Class: CertificateAuthority::OCSPHandler

Inherits:
Object
  • Object
show all
Includes:
Validations
Defined in:
lib/certificate_authority/ocsp_handler.rb

Overview

DEPRECATED

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Validations

#errors, #valid?

Constructor Details

#initializeOCSPHandler

Returns a new instance of OCSPHandler.



86
87
88
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 86

def initialize
  self.certificates = {}
end

Instance Attribute Details

#certificate_idsObject

Returns the value of attribute certificate_ids.



74
75
76
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 74

def certificate_ids
  @certificate_ids
end

#certificatesObject

Returns the value of attribute certificates.



76
77
78
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 76

def certificates
  @certificates
end

#ocsp_requestObject

Returns the value of attribute ocsp_request.



73
74
75
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 73

def ocsp_request
  @ocsp_request
end

#ocsp_response_bodyObject

Returns the value of attribute ocsp_response_body.



79
80
81
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 79

def ocsp_response_body
  @ocsp_response_body
end

#parentObject

Returns the value of attribute parent.



77
78
79
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 77

def parent
  @parent
end

Instance Method Details

#<<(cert) ⇒ Object 



90
91
92
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 90

def <<(cert)
  self.certificates[cert.serial_number.number.to_s] = cert
end

#extract_certificate_serialsObject 



94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 94

def extract_certificate_serials
  openssl_request = OpenSSL::OCSP::Request.new(@ocsp_request)

  if openssl_request.certid.nil?
    raise "Invalid openssl request"
  end
  self.certificate_ids = openssl_request.certid.collect do |cert_id|
    cert_id.serial
  end

  self.certificate_ids
end

#responseObject 



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 108

def response
  raise "Invalid response" unless valid?

  openssl_ocsp_response = OpenSSL::OCSP::BasicResponse.new
  openssl_ocsp_request = OpenSSL::OCSP::Request.new(self.ocsp_request)
  openssl_ocsp_response.copy_nonce(openssl_ocsp_request)

  openssl_ocsp_request.certid.each do |cert_id|
    certificate = self.certificates[cert_id.serial.to_s]

    openssl_ocsp_response.add_status(cert_id,
    OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0,
      0, 0, 30, nil)
  end


  openssl_ocsp_response.sign(OpenSSL::X509::Certificate.new(self.parent.to_pem), self.parent.key_material.private_key, nil, nil)
  final_response = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, openssl_ocsp_response)
  self.ocsp_response_body = final_response
  self.ocsp_response_body
end

#to_derObject 



130
131
132
133
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 130

def to_der
  raise "No signed OCSP response body available" if self.ocsp_response_body.nil?
  self.ocsp_response_body.to_der
end

#validateObject 



81
82
83
84
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 81

def validate
  errors.add :parent, "A parent entity must be set" if parent.nil?
  all_certificates_available
end