Class: R509::Cert::Extensions::ExtendedKeyUsage

Inherits:
OpenSSL::X509::Extension
  • Object
show all
Defined in:
lib/r509/cert/extensions.rb

Overview

Implements the ExtendedKeyUsage certificate extension, with methods to provide access to the components and meaning of the extension's contents.

Constant Summary

OID =

friendly name for EKU OID

"extendedKeyUsage"
AU_WEB_SERVER_AUTH =

The OpenSSL short name for TLS Web Server Authentication

"serverAuth"
AU_WEB_CLIENT_AUTH =

The OpenSSL short name for TLS Web Client Authentication

"clientAuth"
AU_CODE_SIGNING =

The OpenSSL short name for Code Signing

"codeSigning"
AU_EMAIL_PROTECTION =

The OpenSSL short name for E-mail Protection

"emailProtection"
AU_OCSP_SIGNING =

The OpenSSL short name for OCSP Signing

"OCSPSigning"
AU_TIME_STAMPING =

The OpenSSL short name for Time Stamping

"timeStamping"
AU_ANY_EXTENDED_KEY_USAGE =

The OpenSSL short name for Any Extended Key Usage

"anyExtendedKeyUsage"

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (ExtendedKeyUsage) initialize(*args)

See OpenSSL::X509::Extension#initialize



229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
 
# File 'lib/r509/cert/extensions.rb', line 229

def initialize(*args)
  super(*args)

  @allowed_uses = []
  data = R509::ASN1.get_extension_payload(self)

  data.entries.each do |eku|
    #   The following key usage purposes are defined:
    #
    #   anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
    #
    #   id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
    #   id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
    #   -- TLS WWW server authentication
    #   -- Key usage bits that may be consistent: digitalSignature,
    #   -- keyEncipherment or keyAgreement
    #
    #   id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
    #   -- TLS WWW client authentication
    #   -- Key usage bits that may be consistent: digitalSignature
    #   -- and/or keyAgreement
    #
    #   id-kp-codeSigning             OBJECT IDENTIFIER ::= { id-kp 3 }
    #   -- Signing of downloadable executable code
    #   -- Key usage bits that may be consistent: digitalSignature
    #
    #   id-kp-emailProtection         OBJECT IDENTIFIER ::= { id-kp 4 }
    #   -- Email protection
    #   -- Key usage bits that may be consistent: digitalSignature,
    #   -- nonRepudiation, and/or (keyEncipherment or keyAgreement)
    #
    #   id-kp-timeStamping            OBJECT IDENTIFIER ::= { id-kp 8 }
    #   -- Binding the hash of an object to a time
    #   -- Key usage bits that may be consistent: digitalSignature
    #   -- and/or nonRepudiation
    #
    #   id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
    #   -- Signing OCSP responses
    #   -- Key usage bits that may be consistent: digitalSignature
    #   -- and/or nonRepudiation

    case eku.value
    when AU_WEB_SERVER_AUTH
      @web_server_authentication = true
    when AU_WEB_CLIENT_AUTH
      @web_client_authentication = true
    when AU_CODE_SIGNING
      @code_signing = true
    when AU_EMAIL_PROTECTION
      @email_protection = true
    when AU_OCSP_SIGNING
      @ocsp_signing = true
    when AU_TIME_STAMPING
      @time_stamping = true
    when AU_ANY_EXTENDED_KEY_USAGE
      @any_extended_key_usage = true
    end
    @allowed_uses << eku.value
  end
end

Instance Attribute Details

- (Object) allowed_uses (readonly)

Returns the value of attribute allowed_uses



226
227
228
 
# File 'lib/r509/cert/extensions.rb', line 226

def allowed_uses
  @allowed_uses
end

Instance Method Details

- (Boolean) allows?(friendly_use_name)

Returns true if the given use is allowed by this extension.

Parameters:

  • friendly_use_name (string)

    One of the AU_* constants in this class.

Returns:

  • (Boolean) 


292
293
294
 
# File 'lib/r509/cert/extensions.rb', line 292

def allows?( friendly_use_name )
  @allowed_uses.include?( friendly_use_name )
end

- (Boolean) any_extended_key_usage?

Returns:

  • (Boolean) 


320
321
322
 
# File 'lib/r509/cert/extensions.rb', line 320

def any_extended_key_usage?
  (@any_extended_key_usage == true)
end

- (Boolean) code_signing?

Returns:

  • (Boolean) 


304
305
306
 
# File 'lib/r509/cert/extensions.rb', line 304

def code_signing?
  (@code_signing == true)
end

- (Boolean) email_protection?

Returns:

  • (Boolean) 


308
309
310
 
# File 'lib/r509/cert/extensions.rb', line 308

def email_protection?
  (@email_protection == true)
end

- (Boolean) ocsp_signing?

Returns:

  • (Boolean) 


312
313
314
 
# File 'lib/r509/cert/extensions.rb', line 312

def ocsp_signing?
  (@ocsp_signing == true)
end

- (Boolean) time_stamping?

Returns:

  • (Boolean) 


316
317
318
 
# File 'lib/r509/cert/extensions.rb', line 316

def time_stamping?
  (@time_stamping == true)
end

- (Boolean) web_client_authentication?

Returns:

  • (Boolean) 


300
301
302
 
# File 'lib/r509/cert/extensions.rb', line 300

def web_client_authentication?
  (@web_client_authentication == true)
end

- (Boolean) web_server_authentication?

Returns:

  • (Boolean) 


296
297
298
 
# File 'lib/r509/cert/extensions.rb', line 296

def web_server_authentication?
  (@web_server_authentication == true)
end