module PkernelJce::Certificate
Public Class Methods
ensure_bc_cert(cert)
click to toggle source
end ensure_java_cert
# File lib/pkernel_jce/certificate.rb, line 701 def Certificate.ensure_bc_cert(cert) if cert.nil? raise PkernelJce::Error, "Certificate for conversion to bc is nil" else if cert.is_a?(Array) cert.map! do |c| case c when java.security.cert.Certificate c.to_bc_cert_holder when Java::OrgBouncycastleCert::X509CertificateHolder c else raise PkernelJce::Error, "Unknown certificate type '#{c.class}'" end end cert else case cert when java.security.cert.Certificate cert.to_bc_cert_holder when Java::OrgBouncycastleCert::X509CertificateHolder cert else raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'" end end end end
ensure_java_cert(cert)
click to toggle source
end is_issuer_cert?
# File lib/pkernel_jce/certificate.rb, line 684 def Certificate.ensure_java_cert(cert) if cert.nil? raise PkernelJce::Error, "Certificate for conversion to java is nil" else case cert when java.security.cert.Certificate cert when Java::OrgBouncycastleCert::X509CertificateHolder cert.to_java_cert else raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'" end end end
get_subject_fields(cert,fields)
click to toggle source
Support fields key :cn, :e, :ou, :o, :c
# File lib/pkernel_jce/certificate.rb, line 782 def Certificate.get_subject_fields(cert,fields) if fields.is_a?(Array) else fields = [fields] end fields.map! { |f| f.to_s.upcase } res = { } if cert.nil? return "" else subj = Certificate.to_java_cert(cert).getSubjectDN.getName subj.split(",").each do |s| ss = s.split("=") if fields.include?(ss[0]) key = ss[0].downcase.to_sym res[key] = [] res[key] << ss[1] end end end res end
is_cert_object?(obj)
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 749 def Certificate.is_cert_object?(obj) if obj.nil? false else case obj when java.security.cert.Certificate, Java::OrgBouncycastleCert::X509CertificateHolder, Java::OrgBouncycastleJcajceProviderAsymmetricX509::X509CertificateObject true else false end end end
is_equal?(cert1,cert2)
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 772 def Certificate.is_equal?(cert1,cert2) if not (Certificate.is_cert_object?(cert1) or Certificate.is_cert_object?(cert2)) false else Certificate.ensure_java_cert(cert1).equals(Certificate.ensure_java_cert(cert2)) end end
is_ext_key_usage_set?(cert, eku)
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 762 def Certificate.is_ext_key_usage_set?(cert, eku) raise PkernelJce::Error, "Certificate not given to check eku." if cert.nil? c = Certificate.to_bc_cert(cert) ext = c.getExtension(org.bouncycastle.asn1.x509.Extension.extendedKeyUsage) extKey = org.bouncycastle.asn1.x509.ExtendedKeyUsage.getInstance(ext.getParsedValue) extKey.hasKeyPurposeId(eku) end
is_issuer_cert?(cert)
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 674 def Certificate.is_issuer_cert?(cert) if cert.nil? false else cert = Certificate.ensure_java_cert(cert) (cert.getKeyUsage[5] and cert.getBasicConstraints != -1) end end
is_self_signed?(cert)
click to toggle source
if_self_signed?
