module PkernelJce::Certificate

Public Class Methods

ensure_bc_cert(cert) click to toggle source

end ensure_java_cert

# File lib/pkernel_jce/certificate.rb, line 701
def Certificate.ensure_bc_cert(cert)
  if cert.nil?
    raise PkernelJce::Error, "Certificate for conversion to bc is nil"
  else
    if cert.is_a?(Array)
      cert.map! do |c|
        case c
        when java.security.cert.Certificate
          c.to_bc_cert_holder
        when Java::OrgBouncycastleCert::X509CertificateHolder
          c
        else
          raise PkernelJce::Error, "Unknown certificate type '#{c.class}'"
        end
      end
      cert
    else
      case cert
      when java.security.cert.Certificate
        cert.to_bc_cert_holder
      when Java::OrgBouncycastleCert::X509CertificateHolder
        cert
      else
        raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'"
      end
    end
  end
end
ensure_java_cert(cert) click to toggle source

end is_issuer_cert?

# File lib/pkernel_jce/certificate.rb, line 684
def Certificate.ensure_java_cert(cert)
  if cert.nil?
    raise PkernelJce::Error, "Certificate for conversion to java is nil"
  else
    case cert
    when java.security.cert.Certificate
      cert
    when Java::OrgBouncycastleCert::X509CertificateHolder
      cert.to_java_cert
    else
      raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'"
    end
  end  
end
get_subject_fields(cert,fields) click to toggle source

Support fields key :cn, :e, :ou, :o, :c

# File lib/pkernel_jce/certificate.rb, line 782
def Certificate.get_subject_fields(cert,fields)
  if fields.is_a?(Array)
  else
    fields = [fields]
  end

  fields.map! { |f| f.to_s.upcase }

  res = { }
  if cert.nil?
    return ""
  else
    subj = Certificate.to_java_cert(cert).getSubjectDN.getName
    subj.split(",").each do |s|
      ss = s.split("=")
      if fields.include?(ss[0])
        key = ss[0].downcase.to_sym
        res[key] = []
        res[key] << ss[1]
      end 
    end
  end

  res
end
is_cert_object?(obj) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 749
def Certificate.is_cert_object?(obj)
  if obj.nil?
    false
  else
    case obj
    when java.security.cert.Certificate, Java::OrgBouncycastleCert::X509CertificateHolder, Java::OrgBouncycastleJcajceProviderAsymmetricX509::X509CertificateObject
      true
    else
      false
    end
  end
end
is_equal?(cert1,cert2) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 772
def Certificate.is_equal?(cert1,cert2)
  if not (Certificate.is_cert_object?(cert1) or Certificate.is_cert_object?(cert2))
    false
  else
    Certificate.ensure_java_cert(cert1).equals(Certificate.ensure_java_cert(cert2))
  end
end
is_ext_key_usage_set?(cert, eku) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 762
def Certificate.is_ext_key_usage_set?(cert, eku)
  raise PkernelJce::Error, "Certificate not given to check eku." if cert.nil?

  c = Certificate.to_bc_cert(cert)
  ext = c.getExtension(org.bouncycastle.asn1.x509.Extension.extendedKeyUsage)
  extKey = org.bouncycastle.asn1.x509.ExtendedKeyUsage.getInstance(ext.getParsedValue)
  
  extKey.hasKeyPurposeId(eku)
end
is_issuer_cert?(cert) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 674
def Certificate.is_issuer_cert?(cert)
  if cert.nil?
    false
  else
    cert = Certificate.ensure_java_cert(cert)
    (cert.getKeyUsage[5] and cert.getBasicConstraints != -1)
  end
end
is_self_signed?(cert) click to toggle source

if_self_signed?

