%PDF-
%PDF-
Mini Shell
Mini Shell
# OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the
# [OpenSSL](https://www.openssl.org/) library.
#
# # Examples
#
# All examples assume you have loaded OpenSSL with:
#
# require 'openssl'
#
# These examples build atop each other. For example the key created in the next
# is used in throughout these examples.
#
# ## Keys
#
# ### Creating a Key
#
# This example creates a 2048 bit RSA keypair and writes it to the current
# directory.
#
# key = OpenSSL::PKey::RSA.new 2048
#
# open 'private_key.pem', 'w' do |io| io.write key.to_pem end
# open 'public_key.pem', 'w' do |io| io.write key.public_key.to_pem end
#
# ### Exporting a Key
#
# Keys saved to disk without encryption are not secure as anyone who gets ahold
# of the key may use it unless it is encrypted. In order to securely export a
# key you may export it with a pass phrase.
#
# cipher = OpenSSL::Cipher.new 'AES-256-CBC'
# pass_phrase = 'my secure pass phrase goes here'
#
# key_secure = key.export cipher, pass_phrase
#
# open 'private.secure.pem', 'w' do |io|
# io.write key_secure
# end
#
# OpenSSL::Cipher.ciphers returns a list of available ciphers.
#
# ### Loading a Key
#
# A key can also be loaded from a file.
#
# key2 = OpenSSL::PKey::RSA.new File.read 'private_key.pem'
# key2.public? # => true
# key2.private? # => true
#
# or
#
# key3 = OpenSSL::PKey::RSA.new File.read 'public_key.pem'
# key3.public? # => true
# key3.private? # => false
#
# ### Loading an Encrypted Key
#
# OpenSSL will prompt you for your pass phrase when loading an encrypted key. If
# you will not be able to type in the pass phrase you may provide it when
# loading the key:
#
# key4_pem = File.read 'private.secure.pem'
# pass_phrase = 'my secure pass phrase goes here'
# key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
#
# ## RSA Encryption
#
# RSA provides encryption and decryption using the public and private keys. You
# can use a variety of padding methods depending upon the intended use of
# encrypted data.
#
# ### Encryption & Decryption
#
# Asymmetric public/private key encryption is slow and victim to attack in cases
# where it is used without padding or directly to encrypt larger chunks of data.
# Typical use cases for RSA encryption involve "wrapping" a symmetric key with
# the public key of the recipient who would "unwrap" that symmetric key again
# using their private key. The following illustrates a simplified example of
# such a key transport scheme. It shouldn't be used in practice, though,
# standardized protocols should always be preferred.
#
# wrapped_key = key.public_encrypt key
#
# A symmetric key encrypted with the public key can only be decrypted with the
# corresponding private key of the recipient.
#
# original_key = key.private_decrypt wrapped_key
#
# By default PKCS#1 padding will be used, but it is also possible to use other
# forms of padding, see PKey::RSA for further details.
#
# ### Signatures
#
# Using "private_encrypt" to encrypt some data with the private key is
# equivalent to applying a digital signature to the data. A verifying party may
# validate the signature by comparing the result of decrypting the signature
# with "public_decrypt" to the original data. However, OpenSSL::PKey already has
# methods "sign" and "verify" that handle digital signatures in a standardized
# way - "private_encrypt" and "public_decrypt" shouldn't be used in practice.
#
# To sign a document, a cryptographically secure hash of the document is
# computed first, which is then signed using the private key.
#
# signature = key.sign 'SHA256', document
#
# To validate the signature, again a hash of the document is computed and the
# signature is decrypted using the public key. The result is then compared to
# the hash just computed, if they are equal the signature was valid.
#
# if key.verify 'SHA256', signature, document
# puts 'Valid'
# else
# puts 'Invalid'
# end
#
# ## PBKDF2 Password-based Encryption
#
# If supported by the underlying OpenSSL version used, Password-based Encryption
# should use the features of PKCS5. If not supported or if required by legacy
# applications, the older, less secure methods specified in RFC 2898 are also
# supported (see below).
#
# PKCS5 supports PBKDF2 as it was specified in PKCS#5
# [v2.0](http://www.rsa.com/rsalabs/node.asp?id=2127). It still uses a password,
# a salt, and additionally a number of iterations that will slow the key
# derivation process down. The slower this is, the more work it requires being
# able to brute-force the resulting key.
#
# ### Encryption
#
# The strategy is to first instantiate a Cipher for encryption, and then to
# generate a random IV plus a key derived from the password using PBKDF2. PKCS
# #5 v2.0 recommends at least 8 bytes for the salt, the number of iterations
# largely depends on the hardware being used.
#
# cipher = OpenSSL::Cipher.new 'AES-256-CBC'
# cipher.encrypt
# iv = cipher.random_iv
#
# pwd = 'some hopefully not to easily guessable password'
# salt = OpenSSL::Random.random_bytes 16
# iter = 20000
# key_len = cipher.key_len
# digest = OpenSSL::Digest.new('SHA256')
#
# key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
# cipher.key = key
#
# Now encrypt the data:
#
# encrypted = cipher.update document
# encrypted << cipher.final
#
# ### Decryption
#
# Use the same steps as before to derive the symmetric AES key, this time
# setting the Cipher up for decryption.
#
# cipher = OpenSSL::Cipher.new 'AES-256-CBC'
# cipher.decrypt
# cipher.iv = iv # the one generated with #random_iv
#
# pwd = 'some hopefully not to easily guessable password'
# salt = ... # the one generated above
# iter = 20000
# key_len = cipher.key_len
# digest = OpenSSL::Digest.new('SHA256')
#
# key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
# cipher.key = key
#
# Now decrypt the data:
#
# decrypted = cipher.update encrypted
# decrypted << cipher.final
#
# ## PKCS #5 Password-based Encryption
#
# PKCS #5 is a password-based encryption standard documented at
# [RFC2898](http://www.ietf.org/rfc/rfc2898.txt). It allows a short password or
# passphrase to be used to create a secure encryption key. If possible, PBKDF2
# as described above should be used if the circumstances allow it.
#
# PKCS #5 uses a Cipher, a pass phrase and a salt to generate an encryption key.
#
# pass_phrase = 'my secure pass phrase goes here'
# salt = '8 octets'
#
# ### Encryption
#
# First set up the cipher for encryption
#
# encryptor = OpenSSL::Cipher.new 'AES-256-CBC'
# encryptor.encrypt
# encryptor.pkcs5_keyivgen pass_phrase, salt
#
# Then pass the data you want to encrypt through
#
# encrypted = encryptor.update 'top secret document'
# encrypted << encryptor.final
#
# ### Decryption
#
# Use a new Cipher instance set up for decryption
#
# decryptor = OpenSSL::Cipher.new 'AES-256-CBC'
# decryptor.decrypt
# decryptor.pkcs5_keyivgen pass_phrase, salt
#
# Then pass the data you want to decrypt through
#
# plain = decryptor.update encrypted
# plain << decryptor.final
#
# ## X509 Certificates
#
# ### Creating a Certificate
#
# This example creates a self-signed certificate using an RSA key and a SHA1
# signature.
#
# key = OpenSSL::PKey::RSA.new 2048
# name = OpenSSL::X509::Name.parse '/CN=nobody/DC=example'
#
# cert = OpenSSL::X509::Certificate.new
# cert.version = 2
# cert.serial = 0
# cert.not_before = Time.now
# cert.not_after = Time.now + 3600
#
# cert.public_key = key.public_key
# cert.subject = name
#
# ### Certificate Extensions
#
# You can add extensions to the certificate with OpenSSL::SSL::ExtensionFactory
# to indicate the purpose of the certificate.
#
# extension_factory = OpenSSL::X509::ExtensionFactory.new nil, cert
#
# cert.add_extension \
# extension_factory.create_extension('basicConstraints', 'CA:FALSE', true)
#
# cert.add_extension \
# extension_factory.create_extension(
# 'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
#
# cert.add_extension \
# extension_factory.create_extension('subjectKeyIdentifier', 'hash')
#
# The list of supported extensions (and in some cases their possible values) can
# be derived from the "objects.h" file in the OpenSSL source code.
#
# ### Signing a Certificate
#
# To sign a certificate set the issuer and use OpenSSL::X509::Certificate#sign
# with a digest algorithm. This creates a self-signed cert because we're using
# the same name and key to sign the certificate as was used to create the
# certificate.
#
# cert.issuer = name
# cert.sign key, OpenSSL::Digest.new('SHA1')
#
# open 'certificate.pem', 'w' do |io| io.write cert.to_pem end
#
# ### Loading a Certificate
#
# Like a key, a cert can also be loaded from a file.
#
# cert2 = OpenSSL::X509::Certificate.new File.read 'certificate.pem'
#
# ### Verifying a Certificate
#
# Certificate#verify will return true when a certificate was signed with the
# given public key.
#
# raise 'certificate can not be verified' unless cert2.verify key
#
# ## Certificate Authority
#
# A certificate authority (CA) is a trusted third party that allows you to
# verify the ownership of unknown certificates. The CA issues key signatures
# that indicate it trusts the user of that key. A user encountering the key can
# verify the signature by using the CA's public key.
#
# ### CA Key
#
# CA keys are valuable, so we encrypt and save it to disk and make sure it is
# not readable by other users.
#
# ca_key = OpenSSL::PKey::RSA.new 2048
# pass_phrase = 'my secure pass phrase goes here'
#
# cipher = OpenSSL::Cipher.new 'AES-256-CBC'
#
# open 'ca_key.pem', 'w', 0400 do |io|
# io.write ca_key.export(cipher, pass_phrase)
# end
#
# ### CA Certificate
#
# A CA certificate is created the same way we created a certificate above, but
# with different extensions.
#
# ca_name = OpenSSL::X509::Name.parse '/CN=ca/DC=example'
#
# ca_cert = OpenSSL::X509::Certificate.new
# ca_cert.serial = 0
# ca_cert.version = 2
# ca_cert.not_before = Time.now
# ca_cert.not_after = Time.now + 86400
#
# ca_cert.public_key = ca_key.public_key
# ca_cert.subject = ca_name
# ca_cert.issuer = ca_name
#
# extension_factory = OpenSSL::X509::ExtensionFactory.new
# extension_factory.subject_certificate = ca_cert
# extension_factory.issuer_certificate = ca_cert
#
# ca_cert.add_extension \
# extension_factory.create_extension('subjectKeyIdentifier', 'hash')
#
# This extension indicates the CA's key may be used as a CA.