# File lib/pkernel_jce/certificate.rb, line 661 def Certificate.is_self_signed?(cert) if cert.nil? false else begin cert.verify(cert.public_key) true rescue Exception false end end end
parse_into_fields(cert)
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 809 def Certificate.parse_into_fields(cert) res = { } if not cert.nil? c = Certificate.to_java_cert(cert) res[:subject] = c.getSubjectDN.to_s res[:issuer] = c.getIssuerDN.to_s res[:serialNo] = c.serial_number res[:notBefore] = c.notBefore res[:notAfter] = c.notAfter res[:keyType] = Pkernel::KeyPair::pub_key_type(Certificate.public_key(c)) #res[:keyUsage] = #res[:extKeyUsage] = #res[:subjKeyId] = #res[:authKeyId] = #res[:crl] = #res[:ocsp] = #res[:altName] = end res end
public_key(cert)
click to toggle source
end ensure_bc_cert
# File lib/pkernel_jce/certificate.rb, line 733 def Certificate.public_key(cert) if cert.nil? raise PkernelJce::Error, "Object pass to public_key on certificate is nil" end case cert when java.security.cert.Certificate cert.public_key when Java::OrgBouncycastleCert::X509CertificateHolder PkernelJce::KeyPair.public_key(cert.subject_public_key_info) else raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'" end end
to_binary(cert)
click to toggle source
this is necessary because OpenSSL or Ruby not recognizing the .encoded method, unless patch all Certificate
object in other realm with the .encoded method else this is the cleaner way to do it
# File lib/pkernel_jce/certificate.rb, line 651 def Certificate.to_binary(cert) if not cert.nil? cert else cert.encoded end end
Public Instance Methods
dump(cert, params = {})
click to toggle source
end generate
# File lib/pkernel_jce/certificate.rb, line 322 def dump(cert, params = {}) if cert.nil? raise PkernelJce::Error, "Certificate object to be written is nil" end file = params[:file] baos = java.io.ByteArrayOutputStream.new begin outForm = params[:out_form] || params[:outForm] || params[:outform] if outForm.nil? if not file.nil? PkernelJce::GConf.instance.glog.debug "[D] Dump certificate to file '#{file}'" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file))) else PkernelJce::GConf.instance.glog.debug "[D] Dump certificate to memory" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos)) end writer.writeObject(cert) else case outForm.to_sym when :b64, :base64 res = PkernelJce::Converter.to_b64(cert.encoded) if not file.nil? fos = java.io.FileOutputStream.new(file) fos.write res fos.flush fos.close end baos.write(res.to_java.getBytes) when :hex res = PkernelJce::Converter.to_hex(cert.encoded) if not file.nil? fos = java.io.FileOutputStream.new(file) fos.write res fos.flush fos.close end baos.write(res.to_java.getBytes) when :bin res = cert.encoded if not file.nil? fos = java.io.FileOutputStream.new(file) fos.write res fos.flush fos.close end baos.write(res) else # this is default because openssl output this is the default if not file.nil? PkernelJce::GConf.instance.glog.debug "Dump PEM certificate to file '#{file}'" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file))) else PkernelJce::GConf.instance.glog.debug "Dump PEM certificate to memory" writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos)) end writer.writeObject(cert) end end ensure if not writer.nil? writer.flush writer.close end if not fos.nil? fos.flush fos.close end end baos.toByteArray end
dump_to_file(cert, path, opts = { })
click to toggle source
end dump
# File lib/pkernel_jce/certificate.rb, line 409 def dump_to_file(cert, path, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ file: path })) end
Also aliased as: dump_to_file_pem
dump_to_file_b64(cert, path, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 422 def dump_to_file_b64(cert, path, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ file: path, outForm: :b64 })) end
dump_to_file_bin(cert, path, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 444 def dump_to_file_bin(cert, path, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ file: path, outForm: :bin })) end
dump_to_file_hex(cert, path, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 433 def dump_to_file_hex(cert, path, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ file: path, outForm: :hex })) end
dump_to_mem(cert, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 415 def dump_to_mem(cert, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert) end
Also aliased as: dump_to_mem_pem
dump_to_mem_b64(cert, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 427 def dump_to_mem_b64(cert, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ outForm: :b64 })) end
dump_to_mem_bin(cert, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 449 def dump_to_mem_bin(cert, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ outForm: :bin })) end
