vendor/certificate_authority/lib/certificate_authority/distinguished_name.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

module CertificateAuthority
  class DistinguishedName
    include ActiveModel::Validations

    validates_presence_of :common_name

    attr_accessor :common_name
    alias :cn :common_name
    alias :cn= :common_name=

    attr_accessor :locality
    alias :l :locality
    alias :l= :locality=

    attr_accessor :state
    alias :s :state
    alias :st= :state=

    attr_accessor :country
    alias :c :country
    alias :c= :country=

    attr_accessor :organization
    alias :o :organization
    alias :o= :organization=

    attr_accessor :organizational_unit
    alias :ou :organizational_unit
    alias :ou= :organizational_unit=

    attr_accessor :email_address
    alias :emailAddress :email_address
    alias :emailAddress= :email_address=

    def to_x509_name
      raise "Invalid Distinguished Name" unless valid?

      # NB: the capitalization in the strings counts
      name = OpenSSL::X509::Name.new
      name.add_entry("C", country) unless country.blank?
      name.add_entry("ST", state) unless state.blank?
      name.add_entry("L", locality) unless locality.blank?
      name.add_entry("O", organization) unless organization.blank?
      name.add_entry("OU", organizational_unit) unless organizational_unit.blank?
      name.add_entry("CN", common_name)
      name.add_entry("emailAddress", email_address) unless email_address.blank?
      name
    end

    def ==(other)
      # Use the established OpenSSL comparison
      self.to_x509_name() == other.to_x509_name()
    end

    def self.from_openssl openssl_name
      unless openssl_name.is_a? OpenSSL::X509::Name
        raise "Argument must be a OpenSSL::X509::Name"
      end

      WrappedDistinguishedName.new(openssl_name)
    end
  end

  ## This is a significantly more complicated case. It's possible that
  ## generically handled certificates will include custom OIDs in the
  ## subject.
  class WrappedDistinguishedName < DistinguishedName
    attr_accessor :x509_name

    def initialize(x509_name)
      @x509_name = x509_name

      subject = @x509_name.to_a
      subject.each do |element|
        field = element[0].downcase
        value = element[1]
        #type = element[2] ## -not used
        method_sym = "#{field}=".to_sym
        if self.respond_to?(method_sym)
          self.send("#{field}=",value)
        else
          ## Custom OID
          @custom_oids = true
        end
      end

    end

    def to_x509_name
      @x509_name
    end

    def custom_oids?
      @custom_oids
    end
  end
end