Module: NemID::OCSP

Defined in:
lib/nemid/ocsp.rb,
lib/nemid/ocsp/errors.rb

Defined Under Namespace

Classes: Error, InvalidSignatureError, InvalidUpdateError, NoStatusError, NonceError

Class Method Summary collapse

Class Method Details

.request(subject:, issuer:, ca:) ⇒ Object

Raises:



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/nemid/ocsp.rb', line 7

def self.request subject:, issuer:, ca:
  digest = OpenSSL::Digest::SHA1.new
  certificate_id = OpenSSL::OCSP::CertificateId.new(subject, issuer, digest)

  request = OpenSSL::OCSP::Request.new
  request.add_certid(certificate_id)
  request.add_nonce
  
  ocsp_uris = subject.ocsp_uris
  ocsp_uri = URI ocsp_uris[0]

  http_response = Net::HTTP.start ocsp_uri.hostname do |http|
    http.post ocsp_uri.path, request.to_der,
    'content-type' => 'application/ocsp-request'
  end

  response = OpenSSL::OCSP::Response.new http_response.body
  response_basic = response.basic

  response_has_valid_signature?(response_basic, subject, issuer, ca)

  single_response = response_basic.find_response(certificate_id)

  response_has_status_and_is_valid?(single_response)

  raise NonceError if request.check_nonce(response_basic) == 0

  return cert_status(single_response)
end