x509.rb 1.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class Certificate::X509 < OpenSSL::X509::Certificate
  3. attr_reader :fingerprint
  4. def initialize(cert)
  5. super(cert.gsub(%r{(?:TRUSTED\s)?(CERTIFICATE---)}, '\1'))
  6. @fingerprint = OpenSSL::Digest.new('SHA1', to_der).to_s
  7. end
  8. def extensions_as_hash
  9. extensions.each_with_object({}) do |ext, hash|
  10. hash[ext.oid] = ext.value.split(',').map(&:strip)
  11. end
  12. end
  13. def ca?
  14. extensions_as_hash.fetch('basicConstraints', '').include?('CA:TRUE')
  15. end
  16. def effective?
  17. Time.zone.now >= not_before
  18. end
  19. def expired?
  20. Time.zone.now > not_after
  21. end
  22. def usable?
  23. effective? && !expired?
  24. end
  25. def signature?
  26. extensions_as_hash.fetch('keyUsage', ['Digital Signature']).include?('Digital Signature')
  27. end
  28. def encryption?
  29. extensions_as_hash.fetch('keyUsage', ['Key Encipherment']).include?('Key Encipherment')
  30. end
  31. def key_match?(pem, secret)
  32. key = OpenSSL::PKey.read(pem, secret)
  33. key.compare?(public_key)
  34. end
  35. end