Class: R509::Cert::Extensions::AuthorityInfoAccess

Inherits:
OpenSSL::X509::Extension
  • Object
show all
Includes:
ValidationMixin
Defined in:
lib/r509/cert/extensions/authority_info_access.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The authority information access extension indicates how to access information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. (The location of CRLs is not specified in this extension; that information is provided by the cRLDistributionPoints extension.) This extension may be included in end entity or CA certificates. Conforming CAs MUST mark this extension as non-critical. You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID =

friendly name for AIA OID

"authorityInfoAccess"

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (AuthorityInfoAccess) initialize(arg)

This method takes a hash or an existing Extension object to parse. If passing a hash you must supply :ocsp_location and/or :ca_issuers_location. These values must be in the form seen in the examples below.

Examples:

R509::Cert::Extensions::AuthorityInfoAccess.new(
  :ocsp_location => [ { :type => "URI", :value => "http://ocsp.domain.com" } ],
  :ca_issuers_location => [ { :type => "dirName", :value => { :CN => 'myCN', :O => 'some Org' } ]
)
name = R509::ASN1::GeneralName.new(:type => "IP", :value => "127.0.0.1")
R509::Cert::Extensions::AuthorityInfoAccess.new(
  :ca_issuers_location => [name]
)

Parameters:

  • arg (Hash)

    a customizable set of options

Options Hash (arg):

  • :ocsp_location (Array, R509::ASN1::GeneralNames)

    Array of hashes (see examples) or GeneralNames object

  • :ca_issuers_location (Array)

    Array of hashes (see examples) or GeneralNames object

  • :critical (Boolean) — default: false 


50
51
52
53
54
55
56
57
 
# File 'lib/r509/cert/extensions/authority_info_access.rb', line 50

def initialize(arg)
  if not R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

- (R509::ASN1::GeneralNames?) ca_issuers (readonly)

An R509::ASN1::GeneralNames object of CA Issuers (or nil if not present)

Returns:



31
32
33
 
# File 'lib/r509/cert/extensions/authority_info_access.rb', line 31

def ca_issuers
  @ca_issuers
end

- (R509::ASN1::GeneralNames?) ocsp (readonly)

An R509::ASN1::GeneralNames object of OCSP endpoints (or nil if not present)

Returns:



28
29
30
 
# File 'lib/r509/cert/extensions/authority_info_access.rb', line 28

def ocsp
  @ocsp
end

Instance Method Details

- (Hash) to_h

Returns:

  • (Hash) 


60
61
62
63
64
65
 
# File 'lib/r509/cert/extensions/authority_info_access.rb', line 60

def to_h
  hash = { :critical => self.critical? }
  hash[:ocsp_location] = R509::Cert::Extensions.names_to_h(@ocsp.names) unless @ocsp.names.empty?
  hash[:ca_issuers_location] = R509::Cert::Extensions.names_to_h(@ca_issuers.names) unless @ca_issuers.names.empty?
  hash
end

- (YAML) to_yaml

Returns:

  • (YAML) 


68
69
70
 
# File 'lib/r509/cert/extensions/authority_info_access.rb', line 68

def to_yaml
  self.to_h.to_yaml
end