Class: R509::Cert::Extensions::ExtendedKeyUsage

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::ExtendedKeyUsage

Includes:

ValidationMixin

Defined in:

lib/r509/cert/extensions/extended_key_usage.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the key usage extension. In general, this extension will appear only in end entity certificates.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for EKU OID

"extendedKeyUsage"

AU_WEB_SERVER_AUTH =

The OpenSSL short name for TLS Web Server Authentication

"serverAuth"

AU_WEB_CLIENT_AUTH =

The OpenSSL short name for TLS Web Client Authentication

"clientAuth"

AU_CODE_SIGNING =

The OpenSSL short name for Code Signing

"codeSigning"

AU_EMAIL_PROTECTION =

The OpenSSL short name for E-mail Protection

"emailProtection"

AU_OCSP_SIGNING =

The OpenSSL short name for OCSP Signing

"OCSPSigning"

AU_TIME_STAMPING =

The OpenSSL short name for Time Stamping

"timeStamping"

AU_ANY_EXTENDED_KEY_USAGE =

The OpenSSL short name for Any Extended Key Usage

"anyExtendedKeyUsage"

Instance Attribute Summary

• #allowed_uses ⇒ Array^? readonly

  an array (of strings) of the extended key uses allowed.

Instance Method Summary

• #allows?(friendly_use_name) ⇒ Boolean

  Returns true if the given use is allowed by this extension.

• #any_extended_key_usage? ⇒ Boolean
• #code_signing? ⇒ Boolean
• #email_protection? ⇒ Boolean
• #initialize(arg) ⇒ ExtendedKeyUsage constructor

  This method takes a hash or an existing Extension object to parse.

• #ocsp_signing? ⇒ Boolean
• #time_stamping? ⇒ Boolean
• #to_h ⇒ Hash
• #to_yaml ⇒ YAML
• #web_client_authentication? ⇒ Boolean
• #web_server_authentication? ⇒ Boolean

Constructor Details

#initialize(arg) ⇒ ExtendedKeyUsage

This method takes a hash or an existing Extension object to parse

The following types are known to r509

serverAuth
clientAuth
codeSigning
emailProtection
OCSPSigning
timeStamping
anyExtendedKeyUsage
msCodeInd (not part of RFC 5280)
msCodeCom (not part of RFC 5280)
msCTLSign (not part of RFC 5280)
msSGC (not part of RFC 5280)
msEFS (not part of RFC 5280)
nsSGC (not part of RFC 5280)

Examples:

R509::Cert::Extensions::ExtendedKeyUsage.new(
  :critical => false,
  :value => ['clientAuth','serverAuth']
)

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :value (Array)
• :critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 66

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

#allowed_uses ⇒ Array^? (readonly)

an array (of strings) of the extended key uses allowed

Returns:

• (Array, nil)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 40

def allowed_uses
  @allowed_uses
end

Instance Method Details

#allows?(friendly_use_name) ⇒ Boolean

Returns true if the given use is allowed by this extension.

Parameters:

• friendly_use_name (string) —

  One of the AU_* constants in this class.

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 77

def allows?(friendly_use_name)
  @allowed_uses.include?(friendly_use_name)
end

#any_extended_key_usage? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 105

def any_extended_key_usage?
  (@any_extended_key_usage == true)
end

#code_signing? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 89

def code_signing?
  (@code_signing == true)
end

#email_protection? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 93

def email_protection?
  (@email_protection == true)
end

#ocsp_signing? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 97

def ocsp_signing?
  (@ocsp_signing == true)
end

#time_stamping? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 101

def time_stamping?
  (@time_stamping == true)
end

#to_h ⇒ Hash

Returns:

• (Hash)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 110

def to_h
  { :value => @allowed_uses, :critical => self.critical?  }
end

#to_yaml ⇒ YAML

Returns:

• (YAML)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 115

def to_yaml
  self.to_h.to_yaml
end

#web_client_authentication? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 85

def web_client_authentication?
  (@web_client_authentication == true)
end

#web_server_authentication? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/r509/cert/extensions/extended_key_usage.rb', line 81

def web_server_authentication?
  (@web_server_authentication == true)
end