#
# ca_cert.add_extension \
# extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)
#
# This extension indicates the CA's key may be used to verify signatures on both
# certificates and certificate revocations.
#
# ca_cert.add_extension \
# extension_factory.create_extension(
# 'keyUsage', 'cRLSign,keyCertSign', true)
#
# Root CA certificates are self-signed.
#
# ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
#
# The CA certificate is saved to disk so it may be distributed to all the users
# of the keys this CA will sign.
#
# open 'ca_cert.pem', 'w' do |io|
# io.write ca_cert.to_pem
# end
#
# ### Certificate Signing Request
#
# The CA signs keys through a Certificate Signing Request (CSR). The CSR
# contains the information necessary to identify the key.
#
# csr = OpenSSL::X509::Request.new
# csr.version = 0
# csr.subject = name
# csr.public_key = key.public_key
# csr.sign key, OpenSSL::Digest.new('SHA1')
#
# A CSR is saved to disk and sent to the CA for signing.
#
# open 'csr.pem', 'w' do |io|
# io.write csr.to_pem
# end
#
# ### Creating a Certificate from a CSR
#
# Upon receiving a CSR the CA will verify it before signing it. A minimal
# verification would be to check the CSR's signature.
#
# csr = OpenSSL::X509::Request.new File.read 'csr.pem'
#
# raise 'CSR can not be verified' unless csr.verify csr.public_key
#
# After verification a certificate is created, marked for various usages, signed
# with the CA key and returned to the requester.
#
# csr_cert = OpenSSL::X509::Certificate.new
# csr_cert.serial = 0
# csr_cert.version = 2
# csr_cert.not_before = Time.now
# csr_cert.not_after = Time.now + 600
#
# csr_cert.subject = csr.subject
# csr_cert.public_key = csr.public_key
# csr_cert.issuer = ca_cert.subject
#
# extension_factory = OpenSSL::X509::ExtensionFactory.new
# extension_factory.subject_certificate = csr_cert
# extension_factory.issuer_certificate = ca_cert
#
# csr_cert.add_extension \
# extension_factory.create_extension('basicConstraints', 'CA:FALSE')
#
# csr_cert.add_extension \
# extension_factory.create_extension(
# 'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
#
# csr_cert.add_extension \
# extension_factory.create_extension('subjectKeyIdentifier', 'hash')
#
# csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1')
#
# open 'csr_cert.pem', 'w' do |io|
# io.write csr_cert.to_pem
# end
#
# ## SSL and TLS Connections
#
# Using our created key and certificate we can create an SSL or TLS connection.
# An SSLContext is used to set up an SSL session.
#
# context = OpenSSL::SSL::SSLContext.new
#
# ### SSL Server
#
# An SSL server requires the certificate and private key to communicate securely
# with its clients:
#
# context.cert = cert
# context.key = key
#
# Then create an SSLServer with a TCP server socket and the context. Use the
# SSLServer like an ordinary TCP server.
#
# require 'socket'
#
# tcp_server = TCPServer.new 5000
# ssl_server = OpenSSL::SSL::SSLServer.new tcp_server, context
#
# loop do
# ssl_connection = ssl_server.accept
#
# data = connection.gets
#
# response = "I got #{data.dump}"
# puts response
#
# connection.puts "I got #{data.dump}"
# connection.close
# end
#
# ### SSL client
#
# An SSL client is created with a TCP socket and the context. SSLSocket#connect
# must be called to initiate the SSL handshake and start encryption. A key and
# certificate are not required for the client socket.
#
# Note that SSLSocket#close doesn't close the underlying socket by default. Set
# SSLSocket#sync_close to true if you want.
#
# require 'socket'
#
# tcp_socket = TCPSocket.new 'localhost', 5000
# ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
# ssl_client.sync_close = true
# ssl_client.connect
#
# ssl_client.puts "hello server!"
# puts ssl_client.gets
#
# ssl_client.close # shutdown the TLS connection and close tcp_socket
#
# ### Peer Verification
#
# An unverified SSL connection does not provide much security. For enhanced
# security the client or server can verify the certificate of its peer.
#
# The client can be modified to verify the server's certificate against the
# certificate authority's certificate:
#
# context.ca_file = 'ca_cert.pem'
# context.verify_mode = OpenSSL::SSL::VERIFY_PEER
#
# require 'socket'
#
# tcp_socket = TCPSocket.new 'localhost', 5000
# ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context
# ssl_client.connect
#
# ssl_client.puts "hello server!"
# puts ssl_client.gets
#
# If the server certificate is invalid or `context.ca_file` is not set when
# verifying peers an OpenSSL::SSL::SSLError will be raised.
module OpenSSL
# Returns a Digest subclass by *name*
#
# require 'openssl'
#
# OpenSSL::Digest("MD5")
# # => OpenSSL::Digest::MD5
#
# Digest("Foo")
# # => NameError: wrong constant name Foo
#
def self.Digest: (String name) -> singleton(Digest)
def self.debug: () -> bool
# Turns on or off debug mode. With debug mode, all erros added to the OpenSSL
# error queue will be printed to stderr.
#
def self.debug=: [U] (boolish) -> U
# See any remaining errors held in queue.
#
# Any errors you see here are probably due to a bug in Ruby's OpenSSL
# implementation.
#
def self.errors: () -> Array[String]
def self.fips_mode: () -> bool
# Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an
# effect for FIPS-capable installations of the OpenSSL library. Trying to do so
# otherwise will result in an error.
#
# ### Examples
# OpenSSL.fips_mode = true # turn FIPS mode on
# OpenSSL.fips_mode = false # and off again
#
def self.fips_mode=: [U] (boolish) -> U
# Constant time memory comparison for fixed length strings, such as results of
# HMAC calculations.
#
# Returns `true` if the strings are identical, `false` if they are of the same
# length but not identical. If the length is different, `ArgumentError` is
# raised.
#
def self.fixed_length_secure_compare: (String, String) -> bool
# Constant time memory comparison. Inputs are hashed using SHA-256 to mask the
# length of the secret. Returns `true` if the strings are identical, `false`
# otherwise.
#
#
def self.secure_compare: (String a, String b) -> bool
OPENSSL_FIPS: bool
OPENSSL_LIBRARY_VERSION: String
OPENSSL_VERSION: String
OPENSSL_VERSION_NUMBER: Integer
VERSION: String
module ASN1
type tagging = :IMPLICIT | :EXPLICIT
type tag_class = :UNIVERSAL | :CONTEXT_SPECIFIC | :APPLICATION | :PRIVATE
def self.BMPString: (String value, ?bn tag, ?tagging tagging) -> BMPString
def self.BitString: (String value, ?bn tag, ?tagging tagging) -> BitString
def self.Boolean: (boolish value, ?bn tag, ?tagging tagging) -> Boolean
def self.EndOfContent: () -> EndOfContent
def self.Enumerated: (bn value, ?bn tag, ?tagging tagging) -> Enumerated
def self.GeneralString: (String value, ?bn tag, ?tagging tagging) -> GeneralString
def self.GeneralizedTime: (::Time value, ?bn tag, ?tagging tagging) -> GeneralizedTime
def self.GraphicString: (String value, ?bn tag, ?tagging tagging) -> GraphicString
def self.IA5String: (String value, ?bn tag, ?tagging tagging) -> IA5String
def self.ISO64String: (String value, ?bn tag, ?tagging tagging) -> ISO64String
def self.Integer: (bn value, ?bn tag, ?tagging tagging) -> Integer
def self.Null: (nil) -> Null
def self.NumericString: (String value, ?bn tag, ?tagging tagging) -> NumericString
def self.ObjectId: (String value, ?bn tag, ?tagging tagging) -> ObjectId
def self.OctetString: (String value, ?bn tag, ?tagging tagging) -> OctetString
def self.PrintableString: (String value, ?bn tag, ?tagging tagging) -> PrintableString
def self.Sequence: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Sequence
def self.Set: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Set
def self.T61String: (String value, ?bn tag, ?tagging tagging) -> T61String
def self.UTCTime: (::Time value, ?bn tag, ?tagging tagging) -> UTCTime
def self.UTF8String: (String value, ?bn tag, ?tagging tagging) -> UTF8String
def self.UniversalString: (String value, ?bn tag, ?tagging tagging) -> UniversalString
def self.VideotexString: (String value, ?bn tag, ?tagging tagging) -> VideotexString
def self.decode: (String | _ToDer der) -> ASN1Data
def self.decode_all: (String | _ToDer der) -> Array[ASN1Data]
def self.traverse: (String | _ToDer der) { (::Integer, ::Integer, ::Integer, ::Integer, bool, tag_class, ::Integer) -> void } -> void
BIT_STRING: Integer
BMPSTRING: Integer
BOOLEAN: Integer
CHARACTER_STRING: Integer
EMBEDDED_PDV: Integer
ENUMERATED: Integer
EOC: Integer
EXTERNAL: Integer
GENERALIZEDTIME: Integer
GENERALSTRING: Integer
GRAPHICSTRING: Integer
IA5STRING: Integer
INTEGER: Integer
ISO64STRING: Integer
NULL: Integer
NUMERICSTRING: Integer
OBJECT: Integer
OBJECT_DESCRIPTOR: Integer
OCTET_STRING: Integer
PRINTABLESTRING: Integer
REAL: Integer
RELATIVE_OID: Integer
SEQUENCE: Integer
SET: Integer
T61STRING: Integer
UNIVERSALSTRING: Integer
UNIVERSAL_TAG_NAME: Array[untyped]
UTCTIME: Integer
UTF8STRING: Integer
VIDEOTEXSTRING: Integer
interface _ToDer
def to_der: () -> String
end
class ASN1Data
public
def indefinite_length: () -> bool
def indefinite_length=: [U] (boolish) -> U
alias infinite_length indefinite_length
alias infinite_length= indefinite_length=
def tag: () -> bn
def tag=: (::Integer) -> ::Integer
| (BN) -> BN
def tag_class: () -> tag_class
def tag_class=: (tag_class) -> tag_class
def to_der: () -> String
def value: () -> untyped
def value=: (untyped) -> untyped
private
def initialize: (untyped value, ::Integer tag, tag_class tag_class) -> void
end
class ASN1Error < OpenSSL::OpenSSLError
end
class BMPString < OpenSSL::ASN1::Primitive
end
class BitString < OpenSSL::ASN1::Primitive
public
def unused_bits: () -> ::Integer
def unused_bits=: (::Integer) -> ::Integer
def value: () -> String
def value=: (String) -> String
end
class Boolean < OpenSSL::ASN1::Primitive
def value: () -> bool
def value=: [U] (boolish) -> U
end
class Constructive < OpenSSL::ASN1::ASN1Data
include Enumerable[ASN1Data]
public
def each: () ?{ (ASN1Data) -> void }-> self
def tagging: () -> tagging?
