Class: CertificateAuthority::OCSPResponseBuilder
- Inherits:
-
Object
- Object
- CertificateAuthority::OCSPResponseBuilder
- Defined in:
- lib/certificate_authority/ocsp_handler.rb
Constant Summary collapse
- GOOD =
OpenSSL::OCSP::V_CERTSTATUS_GOOD
- REVOKED =
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
- NO_REASON =
0
- KEY_COMPROMISED =
OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE
- UNSPECIFIED =
OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED
Instance Attribute Summary collapse
-
#next_update ⇒ Object
Returns the value of attribute next_update.
-
#ocsp_request_reader ⇒ Object
Returns the value of attribute ocsp_request_reader.
-
#ocsp_response ⇒ Object
Returns the value of attribute ocsp_response.
-
#parent ⇒ Object
Returns the value of attribute parent.
-
#verification_mechanism ⇒ Object
Returns the value of attribute verification_mechanism.
Class Method Summary collapse
Instance Method Summary collapse
Instance Attribute Details
#next_update ⇒ Object
Returns the value of attribute next_update.
7 8 9 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 7 def next_update @next_update end |
#ocsp_request_reader ⇒ Object
Returns the value of attribute ocsp_request_reader.
5 6 7 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 5 def ocsp_request_reader @ocsp_request_reader end |
#ocsp_response ⇒ Object
Returns the value of attribute ocsp_response.
3 4 5 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 3 def ocsp_response @ocsp_response end |
#parent ⇒ Object
Returns the value of attribute parent.
6 7 8 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 6 def parent @parent end |
#verification_mechanism ⇒ Object
Returns the value of attribute verification_mechanism.
4 5 6 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 4 def verification_mechanism @verification_mechanism end |
Class Method Details
.from_request_reader(request_reader, verification_mechanism = nil) ⇒ Object
38 39 40 41 42 43 44 45 46 47 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 38 def self.from_request_reader(request_reader,verification_mechanism=nil) response_builder = OCSPResponseBuilder.new response_builder.ocsp_request_reader = request_reader ocsp_response = OpenSSL::OCSP::BasicResponse.new ocsp_response.copy_nonce(request_reader.ocsp_request) response_builder.ocsp_response = ocsp_response response_builder.next_update = 60*15 #Default of 15 minutes response_builder end |
Instance Method Details
#build_response ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/certificate_authority/ocsp_handler.rb', line 16 def build_response() raise "Requires a parent for signing" if @parent.nil? if @verification_mechanism.nil? ## If no verification callback is provided we're marking it GOOD @verification_mechanism = lambda {|cert_id| [GOOD,NO_REASON] } end @ocsp_request_reader.ocsp_request.certid.each do |cert_id| result,reason = verification_mechanism.call(cert_id.serial) ## cert_id, status, reason, rev_time, this update, next update, ext ## - unit of time is seconds ## - rev_time is currently set to "now" @ocsp_response.add_status(cert_id, result, reason, 0, 0, @next_update, nil) end @ocsp_response.sign(OpenSSL::X509::Certificate.new(@parent.to_pem), @parent.key_material.private_key, nil, nil) OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, @ocsp_response) end |