lib/ccrypto/configs/x509_cert_profile.rb in ccrypto-0.1.0 vs lib/ccrypto/configs/x509_cert_profile.rb in ccrypto-0.1.2
- old
+ new
@@ -13,17 +13,21 @@
class CertProfileException < StandardError; end
attr_accessor :owner_name, :org
attr_accessor :org_unit, :email, :dns_name, :ip_addr, :uri
- attr_accessor :public_key, :serial, :not_before, :not_after
+ attr_accessor :locality, :country
+ attr_accessor :public_key, :serial # , :not_before, :not_after
+ attr_accessor :csr
attr_accessor :subj_key_id, :auth_key_id
attr_accessor :crl_dist_point, :ocsp_url, :issuer_url
attr_accessor :issuer_cert
attr_accessor :hashAlgo
attr_accessor :raise_if_validity_date_not_in_issuer_range
+ attr_accessor :issuer_path_len
+
def initialize
@hashAlgo = Ccrypto::SHA256
@serial = SecureRandom.hex(16)
@subj_key_id = true
@auth_key_id = true
@@ -32,10 +36,32 @@
@not_before = Time.new(now.year, now.month, now.day)
@not_after = Time.new(now.year+2, now.month, now.day)
@raise_if_validity_date_not_in_issuer_range = false
end
+ def not_before=(val)
+ @not_before = val
+ end
+ alias_method :valid_from=, :not_before=
+
+ def not_before
+ @not_before
+ end
+ alias_method :valid_from, :not_before
+
+ def not_after=(val)
+ @not_after = val
+ end
+ alias_method :valid_until=, :not_after=
+ alias_method :valid_to=, :not_after=
+
+ def not_after
+ @not_after
+ end
+ alias_method :valid_until, :not_after
+ alias_method :valid_to, :not_after
+
def gen_issuer_cert?
@issuerCert
end
def gen_issuer_cert=(val)
@issuerCert = val
@@ -63,40 +89,90 @@
else
@org_unit
end
end
+ def email=(val)
+ if @email.nil?
+ @email = []
+ end
+
+ case val
+ when Array
+ @email += val
+ else
+ @email << val
+ end
+ end
def email
if @email.nil?
[]
elsif not @email.is_a?(Array)
[@email]
else
@email
end
end
+ def dns_name=(val)
+ if @dns_name.nil?
+ @dns_name = []
+ end
+
+ case val
+ when Array
+ @dns_name += val
+ else
+ @dns_name << val
+ end
+ end
def dns_name
if @dns_name.nil?
[]
elsif not @dns_name.is_a?(Array)
[@dns_name]
else
@dns_name
end
end
+
+ def ip_addr=(val)
+ if @ip_addr.nil?
+ @ip_addr = []
+ end
+
+ case val
+ when Array
+ @ip_addr += val
+ else
+ @ip_addr << val
+ end
+ end
def ip_addr
if @ip_addr.nil?
[]
elsif not @ip_addr.is_a?(Array)
[@ip_addr]
else
@ip_addr
end
end
+ def uri=(val)
+ if @uri.nil?
+ @uri = []
+ end
+
+ case val
+ when Array
+ @uri += val
+ else
+ @uri << val
+ end
+ end
+
def uri
if @uri.nil?
[]
elsif not @uri.is_a?(Array)
[@uri]
@@ -234,12 +310,12 @@
allPurpose: "All extended key usages",
serverAuth: "TLS server authentication",
clientAuth: "TLS client authentication",
codeSigning: "Code signing",
emailProtection: "Email protection",
- timestamping: "Time stamping",
- ocspSigning: "Online Cert Status Protocol signing",
+ timeStamping: "Time stamping",
+ OCSPSigning: "Online Cert Status Protocol signing",
ipSecIKE: "IPSec Initial Key Exchange",
msCodeInd: "Microsoft Code Ind",
msCodeCom: "Microsoft Code Com",
msCtlsign: "Microsoft CTL Sign",
msEFS: "Microsoft EFS",
@@ -288,9 +364,20 @@
def domain_key_usage
if @domainKeyUsage.nil?
@domainKeyUsage = { }
end
@domainKeyUsage
+ end
+
+ def add_custom_extension(oid, value, type = :string, critical = false)
+ custom_extension[oid] = { type: type, value: value, critical: critical }
+ end
+
+ def custom_extension
+ if @custom_extension.nil?
+ @custom_extension = { }
+ end
+ @custom_extension
end
end
end
end