Class: CsrPeek::Csr
- Inherits:
-
Data
- Object
- Data
- CsrPeek::Csr
- Includes:
- Inspectable
- Defined in:
- lib/csr_peek/csr.rb
Overview
A friendly, read-only view over an OpenSSL::X509::Request.
An immutable value object: build one with CsrPeek.parse (which returns nil for junk input) or Csr.from_openssl. Every fact is resolved once, in a single guarded pass, into frozen members - so no accessor can raise, and the object is safe to share across threads. The raw request stays available as #openssl for anything this wrapper does not surface.
Constant Summary
Constants included from Inspectable
Inspectable::MIN_DSA_BITS, Inspectable::MIN_EC_BITS, Inspectable::MIN_RSA_BITS, Inspectable::STRONG_UNSIZED_TYPES
Instance Attribute Summary collapse
-
#ec_curve ⇒ Object
readonly
Returns the value of attribute ec_curve.
-
#key_bits ⇒ Object
readonly
Returns the value of attribute key_bits.
-
#key_type ⇒ Object
readonly
Returns the value of attribute key_type.
-
#openssl ⇒ Object
readonly
Returns the value of attribute openssl.
-
#public_key ⇒ Object
readonly
Returns the value of attribute public_key.
-
#subject ⇒ Object
readonly
Returns the value of attribute subject.
-
#subject_alt_names ⇒ Object
readonly
Returns the value of attribute subject_alt_names.
-
#subject_components ⇒ Object
readonly
Returns the value of attribute subject_components.
Class Method Summary collapse
-
.from_openssl(request) ⇒ Object
Build a Csr from an OpenSSL::X509::Request, resolving every fact safely.
Instance Method Summary collapse
-
#acceptable?(policy = Policy::BASELINE) ⇒ Boolean
True when the requested key satisfies the issuance policy (Baseline Requirements by default).
-
#signature_valid? ⇒ Boolean
(also: #valid?)
True when the CSR's self-signature checks out against its own key.
- #to_h ⇒ Object
Methods included from Inspectable
#==, #acceptable_key?, #all_names, #common_name, #dns_names, #fingerprint, #hash, #inspect, #ip_addresses, #key_policy_violations, #spki_fingerprint, #weak_key?
Instance Attribute Details
#ec_curve ⇒ Object (readonly)
Returns the value of attribute ec_curve
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def ec_curve @ec_curve end |
#key_bits ⇒ Object (readonly)
Returns the value of attribute key_bits
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def key_bits @key_bits end |
#key_type ⇒ Object (readonly)
Returns the value of attribute key_type
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def key_type @key_type end |
#openssl ⇒ Object (readonly)
Returns the value of attribute openssl
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def openssl @openssl end |
#public_key ⇒ Object (readonly)
Returns the value of attribute public_key
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def public_key @public_key end |
#subject ⇒ Object (readonly)
Returns the value of attribute subject
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def subject @subject end |
#subject_alt_names ⇒ Object (readonly)
Returns the value of attribute subject_alt_names
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def subject_alt_names @subject_alt_names end |
#subject_components ⇒ Object (readonly)
Returns the value of attribute subject_components
21 22 23 |
# File 'lib/csr_peek/csr.rb', line 21 def subject_components @subject_components end |
Class Method Details
.from_openssl(request) ⇒ Object
Build a Csr from an OpenSSL::X509::Request, resolving every fact safely.
28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/csr_peek/csr.rb', line 28 def self.from_openssl(request) pkey = load_public_key(request) facts = KeyFacts.of(pkey) new( openssl: request, public_key: pkey, key_type: facts[:type], key_bits: facts[:bits], ec_curve: facts[:curve], subject: Names.subject_to_h(request.subject).freeze, subject_components: Names.components(request.subject).freeze, subject_alt_names: Extensions.subject_alt_names(san_extension(request)) ) end |
Instance Method Details
#acceptable?(policy = Policy::BASELINE) ⇒ Boolean
True when the requested key satisfies the issuance policy (Baseline Requirements by default). See CsrPeek::Policy.
79 80 81 |
# File 'lib/csr_peek/csr.rb', line 79 def acceptable?(policy = Policy::BASELINE) acceptable_key?(policy) end |
#signature_valid? ⇒ Boolean Also known as: valid?
True when the CSR's self-signature checks out against its own key.
67 68 69 70 71 72 73 74 |
# File 'lib/csr_peek/csr.rb', line 67 def signature_valid? key = public_key return false if key.nil? openssl.verify(key) rescue OpenSSL::X509::RequestError, OpenSSL::PKey::PKeyError false end |
#to_h ⇒ Object
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/csr_peek/csr.rb', line 83 def to_h { subject: subject, common_name: common_name, dns_names: dns_names, ip_addresses: ip_addresses, all_names: all_names, key_type: key_type, key_bits: key_bits, ec_curve: ec_curve, weak_key: weak_key?, acceptable: acceptable?, signature_valid: signature_valid?, spki_fingerprint_sha256: spki_fingerprint(:sha256), fingerprint_sha256: fingerprint(:sha256) } end |