Class: R509::Cert::Extensions::AuthorityKeyIdentifier

Inherits:

OpenSSL::X509::Extension

• Object
• OpenSSL::X509::Extension
• R509::Cert::Extensions::AuthorityKeyIdentifier

Defined in:

lib/r509/cert/extensions/authority_key_identifier.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or the issuer name and serial number.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for Authority Key Identifier OID

"authorityKeyIdentifier"

AKI_EXTENSION_DEFAULT =

default extension behavior when generating

"keyid"

Instance Attribute Summary

• #authority_cert_issuer ⇒ R509::ASN1::GeneralName^? readonly

  authority_cert_issuer, if present, will be a GeneralName object.

• #authority_cert_serial_number ⇒ String^? readonly

  authority_cert_serial_number, if present, will be a hex string delimited by colons.

• #key_identifier ⇒ String^? readonly

  key_identifier, if present, will be a hex string delimited by colons.

Instance Method Summary

• #initialize(arg) ⇒ AuthorityKeyIdentifier constructor

  A new instance of AuthorityKeyIdentifier.

Constructor Details

#initialize(arg) ⇒ AuthorityKeyIdentifier

Returns a new instance of AuthorityKeyIdentifier

Parameters:

• arg (Hash) —

  a customizable set of options

Options Hash (arg):

• :public_key (OpenSSL::PKey) —

  Required if embedding keyid

• :issuer_subject (R509::Subject) —

  Required if embedding issuer. This should be the issuing certificate's issuer subject name.

• :issuer_serial (Integer) —

  Required if embedding issuer. This should be the issuing certificate's issuer serial number.

• :value (String) — default: keyid —

  For the rules of :value see: www.openssl.org/docs/apps/x509v3_config.html#Authority_Key_Identifier_. If you want to embed issuer you MUST supply :issuer_subject and :issuer_serial and not :public_key

• :critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 40

def initialize(arg)
  unless R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

#authority_cert_issuer ⇒ R509::ASN1::GeneralName^? (readonly)

authority_cert_issuer, if present, will be a GeneralName object

Returns:

• (R509::ASN1::GeneralName, nil)

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 30

def authority_cert_issuer
  @authority_cert_issuer
end

#authority_cert_serial_number ⇒ String^? (readonly)

authority_cert_serial_number, if present, will be a hex string delimited by colons

Returns:

• (String, nil)

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 33

def authority_cert_serial_number
  @authority_cert_serial_number
end

#key_identifier ⇒ String^? (readonly)

key_identifier, if present, will be a hex string delimited by colons

Returns:

• (String, nil)

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 27

def key_identifier
  @key_identifier
end