In Files
- openssl/ossl_ns_spki.c
Parent
Object
Class/Module Index
![[+]](../../images/find.png "show/hide quicksearch")
- IO
- IO::WaitReadable
- IO::WaitWritable
- Integer
- OpenSSL
- OpenSSL::ASN1
- OpenSSL::ASN1::ASN1Data
- OpenSSL::ASN1::ASN1Error
- OpenSSL::ASN1::Constructive
- OpenSSL::ASN1::ObjectId
- OpenSSL::ASN1::Primitive
- OpenSSL::BN
- OpenSSL::BNError
- OpenSSL::Buffering
- OpenSSL::Buffering::Buffer
- OpenSSL::Cipher
- OpenSSL::Cipher::Cipher
- OpenSSL::Cipher::CipherError
- OpenSSL::Config
- OpenSSL::ConfigError
- OpenSSL::Digest
- OpenSSL::Digest::DigestError
- OpenSSL::Engine
- OpenSSL::Engine::EngineError
- OpenSSL::ExtConfig
- OpenSSL::HMAC
- OpenSSL::HMACError
- OpenSSL::KDF
- OpenSSL::KDF::KDFError
- OpenSSL::Netscape
- OpenSSL::Netscape::SPKI
- OpenSSL::Netscape::SPKIError
- OpenSSL::OCSP
- OpenSSL::OCSP::BasicResponse
- OpenSSL::OCSP::CertificateId
- OpenSSL::OCSP::OCSPError
- OpenSSL::OCSP::Request
- OpenSSL::OCSP::Response
- OpenSSL::OCSP::SingleResponse
- OpenSSL::OpenSSLError
- OpenSSL::PKCS12
- OpenSSL::PKCS12::PKCS12Error
- OpenSSL::PKCS5
- OpenSSL::PKCS7
- OpenSSL::PKCS7::PKCS7Error
- OpenSSL::PKCS7::RecipientInfo
- OpenSSL::PKCS7::SignerInfo
- OpenSSL::PKey
- OpenSSL::PKey::DH
- OpenSSL::PKey::DHError
- OpenSSL::PKey::DSA
- OpenSSL::PKey::DSAError
- OpenSSL::PKey::EC
- OpenSSL::PKey::EC::Group
- OpenSSL::PKey::EC::Group::Error
- OpenSSL::PKey::EC::Point
- OpenSSL::PKey::EC::Point::Error
- OpenSSL::PKey::ECError
- OpenSSL::PKey::PKey
- OpenSSL::PKey::PKeyError
- OpenSSL::PKey::RSA
- OpenSSL::PKey::RSAError
- OpenSSL::Random
- OpenSSL::Random::RandomError
- OpenSSL::SSL
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLError
- OpenSSL::SSL::SSLErrorWaitReadable
- OpenSSL::SSL::SSLErrorWaitWritable
- OpenSSL::SSL::SSLServer
- OpenSSL::SSL::SSLSocket
- OpenSSL::SSL::Session
- OpenSSL::SSL::Session::SessionError
- OpenSSL::SSL::SocketForwarder
- OpenSSL::Timestamp
- OpenSSL::Timestamp::Factory
- OpenSSL::Timestamp::Request
- OpenSSL::Timestamp::Response
- OpenSSL::Timestamp::TimestampError
- OpenSSL::Timestamp::TokenInfo
- OpenSSL::X509
- OpenSSL::X509::Attribute
- OpenSSL::X509::AttributeError
- OpenSSL::X509::CRL
- OpenSSL::X509::CRLError
- OpenSSL::X509::Certificate
- OpenSSL::X509::CertificateError
- OpenSSL::X509::Extension
- OpenSSL::X509::Extension::AuthorityInfoAccess
- OpenSSL::X509::Extension::AuthorityKeyIdentifier
- OpenSSL::X509::Extension::CRLDistributionPoints
- OpenSSL::X509::Extension::Helpers
- OpenSSL::X509::Extension::SubjectKeyIdentifier
- OpenSSL::X509::ExtensionError
- OpenSSL::X509::ExtensionFactory
- OpenSSL::X509::Marshal
- OpenSSL::X509::Marshal::ClassMethods
- OpenSSL::X509::Name
- OpenSSL::X509::Name::RFC2253DN
- OpenSSL::X509::NameError
- OpenSSL::X509::Request
- OpenSSL::X509::RequestError
- OpenSSL::X509::Revoked
- OpenSSL::X509::RevokedError
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
- OpenSSL::X509::StoreError
- unknown
OpenSSL::Netscape::SPKI
A Simple Public Key Infrastructure implementation (pronounced "spooky"). The structure is defined as
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING
}
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}
where the definitions of SubjectPublicKeyInfo and AlgorithmIdentifier can be found in RFC5280. SPKI is typically used in browsers for generating a public/private key pair and a subsequent certificate request, using the HTML <keygen> element.