def tagging=: (tagging) -> tagging
def to_der: () -> String
private
def initialize: (Array[ASN1Data]) -> void
end
class EndOfContent < OpenSSL::ASN1::ASN1Data
public
def to_der: () -> String
private
def initialize: () -> void
end
class Enumerated < OpenSSL::ASN1::Primitive
def value: () -> ::Integer
def value=: (::Integer) -> ::Integer
end
class GeneralString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class GeneralizedTime < OpenSSL::ASN1::Primitive
def value: () -> Time
def value=: (Time) -> Time
end
class GraphicString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class IA5String < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class ISO64String < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class Integer < OpenSSL::ASN1::Primitive
def value: () -> ::Integer
def value=: (::Integer) -> ::Integer
end
class Null < OpenSSL::ASN1::Primitive
def value: () -> nil
def value=: (nil) -> nil
end
class NumericString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class ObjectId < OpenSSL::ASN1::Primitive
def self.register: (String object_id, String short_name, String ong_name) -> bool
def value: () -> String
def value=: (String) -> String
public
def ==: (ObjectId other) -> bool
def ln: () -> String?
alias long_name ln
def oid: () -> String
alias short_name sn
def sn: () -> String?
end
class OctetString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class Primitive < OpenSSL::ASN1::ASN1Data
public
def tagging: () -> tagging?
def tagging=: (tagging) -> tagging
def to_der: () -> String
private
def initialize: (untyped value, ?Integer tag, ?tagging tagging) -> void
end
class PrintableString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class Sequence < OpenSSL::ASN1::Constructive
def value: () -> Array[ASN1Data]
def value=: (Array[ASN1Data]) -> Array[ASN1Data]
end
class Set < OpenSSL::ASN1::Constructive
end
class T61String < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class UTCTime < OpenSSL::ASN1::Primitive
def value: () -> Time
def value=: (Time) -> Time
end
class UTF8String < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class UniversalString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
class VideotexString < OpenSSL::ASN1::Primitive
def value: () -> String
def value=: (String) -> String
end
end
type bn = BN | ::Integer
class BN
include Comparable
def self.generate_prime: (::Integer bits, ?boolish safe, ?bn add, ?bn rem) -> instance
def self.pseudo_rand: (*untyped) -> untyped
def self.pseudo_rand_range: (untyped) -> untyped
def self.rand: (*untyped) -> untyped
def self.rand_range: (untyped) -> untyped
public
def %: (int) -> instance
def *: (int) -> instance
def **: (int) -> instance
def +: (int) -> instance
def +@: () -> instance
def -: (int) -> instance
def -@: () -> instance
def /: (int) -> [instance, instance]
def <<: (int) -> instance
alias <=> cmp
def ==: (untyped) -> bool
alias === ==
def >>: (int) -> int
def bit_set?: (int) -> bool
def clear_bit!: (int) -> void
def cmp: (Integer) -> Integer
def coerce: (::Integer) -> Array[Integer]
| (BN) -> Array[BN]
def copy: (int) -> instance
def eql?: (untyped other) -> bool
def gcd: (int) -> instance
def hash: () -> Integer
def lshift!: (int bits) -> self
def mask_bits!: (int) -> void
def mod_add: (int, int) -> instance
def mod_exp: (int, int) -> instance
def mod_inverse: (int) -> instance
def mod_mul: (int, int) -> instance
def mod_sqr: (int) -> instance
def mod_sub: (int, int) -> instance
def negative?: () -> bool
def num_bits: () -> ::Integer
def num_bytes: () -> ::Integer
def odd?: () -> bool
def one?: () -> bool
def pretty_print: (untyped q) -> untyped
def prime?: (?int checks) -> bool
def prime_fasttest?: (?int checks, ?int trial_div) -> bool
def rshift!: (int bits) -> self
def set_bit!: (int bit) -> self
def sqr: () -> instance
def to_bn: () -> self
def to_i: () -> ::Integer
alias to_int to_i
def to_s: () -> String
| (0) -> String
| (2) -> String
| (10) -> String
| (16) -> String
| (int base) -> String
def ucmp: (int bn2) -> ::Integer
def zero?: () -> bool
private
def initialize: (instance) -> void
| (int) -> void
| (String) -> void
| (String, 0 | 2 | 10 | 16) -> void
def initialize_copy: (instance other) -> instance
end
class BNError < OpenSSL::OpenSSLError
end
module Buffering
include Enumerable[untyped]
public
def <<: (String s) -> self
def close: () -> void
def each: (?String eol) ?{ (String) -> void } -> void
def each_byte: () ?{ (Integer) -> void } -> void
alias each_line each
alias eof eof?
def eof?: () -> bool
def flush: () -> self
def getc: () -> String?
def gets: (?(String | Regexp) eol, ?Integer limit) -> String?
def print: (*untyped args) -> nil
def printf: (String format_string, *untyped args) -> nil
def puts: (*untyped args) -> nil
def read: (?Integer? size, ?String buf) -> String?
def read_nonblock: (Integer maxlen, ?String buf, ?exception: true) -> String
| (Integer maxlen, ?String buf, exception: false) -> (String | :wait_writable | :wait_readable | nil)
def readchar: () -> String
def readline: (?String eol) -> String
def readlines: (?String eol) -> ::Array[String]
def readpartial: (Integer maxlen, ?String buf) -> String
def sync: () -> bool
def sync=: (boolish) -> void
def ungetc: (String c) -> String
def write: (*_ToS s) -> Integer
def write_nonblock: (_ToS s, ?exception: true) -> Integer
| (_ToS s, exception: false) -> (Integer | :wait_writable | :wait_readable | nil)
private
def consume_rbuff: (?untyped size) -> untyped
def do_write: (untyped s) -> untyped
def fill_rbuff: () -> untyped
BLOCK_SIZE: Integer
class Buffer < String
BINARY: Encoding
def <<: (String string) -> self
alias concat <<
end
end
class Cipher
def self.ciphers: () -> Array[String]
public
def auth_data=: (String) -> String
def auth_tag: (?Integer tag_len) -> String
def auth_tag=: (String) -> String
def auth_tag_len=: (Integer) -> Integer
def authenticated?: () -> bool
def block_size: () -> Integer
def decrypt: () -> self
def encrypt: () -> self
def final: () -> String
def iv=: (String iv) -> String
def iv_len: () -> Integer
def iv_len=: (Integer) -> Integer
def key=: (String key) -> String
def key_len: () -> Integer
def key_len=: (Integer) -> Integer
def name: () -> String
def padding=: (Integer) -> Integer
def pkcs5_keyivgen: (String pass, ?String salt, ?Integer iterations, ?String digest) -> void
def random_iv: () -> String
def random_key: () -> String
def reset: () -> self
def update: (String data, ?String buffer) -> String
private
def ciphers: () -> Array[String]
def initialize: (String cipher_name) -> void
def initialize_copy: (untyped) -> untyped
class AES < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class AES128 < OpenSSL::Cipher
private
def initialize: (?_ToS mode) -> void
end
class AES192 < OpenSSL::Cipher
private
def initialize: (?_ToS mode) -> void
end
class AES256 < OpenSSL::Cipher
private
def initialize: (?_ToS mode) -> void
end
class BF < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class CAST5 < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class Cipher < OpenSSL::Cipher
end
class CipherError < OpenSSL::OpenSSLError
end
class DES < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class IDEA < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class RC2 < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class RC4 < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
class RC5 < OpenSSL::Cipher
private
def initialize: (*_ToS args) -> void
end
end
class Config
include Enumerable[[String, String, String]]
def self.load: (?_ToS filename) -> instance
def self.parse: (String string) -> instance
def self.parse_config: (IO io) -> Hash[String, Hash[String, String]]
public
def []: (String section) -> Hash[String, String]
def []=: (String section, _Each[[String, String]] pairs) -> _Each[[String, String]]
def add_value: (String section, untyped key, untyped value) -> untyped
def each: () { ([String, String, String] args0) -> void } -> self
def get_value: (String section, String key) -> String?