# File lib/pkernel_jce/certificate.rb, line 661
def Certificate.is_self_signed?(cert) 
  if cert.nil?
    false
  else
    begin
      cert.verify(cert.public_key)
      true
    rescue Exception
      false
    end
  end
end
parse_into_fields(cert) click to toggle source

end get_subject_fields

# File lib/pkernel_jce/certificate.rb, line 809
def Certificate.parse_into_fields(cert)
  res = { }
  if not cert.nil?
    c = Certificate.to_java_cert(cert)
    res[:subject] = c.getSubjectDN.to_s
    res[:issuer] = c.getIssuerDN.to_s
    res[:serialNo] = c.serial_number
    res[:notBefore] = c.notBefore
    res[:notAfter] = c.notAfter
    res[:keyType] = Pkernel::KeyPair::pub_key_type(Certificate.public_key(c))
    #res[:keyUsage] =
    #res[:extKeyUsage] =
    #res[:subjKeyId] =
    #res[:authKeyId] =
    #res[:crl] =
    #res[:ocsp] =
    #res[:altName] =
  end

  res
end
public_key(cert) click to toggle source

end ensure_bc_cert

# File lib/pkernel_jce/certificate.rb, line 733
def Certificate.public_key(cert)
  if cert.nil?
    raise PkernelJce::Error, "Object pass to public_key on certificate is nil"
  end

  case cert
  when java.security.cert.Certificate
    cert.public_key
  when Java::OrgBouncycastleCert::X509CertificateHolder
    PkernelJce::KeyPair.public_key(cert.subject_public_key_info)
  else
    raise PkernelJce::Error, "Unknown certificate type '#{cert.class}'"
  end

end
to_binary(cert) click to toggle source

this is necessary because OpenSSL or Ruby not recognizing the .encoded method, unless patch all Certificate object in other realm with the .encoded method else this is the cleaner way to do it

# File lib/pkernel_jce/certificate.rb, line 651
def Certificate.to_binary(cert)
  if not cert.nil?
    cert
  else
    cert.encoded
  end
end

Public Instance Methods

dump(cert, params = {}) click to toggle source

end generate

# File lib/pkernel_jce/certificate.rb, line 322
def dump(cert, params = {})
  if cert.nil?
    raise PkernelJce::Error, "Certificate object to be written is nil"
  end
  
  file = params[:file]
  baos = java.io.ByteArrayOutputStream.new

  begin
    
    outForm = params[:out_form] || params[:outForm] || params[:outform]
    if outForm.nil?
  
      if not file.nil?
        PkernelJce::GConf.instance.glog.debug "[D] Dump certificate to file '#{file}'"
        writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
      else
        PkernelJce::GConf.instance.glog.debug "[D] Dump certificate to memory"
        writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
      end

      writer.writeObject(cert)
      
    else
      
      case outForm.to_sym
      when :b64, :base64
        res = PkernelJce::Converter.to_b64(cert.encoded)
        if not file.nil?
          fos = java.io.FileOutputStream.new(file)
          fos.write res
          fos.flush
          fos.close
        end
        baos.write(res.to_java.getBytes)
      when :hex
        res = PkernelJce::Converter.to_hex(cert.encoded)
        if not file.nil?
          fos = java.io.FileOutputStream.new(file)
          fos.write res
          fos.flush
          fos.close
        end
        baos.write(res.to_java.getBytes)
      when :bin
        res = cert.encoded
        if not file.nil?
          fos = java.io.FileOutputStream.new(file)
          fos.write res
          fos.flush
          fos.close
        end
        baos.write(res)
      else

        # this is default because openssl output this is the default
        if not file.nil?
          PkernelJce::GConf.instance.glog.debug "Dump PEM certificate to file '#{file}'"
          writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(java.io.FileOutputStream.new(file)))
        else
          PkernelJce::GConf.instance.glog.debug "Dump PEM certificate to memory"
          writer = org.bouncycastle.openssl.jcajce.JcaPEMWriter.new(java.io.OutputStreamWriter.new(baos))
        end

        writer.writeObject(cert)

