module OpenSSL::X509::Extension::CRLDistributionPoints

Public Instance Methods

crl_uris() click to toggle source

Get the distributionPoint fullName URI from the certificate’s CRL distribution points extension, as described in RFC 5280 Section 4.2.1.13.

Returns an array of strings or nil or raises ASN1::ASN1Error.

# File lib/openssl/x509.rb, line 129
def crl_uris
  ext = find_extension("crlDistributionPoints")
  return nil if ext.nil?

  cdp_asn1 = ASN1.decode(ext.value_der)
  if cdp_asn1.tag_class != :UNIVERSAL || cdp_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  crl_uris = cdp_asn1.flat_map do |crl_distribution_point|
    distribution_point = crl_distribution_point.value.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name = distribution_point&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name&.value&.select do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 6 # uniformResourceIdentifier
    end
  end

  crl_uris.empty? ? nil : crl_uris.map(&:value)
end