Examples¶ ↑
Creating an SPKI¶ ↑
key = OpenSSL::PKey::RSA.new 2048 spki = OpenSSL::Netscape::SPKI.new spki.challenge = "RandomChallenge" spki.public_key = key.public_key spki.sign(key, OpenSSL::Digest::SHA256.new) #send a request containing this to a server generating a certificate
Verifying an SPKI request¶ ↑
request = #... spki = OpenSSL::Netscape::SPKI.new request unless spki.verify(spki.public_key) # signature is invalid end #proceed
Public Class Methods
new([request]) => spki
click to toggle source
Parameters¶ ↑
-
request - optional raw request, either in PEM or DER format.
static VALUE
ossl_spki_initialize(int argc, VALUE *argv, VALUE self)
{
NETSCAPE_SPKI *spki;
VALUE buffer;
const unsigned char *p;
if (rb_scan_args(argc, argv, "01", &buffer) == 0) {
return self;
}
StringValue(buffer);
if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), RSTRING_LENINT(buffer)))) {
ossl_clear_error();
p = (unsigned char *)RSTRING_PTR(buffer);
if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) {
ossl_raise(eSPKIError, NULL);
}
}
NETSCAPE_SPKI_free(DATA_PTR(self));
SetSPKI(self, spki);
return self;
}
Public Instance Methods
challenge => string
click to toggle source
Returns the challenge string associated with this SPKI.
static VALUE
ossl_spki_get_challenge(VALUE self)
{
NETSCAPE_SPKI *spki;
GetSPKI(self, spki);
if (spki->spkac->challenge->length <= 0) {
OSSL_Debug("Challenge.length <= 0?");
return rb_str_new(0, 0);
}
return rb_str_new((const char *)spki->spkac->challenge->data,
spki->spkac->challenge->length);
}
challenge = str => string
click to toggle source
Parameters¶ ↑
-
str - the challenge string to be set for this instance
Sets the challenge to be associated with the SPKI. May be used by the server, e.g. to prevent replay.
static VALUE
ossl_spki_set_challenge(VALUE self, VALUE str)
{
NETSCAPE_SPKI *spki;
StringValue(str);
GetSPKI(self, spki);
if (!ASN1_STRING_set(spki->spkac->challenge, RSTRING_PTR(str),
RSTRING_LENINT(str))) {
ossl_raise(eSPKIError, NULL);
}
return str;
}
public_key => pkey
click to toggle source
Returns the public key associated with the SPKI, an instance of OpenSSL::PKey.
static VALUE
ossl_spki_get_public_key(VALUE self)
{
NETSCAPE_SPKI *spki;
EVP_PKEY *pkey;
GetSPKI(self, spki);
if (!(pkey = NETSCAPE_SPKI_get_pubkey(spki))) { /* adds an reference */
ossl_raise(eSPKIError, NULL);
}
return ossl_pkey_new(pkey); /* NO DUP - OK */
}
public_key = pub => pkey
click to toggle source
Parameters¶ ↑
-
pub - the public key to be set for this instance
Sets the public key to be associated with the SPKI, an instance of OpenSSL::PKey. This should be the public key corresponding to the private key used for signing the SPKI.