      end
    end
  
  ensure
    if not writer.nil?
      writer.flush
      writer.close  
    end

    if not fos.nil?
      fos.flush
      fos.close
    end
  end 

  baos.toByteArray

end
dump_to_file(cert, path, opts = { }) click to toggle source

end dump

# File lib/pkernel_jce/certificate.rb, line 409
def dump_to_file(cert, path, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ file: path }))  
end
Also aliased as: dump_to_file_pem
dump_to_file_b64(cert, path, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 422
def dump_to_file_b64(cert, path, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ file: path, outForm: :b64 }))
end
dump_to_file_bin(cert, path, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 444
def dump_to_file_bin(cert, path, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ file: path, outForm: :bin }))
end
dump_to_file_hex(cert, path, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 433
def dump_to_file_hex(cert, path, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ file: path, outForm: :hex }))
end
dump_to_file_pem(cert, path, opts = { })
Alias for: dump_to_file
dump_to_mem(cert, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 415
def dump_to_mem(cert, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert)
end
Also aliased as: dump_to_mem_pem
dump_to_mem_b64(cert, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 427
def dump_to_mem_b64(cert, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ outForm: :b64 }))
end
dump_to_mem_bin(cert, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 449
def dump_to_mem_bin(cert, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ outForm: :bin }))
end
dump_to_mem_hex(cert, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 438
def dump_to_mem_hex(cert, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  dump(cert, opts.merge({ outForm: :hex }))
end
dump_to_mem_pem(cert, opts = { })
Alias for: dump_to_mem
generate(params = {}, &block) click to toggle source

end CertExtKeyUsage

# File lib/pkernel_jce/certificate.rb, line 100
def generate(params = {}, &block)

  raise PkernelJce::Error, "Block is required for certificate generation function" if block.nil?

  PkernelJce::GConf.instance.glog.debug "Certificate generate parameters: #{params.inspect}"
  owner = params[:owner]
  pubKey = params[:pubKey]
  serial = params[:serial]
  kProv = params[:keypair_provider] 
  cProv = params[:cert_provider]
  issuer = params[:issuer]
  matchIssuerValidity = params[:match_issuer_validity] || true
  
  warning = { }

  issuer = false if issuer.nil?

  pubKey = PkernelJce::KeyPair.public_key(pubKey)

  if cProv.nil?
    cProv = PkernelJce::Provider.add_provider(PkernelJce::Provider::DefProvider)
  else
    cProv = PkernelJce::Provider.add_provider(cProv)
  end

  if kProv.nil?
    kProv = PkernelJce::Provider.add_provider(PkernelJce::Provider::DefProvider)
  else
    kProv = PkernelJce::Provider.add_provider(kProv)
  end

  extUtils = org.bouncycastle.cert.bc.BcX509ExtensionUtils.new

  if serial.nil? or serial.empty?
    serial = block.call(:serial)
  end

  if serial.is_a?(java.math.BigInteger)
  else
    serial = java.math.BigInteger.new(serial,16)
  end

  signHash = block.call(:signHash)
  issuerKey = block.call(:issuerKey)
  issuerCert = block.call(:issuerCert)

  issuerKey = PkernelJce::KeyPair.private_key(issuerKey)
  if issuerKey.nil?
    raise PkernelJce::Error, "Issuer key cannot be nil"
  end

  signAlgo = PkernelJce::KeyPair.derive_signing_algo(issuerKey, signHash)
  signer = org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.new(signAlgo).setProvider(kProv).build(issuerKey)
  x500Name = owner.to_x500_subject
  
  if not issuerCert.nil?

    issuerCert = issuerCert.to_java_cert if issuerCert.java_kind_of?(org.bouncycastle.cert.X509CertificateHolder)
    
    validFrom, validTo = calculate_validity(params) do |from, to|
      if matchIssuerValidity
        
        PkernelJce::GConf.instance.glog.debug "Match issuer validity against issuer certificate is activated."
        PkernelJce::GConf.instance.glog.debug "Issuer Cert : #{issuerCert.subject_dn.to_s} / #{issuerCert.not_before} / #{issuerCert.not_after}"

        if from.to_java_date.before(issuerCert.not_before)
          PkernelJce::GConf.instance.glog.warn "Certificate valid from has adjusted to match issuer valid from: #{from} [User requested] / #{issuerCert.not_before} [Adjusted to issuer]"
          warning[:valid_from] = { }
          warning[:valid_from][:requested] = from

          from = issuerCert.not_before
          
          warning[:valid_from][:adjusted] = issuerCert.not_before
          warning[:valid_from][:reason] = "Certificate being issued cannot have validity start date before issuer's certificate validity start date."
          block.call(:warning, warning)

