage"], :basic_constraints => data["basic_constraints"], :certificate_policies => data["certificate_policies"], :subject_item_policy => subject_item_policy) end unless conf['profiles'].nil? opts[:profiles] = profs # Create the instance. self.new(opts) end |
+ (Object) load_yaml(conf_name, yaml_file, opts = {})
Loads the named configuration config from a yaml file.
322 323 324 325 |
# File 'lib/r509/config.rb', line 322 def self.load_yaml(conf_name, yaml_file, opts = {}) conf = YAML.load_file(yaml_file) self.load_from_hash(conf[conf_name], opts) end |
Instance Method Details
- (Integer) num_profiles
The number of profiles
216 217 218 |
# File 'lib/r509/config.rb', line 216 def num_profiles @profiles.count end |
- (R509::Cert) ocsp_cert
Either a custom OCSP cert or the ca_cert
193 194 195 |
# File 'lib/r509/config.rb', line 193 def ocsp_cert if @ocsp_cert.nil? then @ca_cert else @ocsp_cert end end |
- (R509::Config::CaProfile) profile(prof)
The config profile.
208 209 210 211 212 213 |
# File 'lib/r509/config.rb', line 208 def profile(prof) if !@profiles.has_key?(prof) raise R509::R509Error, "unknown profile '#{prof}'" end @profiles[prof] end |
- (Object) set_profile(name, prof)
199 200 201 202 203 204 |
# File 'lib/r509/config.rb', line 199 def set_profile(name, prof) unless prof.is_a?(R509::Config::CaProfile) raise TypeError, "profile is supposed to be a R509::Config::CaProfile" end @profiles[name] = prof end |