def inspect: () -> String
def section: (String name) -> Hash[String, String]
def sections: () -> Array[String]
def to_s: () -> String
private
def initialize: (?_ToS filename) -> void
def initialize_copy: (instance other) -> void
DEFAULT_CONFIG_FILE: String
end
class ConfigError < OpenSSL::OpenSSLError
end
class Digest
def self.digest: (String name, String data) -> String
public
alias << update
def block_length: () -> Integer
def digest: () -> String
def digest_length: () -> Integer
def hexdigest: () -> String
def name: () -> String
def reset: () -> self
def update: (String data) -> self
private
def finish: (*untyped) -> untyped
def initialize: (String name, ?String data) -> void
def initialize_copy: (instance) -> void
class Digest < OpenSSL::Digest
end
class DigestError < OpenSSL::OpenSSLError
end
class MD4 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class MD5 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class RIPEMD160 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class SHA1 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class SHA224 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class SHA256 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class SHA384 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
class SHA512 < OpenSSL::Digest
def self.digest: (String data) -> String
def self.hexdigest: (String data) -> String
private
def initialize: (?String data) -> void
end
end
class Engine
def self.by_id: (String name) -> instance
def self.cleanup: () -> void
def self.engines: () -> Array[instance]
def self.load: (?String name) -> (true | nil)
public
def cipher: (String cipher) -> Cipher
def cmds: () -> Array[[String, String, String]]
def ctrl_cmd: (String cmd, ?String value) -> self
def digest: (String digest) -> Digest
def finish: () -> nil
def id: () -> String
def inspect: () -> String
def load_private_key: (?String id, ?String data) -> PKey::PKey
def load_public_key: (?String id, ?String data) -> PKey::PKey
def name: () -> String
def set_default: (Integer flag) -> bool
METHOD_ALL: Integer
METHOD_CIPHERS: Integer
METHOD_DH: Integer
METHOD_DIGESTS: Integer
METHOD_DSA: Integer
METHOD_NONE: Integer
METHOD_RAND: Integer
METHOD_RSA: Integer
class EngineError < OpenSSL::OpenSSLError
end
end
module ExtConfig
HAVE_TLSEXT_HOST_NAME: bool
OPENSSL_NO_SOCK: bool
end
class HMAC
def self.digest: (String algo, String key, String data) -> String
def self.hexdigest: (String algo, String key, String data) -> String
public
alias << update
def ==: (instance other) -> bool
def digest: () -> String
def hexdigest: () -> String
alias inspect hexdigest
def reset: () -> self
alias to_s hexdigest
def update: (String data) -> self
private
def initialize: (String key, Digest digest) -> void
def initialize_copy: (instance) -> void
end
class HMACError < OpenSSL::OpenSSLError
end
module KDF
def self.hkdf: (String ikm, salt: String, info: String, length: Integer, hash: String) -> String
def self.pbkdf2_hmac: (String pass, salt: String, iterations: Integer, length: Integer, hash: String | Digest) -> String
def self.scrypt: (String pass, salt: String, N: Integer, r: Integer, p: Integer, length: Integer) -> String
private
def hkdf: (*untyped) -> untyped
def pbkdf2_hmac: (*untyped) -> untyped
def scrypt: (*untyped) -> untyped
class KDFError < OpenSSL::OpenSSLError
end
end
module Marshal
def self.included: (untyped base) -> untyped
public
def _dump: (untyped _level) -> untyped
module ClassMethods
public
def _load: (untyped string) -> untyped
end
end
module Netscape
class SPKI
public
def challenge: () -> String
def challenge=: (String) -> String
def public_key: () -> PKey::PKey
def public_key=: (PKey::PKey) -> PKey::PKey
def sign: (PKey::PKey key, Digest digest) -> instance
def to_der: () -> String
def to_pem: () -> String
alias to_s to_pem
def to_text: () -> String
def verify: (PKey::PKey key) -> bool
private
def initialize: (?String request) -> void
end
class SPKIError < OpenSSL::OpenSSLError
end
end
module OCSP
NOCASIGN: Integer
NOCERTS: Integer
NOCHAIN: Integer
NOCHECKS: Integer
NODELEGATED: Integer
NOEXPLICIT: Integer
NOINTERN: Integer
NOSIGS: Integer
NOTIME: Integer
NOVERIFY: Integer
RESPID_KEY: Integer
RESPONSE_STATUS_INTERNALERROR: Integer
RESPONSE_STATUS_MALFORMEDREQUEST: Integer
RESPONSE_STATUS_SIGREQUIRED: Integer
RESPONSE_STATUS_SUCCESSFUL: Integer
RESPONSE_STATUS_TRYLATER: Integer
RESPONSE_STATUS_UNAUTHORIZED: Integer
REVOKED_STATUS_AFFILIATIONCHANGED: Integer
REVOKED_STATUS_CACOMPROMISE: Integer
REVOKED_STATUS_CERTIFICATEHOLD: Integer
REVOKED_STATUS_CESSATIONOFOPERATION: Integer
REVOKED_STATUS_KEYCOMPROMISE: Integer
REVOKED_STATUS_NOSTATUS: Integer
REVOKED_STATUS_REMOVEFROMCRL: Integer
REVOKED_STATUS_SUPERSEDED: Integer
REVOKED_STATUS_UNSPECIFIED: Integer
TRUSTOTHER: Integer
V_CERTSTATUS_GOOD: Integer
V_CERTSTATUS_REVOKED: Integer
V_CERTSTATUS_UNKNOWN: Integer
V_RESPID_KEY: Integer
V_RESPID_NAME: Integer
type ocsp_status = Integer
class BasicResponse
public
def add_nonce: (?String nonce) -> self
def add_status: (CertificateId certificate_id, ocsp_status status, Integer? reason, Integer? revocation_time, ?(Integer | Time) this_update, ?(Integer | Time) next_update, ?Array[X509::Extension] extensions) -> self
def copy_nonce: (Request request) -> Integer
def find_response: (CertificateId certificate_id) -> SingleResponse?
def responses: () -> Array[SingleResponse]
def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
def status: () -> Integer
def to_der: () -> String
def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> void
end
class CertificateId
public
def cmp: (instance other) -> bool
def cmp_issuer: (instance other) -> bool
def hash_algorithm: () -> String
def issuer_key_hash: () -> String
def issuer_name_hash: () -> String
def serial: () -> Integer
def to_der: () -> String
private
def initialize: (String | ASN1::_ToDer der) -> void
| (X509::Certificate subject, X509::Certificate issuer, ?Digest digest) -> void
def initialize_copy: (instance) -> void
end
class OCSPError < OpenSSL::OpenSSLError
end
class Request
public
def add_certid: (CertificateId certificate_id) -> self
def add_nonce: (?String nonce) -> self
def certid: () -> Array[CertificateId]
def check_nonce: (Response response) -> (-1 | 0 | 1 | 2 | 3)
def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self
def signed?: () -> bool
def to_der: () -> String
def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> void
end
class Response
def self.create: (Integer status, ?BasicResponse response) -> instance
public
def basic: () -> BasicResponse?
def status: () -> Integer
def status_string: () -> String
def to_der: () -> String
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> void
end
class SingleResponse
public
def cert_status: () -> ocsp_status
def certid: () -> CertificateId
def check_validity: (?Integer nsec, ?Integer maxsec) -> bool
def extensions: () -> Array[X509::Certificate]
def next_update: () -> Time?
def revocation_reason: () -> Integer?
def revocation_time: () -> Time?
def this_update: () -> Time
def to_der: () -> String
private
def initialize: (String der) -> void
def initialize_copy: (instance) -> void
end
end
class OpenSSLError < StandardError
end
class PKCS12
def self.create: (String pass, String name, PKey::PKey key, X509::Certificate cert, ?Array[X509::Certificate]? ca, ?String? key_pbe, ?String? cert_pbe, ?Integer? key_iter, ?Integer? mac_iter, ?Integer? keytype) -> instance
public
def ca_certs: () -> Array[X509::Certificate]?
def certificate: () -> X509::Certificate
def key: () -> PKey::PKey
def to_der: () -> String
private
def initialize: (?String der, ?String pass) -> void
def initialize_copy: (instance) -> void
class PKCS12Error < OpenSSL::OpenSSLError
end
end
module PKCS5
def self.pbkdf2_hmac: (String pass, String salt, Integer iter, Integer keylen, String | Digest digest) -> String
def self.pbkdf2_hmac_sha1: (String pass, String salt, Integer iter, Integer keylen) -> String
private
def pbkdf2_hmac: (untyped pass, untyped salt, untyped iter, untyped keylen, untyped digest) -> untyped
def pbkdf2_hmac_sha1: (untyped pass, untyped salt, untyped iter, untyped keylen) -> untyped
end
class PKCS7
def self.encrypt: (X509::Certificate certs, String data, ?Cipher cipher, ?Integer flags) -> instance
def self.read_smime: (String ) -> instance
def self.sign: (X509::Certificate certs,PKey::PKey key, String data, ?OpenSSL::Cipher cipher, ?Integer flags) -> instance
def self.write_smime: (instance pkcs7, ?String data, ?Integer flags) -> String
public
def add_certificate: (X509::Certificate cert) -> self
def add_crl: (X509::CRL crl) -> self
def add_data: (String data) -> self
def add_recipient: (RecipientInfo recipient) -> self
def add_signer: (SignerInfo signer) -> self
def certificates: () -> Array[X509::Certificate]?
def certificates=: (Array[X509::Certificate]) -> self
def cipher=: (Cipher cipher) -> self
def crls: () -> Array[X509::CRL]?