        end
        
        if to.to_java_date.after(issuerCert.not_after)
          PkernelJce::GConf.instance.glog.warn "Certificate valid to has adjusted to match issuer valid to: #{to} [User requested] / #{issuerCert.not_after} [Adjusted to issuer]"
          
          warning[:valid_to] = { }
          warning[:valid_to][:requested] = to

          to = issuerCert.not_after
          
          warning[:valid_to][:adjusted] = issuerCert.not_after
          warning[:valid_to][:reason] = "Certificate being issued cannot have validity end date after issuer's certificate validity end date."
          block.call(:warning, warning)
        end

        [from, to]
      else
        [from, to]
      end
    end

    certGen = org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.new(issuerCert, serial, validFrom, validTo, x500Name, pubKey)
    # generate authority key identifier
    certGen.addExtension(org.bouncycastle.asn1.x509.Extension::authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(issuerCert.getPublicKey.getEncoded)))
  else

    validFrom, validTo = calculate_validity(params)

    certGen = org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder.new(x500Name, serial, validFrom, validTo, x500Name, pubKey)
    # generate authority key identifier
    certGen.addExtension(org.bouncycastle.asn1.x509.Extension::authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(pubKey.getEncoded)))
  end

  keyUsage = block.call(:keyUsage)
  if issuer
    certGen.addExtension(org.bouncycastle.asn1.x509.Extension::basicConstraints, true, org.bouncycastle.asn1.x509.BasicConstraints.new(true))
    if not keyUsage.nil?
      if keyUsage.is_a?(Array)
        ku = 0
        keyUsage.each do |u|
          ku |= u
        end
      else
        ku = keyUsage
      end
      
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(ku))
    else
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(KeyUsage::DEF_ISSUER))
    end
  else
    if not keyUsage.nil?
      if keyUsage.is_a?(Array)
        ku = 0
        keyUsage.each do |u|
          ku |= u
        end
      else
        ku = keyUsage
      end
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(ku))
    else
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::keyUsage, false, org.bouncycastle.asn1.x509.KeyUsage.new(KeyUsage::DEF_USER_IDENTITY))
    end
  end

  extKeyUsage = block.call(:extKeyUsage)
  if not extKeyUsage.nil?
    if extKeyUsage.is_a?(Hash)
      # allow user to give eku -> true/false
      # Since timestamping required this extension to be true, not sure others
      extKeyUsage.each do |k,v|
        certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, v, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new(k))
      end
    elsif extKeyUsage.is_a?(Array)
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, false, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new(extKeyUsage.to_vector))
    else
      certGen.addExtension(org.bouncycastle.asn1.x509.Extension::extendedKeyUsage, false, org.bouncycastle.asn1.x509.ExtendedKeyUsage.new([extKeyUsage].to_vector))
    end
  end       

  #
  # handle alternative name
  #
  altName = []
  if owner.emails.length > 0
    owner.emails.each do |e|
      altName << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::rfc822Name,e)
    end
  end

  owner.dns_names.each do |n|
    altName << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::dNSName,n)
  end

  if altName.length > 0
    certGen.addExtension(org.bouncycastle.asn1.x509.Extension::subjectAlternativeName, false, org.bouncycastle.asn1.x509.GeneralNames.new(altName.to_java(org.bouncycastle.asn1.x509.GeneralName)) )
  end
  #
  # Done alternative name
  #

  #
  # handle CRL distribution point
  #
  crl = block.call(:crls)
  if not crl.nil?
    crls = []
    if crl.is_a?(Array)
      crl.each do |c|
        crls << org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier, org.bouncycastle.asn1.DERIA5String.new(c));
      end
      gns = org.bouncycastle.asn1.x509.GeneralNames.new(crls.to_java(org.bouncycastle.asn1.x509.GeneralName));
    else
      gn = org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName::uniformResourceIdentifier, org.bouncycastle.asn1.DERIA5String.new(crl));
      gns = org.bouncycastle.asn1.x509.GeneralNames.new(gn);
    end
    
    dpn = org.bouncycastle.asn1.x509.DistributionPointName.new(gns);
    dp =  org.bouncycastle.asn1.x509.DistributionPoint.new(dpn,nil,nil);
    certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions::CRLDistributionPoints,false,org.bouncycastle.asn1.DERSequence.new(dp));      
  end
  # done adding CRL distribution point


