module OpenSSL::X509::Extension::AuthorityInfoAccess

Public Instance Methods

ca_issuer_uris() click to toggle source

Get the information and services for the issuer from the certificate’s authority information access extension exteension, as described in RFC5280 Section 4.2.2.1.

Returns an array of strings or nil or raises ASN1::ASN1Error.

# File openssl/lib/openssl/x509.rb, line 162
def ca_issuer_uris
  aia_asn1 = parse_aia_asn1
  return nil if aia_asn1.nil?

  ca_issuer = aia_asn1.value.select do |authority_info_access|
    authority_info_access.value.first.value == "caIssuers"
  end

  ca_issuer&.map(&:value)&.map(&:last)&.map(&:value)
end

ocsp_uris() click to toggle source

Get the URIs for OCSP from the certificate’s authority information access extension exteension, as described in RFC5280 Section 4.2.2.1.

Returns an array of strings or nil or raises ASN1::ASN1Error.

# File openssl/lib/openssl/x509.rb, line 177
def ocsp_uris
  aia_asn1 = parse_aia_asn1
  return nil if aia_asn1.nil?

  ocsp = aia_asn1.value.select do |authority_info_access|
    authority_info_access.value.first.value == "OCSP"
  end

  ocsp&.map(&:value)&.map(&:last)&.map(&:value)
end

Private Instance Methods

parse_aia_asn1() click to toggle source

# File openssl/lib/openssl/x509.rb, line 190
def parse_aia_asn1
  ext = find_extension("authorityInfoAccess")
  return nil if ext.nil?

  aia_asn1 = ASN1.decode(ext.value_der)
  if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  aia_asn1
end