def crls=: (Array[X509::CRL]) -> self
def data: () -> String?
alias data= add_data
def decrypt: (PKey::PKey p1, ?PKey::PKey p2, ?PKey::PKey p3) -> String
def detached: () -> bool
def detached=: [U] (boolish) -> U
def detached?: () -> bool
def error_string: () -> String?
def error_string=: (String) -> String
def recipients: () -> Array[RecipientInfo]
def signers: () -> Array[SignerInfo]
def to_der: () -> String
def to_pem: () -> String
alias to_s to_pem
def type: () -> String?
def type=: (String) -> String
def verify: (PKey::PKey p1, PKey::PKey p2, ?PKey::PKey p3, ?PKey::PKey p4) -> bool
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> untyped
BINARY: Integer
DETACHED: Integer
NOATTR: Integer
NOCERTS: Integer
NOCHAIN: Integer
NOINTERN: Integer
NOSIGS: Integer
NOSMIMECAP: Integer
NOVERIFY: Integer
TEXT: Integer
class PKCS7Error < OpenSSL::OpenSSLError
end
class RecipientInfo
public
def enc_key: () -> PKey::PKey
def issuer: () -> X509::Name
def serial: () -> Integer
private
def initialize: (X509::Certificate certificate) -> void
end
class SignerInfo
public
def issuer: () -> X509::Name
def serial: () -> Integer
def signed_time: () -> Time?
private
def initialize: (X509::Certificate certificate, PKey::PKey key, Digest digest) -> void
end
end
module PKey
def self?.read: (String | IO pem, ?String password) -> PKey
class DH < OpenSSL::PKey::PKey
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
def self.generate: (Integer size, ?Integer generator) -> instance
public
def compute_key: (bn pub_bn) -> String
def export: () -> String
def g: () -> BN?
def generate_key!: () -> self
def p: () -> BN
def params: () -> Hash[String, BN]
def params_ok?: () -> bool
def priv_key: () -> BN
def private?: () -> bool
def pub_key: () -> BN
def public?: () -> bool
def public_key: () -> instance
def q: () -> BN
def set_key: (bn pub_key, bn? priv_key) -> self
def set_pqg: (bn p, bn q, bn g) -> self
def to_der: () -> String
alias to_pem export
alias to_s export
def to_text: () -> String
private
def initialize: (Integer size, ?Integer generator) -> void
| (String pem) -> void
| () -> void
def initialize_copy: (instance) -> void
end
class DHError < OpenSSL::PKey::PKeyError
end
class DSA < OpenSSL::PKey::PKey
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
def self.generate: (Integer size) -> instance
public
def export: (String cipher, String password) -> String
| () -> String
def g: () -> BN
def p: () -> BN
def params: () -> Hash[String, BN]
def priv_key: () -> BN
def private?: () -> bool
def pub_key: () -> BN
def public?: () -> bool
def public_key: () -> instance
def q: () -> BN
def set_key: (bn pub_key, bn? priv_key) -> self
def set_pqg: (bn p, bn q, bn g) -> self
def syssign: (String digest) -> String
def sysverify: (String digest, String data) -> bool
def to_der: () -> String
alias to_pem export
alias to_s export
def to_text: () -> String
private
def initialize: (String pem, ?String pass) -> void
| (?Integer size) -> void
def initialize_copy: (instance) -> void
end
class DSAError < OpenSSL::PKey::PKeyError
end
class EC < OpenSSL::PKey::PKey
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
def self.builtin_curves: () -> Array[[String, String]]
def self.generate: (String | Group pem_or_der_or_group_or_curve_name) -> instance
public
def check_key: () -> true
def dh_compute_key: (instance public_key) -> String
def dsa_sign_asn1: (String digest) -> String
def dsa_verify_asn1: (String digest, String signature) -> bool
def export: (String cipher, String password) -> String
| () -> String
alias generate_key generate_key!
def generate_key!: () -> self
def group: () -> Group?
def group=: (Group) -> Group
def private?: () -> bool
def private_key: () -> BN?
def private_key=: (bn priv_key) -> self
alias private_key? private?
def public?: () -> bool
def public_key: () -> Point?
def public_key=: (bn priv_key) -> self
alias public_key? public?
def to_der: () -> String
alias to_pem export
def to_text: () -> String
private
def initialize: (instance ec_key) -> void
| (Group group) -> void
| (String pem_or_der_or_curve, ?String pass) -> void
def initialize_copy: (instance) -> void
EXPLICIT_CURVE: Integer
NAMED_CURVE: Integer
type ec_method = :GFp_simple | :GFp_mont | :GFp_nist | :GF2m_simple
type point_conversion_format = :compressed | :uncompressed | :hybrid
class Group
public
alias == eql?
def asn1_flag: () -> Integer
def asn1_flag=: (Integer) -> Integer
def cofactor: () -> BN
def curve_name: () -> String
def degree: () -> Integer
def eql?: (instance other) -> bool
def generator: () -> Point?
def order: () -> BN
def point_conversion_form: () -> point_conversion_format
def point_conversion_form=: (point_conversion_format format) -> point_conversion_format
def seed: () -> String?
def seed=: (String seed) -> String
def set_generator: ( Point generator, Integer order, Integer cofactor) -> self
def to_der: () -> String
def to_pem: () -> String
def to_text: () -> String
private
def initialize: (instance group) -> void
| (String pem_or_der_encoded) -> void
| (ec_method ec_method) -> void
| (:GFp | :GF2m ec_method, Integer bignum_p, Integer bignum_a, Integer bignum_b) -> void
def initialize_copy: (instance) -> void
class Error < OpenSSL::OpenSSLError
end
end
class Point
public
alias == eql?
def add: (instance point) -> instance
def eql?: (instance other) -> bool
def group: () -> Group
def infinity?: () -> bool
def invert!: () -> self
def make_affine!: () -> self
def mul: (bn bn1, ?bn bn2) -> instance
| (Array[bn] bns, Array[instance], ?bn bn2) -> instance
def on_curve?: () -> bool
def set_to_infinity!: () -> self
def to_bn: (?point_conversion_format conversion_form) -> BN
def to_octet_string: (point_conversion_format) -> String
private
def initialize: (instance point) -> void
| (Group group, ?(String | BN) encoded_point) -> void
def initialize_copy: (instance) -> void
class Error < OpenSSL::OpenSSLError
end
end
end
class ECError < OpenSSL::PKey::PKeyError
end
class PKey
public
def inspect: () -> String
def oid: () -> String
def private_to_der: (String cipher, String password) -> String
| () -> String
def private_to_pem: (String cipher, String password) -> String
| () -> String
def public_to_der: () -> String
def public_to_pem: () -> String
def sign: (Digest digest, String data) -> String
def verify: (Digest digest, String signature, String data) -> bool
private
def initialize: () -> void
end
class PKeyError < OpenSSL::OpenSSLError
end
class RSA < OpenSSL::PKey::PKey
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
def self.generate: (Integer size, ?Integer exponent) -> instance
public
def d: () -> BN?
def dmp1: () -> BN?
def dmq1: () -> BN?
def e: () -> BN?
def export: (String cipher, String password) -> String
| () -> String
def iqmp: () -> BN?
def n: () -> BN?
def p: () -> BN?
def params: () -> Hash[String, BN]
def private?: () -> bool
def private_decrypt: (String data, ?Integer padding) -> String
def private_encrypt: (String data, ?Integer padding) -> String
def public?: () -> bool
def public_decrypt: (String data, ?Integer padding) -> String
def public_encrypt: (String data, ?Integer padding) -> String
def public_key: () -> instance
def q: () -> BN?
def set_crt_params: (bn dmp1, bn dmq1, bn iqmp) -> self
def set_factors: (bn p, bn q) -> self
def set_key: (bn n, bn e, bn d) -> self
def sign_pss: (String digest, String data, salt_length: :digest | :max | Integer, mgf1_hash: String) -> String
def to_der: () -> String
alias to_pem export
alias to_s export
def to_text: () -> String
def verify_pss: (String digest, String signature, String data, salt_length: :auto | :digest | Integer, mgf1_hash: String) -> bool
private
def initialize: (Integer key_size) -> void
| (String encoded_key, ?String pass_phrase) -> void
def initialize_copy: (instance) -> void
NO_PADDING: Integer
PKCS1_OAEP_PADDING: Integer
PKCS1_PADDING: Integer
SSLV23_PADDING: Integer
end
class RSAError < OpenSSL::PKey::PKeyError
end
end
module Random
def self.load_random_file: (String filename) -> true
def self.random_add: (String str, Numeric entropy) -> self
def self.random_bytes: (Integer length) -> String
def self.seed: (String seed) -> String
def self.status?: () -> bool
def self.write_random_file: (String filename) -> true
class RandomError < OpenSSL::OpenSSLError
end
end
module SSL
def self.verify_certificate_identity: (X509::Certificate cert, String hostname) -> bool
def self.verify_hostname: (String hostname, String san) -> bool
def self.verify_wildcard: (String domain_component, String san_component) -> bool
OP_ALL: Integer
OP_ALLOW_NO_DHE_KEX: Integer
OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: Integer
OP_CIPHER_SERVER_PREFERENCE: Integer
OP_CRYPTOPRO_TLSEXT_BUG: Integer
OP_DONT_INSERT_EMPTY_FRAGMENTS: Integer
OP_EPHEMERAL_RSA: Integer
OP_LEGACY_SERVER_CONNECT: Integer
OP_MICROSOFT_BIG_SSLV3_BUFFER: Integer
OP_MICROSOFT_SESS_ID_BUG: Integer
OP_MSIE_SSLV2_RSA_PADDING: Integer
OP_NETSCAPE_CA_DN_BUG: Integer
OP_NETSCAPE_CHALLENGE_BUG: Integer
OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: Integer
OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: Integer
OP_NO_COMPRESSION: Integer
OP_NO_ENCRYPT_THEN_MAC: Integer
OP_NO_RENEGOTIATION: Integer
OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: Integer
OP_NO_SSLv2: Integer
OP_NO_SSLv3: Integer
OP_NO_TICKET: Integer
OP_NO_TLSv1: Integer
OP_NO_TLSv1_1: Integer
OP_NO_TLSv1_2: Integer
OP_NO_TLSv1_3: Integer
OP_PKCS1_CHECK_1: Integer
OP_PKCS1_CHECK_2: Integer
OP_SAFARI_ECDHE_ECDSA_BUG: Integer
OP_SINGLE_DH_USE: Integer
OP_SINGLE_ECDH_USE: Integer
OP_SSLEAY_080_CLIENT_DH_BUG: Integer
OP_SSLREF2_REUSE_CERT_TYPE_BUG: Integer
OP_TLSEXT_PADDING: Integer
OP_TLS_BLOCK_PADDING_BUG: Integer
OP_TLS_D5_BUG: Integer
OP_TLS_ROLLBACK_BUG: Integer
SSL2_VERSION: Integer
SSL3_VERSION: Integer
TLS1_1_VERSION: Integer
TLS1_2_VERSION: Integer
TLS1_3_VERSION: Integer
TLS1_VERSION: Integer
VERIFY_CLIENT_ONCE: Integer
VERIFY_FAIL_IF_NO_PEER_CERT: Integer
VERIFY_NONE: Integer
VERIFY_PEER: Integer
type tls_version = Symbol | Integer
type verify_mode = Integer
class SSLContext
public
def add_certificate: (X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) -> self
def alpn_protocols: () -> Array[String]?
