Class: R509::Cert::Extensions::PolicyConstraints

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::PolicyConstraints

Includes:

ValidationMixin

Defined in:

lib/r509/cert/extensions/policy_constraints.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.

If the inhibitPolicyMapping field is present, the value indicates the number of additional certificates that may appear in the path before policy mapping is no longer permitted. For example, a value of one indicates that policy mapping may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.

If the requireExplicitPolicy field is present, the value of requireExplicitPolicy indicates the number of additional certificates that may appear in the path before an explicit policy is required for the entire path. When an explicit policy is required, it is necessary for all certificates in the path to contain an acceptable policy identifier in the certificate policies extension. An acceptable policy identifier is the identifier of a policy required by the user of the certification path or the identifier of a policy that has been declared equivalent through policy mapping.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for CP OID

"policyConstraints"

Instance Attribute Summary

• #inhibit_policy_mapping ⇒ Integer^? readonly
• #require_explicit_policy ⇒ Integer^? readonly

Instance Method Summary

• #initialize(arg) ⇒ PolicyConstraints constructor

  This method takes a hash or an existing Extension object to parse.

• #to_h ⇒ Hash
• #to_yaml ⇒ YAML

Constructor Details

#initialize(arg) ⇒ PolicyConstraints

This method takes a hash or an existing Extension object to parse

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :require_explicit_policy (Integer)
• :inhibit_policy_mapping (Integer)
• :critical (Boolean) — default: true

# File 'lib/r509/cert/extensions/policy_constraints.rb', line 51

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

#inhibit_policy_mapping ⇒ Integer^? (readonly)

Returns:

• (Integer, nil)

# File 'lib/r509/cert/extensions/policy_constraints.rb', line 44

def inhibit_policy_mapping
  @inhibit_policy_mapping
end

#require_explicit_policy ⇒ Integer^? (readonly)

Returns:

• (Integer, nil)

# File 'lib/r509/cert/extensions/policy_constraints.rb', line 42

def require_explicit_policy
  @require_explicit_policy
end

Instance Method Details

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/cert/extensions/policy_constraints.rb', line 61

def to_h
  hash = {
    :critical => self.critical?
  }
  hash[:require_explicit_policy] = @require_explicit_policy unless @require_explicit_policy.nil?
  hash[:inhibit_policy_mapping] = @inhibit_policy_mapping unless @inhibit_policy_mapping.nil?
  hash
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/cert/extensions/policy_constraints.rb', line 71

def to_yaml
  self.to_h.to_yaml
end