OpenSSL::Netscape::SPKI
家长:对象(Parent:Object)
简单的公钥基础设施实现(发音为“spookey”)。结构被定义为
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING
}
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING
}其中 SubjectPublicKeyInfo 和 AlgorithmIdentifier 的定义可以在 RFC5280中找到。SPKI 通常用于浏览器,用于使用 HTML <keygen>元素生成公钥/私钥对和后续证书请求。
示例
创建一个 SPKI
key = OpenSSL::PKey::RSA.new 2048
spki = OpenSSL::Netscape::SPKI.new
spki.challenge = "RandomChallenge"
spki.public_key = key.public_key
spki.sign(key, OpenSSL::Digest::SHA256.new)
#send a request containing this to a server generating a certificate验证 SPKI 请求
request = #...
spki = OpenSSL::Netscape::SPKI.new request
unless spki.verify(spki.public_key)
# signature is invalid
end
#proceed公共类方法
新(请求)new(request) →Spk i显示源
参数
request- optional raw request, either in PEM or DER format.static VALUE ossl_spki_initialize(int argc, VALUE *argv, VALUE self) { NETSCAPE_SPKI *spki; VALUE buffer; const unsigned char *p; if (rb_scan_args(argc, argv, "01", &buffer) == 0) { return self; } StringValue(buffer); if (!(spki = NETSCAPE_SPKI_b64_decode(RSTRING_PTR(buffer), RSTRING_LENINT(buffer)))) { ossl_clear_error(); p = (unsigned char *)RSTRING_PTR(buffer); if (!(spki = d2i_NETSCAPE_SPKI(NULL, &p, RSTRING_LEN(buffer)))) { ossl_raise(eSPKIError, NULL); } } NETSCAPE_SPKI_free(DATA_PTR(self)); SetSPKI(self, spki); return self; }Public Instance Methods challenge → string Show source Returns the challenge string associated with this SPKI.static VALUE ossl_spki_get_challenge(VALUE self) { NETSCAPE_SPKI *spki; GetSPKI(self, spki); if (spki->spkac->challenge->length <= 0) { OSSL_Debug("Challenge.length <= 0?"); return rb_str_new(0, 0); } return rb_str_new((const char *)spki->spkac->challenge->data, spki->spkac->challenge->length); } challenge = str → string Show source Parameters
str- 为此实例设置的质询字符串
设置与 SPKI 相关联的挑战。可以由服务器使用,例如防止重播。
static VALUE
ossl_spki_set_challenge(VALUE self, VALUE str)
{
NETSCAPE_SPKI *spki;
StringValue(str);
GetSPKI(self, spki);
if (!ASN1_STRING_set(spki->spkac->challenge, RSTRING_PTR(str),
RSTRING_LENINT(str))) {
ossl_raise(eSPKIError, NULL);
}
return str;
}public_key→pkey 显示源文件
返回与 SPKI 相关联的公钥,OpenSSL :: PKey 的一个实例。
static VALUE
ossl_spki_get_public_key(VALUE self)
{
NETSCAPE_SPKI *spki;
EVP_PKEY *pkey;
GetSPKI(self, spki);
if (!(pkey = NETSCAPE_SPKI_get_pubkey(spki))) { /* adds an reference */
ossl_raise(eSPKIError, NULL);
}
return ossl_pkey_new(pkey); /* NO DUP - OK */
}public_key = pub→pkey 显示源文件
参数
pub- 为此实例设置的公钥将公钥与SPKI(OpenSSL :: PKey的一个实例)关联。这应该是与用于签署SPKI.static VALUE ossl_spki_set_public_key(VALUE self,VALUE key)的私钥相对应的公共密钥{ NETSCAPE_SPKI *spki; GetSPKI(self, spki); if (!NETSCAPE_SPKI_set_pubkey(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */ ossl_raise(eSPKIError, NULL); } return key; } sign(key, digest) → spki 显示源参数
key- 用于签署此实例的私钥
digest- 用于签署此实例的摘要除了采用OpenSSL :: Digest形式的摘要算法外,为了签署SPKI,还应该使用与此实例的公钥集相对应的私钥。私钥应该是OpenSSL :: PKey.static VALUE ossl_spki_sign(VALUE self,VALUE key,VALUE digest)的一个实例{ NETSCAPE_SPKI *spki; EVP_PKEY *pkey; const EVP_MD *md; pkey = GetPrivPKeyPtr(key); /* NO NEED TO DUP */ md = GetDigestPtr(digest); GetSPKI(self, spki); if (!NETSCAPE_SPKI_sign(spki, pkey, md)) { ossl_raise(eSPKIError, NULL); } return self; } to_der → DER-encoded string Show source Returns the DER encoding of this SPKI.static VALUE ossl_spki_to_der(VALUE self) { NETSCAPE_SPKI *spki; VALUE str; long len; unsigned char *p; GetSPKI(self, spki); if ((len = i2d_NETSCAPE_SPKI(spki, NULL)) <= 0) ossl_raise(eX509CertError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if (i2d_NETSCAPE_SPKI(spki, &p) <= 0) ossl_raise(eX509CertError, NULL); ossl_str_adjust(str, p); return str; } to_pem → PEM-encoded string Show source Returns the PEM encoding of this SPKI.static VALUE ossl_spki_to_pem(VALUE self) { NETSCAPE_SPKI *spki; char *data; VALUE str; GetSPKI(self, spki); if (!(data = NETSCAPE_SPKI_b64_encode(spki))) { ossl_raise(eSPKIError, NULL); } str = ossl_buf2str(data, rb_long2int(strlen(data))); return str; } Also aliased as: to_s to_s() Alias for: to_pem to_text → string Show source Returns a textual representation of this SPKI, useful for debugging purposes.static VALUE ossl_spki_print(VALUE self) { NETSCAPE_SPKI *spki; BIO *out; GetSPKI(self, spki); if (!(out = BIO_new(BIO_s_mem()))) { ossl_raise(eSPKIError, NULL); } if (!NETSCAPE_SPKI_print(out, spki)) { BIO_free(out); ossl_raise(eSPKIError, NULL); } return ossl_membio2str(out); } verify(key)→boolean 显示源参数
key- 用于验证 SPKI 签名的公钥
如果签名有效则返回true,否则返回false。为了验证 SPKI,应该使用包含在 SPKI 中的公钥。
static VALUE
ossl_spki_verify(VALUE self, VALUE key)
{
NETSCAPE_SPKI *spki;
GetSPKI(self, spki);
switch (NETSCAPE_SPKI_verify(spki, GetPKeyPtr(key))) { /* NO NEED TO DUP */
case 0:
return Qfalse;
case 1:
return Qtrue;
default:
ossl_raise(eSPKIError, NULL);
}
return Qnil; /* dummy */
}本文档系腾讯云开发者社区成员共同维护,如有问题请联系 cloudcommunity@tencent.com