def alpn_protocols=: (Array[String]) -> Array[String]
def alpn_select_cb: () -> (^(Array[String]) -> String? | nil)
def alpn_select_cb=: (^(Array[String]) -> String? alpn_select_callback) -> void
def ca_file: () -> String
def ca_file=: (String ca_file) -> String
def ca_path: () -> String?
def ca_path=: (String ca_path) -> String
def cert: () -> X509::Certificate?
def cert=: ( X509::Certificate cert) -> X509::Certificate
def cert_store: () -> X509::Store?
def cert_store=: (X509::Store store) -> X509::Store
def ciphers: () -> Array[[String, String, Integer, Integer]]
def ciphers=: (Array[[String, String, Integer, Integer]] ciphers) -> void
| (Array[String] ciphers) -> void
| (String colon_sep_ciphers) -> void
def client_ca: () -> (Array[X509::Certificate] | X509::Certificate)
def client_ca=: (Array[X509::Certificate] | X509::Certificate client_ca) -> void
def client_cert_cb: () -> (^(Session) -> [X509::Certificate, PKey::PKey]? | nil)
def client_cert_cb=: (^(Session) -> [X509::Certificate, PKey::PKey]? client_cert_cb) -> void
def ecdh_curves=: (String ecdh_curves) -> String
def enable_fallback_scsv: () -> nil
def extra_chain_cert: () -> Array[X509::Certificate]?
def extra_chain_cert=: (Array[X509::Certificate] extra_certs) -> Array[X509::Certificate]
def flush_sessions: (Time time) -> self
alias freeze setup
def key: () -> PKey::PKey?
def key=: (PKey::PKey) -> PKey::PKey
def max_version=: (tls_version version) -> tls_version
def min_version=: (tls_version version) -> tls_version
def npn_protocols: () -> untyped
def npn_protocols=: (untyped) -> untyped
def npn_select_cb: () -> untyped
def npn_select_cb=: (untyped) -> untyped
def options: () -> Integer
def options=: (Integer ssl_options) -> Integer
def renegotiation_cb: () -> (^(SSLSocket) -> void | nil)
def renegotiation_cb=: (^(SSLSocket) -> void) -> void
def security_level: () -> Integer
def security_level=: (Integer sec_level) -> Integer
def servername_cb: () -> (^(SSLSocket, String) -> SSLContext? | nil)
def servername_cb=: (^(SSLSocket, String) -> SSLContext?) -> ^(SSLSocket, String) -> SSLContext?
def session_add: (Session) -> bool
def session_cache_mode: () -> Integer
def session_cache_mode=: (Integer) -> Integer
def session_cache_size: () -> Integer
def session_cache_size=: (Integer) -> Integer
def session_cache_stats: () -> Hash[Symbol, Integer]
def session_get_cb: () -> (^(SSLSocket, Integer) -> Session? | nil)
def session_get_cb=: (^(SSLSocket, Integer) -> Session?) -> void
def session_id_context: () -> Integer?
def session_id_context=: (Integer) -> Integer
def session_new_cb: () -> (^(SSLSocket) -> untyped | nil)
def session_new_cb=: (^(SSLSocket) -> untyped) -> ^(SSLSocket) -> untyped
def session_remove: (Session session) -> bool
def session_remove_cb: () -> (^(SSLContext, Session) -> void | nil)
def session_remove_cb=: (^(SSLContext, Session) -> void ) -> void
def set_params: (?untyped params) -> untyped
def setup: () -> untyped
alias ssl_timeout timeout
alias ssl_timeout= timeout=
def ssl_version=: (tls_version meth) -> tls_version
def timeout: () -> Integer?
def timeout=: (Integer) -> Integer
def tmp_dh_callback: () -> (^(Session, Integer, Integer) -> PKey::DH | nil)
def tmp_dh_callback=: (^(Session, Integer, Integer) -> PKey::DH) -> void
def verify_callback: () -> (^(bool, X509::StoreContext) -> untyped | nil)
def verify_callback=: (^(bool, X509::StoreContext) -> untyped) -> void
def verify_depth: () -> Integer?
def verify_depth=: (Integer) -> Integer
def verify_hostname: () -> bool?
def verify_hostname=: [U] (boolish) -> U
def verify_mode: () -> verify_mode?
def verify_mode=: (verify_mode) -> verify_mode
private
def initialize: (?tls_version version) -> void
def set_minmax_proto_version: (untyped, untyped) -> untyped
DEFAULT_CERT_STORE: X509::Store
DEFAULT_PARAMS: Hash[Symbol, untyped]
DEFAULT_TMP_DH_CALLBACK: Proc
METHODS: Array[Symbol]
SESSION_CACHE_BOTH: Integer
SESSION_CACHE_CLIENT: Integer
SESSION_CACHE_NO_AUTO_CLEAR: Integer
SESSION_CACHE_NO_INTERNAL: Integer
SESSION_CACHE_NO_INTERNAL_LOOKUP: Integer
SESSION_CACHE_NO_INTERNAL_STORE: Integer
SESSION_CACHE_OFF: Integer
SESSION_CACHE_SERVER: Integer
end
class SSLError < OpenSSL::OpenSSLError
end
class SSLErrorWaitReadable < OpenSSL::SSL::SSLError
include IO::WaitReadable
end
class SSLErrorWaitWritable < OpenSSL::SSL::SSLError
include IO::WaitWritable
end
class SSLServer
include OpenSSL::SSL::SocketForwarder
public
def accept: () -> SSLSocket
def close: () -> nil
def listen: (Integer backlog) -> void
def shutdown: (Symbol | String | Integer how) -> void
def start_immediately: () -> bool
def start_immediately=: [U] (boolish) -> U
def to_io: () -> (TCPServer | UNIXServer)
private
def initialize: (TCPServer | UNIXServer svr, untyped ctx) -> void
end
class SSLSocket
include OpenSSL::SSL::SocketForwarder
include OpenSSL::Buffering
def self.open: (untyped remote_host, untyped remote_port, ?untyped local_host, ?untyped local_port, ?context: untyped) -> untyped
public
def accept: () -> self
def accept_nonblock: (?exception: true) -> self
| (exception: false) -> (self | :wait_readable | :wait_writable)
def alpn_protocol: () -> String?
def cert: () -> X509::Certificate?
def cipher: () -> [String, String, Integer, Integer]?
def client_ca: () -> (Array[X509::Name] | Array[X509::Certificate] | X509::Certificate)
def connect: () -> self
def connect_nonblock: (?exception: true) -> self
| (exception: false) -> (self | :wait_readable | :wait_writable)
def context: () -> SSLContext
def finished_message: () -> String?
def hostname: () -> String?
def hostname=: (String) -> String
def io: () -> BasicSocket
def npn_protocol: () -> String?
def peer_cert: () -> X509::Certificate?
def peer_cert_chain: () -> Array[X509::Certificate]?
def peer_finished_message: () -> String?
def pending: () -> Integer
def post_connection_check: (String hostname) -> true
def session: () -> Session?
def session=: (Session) -> Session
def session_reused?: () -> bool
def ssl_version: () -> tls_version
def state: () -> String
def sync_close: () -> bool
def sync_close=: [U] (boolish) -> U
def sysclose: () -> nil
def sysread: (Integer length, ?String buffer) -> String
def syswrite: (String data) -> Integer
def tmp_key: () -> PKey::PKey?
alias to_io io
def verify_result: () -> Integer
private
def client_cert_cb: () -> untyped
def initialize: (*untyped) -> void
def session_get_cb: () -> untyped
def session_new_cb: () -> untyped
def stop: () -> untyped
def sysread_nonblock: (*untyped) -> untyped
def syswrite_nonblock: (*untyped) -> untyped
def tmp_dh_callback: () -> untyped
def tmp_ecdh_callback: () -> untyped
def using_anon_cipher?: () -> untyped
end
class Session
public
def ==: (instance other) -> bool
def id: () -> String
def time: () -> Time
def time=: (Time | Integer start_time) -> Time
def timeout: () -> Integer
def timeout=: (Integer timeout) -> Integer
def to_der: () -> String
def to_pem: () -> String
def to_text: () -> String
private
def initialize: (SSLSocket | String sock_or_str) -> void
def initialize_copy: (instance) -> void
class SessionError < OpenSSL::OpenSSLError
end
end
module SocketForwarder
public
def addr: () -> Addrinfo?
