module OpenSSL::X509::Extension::CRLDistributionPoints

Public Instance Methods

crl_uris() click to toggle source

Get the distributionPoint fullName URI from the certificate’s CRL distribution points extension, as described in RFC5280 Section 4.2.1.13

Returns an array of strings or nil or raises ASN1::ASN1Error.

# File ext/openssl/lib/openssl/x509.rb, line 129
def crl_uris
  ext = find_extension("crlDistributionPoints")
  return nil if ext.nil?

  cdp_asn1 = ASN1.decode(ext.value_der)
  if cdp_asn1.tag_class != :UNIVERSAL || cdp_asn1.tag != ASN1::SEQUENCE
    raise ASN1::ASN1Error, "invalid extension"
  end

  crl_uris = cdp_asn1.map do |crl_distribution_point|
    distribution_point = crl_distribution_point.value.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name = distribution_point&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 0
    end
    full_name&.value&.find do |v|
      v.tag_class == :CONTEXT_SPECIFIC && v.tag == 6 # uniformResourceIdentifier
    end
  end

  crl_uris&.map(&:value)
end