Class: R509::Config::SubjectItemPolicy

Inherits:
Object
  • Object
show all
Defined in:
lib/r509/config/subject_item_policy.rb

Overview

The Subject Item Policy allows you to define what subject fields are allowed in a certificate. Required means that field must be supplied, optional means it will be encoded if provided, and match means the field must be present and must match the value specified.

Using R509::OIDMapper you can create new shortnames that will be usable inside this class.

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (SubjectItemPolicy) initialize(hash = {})

A new instance of SubjectItemPolicy

Examples:

sample hash

{"CN" => { :policy => "required" },
"O" => { :policy => "required" },
"OU" => { :policy => "optional" },
"ST" => { :policy => "required" },
"C" => { :policy => "required" },
"L" => { :policy => "match", :value => "Chicago" },
"emailAddress" => { :policy => "optional" }

Parameters:

  • hash (Hash) (defaults to: {})

    of required/optional/matching subject items. These must be in OpenSSL shortname format.



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/r509/config/subject_item_policy.rb', line 33

def initialize(hash={})
  if not hash.kind_of?(Hash)
    raise ArgumentError, "Must supply a hash in form 'shortname'=>hash_with_policy_info"
  end
  @required = []
  @optional = []
  @match_values = {}
  @match = []
  if not hash.empty?
    hash.each_pair do |key,value|
      if not value.kind_of?(Hash)
        raise ArgumentError, "Each value must be a hash with a :policy key"
      end
      case value[:policy]
      when 'required' then @required.push(key)
      when 'optional' then @optional.push(key)
      when 'match' then
        @match_values[key] = value[:value]
        @match.push(key)
      else
        raise ArgumentError, "Unknown subject item policy value. Allowed values are required, optional, or match"
      end
    end
  end
end

Instance Attribute Details

- (Array) match (readonly)

Returns:

  • (Array) 


22
23
24
 
# File 'lib/r509/config/subject_item_policy.rb', line 22

def match
  @match
end

- (Array) match_values (readonly)

Returns:

  • (Array) 


22
23
24
 
# File 'lib/r509/config/subject_item_policy.rb', line 22

def match_values
  @match_values
end

- (Array) optional (readonly)

Returns:

  • (Array) 


22
23
24
 
# File 'lib/r509/config/subject_item_policy.rb', line 22

def optional
  @optional
end

- (Array) required (readonly)

Returns:

  • (Array) 


22
23
24
 
# File 'lib/r509/config/subject_item_policy.rb', line 22

def required
  @required
end

Instance Method Details

- (Hash) to_h

Returns:

  • (Hash) 


74
75
76
77
78
79
80
 
# File 'lib/r509/config/subject_item_policy.rb', line 74

def to_h
  hash = {}
  @required.each { |r| hash[r] = {:policy => "required" } }
  @optional.each { |o| hash[o] = {:policy => "optional" } }
  @match.each { |m| hash[m] = {:policy => "match", :value => @match_values[m]} }
  hash
end

- (YAML) to_yaml

Returns:

  • (YAML) 


83
84
85
 
# File 'lib/r509/config/subject_item_policy.rb', line 83

def to_yaml
  self.to_h.to_yaml
end

- (R509::Subject) validate_subject(subject)

Validated version of the subject or error

Parameters:

Returns:



61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/r509/config/subject_item_policy.rb', line 61

def validate_subject(subject)
  # check if match components are present and match
  validate_match(subject)
  validate_required_match(subject)

  # the validated subject contains only those subject components that are either
  # required, optional, or match
  R509::Subject.new(subject.to_a.select do |item|
    @required.include?(item[0]) or @optional.include?(item[0]) or @match.include?(item[0])
  end)
end