def closed?: () -> untyped
def do_not_reverse_lookup=: (boolish flag) -> boolish
def fcntl: (*untyped args) -> untyped
def fileno: () -> Integer
def getsockopt: (Symbol | Integer level, Symbol | Integer optname) -> (Integer | boolish | String)
def peeraddr: () -> untyped
def setsockopt: (untyped level, untyped optname, untyped optval) -> untyped
end
end
module Timestamp
class Factory
public
def additional_certs: () -> Array[X509::Certificate]?
def additional_certs=: (Array[X509::Certificate]? certs) -> Array[X509::Certificate]?
def allowed_digests: () -> Array[String | Digest]?
def allowed_digests=: (Array[String | Digest]) -> Array[String | Digest]
def create_timestamp: (PKey::PKey key, X509::Certificate cert, Request request) -> Response
def default_policy_id: () -> String?
def default_policy_id=: (String) -> String
def gen_time: () -> Time?
def gen_time=: (Time) -> Time
def serial_number: () -> Integer?
def serial_number=: (Integer) -> Integer
end
class Request
public
def algorithm: () -> String
def algorithm=: (String) -> String
def cert_requested=: [U] (boolish) -> U
def cert_requested?: () -> bool
def message_imprint: () -> String?
def message_imprint=: (String) -> String
def nonce: () -> BN?
def nonce=: (bn nonce) -> BN
def policy_id: () -> String?
def policy_id=: (String policy_id) -> String
def to_der: () -> String
def version: () -> Integer
def version=: (Integer) -> Integer
private
def initialize: (?(File | String) request_der) -> void
end
class Response
public
def failure_info: () -> Symbol?
def status: () -> BN
def status_text: () -> Array[String]?
def to_der: () -> String
def token: () -> PKCS7?
def token_info: () -> TokenInfo?
def tsa_certificate: () -> X509::Certificate?
def verify: (Request request, X509::Store store, ?X509::Certificate intermediate_cert) -> instance
private
def initialize: (File | String response_der) -> void
GRANTED: Integer
GRANTED_WITH_MODS: Integer
REJECTION: Integer
REVOCATION_NOTIFICATION: Integer
REVOCATION_WARNING: Integer
WAITING: Integer
end
class TimestampError < OpenSSL::OpenSSLError
end
class TokenInfo
public
def algorithm: () -> String?
def gen_time: () -> Time
def message_imprint: () -> String
def nonce: () -> BN?
def ordering: () -> bool?
def policy_id: () -> String?
def serial_number: () -> BN?
def to_der: () -> String
def version: () -> Integer
private
def initialize: (File | String token_der) -> void
end
end
module X509
DEFAULT_CERT_AREA: String
DEFAULT_CERT_DIR: String
DEFAULT_CERT_DIR_ENV: String
DEFAULT_CERT_FILE: String
DEFAULT_CERT_FILE_ENV: String
DEFAULT_PRIVATE_DIR: String
PURPOSE_ANY: Integer
PURPOSE_CRL_SIGN: Integer
PURPOSE_NS_SSL_SERVER: Integer
PURPOSE_OCSP_HELPER: Integer
PURPOSE_SMIME_ENCRYPT: Integer
PURPOSE_SMIME_SIGN: Integer
PURPOSE_SSL_CLIENT: Integer
PURPOSE_SSL_SERVER: Integer
PURPOSE_TIMESTAMP_SIGN: Integer
TRUST_COMPAT: Integer
TRUST_EMAIL: Integer
TRUST_OBJECT_SIGN: Integer
TRUST_OCSP_REQUEST: Integer
TRUST_OCSP_SIGN: Integer
TRUST_SSL_CLIENT: Integer
TRUST_SSL_SERVER: Integer
TRUST_TSA: Integer
V_ERR_AKID_ISSUER_SERIAL_MISMATCH: Integer
V_ERR_AKID_SKID_MISMATCH: Integer
V_ERR_APPLICATION_VERIFICATION: Integer
V_ERR_CA_KEY_TOO_SMALL: Integer
V_ERR_CA_MD_TOO_WEAK: Integer
V_ERR_CERT_CHAIN_TOO_LONG: Integer
V_ERR_CERT_HAS_EXPIRED: Integer
V_ERR_CERT_NOT_YET_VALID: Integer
V_ERR_CERT_REJECTED: Integer
V_ERR_CERT_REVOKED: Integer
V_ERR_CERT_SIGNATURE_FAILURE: Integer
V_ERR_CERT_UNTRUSTED: Integer
V_ERR_CRL_HAS_EXPIRED: Integer
V_ERR_CRL_NOT_YET_VALID: Integer
V_ERR_CRL_PATH_VALIDATION_ERROR: Integer
V_ERR_CRL_SIGNATURE_FAILURE: Integer
V_ERR_DANE_NO_MATCH: Integer
V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: Integer
V_ERR_DIFFERENT_CRL_SCOPE: Integer
V_ERR_EE_KEY_TOO_SMALL: Integer
V_ERR_EMAIL_MISMATCH: Integer
V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: Integer
V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: Integer
V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: Integer
V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: Integer
V_ERR_EXCLUDED_VIOLATION: Integer
V_ERR_HOSTNAME_MISMATCH: Integer
V_ERR_INVALID_CA: Integer
V_ERR_INVALID_CALL: Integer
V_ERR_INVALID_EXTENSION: Integer
V_ERR_INVALID_NON_CA: Integer
V_ERR_INVALID_POLICY_EXTENSION: Integer
V_ERR_INVALID_PURPOSE: Integer
V_ERR_IP_ADDRESS_MISMATCH: Integer
V_ERR_KEYUSAGE_NO_CERTSIGN: Integer
V_ERR_KEYUSAGE_NO_CRL_SIGN: Integer
V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: Integer
V_ERR_NO_EXPLICIT_POLICY: Integer
V_ERR_NO_VALID_SCTS: Integer
V_ERR_OCSP_CERT_UNKNOWN: Integer
V_ERR_OCSP_VERIFY_FAILED: Integer
V_ERR_OCSP_VERIFY_NEEDED: Integer
V_ERR_OUT_OF_MEM: Integer
V_ERR_PATH_LENGTH_EXCEEDED: Integer
V_ERR_PATH_LOOP: Integer
V_ERR_PERMITTED_VIOLATION: Integer
V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: Integer
V_ERR_PROXY_PATH_LENGTH_EXCEEDED: Integer
V_ERR_PROXY_SUBJECT_NAME_VIOLATION: Integer
V_ERR_SELF_SIGNED_CERT_IN_CHAIN: Integer
V_ERR_STORE_LOOKUP: Integer
V_ERR_SUBJECT_ISSUER_MISMATCH: Integer
V_ERR_SUBTREE_MINMAX: Integer
V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Integer
V_ERR_SUITE_B_INVALID_ALGORITHM: Integer
V_ERR_SUITE_B_INVALID_CURVE: Integer
V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Integer
V_ERR_SUITE_B_INVALID_VERSION: Integer
V_ERR_SUITE_B_LOS_NOT_ALLOWED: Integer
V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: Integer
V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: Integer
V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: Integer
V_ERR_UNABLE_TO_GET_CRL: Integer
V_ERR_UNABLE_TO_GET_CRL_ISSUER: Integer
V_ERR_UNABLE_TO_GET_ISSUER_CERT: Integer
V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: Integer
V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: Integer
V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: Integer
V_ERR_UNHANDLED_CRITICAL_EXTENSION: Integer
V_ERR_UNNESTED_RESOURCE: Integer
V_ERR_UNSPECIFIED: Integer
V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: Integer
V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Integer
V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Integer
V_ERR_UNSUPPORTED_NAME_SYNTAX: Integer
V_FLAG_ALLOW_PROXY_CERTS: Integer
V_FLAG_CHECK_SS_SIGNATURE: Integer
V_FLAG_CRL_CHECK: Integer
V_FLAG_CRL_CHECK_ALL: Integer
V_FLAG_EXPLICIT_POLICY: Integer
V_FLAG_EXTENDED_CRL_SUPPORT: Integer
V_FLAG_IGNORE_CRITICAL: Integer
V_FLAG_INHIBIT_ANY: Integer
V_FLAG_INHIBIT_MAP: Integer
V_FLAG_NOTIFY_POLICY: Integer
V_FLAG_NO_ALT_CHAINS: Integer
V_FLAG_NO_CHECK_TIME: Integer
V_FLAG_PARTIAL_CHAIN: Integer
V_FLAG_POLICY_CHECK: Integer
V_FLAG_SUITEB_128_LOS: Integer
V_FLAG_SUITEB_128_LOS_ONLY: Integer
V_FLAG_SUITEB_192_LOS: Integer
V_FLAG_TRUSTED_FIRST: Integer
V_FLAG_USE_CHECK_TIME: Integer
V_FLAG_USE_DELTAS: Integer
V_FLAG_X509_STRICT: Integer
V_OK: Integer
class Attribute
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
public
def ==: (instance other) -> bool
def oid: () -> String
def oid=: (String) -> String
def to_der: () -> String
def value: () -> ASN1::Set
def value=: (ASN1::ASN1Data) -> ASN1::Set
private
def initialize: (String der) -> void
| (String oid, ASN1::ASN1Data value) -> void
def initialize_copy: (instance) -> void
end
class AttributeError < OpenSSL::OpenSSLError
end
class CRL
include OpenSSL::X509::Extension::AuthorityKeyIdentifier
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
public
def ==: (instance other) -> bool
def add_extension: (Extension ext) -> Extension
def add_revoked: (Revoked revoked) -> Revoked
def extensions: () -> Array[Extension]
def extensions=: (Array[Extension] extensions) -> Array[Extension]
def issuer: () -> X509::Name
def issuer=: (X509::Name issuer) -> X509::Name
def last_update: () -> Time?