static VALUE
ossl_spki_set_public_key(VALUE self, VALUE key)
{
NETSCAPE_SPKI *spki;
EVP_PKEY *pkey;
GetSPKI(self, spki);
pkey = GetPKeyPtr(key);
ossl_pkey_check_public_key(pkey);
if (!NETSCAPE_SPKI_set_pubkey(spki, pkey))
ossl_raise(eSPKIError, "NETSCAPE_SPKI_set_pubkey");
return key;
}
sign(key, digest) => spki
click to toggle source
Parameters¶ ↑
-
key - the private key to be used for signing this instance
-
digest - the digest to be used for signing this instance
To sign an SPKI, the private key corresponding to the public key set for this instance should be used, in addition to a digest algorithm in the form of an OpenSSL::Digest. The private key should be an instance of OpenSSL::PKey.
static VALUE
ossl_spki_sign(VALUE self, VALUE key, VALUE digest)
{
NETSCAPE_SPKI *spki;
EVP_PKEY *pkey;
const EVP_MD *md;
pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */
md = ossl_evp_get_digestbyname(digest);
GetSPKI(self, spki);
if (!NETSCAPE_SPKI_sign(spki, pkey, md)) {
ossl_raise(eSPKIError, NULL);
}
return self;
}
to_der => DER-encoded string
click to toggle source
Returns the DER encoding of this SPKI.
static VALUE
ossl_spki_to_der(VALUE self)
{
NETSCAPE_SPKI *spki;
VALUE str;
long len;
unsigned char *p;
GetSPKI(self, spki);
if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0)
ossl_raise(eX509CertError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if (i2d_NETSCAPE_SPKI(spki, &p) <= 0)
ossl_raise(eX509CertError, NULL);
ossl_str_adjust(str, p);
return str;
}
to_pem => PEM-encoded string
click to toggle source
Returns the PEM encoding of this SPKI.
static VALUE
ossl_spki_to_pem(VALUE self)
{
NETSCAPE_SPKI *spki;
char *data;
VALUE str;
GetSPKI(self, spki);
if (!(data = NETSCAPE_SPKI_b64_encode(spki))) {
ossl_raise(eSPKIError, NULL);
}
str = ossl_buf2str(data, rb_long2int(strlen(data)));
return str;
}
Also aliased as: to_s
to_text => string
click to toggle source
Returns a textual representation of this SPKI, useful for debugging purposes.
static VALUE
ossl_spki_print(VALUE self)
{
NETSCAPE_SPKI *spki;
BIO *out;
GetSPKI(self, spki);
if (!(out = BIO_new(BIO_s_mem()))) {
ossl_raise(eSPKIError, NULL);
}
if (!NETSCAPE_SPKI_print(out, spki)) {
BIO_free(out);
ossl_raise(eSPKIError, NULL);
}
return ossl_membio2str(out);
}
verify(key) => boolean
click to toggle source
Parameters¶ ↑
-
key - the public key to be used for verifying the SPKI signature
Returns true if the signature is valid, false
otherwise. To verify an SPKI, the public key
contained within the SPKI should be used.
static VALUE
ossl_spki_verify(VALUE self, VALUE key)
{
NETSCAPE_SPKI *spki;
EVP_PKEY *pkey;
GetSPKI(self, spki);
pkey = GetPKeyPtr(key);
ossl_pkey_check_public_key(pkey);
switch (NETSCAPE_SPKI_verify(spki, pkey)) {
case 0:
ossl_clear_error();
return Qfalse;
case 1:
return Qtrue;
default:
ossl_raise(eSPKIError, "NETSCAPE_SPKI_verify");
}
}