dump_to_mem_hex(cert, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 438 def dump_to_mem_hex(cert, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) dump(cert, opts.merge({ outForm: :hex })) end
generate(params = {}, &block)
click to toggle source
end CertExtKeyUsage
# File lib/pkernel_jce/certificate.rb, line 100 def generate(params = {}, &block) raise PkernelJce::Error, "Block is required for certificate generation function" if block.nil? PkernelJce::GConf.instance.glog.debug "Certificate generate parameters: #{params.inspect}" owner = params[:owner] pubKey = params[:pubKey] serial = params[:serial] kProv = params[:keypair_provider] cProv = params[:cert_provider] issuer = params[:issuer] matchIssuerValidity = params[:match_issuer_validity] || true warning = { } issuer = false if issuer.nil? pubKey = PkernelJce::KeyPair.public_key(pubKey) if cProv.nil? cProv = PkernelJce::Provider.add_provider(PkernelJce::Provider::DefProvider) else cProv = PkernelJce::Provider.add_provider(cProv) end if kProv.nil? kProv = PkernelJce::Provider.add_provider(PkernelJce::Provider::DefProvider) else kProv = PkernelJce::Provider.add_provider(kProv) end extUtils = org.bouncycastle.cert.bc.BcX509ExtensionUtils.new if serial.nil? or serial.empty? serial = block.call(:serial) end if serial.is_a?(java.math.BigInteger) else serial = java.math.BigInteger.new(serial,16) end signHash = block.call(:signHash) issuerKey = block.call(:issuerKey) issuerCert = block.call(:issuerCert) issuerKey = PkernelJce::KeyPair.private_key(issuerKey) if issuerKey.nil? raise PkernelJce::Error, "Issuer key cannot be nil" end signAlgo = PkernelJce::KeyPair.derive_signing_algo(issuerKey, signHash) signer = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(kProv).build(issuerKey) x500Name = owner.to_x500_subject if not issuerCert.nil? issuerCert = issuerCert.to_java_cert if issuerCert.java_kind_of?(org.bouncycastle.cert.X509CertificateHolder) validFrom, validTo = calculate_validity(params) do |from, to| if matchIssuerValidity PkernelJce::GConf.instance.glog.debug "Match issuer validity against issuer certificate is activated." PkernelJce::GConf.instance.glog.debug "Issuer Cert : #{issuerCert.subject_dn.to_s} / #{issuerCert.not_before} / #{issuerCert.not_after}" if from.to_java_date.before(issuerCert.not_before) PkernelJce::GConf.instance.glog.warn "Certificate valid from has adjusted to match issuer valid from: #{from} [User requested] / #{issuerCert.not_before} [Adjusted to issuer]" warning[:valid_from] = { } warning[:valid_from][:requested] = from from = issuerCert.not_before warning[:valid_from][:adjusted] = issuerCert.not_before warning[:valid_from][:reason] = "Certificate being issued cannot have validity start date before issuer's certificate validity start date." block.call(:warning, warning) end if to.to_java_date.after(issuerCert.not_after) PkernelJce::GConf.instance.glog.warn "Certificate valid to has adjusted to match issuer valid to: #{to} [User requested] / #{issuerCert.not_after} [Adjusted to issuer]" warning[:valid_to] = { } warning[:valid_to][:requested] = to to = issuerCert.not_after warning[:valid_to][:adjusted] = issuerCert.not_after warning[:valid_to][:reason] = "Certificate being issued cannot have validity end date after issuer's certificate validity end date." block.call(:warning, warning) end [from, to] else [from, to] end end certGen = org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.new(issuerCert, serial, validFrom, validTo, x500Name, pubKey) # generate authority key identifier certGen.addExtension(org.bouncycastle.asn1.x509.Extension::authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(issuerCert.getPublicKey.getEncoded))) else validFrom, validTo = calculate_validity(params) certGen = org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.new(x500Name, serial, validFrom, validTo, x500Name, pubKey) # generate authority key identifier certGen.addExtension(org.bouncycastle.asn1.x509.Extension::authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(pubKey.getEncoded))) end keyUsage = block.call(:keyUsage) if issuer certGen.addExtension(org.bouncycastle.asn1.x509.Extension::basicConstraints, true, org.bouncycastle.asn1.x509.BasicConstraints.new(true)) if not keyUsage.nil? if keyUsage.is_a?(Array) ku = 0 keyUsage.each do |u| ku |= u end else ku = keyUsage end certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(ku)) else certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(KeyUsage::DEF_ISSUER)) end else if not keyUsage.nil? if keyUsage.is_a?(Array) ku = 0 keyUsage.each do |u| ku |= u end else ku = keyUsage end certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(ku)) else certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(KeyUsage::DEF_USER_IDENTITY)) end end extKeyUsage = block.call(:extKeyUsage) if not extKeyUsage.nil? if extKeyUsage.is_a?