Class: R509::Cert::Extensions::KeyUsage

Inherits:
OpenSSL::X509::Extension
  • Object
show all
Includes:
ValidationMixin
Defined in:
lib/r509/cert/extensions/key_usage.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the digitalSignature and/or nonRepudiation bits would be asserted. Likewise, when an RSA key should be used only for key management, the keyEncipherment bit would be asserted.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for KeyUsage OID

"keyUsage"
AU_DIGITAL_SIGNATURE =

OpenSSL short name for Digital Signature

"digitalSignature"
AU_NON_REPUDIATION =

OpenSSL short name for Non Repudiation (also known as content commitment)

"nonRepudiation"
AU_KEY_ENCIPHERMENT =

OpenSSL short name for Key Encipherment

"keyEncipherment"
AU_DATA_ENCIPHERMENT =

OpenSSL short name for Data Encipherment

"dataEncipherment"
AU_KEY_AGREEMENT =

OpenSSL short name for Key Agreement

"keyAgreement"
AU_KEY_CERT_SIGN =

OpenSSL short name for Certificate Sign

"keyCertSign"
AU_CRL_SIGN =

OpenSSL short name for CRL Sign

"cRLSign"
AU_ENCIPHER_ONLY =

OpenSSL short name for Encipher Only

"encipherOnly"
AU_DECIPHER_ONLY =

OpenSSL short name for Decipher Only

"decipherOnly"

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (KeyUsage) initialize(arg)

This method takes a hash or an existing Extension object to parse

The following types are known to r509 by default

digitalSignature
nonRepudiation
keyEncipherment
dataEncipherment
keyAgreement
keyCertSign
cRLSign
encipherOnly
decipherOnly

Examples:

R509::Cert::Extensions::KeyUsage.new(
  :critical => false,
  :value => ['digitalSignature,'keyEncipherment']
)

Parameters:

  • arg (Hash)

    a customizable set of options

Options Hash (arg):

  • :value (Array)
  • :critical (Boolean) — default: false 


71
72
73
74
75
76
77
78
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 71

def initialize(arg)
  if not R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

- (Array?) allowed_uses (readonly)

An array (of strings) of the key uses allowed.

Returns:

  • (Array, nil) 


30
31
32
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 30

def allowed_uses
  @allowed_uses
end

Instance Method Details

- (Boolean) allows?(friendly_use_name)

Returns true if the given use is allowed by this extension.

Parameters:

  • friendly_use_name (String)

    key usage short name (e.g. digitalSignature, cRLSign, etc) or one of the AU_* constants in this class

Returns:

  • (Boolean) 


84
85
86
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 84

def allows?( friendly_use_name )
  @allowed_uses.include?( friendly_use_name )
end

- (Boolean) crl_sign?

Returns:

  • (Boolean) 


112
113
114
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 112

def crl_sign?
  (@crl_sign == true)
end

- (Boolean) data_encipherment?

Returns:

  • (Boolean) 


100
101
102
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 100

def data_encipherment?
  (@data_encipherment == true)
end

- (Boolean) decipher_only?

Returns:

  • (Boolean) 


120
121
122
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 120

def decipher_only?
  (@decipher_only == true)
end

- (Boolean) digital_signature?

Returns:

  • (Boolean) 


88
89
90
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 88

def digital_signature?
  (@digital_signature == true)
end

- (Boolean) encipher_only?

Returns:

  • (Boolean) 


116
117
118
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 116

def encipher_only?
  (@encipher_only == true)
end

- (Boolean) key_agreement?

Returns:

  • (Boolean) 


104
105
106
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 104

def key_agreement?
  (@key_agreement == true)
end

- (Boolean) key_cert_sign?

Returns:

  • (Boolean) 


108
109
110
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 108

def key_cert_sign?
  (@key_cert_sign == true)
end

- (Boolean) key_encipherment?

Returns:

  • (Boolean) 


96
97
98
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 96

def key_encipherment?
  (@key_encipherment == true)
end

- (Boolean) non_repudiation?

Returns:

  • (Boolean) 


92
93
94
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 92

def non_repudiation?
  (@non_repudiation == true)
end

- (Hash) to_h

Returns:

  • (Hash) 


125
126
127
128
129
130
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 125

def to_h
  {
    :value => @allowed_uses,
    :critical => self.critical?
  }
end

- (YAML) to_yaml

Returns:

  • (YAML) 


133
134
135
 
# File 'lib/r509/cert/extensions/key_usage.rb', line 133

def to_yaml
  self.to_h.to_yaml
end