模組 OpenSSL::X509::Extension::CRLDistributionPoints

公開實例方法

crl_uris() 按一下以切換來源

從憑證的 CRL 分發點擴充功能取得 distributionPoint fullName URI,如 RFC5280 第 4.2.1.13 節所述

傳回字串陣列或 nil 或引發 ASN1::ASN1Error

# File openssl/lib/openssl/x509.rb, line 129
def crl_uris
  ext = find_extension("crlDistributionPoints")
  return nil if ext.nil?

  cdp_asn1 = ASN1.decode(ext.value_der)
  if cdp_asn1.tag_class != :UNIVERSAL || cdp_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  crl_uris = cdp_asn1.map do |crl_distribution_point|
    distribution_point = crl_distribution_point.value.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name = distribution_point&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 6 # uniformResourceIdentifier
    end
  end

  crl_uris&.map(&:value)
end