  #
  # handle OCSP
  #
  ocsp = block.call(:ocsp)
  if not ocsp.nil? and not ocsp.empty?
    ocspName = org.bouncycastle.asn1.x509.GeneralName.new(org.bouncycastle.asn1.x509.GeneralName.uniformResourceIdentifier, ocsp);
    authorityInformationAccess = org.bouncycastle.asn1.x509.AuthorityInformationAccess.new(org.bouncycastle.asn1.x509.X509ObjectIdentifiers.ocspAccessMethod, ocspName);
    certGen.addExtension(org.bouncycastle.asn1.x509.X509Extensions::AuthorityInfoAccess, false, authorityInformationAccess);                                
  end
  # done OCSP

  # Let's generate subject key ID as default...
  certGen.addExtension(org.bouncycastle.asn1.x509.Extension::subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getInstance(pubKey.getEncoded)))

  cert = org.bouncycastle.cert.jcajce.JcaX509CertificateConverter.new().setProvider(cProv).getCertificate(certGen.build(signer))
  
  cert

end
load(options = {}) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 456
def load(options = {})
 
  file = options[:file]
  bin = options[:bin]
  baos = java.io.ByteArrayOutputStream.new

  if not file.nil? and not file.empty?
    PkernelJce::GConf.instance.glog.debug "Load certificate from #{file}"
    f = java.io.File.new(file)
    if f.exists?
      b = Java::byte[f.length].new
      dis = java.io.DataInputStream.new(java.io.FileInputStream.new(f))
      dis.readFully(b)
      dis.close

      baos.write(b)
    else 
      raise PkernelJce::Error, "File '#{f.absolute_path}' not found"
    end

  elsif not bin.nil?
    PkernelJce::GConf.instance.glog.debug "Load certificate from memory"
    bin = IoUtils.ensure_java_bytes(bin)
    baos.write(bin)
  else
    raise PkernelJce::Error, "No bin or file input is given to load"
  end

  inForm = options[:in_form] || options[:inForm] || options[:inform]
  if not inForm.nil?
    case inForm.to_sym
    when :b64, :base64
      PkernelJce::GConf.instance.glog.debug "Loading b64 certificate"
      cbin = Pkernel::Converter.from_b64(baos.toByteArray)
    when :hex
      PkernelJce::GConf.instance.glog.debug "Loading hex certificate"
      cbin = Pkernel::Converter.from_hex(baos.toByteArray)
    when :bin
      PkernelJce::GConf.instance.glog.debug "Loading bin certificate"
      cbin = baos.toByteArray
    else
      PkernelJce::GConf.instance.glog.debug "Loading pem certificate"
      reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray)))
      if options[:multiple]
        obj = []
        o = reader.readObject
        while(o != nil)
          obj << o
          o = reader.readObject
        end
      else
        obj = reader.readObject
      end
    end
  
  else
    PkernelJce::GConf.instance.glog.debug "Loading pem certificate (2)"
    reader = org.bouncycastle.openssl.PEMParser.new(java.io.InputStreamReader.new(java.io.ByteArrayInputStream.new(baos.toByteArray)))
    if options[:multiple]
      obj = []
      o = reader.readObject
      while(o != nil)
        obj << o
        o = reader.readObject
      end
    else
      obj = reader.readObject
    end
  end

  if not cbin.nil?
    cf = java.security.cert.CertificateFactory.getInstance("X.509")
    if options[:multiple]
      obj = cf.generateCertificates(java.io.ByteArrayInputStream.new(baos.toByteArray))
    else
      obj = cf.generateCertificate(java.io.ByteArrayInputStream.new(baos.toByteArray))
    end
  end

  if not obj.nil?
    obj
  else
    raise PkernelJce::Error, "No valid certificate object loaded."
  end

