Class: R509::CertificateAuthority::OptionsBuilder

Inherits:

Object

Object
R509::CertificateAuthority::OptionsBuilder

show all

Defined in:

lib/r509/certificate_authority/options_builder.rb

Overview

A class to build hashes to send to the R509::CertificateAuthority::Signer. These are built from R509::Config::CertProfile objects and additional data supplied to the #build_and_enforce method.

Instance Method Summary (collapse)

- (Hash) build_and_enforce(options)

Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer.
- (OptionsBuilder) initialize(config) constructor

A new instance of OptionsBuilder.

Constructor Details

- (`OptionsBuilder`) initialize(config)

A new instance of OptionsBuilder

# File 'lib/r509/certificate_authority/options_builder.rb', line 4

def initialize(config)
  if not config.kind_of?(R509::Config::CAConfig)
    raise ArgumentError, "You must supply a R509::Config::CAConfig object to this class at instantiation"
  end
  @config = config
end

Instance Method Details

- (`Hash`) build_and_enforce(options)

Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer

Parameters:

options (Hash) —

a customizable set of options

Options Hash (options):

:profile_name (String) —

Name of profile to use
:csr (R509::CSR)
:spki (R509::SPKI)
:subject (R509::Subject, OpenSSL::X509::Subject, Array) — default: optional for R509::CSR, required for R509::SPKI
:message_digest (String) —

the message digest to use for this certificate instead of the default (see R509::MessageDigest::DEFAULT_MD).
:extensions (Array) —

An optional array of R509::Cert::Extensions::* objects. These will be merged with the extensions from the profile. If an extension in this array is also present in the profile, *the supplied extension will override the profile*.
:not_before (Time) —

the notBefore for the certificate
:not_after (Time) —

the notAfter for the certificate

Returns:

(Hash) —

Hash of :message_digest, :subject, :extensions, and :csr/:spki ready to be passed to the Signer

# File 'lib/r509/certificate_authority/options_builder.rb', line 20

def build_and_enforce(options)
  profile = @config.profile(options[:profile_name])

  R509::CertificateAuthority::Signer.check_options(options)

  if (options.has_key?(:csr) and not options[:csr].verify_signature) or
     (options.has_key?(:spki) and not options[:spki].verify_signature)
    raise R509::R509Error, "Request signature is invalid."
  end

  raw_subject, public_key = R509::CertificateAuthority::Signer.extract_public_key_subject(options)

  message_digest = enforce_md(options[:message_digest],profile)
  subject = enforce_subject_item_policy(raw_subject,profile)
  enforce_not_after(options[:not_after])

  extensions = build_and_merge_extensions(options, profile, public_key)

  build_hash(subject, extensions, message_digest, options)
end