Class: R509::Cert::Extensions::AuthorityKeyIdentifier

Inherits:

OpenSSL::X509::Extension

Object
OpenSSL::X509::Extension
R509::Cert::Extensions::AuthorityKeyIdentifier

show all

Defined in:

lib/r509/cert/extensions/authority_key_identifier.rb

Overview

RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)

The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a certificate. This extension is used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). The identification MAY be based on either the key identifier (the subject key identifier in the issuer's certificate) or the issuer name and serial number.

You can use this extension to parse an existing extension for easy access to the contents or create a new one.

Constant Summary

OID = friendly name for Authority Key Identifier OID

"authorityKeyIdentifier"

AKI_EXTENSION_DEFAULT = default extension behavior when generating

"keyid"

Instance Attribute Summary (collapse)

- (R509::ASN1::GeneralName^?) authority_cert_issuer readonly

authority_cert_issuer, if present, will be a GeneralName object.
- (String^?) authority_cert_serial_number readonly

authority_cert_serial_number, if present, will be a hex string delimited by colons.
- (String^?) key_identifier readonly

key_identifier, if present, will be a hex string delimited by colons.

Instance Method Summary (collapse)

- (AuthorityKeyIdentifier) initialize(arg) constructor

A new instance of AuthorityKeyIdentifier.

Constructor Details

- (`AuthorityKeyIdentifier`) initialize(arg)

A new instance of AuthorityKeyIdentifier

Parameters:

arg (Hash) —

a customizable set of options

Options Hash (arg):

:public_key (OpenSSL::PKey) —

Required if embedding keyid
:issuer_subject (R509::Subject) —

Required if embedding issuer
:value (String) — default: keyid —

For the rules of :value see: www.openssl.org/docs/apps/x509v3_config.html#Authority_Key_Identifier_. If you want to embed issuer you MUST supply :issuer_certificate and not :public_key
:critical (Boolean) — default: false

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 41

def initialize(arg)
  if not R509::Cert::Extensions.is_extension?(arg)
    arg = build_extension(arg)
  end

  super(arg)
  parse_extension
end

Instance Attribute Details

- (`R509::ASN1::GeneralName`^?) authority_cert_issuer (readonly)

authority_cert_issuer, if present, will be a GeneralName object

Returns:

(R509::ASN1::GeneralName, nil)



31
32
33

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 31

def authority_cert_issuer
  @authority_cert_issuer
end

- (`String`^?) authority_cert_serial_number (readonly)

authority_cert_serial_number, if present, will be a hex string delimited by colons

Returns:

(String, nil)



34
35
36

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 34

def authority_cert_serial_number
  @authority_cert_serial_number
end

- (`String`^?) key_identifier (readonly)

key_identifier, if present, will be a hex string delimited by colons

Returns:

(String, nil)



28
29
30

# File 'lib/r509/cert/extensions/authority_key_identifier.rb', line 28

def key_identifier
  @key_identifier
end

Class: R509::Cert::Extensions::AuthorityKeyIdentifier

Overview

Constant Summary

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (AuthorityKeyIdentifier) initialize(arg)

Instance Attribute Details

- (R509::ASN1::GeneralName?) authority_cert_issuer (readonly)

- (String?) authority_cert_serial_number (readonly)

- (String?) key_identifier (readonly)

- (`AuthorityKeyIdentifier`) initialize(arg)

- (`R509::ASN1::GeneralName`^?) authority_cert_issuer (readonly)

- (`String`^?) authority_cert_serial_number (readonly)

- (`String`^?) key_identifier (readonly)