def last_update=: (Time last_update) -> Time
def next_update: () -> Time?
def next_update=: (Time next_update) -> Time
def revoked: () -> Array[Revoked]
def revoked=: (Array[Revoked]) -> Array[Revoked]
def sign: (PKey::PKey key, Digest digest) -> String
def signature_algorithm: () -> String
def to_der: () -> String
def to_pem: () -> String
alias to_s to_pem
def to_text: () -> String
def verify: (PKey::PKey key) -> bool
def version: () -> Integer
def version=: (Integer) -> Integer
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> void
end
class CRLError < OpenSSL::OpenSSLError
end
class Certificate
include OpenSSL::X509::Extension::AuthorityInfoAccess
include OpenSSL::X509::Extension::CRLDistributionPoints
include OpenSSL::X509::Extension::AuthorityKeyIdentifier
include OpenSSL::X509::Extension::SubjectKeyIdentifier
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
public
def ==: (instance other) -> bool
def add_extension: (Extension ext) -> Extension
def check_private_key: (PKey::PKey key) -> bool
def extensions: () -> Array[Extension]
def extensions=: (Array[Extension]) -> Array[Extension]
def inspect: () -> String
def issuer: () -> Name
def issuer=: (Name) -> Name
def not_after: () -> Time?
def not_after=: (Time) -> Time
def not_before: () -> Time?
def not_before=: (Time) -> Time
def pretty_print: (untyped q) -> untyped
def public_key: () -> PKey::PKey
def public_key=: (PKey::PKey pkey) -> PKey::PKey
def serial: () -> BN
def serial=: (bn serial) -> bn
def sign: (PKey::PKey key, String digest) -> String
def signature_algorithm: () -> String
def subject: () -> Name
def subject=: (Name) -> Name
def to_der: () -> String
def to_pem: () -> String
alias to_s to_pem
def to_text: () -> String
def verify: (PKey::PKey key) -> bool
def version: () -> Integer
def version=: (Integer) -> Integer
private
def initialize: (?String pem) -> void
def initialize_copy: (instance) -> void
end
class CertificateError < OpenSSL::OpenSSLError
end
class Extension
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
public
def ==: (instance other) -> bool
def critical=: [U] (boolish) -> U
def critical?: () -> bool
def oid: () -> String
def oid=: (String oid) -> String
def to_a: () -> [String, String, bool]
def to_der: () -> String
def to_h: () -> Hash[String, untyped]
def to_s: () -> String
def value: () -> String
def value=: (String | ASN1::_ToDer data) -> String
def value_der: () -> String
private
def initialize: (String der) -> void
| (String oid, String value, ?boolish critical) -> void
def initialize_copy: (instance) -> void
module AuthorityInfoAccess
include OpenSSL::X509::Extension::Helpers
public
def ca_issuer_uris: () -> Array[String]?
def ocsp_uris: () -> Array[String]?
private
def parse_aia_asn1: () -> untyped
end
module AuthorityKeyIdentifier
include OpenSSL::X509::Extension::Helpers
public
def authority_key_identifier: () -> String?
end
module CRLDistributionPoints
include OpenSSL::X509::Extension::Helpers
public
def crl_uris: () -> Array[String]?
end
module Helpers
public
def find_extension: (String oid) -> Extension?
end
module SubjectKeyIdentifier
include OpenSSL::X509::Extension::Helpers
public
def subject_key_identifier: () -> String?
end
end
class ExtensionError < OpenSSL::OpenSSLError
end
class ExtensionFactory
public
def config: () -> Config?
def config=: (Config config) -> Config
def create_ext: (String oid, String value, ?boolish critical) -> Extension
def create_ext_from_array: ([String, String] | [String, String, boolish] ary) -> Extension
def create_ext_from_hash: (Hash[String, String | boolish] hash) -> Extension
def create_ext_from_string: (String str) -> Extension
def create_extension: (String oid, String value, ?boolish critical) -> Extension
def crl: () -> CRL?
def crl=: (CRL crl) -> CRL
def issuer_certificate: () -> Certificate?
def issuer_certificate=: (Certificate cert) -> Certificate
def subject_certificate: () -> Certificate?
def subject_certificate=: (Certificate cert) -> Certificate
def subject_request: () -> Request?
def subject_request=: (Request request) -> Request
private
def initialize: (?Certificate? issuer_cert, ?Certificate? subject_cert, ?Request? request, ?CRL? crl) -> void
end
class Name
type distinguished_name = [String, String]
type template = Hash[String, Integer]
include OpenSSL::Marshal
include Comparable
extend OpenSSL::Marshal::ClassMethods
alias self.parse self.parse_openssl
def self.parse_openssl: (String str, ?template template) -> instance
def self.parse_rfc2253: (String str, ?template template) -> instance
public
alias <=> cmp
def add_entry: (String oid, String value, ?loc: Integer, ?set: Integer) -> self
def cmp: (untyped other) -> Integer?
def eql?: (instance other) -> bool
def hash: () -> Integer
def hash_old: () -> Integer
def inspect: () -> String
def pretty_print: (untyped q) -> untyped
def to_a: () -> Array[[String, String, Integer]]
def to_der: () -> String
def to_s: (?format format) -> String
def to_utf8: () -> String
private
def initialize: (distinguished_name name, template template) -> void
| (Array[distinguished_name] names) -> void
| (?String der) -> void
def initialize_copy: (instance) -> void
COMPAT: Integer
DEFAULT_OBJECT_TYPE: Integer
MULTILINE: Integer
OBJECT_TYPE_TEMPLATE: template
ONELINE: Integer
RFC2253: Integer
type format = Integer
module RFC2253DN
def self.expand_hexstring: (untyped str) -> untyped
def self.expand_pair: (untyped str) -> untyped
def self.expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
def self.scan: (untyped dn) -> untyped
private
def expand_hexstring: (untyped str) -> untyped
def expand_pair: (untyped str) -> untyped
def expand_value: (untyped str1, untyped str2, untyped str3) -> untyped
def scan: (String dn) -> Array[distinguished_name]
AttributeType: Regexp
AttributeValue: Regexp
HexChar: Regexp
HexPair: Regexp
HexString: Regexp
Pair: Regexp
QuoteChar: Regexp
Special: String
StringChar: Regexp
TypeAndValue: Regexp
end
end
class NameError < OpenSSL::OpenSSLError
end
class Request
include OpenSSL::Marshal
extend OpenSSL::Marshal::ClassMethods
public
def ==: (untyped other) -> bool
def add_attribute: (Attribute attribute) -> Attribute
def attributes: () -> Array[Attribute]
def attributes=: (Array[Attribute] attributes) -> Array[Attribute]
def public_key: () -> PKey::PKey
def public_key=: (PKey::PKey public_key) -> PKey::PKey
def sign: (PKey::PKey key, Digest | String digest) -> String
def signature_algorithm: () -> String
def subject: () -> Name
def subject=: (Name subject) -> Name
def to_der: () -> String
def to_pem: () -> String
alias to_s to_pem
def to_text: () -> String
def verify: (PKey::PKey key) -> bool
def version: () -> Integer
def version=: (Integer version) -> Integer
private
def initialize: (?String der) -> void
def initialize_copy: (instance) -> void
end
class RequestError < OpenSSL::OpenSSLError
end
class Revoked
public
def ==: (untyped other) -> bool
def add_extension: (Extension ext) -> Extension
def extensions: () -> Array[Extension]
def extensions=: (Array[Extension] extensions) -> Array[Extension]
def serial: () -> Integer
def serial=: (Integer integer) -> Integer
def time: () -> Time?
def time=: (Time time) -> Time
def to_der: () -> String
private
def initialize: (*untyped) -> void
def initialize_copy: (instance) -> void
end
class RevokedError < OpenSSL::OpenSSLError
end
class Store
public
def add_cert: (Certificate certificate) -> self
def add_crl: (CRL crl) -> self
def add_file: (String file) -> self
def add_path: (String path) -> self
def chain: () -> Array[Certificate]?
def error: () -> Integer?
def error_string: () -> String?
def flags=: (Integer flags) -> Integer
def purpose=: (Integer purpose) -> Integer
def set_default_paths: () -> nil
def time=: (Time time) -> Time
def trust=: (Integer trust) -> Integer
def verify: (Certificate certificate, ?Array[Certificate] chain) ?{ (bool preverify_ok, StoreContext store_ctx) -> boolish } -> boolish
def verify_callback: () -> (^(bool preverify_ok, StoreContext store_ctx) -> boolish | nil)
def verify_callback=: [U] (^(bool preverify_ok, StoreContext store_ctx) -> boolish) -> U
private
def initialize: () -> void
end
class StoreContext
public
def chain: () -> Array[Certificate]?
def cleanup: () -> void
def current_cert: () -> Certificate
def current_crl: () -> CRL
def error: () -> Integer?
def error=: (Integer error) -> Integer
def error_depth: () -> Integer
def error_string: () -> String?
def flags=: (Integer flags) -> Integer
def purpose=: (Integer purpose) -> Integer
def time=: (Time time) -> Time
def trust=: (Integer trust) -> Integer
def verify: () -> bool
private
def initialize: (Store store, ?Certificate cert, ?Array[Certificate] chain) -> void
end
class StoreError < OpenSSL::OpenSSLError
end
end
end
Zerion Mini Shell 1.0