Class: CertificateAuthority::OCSPResponseBuilder

Inherits:
Object
  • Object
show all
Defined in:
lib/certificate_authority/ocsp_handler.rb

Constant Summary collapse

GOOD = 
OpenSSL::OCSP::V_CERTSTATUS_GOOD
REVOKED = 
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
NO_REASON = 
0
KEY_COMPROMISED = 
OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE
UNSPECIFIED = 
OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#next_updateObject

Returns the value of attribute next_update.



7
8
9
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 7

def next_update
  @next_update
end

#ocsp_request_readerObject

Returns the value of attribute ocsp_request_reader.



5
6
7
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 5

def ocsp_request_reader
  @ocsp_request_reader
end

#ocsp_responseObject

Returns the value of attribute ocsp_response.



3
4
5
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 3

def ocsp_response
  @ocsp_response
end

#parentObject

Returns the value of attribute parent.



6
7
8
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 6

def parent
  @parent
end

#verification_mechanismObject

Returns the value of attribute verification_mechanism.



4
5
6
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 4

def verification_mechanism
  @verification_mechanism
end

Class Method Details

.from_request_reader(request_reader, verification_mechanism = nil) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 38

def self.from_request_reader(request_reader,verification_mechanism=nil)
  response_builder = OCSPResponseBuilder.new
  response_builder.ocsp_request_reader = request_reader

  ocsp_response = OpenSSL::OCSP::BasicResponse.new
  ocsp_response.copy_nonce(request_reader.ocsp_request)
  response_builder.ocsp_response = ocsp_response
  response_builder.next_update = 60*15 #Default of 15 minutes
  response_builder
end

Instance Method Details

#build_responseObject 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 16

def build_response()
  raise "Requires a parent for signing" if @parent.nil?
  if @verification_mechanism.nil?
    ## If no verification callback is provided we're marking it GOOD
    @verification_mechanism = lambda {|cert_id| [GOOD,NO_REASON] }
  end

  @ocsp_request_reader.ocsp_request.certid.each do |cert_id|
    result,reason = verification_mechanism.call(cert_id.serial)

    ## cert_id, status, reason, rev_time, this update, next update, ext
    ## - unit of time is seconds
    ## - rev_time is currently set to "now"
    @ocsp_response.add_status(cert_id,
    result, reason,
      0, 0, @next_update, nil)
  end

  @ocsp_response.sign(OpenSSL::X509::Certificate.new(@parent.to_pem), @parent.key_material.private_key, nil, nil)
  OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, @ocsp_response)
end