模块 OpenSSL::X509::Extension::AuthorityKeyIdentifier

公共实例方法

authority_key_identifier() 单击以切换源代码

从 authorityKeyIdentifier 扩展中获取颁发证书的密钥标识符,如 RFC5280 第 4.2.1.1 节所述

返回二进制字符串 keyIdentifier 或 nil,或者引发 ASN1::ASN1Error

# File openssl/lib/openssl/x509.rb, line 104
def authority_key_identifier
  ext = find_extension("authorityKeyIdentifier")
  return nil if ext.nil?

  aki_asn1 = ASN1.decode(ext.value_der)
  if ext.critical? || aki_asn1.tag_class != :UNIVERSAL || aki_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  key_id = aki_asn1.value.find do |v|
    v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
  end

  key_id.nil? ? nil : key_id.value
end