(Hash) # allow user to give eku -> true/false # Since timestamping required this extension to be true, not sure others extKeyUsage.each do |k,v| certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, v, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new(k)) end elsif extKeyUsage.is_a?(Array) certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, false, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new(extKeyUsage.to_vector)) else certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, false, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new([extKeyUsage].to_vector)) end end # # handle alternative name # altName = [] if owner.emails.length > 0 owner.emails.each do |e| altName << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::rfc822Name,e) end end owner.dns_names.each do |n| altName << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::dNSName,n) end if altName.length > 0 certGen.addExtension(org.bouncycastle.asn1.x509.Extension::subjectAlternativeName, false, org.bouncycastle.asn1.x509.GeneralNames.new(altName.to_java(org.bouncycastle.asn1.x509.GeneralName)) ) end # # Done alternative name # # # handle CRL distribution point # crl = block.call(:crls) if not crl.nil? crls = [] if crl.is_a?(Array) crl.each do |c| crls << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier, org.bouncycastle.asn1.DERIA5String.new(c)); end gns = org.bouncycastle.asn1.x509.GeneralNames.new(crls.to_java(org.bouncycastle.asn1.x509.GeneralName)); else gn = org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier, org.bouncycastle.asn1.DERIA5String.new(crl)); gns = org.bouncycastle.asn1.x509.GeneralNames.new(gn); end dpn = org.bouncycastle.asn1.x509.DistributionPointName.new(gns); dp = org.bouncycastle.asn1.x509.DistributionPoint.new(dpn,nil,nil); certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions::CRLDistributionPoints,false,org.bouncycastle.asn1.DERSequence.new(dp)); end # done adding CRL distribution point # # handle OCSP # ocsp = block.call(:ocsp) if not ocsp.nil? and not ocsp.empty? ocspName = org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName.uniformResourceIdentifier, ocsp); authorityInformationAccess = org.bouncycastle.asn1.x509.AuthorityInformationAccess.new(org.bouncycastle.asn1.x509.X509ObjectIdentifiers.ocspAccessMethod, ocspName); certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions::AuthorityInfoAccess, false, authorityInformationAccess); end # done OCSP # Let's generate subject key ID as default... certGen.addExtension(org.bouncycastle.asn1.x509.Extension::subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(pubKey.getEncoded))) cert = org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new().setProvider(cProv).getCertificate(certGen.build(signer)) cert end
load(options = {})
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 456 def load(options = {}) file = options[:file] bin = options[:bin] baos = java.io.ByteArrayOutputStream.new if not file.nil? and not file.empty? PkernelJce::GConf.instance.glog.debug "Load certificate from #{file}" f = java.io.File.new(file) if f.exists? b = Java::byte[f.length].new dis = java.io.DataInputStream.new(java.io.FileInputStream.new(f)) dis.readFully(b) dis.close baos.write(b) else raise PkernelJce::Error, "File '#{f.absolute_path}' not found" end elsif not bin.nil? PkernelJce::GConf.instance.glog.debug "Load certificate from memory" bin = IoUtils.ensure_java_bytes(bin) baos.write(bin) else raise PkernelJce::Error, "No bin or file input is given to load" end inForm = options[:in_form] || options[:inForm] || options[:inform] if not inForm.nil? case inForm.to_sym when :b64, :base64 PkernelJce::GConf.instance.glog.debug "Loading b64 certificate" cbin = Pkernel::Converter.from_b64(baos.toByteArray) when :hex PkernelJce::GConf.instance.glog.debug "Loading hex certificate" cbin = Pkernel::Converter.from_hex(baos.toByteArray) when :bin PkernelJce::GConf.instance.glog.debug "Loading bin certificate" cbin = baos.toByteArray else PkernelJce::GConf.instance.glog.debug "Loading pem certificate" reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray))) if options[:multiple] obj = [] o = reader.readObject while(o != nil) obj << o o = reader.readObject end else obj = reader.readObject end end else PkernelJce::GConf.instance.glog.debug "Loading pem certificate (2)" reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray))) if options[:multiple] obj = [] o = reader.readObject while(o != nil) obj << o o = reader.readObject end else obj = reader.readObject end end if not cbin.nil? cf = java.security.cert.CertificateFactory.getInstance("X.509") if options[:multiple] obj = cf.generateCertificates(java.io.ByteArrayInputStream.new(baos.toByteArray)) else obj = cf.generateCertificate(java.io.ByteArrayInputStream.new(baos.toByteArray)) end end if not obj.nil? obj else raise PkernelJce::Error, "No valid certificate object loaded." end end
