SmeeView.Aspects.Key (SmeeView v0.1.0) View Source

Represents and processes <KeyDescriptor> elements in entity metadata as Aspect structs.

This is information about the keys used by an IdP or SP for signing and encryption and contains the public key

The functions in this module are intended to be applied to individual Aspect structs - for extracting and processing collections of these records please use the matching View module.

Link to this section Summary

Functions

Returns the raw BASE64 string data of the key, without PEM headers, as stored in the metadata

Is the key suitable for encryption use?

Returns the expiry date (Not After) for the certificate

Returns the SHA1 fingerprint of the certificate

Is this aspect relevant to the IdP role?

Returns the issuer CN of the certificate

Returns the public key as a PEM string (a BASE64-encoded DER certificate).

Returns the associated role for this aspect: :sp, :idp or :all

Returns the serial number for the certificate

Return the signature algorithm as a string (not a list!)

Is the key suitable for signing use?

Is this aspect relevant to the SP role?

Returns the subject CN of the key/certificate

Return the key type: signing, encryption or nil. Nil indicates that the key is general-purpose.

Link to this section Types

Specs

t() :: %SmeeView.Aspects.Key{
  pem: binary(),
  role: atom(),
  type: atom(),
  use: atom()
}

Link to this section Functions

Specs

data(aspect :: t()) :: binary()

Returns the raw BASE64 string data of the key, without PEM headers, as stored in the metadata

Key.data(aspect)
# => "MIICMzCCAZygAwIBAgIJALiPnVsvq..."

Specs

encryption?(aspect :: t()) :: boolean()

Is the key suitable for encryption use?

Not that this is used for, not specifically for - a type of nil indicates both signing and encryption use.

Key.encryption?(aspect)
# => true

Specs

expires_at(aspect :: t()) :: binary() | nil

Returns the expiry date (Not After) for the certificate

Key.expires_at(aspect)
# => ~U[2023-05-21 16:12:05.481701Z]

Specs

fingerprint(aspect :: t()) :: binary()

Returns the SHA1 fingerprint of the certificate

Key.fingerprint(aspect)
# => "A5:9C:E0:47:C1:34:88:9F:16:0B:15:0C:9E:A1:B9:05:6D:8C:37:FE"

Specs

idp?(aspect :: t()) :: boolean()

Is this aspect relevant to the IdP role?

Will return true if the aspect has been derived from an IdP role, or is applicable to all roles.

Key.idp?(aspect)
# => true

Specs

issuer(aspect :: t()) :: binary() | nil

Returns the issuer CN of the certificate

Key.issuer(aspect)
# => "CN=Ankh Morpork Post Office"

Specs

pem(aspect :: t()) :: binary()

Returns the public key as a PEM string (a BASE64-encoded DER certificate).

Key.pem(aspect)
# => "-----BEGIN CERTIFICATE-----
#MIICMzCCAZygAwIBAgIJALiPnVsvq..."

Specs

role(aspect :: t()) :: atom()

Returns the associated role for this aspect: :sp, :idp or :all

The role type is useful when handling a mixed list of aspects that may be specific to certain roles of an entity.

Key.role(aspect)
# => :idp

Specs

serial_number(aspect :: t()) :: binary() | nil

Returns the serial number for the certificate

Key.serial_number(aspect)
# => "27ACAE30B9F323"
Link to this function

signature_algorithm(cert)

View Source

Specs

signature_algorithm(aspect :: t()) :: binary() | nil

Return the signature algorithm as a string (not a list!)

Key.signature_algorithm(aspect)
# => "sha, rsa"

Specs

signing?(aspect :: t()) :: boolean()

Is the key suitable for signing use?

Not that this is used for, not specifically for - a type of nil indicates both signing and encryption use.

Key.signing?(aspect)
# => false

Specs

sp?(aspect :: t()) :: boolean()

Is this aspect relevant to the SP role?

Will return true if the aspect has been derived from an SP role, or is applicable to all roles.

Key.sp?(aspect)
# => false

Specs

subject(aspect :: t()) :: binary()

Returns the subject CN of the key/certificate

Key.subject(aspect)
# => "/CN=hex.unseen.edu/OU=Domain Control Validated"

Specs

type(aspect :: t()) :: binary()

Return the key type: signing, encryption or nil. Nil indicates that the key is general-purpose.

Key.type(aspect)
# => "signing"