Class: R509::CSR
Overview
The primary certificate signing request object
Instance Attribute Summary (collapse)
-
- (Object) attributes
readonly
Returns the value of attribute attributes.
-
- (Object) key
readonly
Returns the value of attribute key.
-
- (Object) message_digest
readonly
Returns the value of attribute message_digest.
-
- (Object) req
readonly
Returns the value of attribute req.
-
- (Object) san
readonly
Returns the value of attribute san.
-
- (Object) subject
readonly
Returns the value of attribute subject.
Class Method Summary (collapse)
-
+ (R509::CSR) load_from_file(filename)
Helper method to quickly load a CSR from the filesystem.
Instance Method Summary (collapse)
-
- (Integer) bit_length
(also: #bit_strength)
included
from Helpers
Returns the bit length of the key.
-
- (String) curve_name
included
from Helpers
Returns the short name of the elliptic curve used to generate the public key if the key is EC.
-
- (Boolean) dsa?
included
from Helpers
Returns whether the public key is DSA.
-
- (Boolean) ec?
included
from Helpers
Returns whether the public key is EC.
-
- (Boolean) has_private_key?
Boolean of whether the object contains a private key.
-
- (CSR) initialize(opts = {})
constructor
A new instance of CSR.
-
- (String) key_algorithm
Returns key algorithm (RSA/DSA/EC).
-
- (OpenSSL::PKey::RSA, ...) public_key
Public key.
-
- (Boolean) rsa?
included
from Helpers
Returns whether the public key is RSA.
-
- (String) signature_algorithm
Returns signature algorithm.
-
- (String) subject_component(short_name)
Returns subject component.
-
- (String) to_der
included
from Helpers
Converts the object into DER format.
-
- (String) to_pem
included
from Helpers
Converts the object into PEM format.
-
- (Boolean) verify_signature
Verifies the integrity of the signature on the request.
-
- (Object) write_der(filename_or_io)
included
from Helpers
Writes the object into DER format.
-
- (Object) write_pem(filename_or_io)
included
from Helpers
Writes the object into PEM format.
Constructor Details
- (CSR) initialize(opts = {})
A new instance of CSR
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/r509/csr.rb', line 46 def initialize(opts={}) if not opts.kind_of?(Hash) raise ArgumentError, 'Must provide a hash of options' end if opts.has_key?(:subject) and opts.has_key?(:csr) raise ArgumentError, "You must provide :subject or :csr, not both" end @bit_length = opts[:bit_length] || opts[:bit_strength] || R509::PrivateKey::DEFAULT_STRENGTH @curve_name = opts[:curve_name] || R509::PrivateKey::DEFAULT_CURVE @key = load_private_key(opts) @type = opts[:type] || R509::PrivateKey::DEFAULT_TYPE if not R509::PrivateKey::KNOWN_TYPES.include?(@type.upcase) and @key.nil? raise ArgumentError, "Must provide #{R509::PrivateKey::KNOWN_TYPES.join(", ")} as type when key is nil" end if opts.has_key?(:subject) san_names = R509::ASN1.general_name_parser(opts[:san_names]) create_request(opts[:subject], san_names) #sets @req elsif opts.has_key?(:csr) if opts.has_key?(:san_names) raise ArgumentError, "You can't add domains to an existing CSR" end parse_csr(opts[:csr]) else raise ArgumentError, "You must provide :subject or :csr" end if dsa? #only DSS1 is acceptable for DSA signing in OpenSSL < 1.0 #post-1.0 you can sign with anything, but let's be conservative #see: http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/PKey/DSA.html @message_digest = R509::MessageDigest.new('dss1') else @message_digest = R509::MessageDigest.new(opts[:message_digest]) end if not opts.has_key?(:csr) @req.sign(@key.key, @message_digest.digest) end if not @key.nil? and not @req.verify(@key.public_key) then raise R509Error, 'Key does not match request.' end end |
Instance Attribute Details
- (Object) attributes (readonly)
Returns the value of attribute attributes
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def attributes @attributes end |
- (Object) key (readonly)
Returns the value of attribute key
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def key @key end |
- (Object) message_digest (readonly)
Returns the value of attribute message_digest
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def @message_digest end |
- (Object) req (readonly)
Returns the value of attribute req
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def req @req end |
- (Object) san (readonly)
Returns the value of attribute san
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def san @san end |
- (Object) subject (readonly)
Returns the value of attribute subject
15 16 17 |
# File 'lib/r509/csr.rb', line 15 def subject @subject end |
Class Method Details
+ (R509::CSR) load_from_file(filename)
Helper method to quickly load a CSR from the filesystem
98 99 100 |
# File 'lib/r509/csr.rb', line 98 def self.load_from_file( filename ) return R509::CSR.new(:csr => IOHelpers.read_data(filename) ) end |
Instance Method Details
- (Integer) bit_length Also known as: bit_strength Originally defined in module Helpers
Returns the bit length of the key
- (String) curve_name Originally defined in module Helpers
Returns the short name of the elliptic curve used to generate the public key if the key is EC. If not, raises an error.
- (Boolean) dsa? Originally defined in module Helpers
Returns whether the public key is DSA
- (Boolean) ec? Originally defined in module Helpers
Returns whether the public key is EC
- (Boolean) has_private_key?
Boolean of whether the object contains a private key
116 117 118 119 120 121 122 |
# File 'lib/r509/csr.rb', line 116 def has_private_key? if not @key.nil? true else false end end |
- (String) key_algorithm
Returns key algorithm (RSA/DSA/EC)
148 149 150 151 152 153 154 155 156 |
# File 'lib/r509/csr.rb', line 148 def key_algorithm if @req.public_key.kind_of? OpenSSL::PKey::RSA then "RSA" elsif @req.public_key.kind_of? OpenSSL::PKey::DSA then "DSA" elsif @req.public_key.kind_of? OpenSSL::PKey::EC then "EC" end end |
- (OpenSSL::PKey::RSA, ...) public_key
Public key
103 104 105 106 107 |
# File 'lib/r509/csr.rb', line 103 def public_key if(@req.kind_of?(OpenSSL::X509::Request)) then @req.public_key end end |
- (Boolean) rsa? Originally defined in module Helpers
Returns whether the public key is RSA
- (String) signature_algorithm
Returns signature algorithm
141 142 143 |
# File 'lib/r509/csr.rb', line 141 def signature_algorithm @req.signature_algorithm end |
- (String) subject_component(short_name)
Returns subject component
129 130 131 132 133 134 135 136 |
# File 'lib/r509/csr.rb', line 129 def subject_component short_name @req.subject.to_a.each do |element| if element[0].downcase == short_name.downcase then return element[1] end end nil end |
- (String) to_der Originally defined in module Helpers
Converts the object into DER format
- (String) to_pem Originally defined in module Helpers
Converts the object into PEM format
- (Boolean) verify_signature
Verifies the integrity of the signature on the request
111 112 113 |
# File 'lib/r509/csr.rb', line 111 def verify_signature @req.verify(public_key) end |
- (Object) write_der(filename_or_io) Originally defined in module Helpers
Writes the object into DER format
- (Object) write_pem(filename_or_io) Originally defined in module Helpers
Writes the object into PEM format