class TPM::AIKCertificate
Section 3.2 in www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
Constants
- ASN_V3
- EMPTY_NAME
- OID_TCG
- OID_TCG_AT_TPM_MANUFACTURER
- OID_TCG_AT_TPM_MODEL
- OID_TCG_AT_TPM_VERSION
- OID_TCG_KP_AIK_CERTIFICATE
- SAN_DIRECTORY_NAME
Public Class Methods
from_der(certificate_der)
click to toggle source
# File lib/tpm/aik_certificate.rb, line 19 def self.from_der(certificate_der) new(OpenSSL::X509::Certificate.new(certificate_der)) end
Public Instance Methods
conformant?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 23 def conformant? in_use? && valid_version? && valid_extended_key_usage? && valid_basic_constraints? && empty_subject? && valid_subject_alternative_name? end
Private Instance Methods
empty_subject?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 56 def empty_subject? subject.eql?(EMPTY_NAME) end
extension(oid)
click to toggle source
# File lib/tpm/aik_certificate.rb, line 70 def extension(oid) extensions.detect { |ext| ext.oid == oid } end
in_use?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 34 def in_use? now = Time.now not_before < now && now < not_after end
san_extension()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 108 def san_extension extension("subjectAltName") end
san_name()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 92 def san_name if san_extension san_asn1 = OpenSSL::ASN1.decode(san_extension).find do |val| val.tag_class == :UNIVERSAL && val.tag == OpenSSL::ASN1::OCTET_STRING end directory_name = OpenSSL::ASN1.decode(san_asn1.value).find do |val| val.tag_class == :CONTEXT_SPECIFIC && val.tag == SAN_DIRECTORY_NAME end OpenSSL::X509::Name.new(directory_name.value.first).to_a end end
tpm_manufacturer()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 74 def tpm_manufacturer if san_name san_name.assoc(OID_TCG_AT_TPM_MANUFACTURER).at(1) end end
tpm_model()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 80 def tpm_model if san_name san_name.assoc(OID_TCG_AT_TPM_MODEL).at(1) end end
tpm_version()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 86 def tpm_version if san_name san_name.assoc(OID_TCG_AT_TPM_VERSION).at(1) end end
valid_basic_constraints?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 44 def valid_basic_constraints? basic_constraints = extension("basicConstraints") basic_constraints && basic_constraints.value == "CA:FALSE" && basic_constraints.critical? end
valid_extended_key_usage?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 50 def valid_extended_key_usage? extended_key_usage = extension("extendedKeyUsage") extended_key_usage && extended_key_usage.value == OID_TCG_KP_AIK_CERTIFICATE && !extended_key_usage.critical? end
valid_subject_alternative_name?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 60 def valid_subject_alternative_name? if san_extension san_extension.critical? && !tpm_manufacturer.empty? && TPM::VENDOR_IDS[tpm_manufacturer] && !tpm_model.empty? && !tpm_version.empty? end end
valid_version?()
click to toggle source
# File lib/tpm/aik_certificate.rb, line 40 def valid_version? version == ASN_V3 end