load_from_file(file, opts = { })
click to toggle source
end read_from
# File lib/pkernel_jce/certificate.rb, line 544 def load_from_file(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load(opts.merge({ file: file })) end
Also aliased as: load_from_file_pem
load_from_file_b64(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 575 def load_from_file_b64(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :b64 }) end
load_from_file_bin(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 623 def load_from_file_bin(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :bin }) end
load_from_file_hex(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 599 def load_from_file_hex(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :hex }) end
load_from_mem(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 551 def load_from_mem(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load(opts.merge({ bin: bin })) end
Also aliased as: load_from_mem_pem
load_from_mem_b64(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 580 def load_from_mem_b64(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :b64 }) end
load_from_mem_bin(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 628 def load_from_mem_bin(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :bin }) end
load_from_mem_hex(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 604 def load_from_mem_hex(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :hex }) end
load_multi_from_bin_bin(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 640 def load_multi_from_bin_bin(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :bin, multiple: true }) end
load_multi_from_file(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 559 def load_multi_from_file(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, multiple: true }) end
Also aliased as: load_multi_from_file_pem
load_multi_from_file_b64(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 587 def load_multi_from_file_b64(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :b64, multiple: true }) end
load_multi_from_file_bin(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 635 def load_multi_from_file_bin(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :bin, multiple: true }) end
load_multi_from_file_hex(file, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 611 def load_multi_from_file_hex(file, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ file: file, inForm: :hex, multiple: true }) end
load_multi_from_mem(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 566 def load_multi_from_mem(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, multiple: true }) end
Also aliased as: load_multi_from_bin_pem
load_multi_from_mem_b64(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 592 def load_multi_from_mem_b64(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :b64, multiple: true }) end
load_multi_from_mem_hex(bin, opts = { })
click to toggle source
# File lib/pkernel_jce/certificate.rb, line 616 def load_multi_from_mem_hex(bin, opts = { }) opts = { } if opts.nil? raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash) load({ bin: bin, inForm: :hex, multiple: true }) end
Private Instance Methods
calculate_validity(params, &block)
click to toggle source
all date must be in Ruby datetime object?
# File lib/pkernel_jce/certificate.rb, line 835 def calculate_validity(params, &block) validFrom = params[:validFrom] validTo = params[:validTo] validity = params[:validity] || 2 validityUnit = params[:validityUnit] || :years validity = validity.to_i if validFrom.nil? raise PkernelJce::Error, "Valid from has to be given." end if validFrom.is_a?(Time) #or validFrom.is_a?(DateTime) elsif validFrom.is_a?(DateTime) # this has to be converted because if using DateTime object # there will be error of 'nsec' not available exception validFrom = validFrom.to_time else raise PkernelJce::Error, "Invalid valid from date object type : '#{validFrom.class}'" end if validTo.nil? or validTo.empty? if (validity.nil?) and (validityUnit.nil?) raise PkernelJce::Error, "Valid until and validity period both are not defined." else validTo = validFrom.advance( validityUnit.to_sym => validity.to_i ) PkernelJce::GConf.instance.glog.debug "Validity unit : #{validityUnit}, validity : #{validity}, valid from : #{validFrom}, valid to : #{validTo}" if block # allow caller to check with issuer validity see if the valid to already surpass issuer's valid to #validTo = block.call(validFrom, validTo) validFrom, validTo = block.call(validFrom, validTo) end end elsif validTo.is_a?(Time) or validTo.is_a?(DateTime) else raise PkernelJce::Error, "Invalid valid to date object type : '#{validTo.class}'" end [validFrom, validTo] end