Class: R509::Cert::Extensions::KeyUsage

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::KeyUsage

Includes:

ValidationMixin

Defined in:

lib/r509/cert/extensions/key_usage.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a key that could be used for more than one operation is to be restricted. For example, when an RSA key should be used only to verify signatures on objects other than public key certificates and CRLs, the digitalSignature and/or nonRepudiation bits would be asserted. Likewise, when an RSA key should be used only for key management, the keyEncipherment bit would be asserted.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for KeyUsage OID

"keyUsage"

AU_DIGITAL_SIGNATURE =

OpenSSL short name for Digital Signature

"digitalSignature"

AU_NON_REPUDIATION =

OpenSSL short name for Non Repudiation (also known as content commitment)

"nonRepudiation"

AU_KEY_ENCIPHERMENT =

OpenSSL short name for Key Encipherment

"keyEncipherment"

AU_DATA_ENCIPHERMENT =

OpenSSL short name for Data Encipherment

"dataEncipherment"

AU_KEY_AGREEMENT =

OpenSSL short name for Key Agreement

"keyAgreement"

AU_KEY_CERT_SIGN =

OpenSSL short name for Certificate Sign

"keyCertSign"

AU_CRL_SIGN =

OpenSSL short name for CRL Sign

"cRLSign"

AU_ENCIPHER_ONLY =

OpenSSL short name for Encipher Only

"encipherOnly"

AU_DECIPHER_ONLY =

OpenSSL short name for Decipher Only

"decipherOnly"

Instance Attribute Summary

• #allowed_uses ⇒ Array^? readonly

  An array (of strings) of the key uses allowed.

Instance Method Summary

• #allows?(friendly_use_name) ⇒ Boolean

  Returns true if the given use is allowed by this extension.

• #crl_sign? ⇒ Boolean
• #data_encipherment? ⇒ Boolean
• #decipher_only? ⇒ Boolean
• #digital_signature? ⇒ Boolean
• #encipher_only? ⇒ Boolean
• #initialize(arg) ⇒ KeyUsage constructor

  This method takes a hash or an existing Extension object to parse.

• #key_agreement? ⇒ Boolean
• #key_cert_sign? ⇒ Boolean
• #key_encipherment? ⇒ Boolean
• #non_repudiation? ⇒ Boolean
• #to_h ⇒ Hash
• #to_yaml ⇒ YAML

Constructor Details

#initialize(arg) ⇒ KeyUsage

This method takes a hash or an existing Extension object to parse

The following types are known to r509 by default

digitalSignature
nonRepudiation
keyEncipherment
dataEncipherment
keyAgreement
keyCertSign
cRLSign
encipherOnly
decipherOnly

Examples:

R509::Cert::Extensions::KeyUsage.new(
  :critical => false,
  :value => ['digitalSignature,'keyEncipherment']
)

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :value (Array)
• :critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/key_usage.rb', line 71

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

#allowed_uses ⇒ Array^? (readonly)

An array (of strings) of the key uses allowed.

Returns:

• (Array, nil)

# File 'lib/r509/cert/extensions/key_usage.rb', line 30

def allowed_uses
  @allowed_uses
end

Instance Method Details

#allows?(friendly_use_name) ⇒ Boolean

Returns true if the given use is allowed by this extension.

Parameters:

• friendly_use_name (String) —

  key usage short name (e.g. digitalSignature, cRLSign, etc) or one of the AU_* constants in this class

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 84

def allows?(friendly_use_name)
  @allowed_uses.include?(friendly_use_name)
end

#crl_sign? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 112

def crl_sign?
  (@crl_sign == true)
end

#data_encipherment? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 100

def data_encipherment?
  (@data_encipherment == true)
end

#decipher_only? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 120

def decipher_only?
  (@decipher_only == true)
end

#digital_signature? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 88

def digital_signature?
  (@digital_signature == true)
end

#encipher_only? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 116

def encipher_only?
  (@encipher_only == true)
end

#key_agreement? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 104

def key_agreement?
  (@key_agreement == true)
end

#key_cert_sign? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 108

def key_cert_sign?
  (@key_cert_sign == true)
end

#key_encipherment? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 96

def key_encipherment?
  (@key_encipherment == true)
end

#non_repudiation? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/key_usage.rb', line 92

def non_repudiation?
  (@non_repudiation == true)
end

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/cert/extensions/key_usage.rb', line 125

def to_h
  {
    :value => @allowed_uses,
    :critical => self.critical?
  }
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/cert/extensions/key_usage.rb', line 133

def to_yaml
  self.to_h.to_yaml
end