end
load_from_file(file, opts = { }) click to toggle source

end read_from

# File lib/pkernel_jce/certificate.rb, line 544
def load_from_file(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ file: file }))   
end
Also aliased as: load_from_file_pem
load_from_file_b64(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 575
def load_from_file_b64(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :b64 })   
end
load_from_file_bin(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 623
def load_from_file_bin(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :bin })   
end
load_from_file_hex(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 599
def load_from_file_hex(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :hex })   
end
load_from_file_pem(file, opts = { })
Alias for: load_from_file
load_from_mem(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 551
def load_from_mem(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load(opts.merge({ bin: bin }))   
end
Also aliased as: load_from_mem_pem
load_from_mem_b64(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 580
def load_from_mem_b64(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :b64 })   
end
load_from_mem_bin(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 628
def load_from_mem_bin(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :bin })   
end
load_from_mem_hex(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 604
def load_from_mem_hex(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :hex })   
end
load_from_mem_pem(bin, opts = { })
Alias for: load_from_mem
load_multi_from_bin_bin(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 640
def load_multi_from_bin_bin(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :bin, multiple: true })   
end
load_multi_from_bin_pem(bin, opts = { })
Alias for: load_multi_from_mem
load_multi_from_file(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 559
def load_multi_from_file(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, multiple: true })   
end
Also aliased as: load_multi_from_file_pem
load_multi_from_file_b64(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 587
def load_multi_from_file_b64(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :b64, multiple: true })   
end
load_multi_from_file_bin(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 635
def load_multi_from_file_bin(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :bin, multiple: true })   
end
load_multi_from_file_hex(file, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 611
def load_multi_from_file_hex(file, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ file: file, inForm: :hex, multiple: true })   
end
load_multi_from_file_pem(file, opts = { })
load_multi_from_mem(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 566
def load_multi_from_mem(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, multiple: true })   
end
Also aliased as: load_multi_from_bin_pem
load_multi_from_mem_b64(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 592
def load_multi_from_mem_b64(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :b64, multiple: true })   
end
load_multi_from_mem_hex(bin, opts = { }) click to toggle source
# File lib/pkernel_jce/certificate.rb, line 616
def load_multi_from_mem_hex(bin, opts = { })
  opts = { } if opts.nil?
  raise PkernelJce::Error, "Options should be a hash" if not opts.is_a?(Hash)
  load({ bin: bin, inForm: :hex, multiple: true })   
end

Private Instance Methods

calculate_validity(params, &block) click to toggle source

all date must be in Ruby datetime object?

# File lib/pkernel_jce/certificate.rb, line 835
def calculate_validity(params, &block)
  validFrom = params[:validFrom]
  validTo = params[:validTo]
  validity = params[:validity] || 2
  validityUnit = params[:validityUnit] || :years

  validity = validity.to_i

  if validFrom.nil?
    raise PkernelJce::Error, "Valid from has to be given."
  end

  if validFrom.is_a?(Time) #or validFrom.is_a?(DateTime)
  elsif validFrom.is_a?(DateTime)
    # this has to be converted because if using DateTime object
    # there will be error of 'nsec' not available exception
    validFrom = validFrom.to_time
  else
    raise PkernelJce::Error, "Invalid valid from date object type : '#{validFrom.class}'"
  end 

  if validTo.nil? or validTo.empty?
    if (validity.nil?) and (validityUnit.nil?)
      raise PkernelJce::Error, "Valid until and validity period both are not defined."
    else
      validTo = validFrom.advance( validityUnit.to_sym => validity.to_i )
      PkernelJce::GConf.instance.glog.debug "Validity unit : #{validityUnit}, validity : #{validity}, valid from : #{validFrom}, valid to : #{validTo}" 
      if block
        # allow caller to check with issuer validity see if the valid to already surpass issuer's valid to
        #validTo = block.call(validFrom, validTo)
        validFrom, validTo = block.call(validFrom, validTo)
      end
    end
  elsif validTo.is_a?(Time) or validTo.is_a?(DateTime)
  else
    raise PkernelJce::Error, "Invalid valid to date object type : '#{validTo.class}'"
  end

  [validFrom, validTo]

end