12345678910111213141516171819202122232425262728293031323334 |
- class Certificate::X509::SSL < Certificate::X509
- def applicable?
- return true if ca?
-
- return false if !extensions_as_hash.fetch('keyUsage', ['Digital Signature']).intersect?(['Digital Signature', 'Certificate Sign'])
- tls_web_server_authentication? || tls_web_client_authentication?
- end
- def valid_ssl_certificate!
- return if applicable? && usable?
- message = __('The certificate is not valid for SSL usage. Please check e.g. the validity period or the extensions.')
- Rails.logger.error { "Certificate::X509::SSL: #{message}" }
- Rails.logger.error { "Certificate::X509::SSL:\n #{to_text}" }
- raise Exceptions::UnprocessableEntity, message
- end
- private
- def tls_web_client_authentication?
- extensions_as_hash.fetch('extendedKeyUsage', ['TLS Web Client Authentication']).include?('TLS Web Client Authentication')
- end
- def tls_web_server_authentication?
- extensions_as_hash.fetch('extendedKeyUsage', ['TLS Web Server Authentication']).include?('TLS Web Server Authentication')
- end
- end
|