Class: CsrPeek::Csr

Inherits:
Data
  • Object
show all
Includes:
Inspectable
Defined in:
lib/csr_peek/csr.rb

Overview

A friendly, read-only view over an OpenSSL::X509::Request.

An immutable value object: build one with CsrPeek.parse (which returns nil for junk input) or Csr.from_openssl. Every fact is resolved once, in a single guarded pass, into frozen members - so no accessor can raise, and the object is safe to share across threads. The raw request stays available as #openssl for anything this wrapper does not surface.

Constant Summary

Constants included from Inspectable

Inspectable::MIN_DSA_BITS, Inspectable::MIN_EC_BITS, Inspectable::MIN_RSA_BITS, Inspectable::STRONG_UNSIZED_TYPES

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Inspectable

#==, #acceptable_key?, #all_names, #common_name, #dns_names, #fingerprint, #hash, #inspect, #ip_addresses, #key_policy_violations, #spki_fingerprint, #weak_key?

Instance Attribute Details

#ec_curveObject (readonly)

Returns the value of attribute ec_curve

Returns:

  • (Object)

    the current value of ec_curve



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def ec_curve
  @ec_curve
end

#key_bitsObject (readonly)

Returns the value of attribute key_bits

Returns:

  • (Object)

    the current value of key_bits



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def key_bits
  @key_bits
end

#key_typeObject (readonly)

Returns the value of attribute key_type

Returns:

  • (Object)

    the current value of key_type



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def key_type
  @key_type
end

#opensslObject (readonly)

Returns the value of attribute openssl

Returns:

  • (Object)

    the current value of openssl



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def openssl
  @openssl
end

#public_keyObject (readonly)

Returns the value of attribute public_key

Returns:

  • (Object)

    the current value of public_key



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def public_key
  @public_key
end

#subjectObject (readonly)

Returns the value of attribute subject

Returns:

  • (Object)

    the current value of subject



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def subject
  @subject
end

#subject_alt_namesObject (readonly)

Returns the value of attribute subject_alt_names

Returns:

  • (Object)

    the current value of subject_alt_names



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def subject_alt_names
  @subject_alt_names
end

#subject_componentsObject (readonly)

Returns the value of attribute subject_components

Returns:

  • (Object)

    the current value of subject_components



21
22
23
# File 'lib/csr_peek/csr.rb', line 21

def subject_components
  @subject_components
end

Class Method Details

.from_openssl(request) ⇒ Object

Build a Csr from an OpenSSL::X509::Request, resolving every fact safely.



28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/csr_peek/csr.rb', line 28

def self.from_openssl(request)
  pkey = load_public_key(request)
  facts = KeyFacts.of(pkey)
  new(
    openssl: request,
    public_key: pkey,
    key_type: facts[:type],
    key_bits: facts[:bits],
    ec_curve: facts[:curve],
    subject: Names.subject_to_h(request.subject).freeze,
    subject_components: Names.components(request.subject).freeze,
    subject_alt_names: Extensions.subject_alt_names(san_extension(request))
  )
end

Instance Method Details

#acceptable?(policy = Policy::BASELINE) ⇒ Boolean

True when the requested key satisfies the issuance policy (Baseline Requirements by default). See CsrPeek::Policy.

Returns:

  • (Boolean)


79
80
81
# File 'lib/csr_peek/csr.rb', line 79

def acceptable?(policy = Policy::BASELINE)
  acceptable_key?(policy)
end

#signature_valid?Boolean Also known as: valid?

True when the CSR's self-signature checks out against its own key.

Returns:

  • (Boolean)


67
68
69
70
71
72
73
74
# File 'lib/csr_peek/csr.rb', line 67

def signature_valid?
  key = public_key
  return false if key.nil?

  openssl.verify(key)
rescue OpenSSL::X509::RequestError, OpenSSL::PKey::PKeyError
  false
end

#to_hObject



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# File 'lib/csr_peek/csr.rb', line 83

def to_h
  {
    subject: subject,
    common_name: common_name,
    dns_names: dns_names,
    ip_addresses: ip_addresses,
    all_names: all_names,
    key_type: key_type,
    key_bits: key_bits,
    ec_curve: ec_curve,
    weak_key: weak_key?,
    acceptable: acceptable?,
    signature_valid: signature_valid?,
    spki_fingerprint_sha256: spki_fingerprint(:sha256),
    fingerprint_sha256: fingerprint(:sha256)
  }
end