Class: OpenSSL::OCSP::SingleResponse
- Inherits:
-
Object
- Object
- OpenSSL::OCSP::SingleResponse
- Defined in:
- ext/openssl/ossl_ocsp.c
Instance Method Summary collapse
-
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid.
-
#certid ⇒ CertificateId
Returns the CertificateId for which this SingleResponse is.
-
#check_validity(nsec = 0, maxsec = -1) ⇒ Object
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse.
- #extensions ⇒ Array of X509::Extension
-
#OpenSSL::OCSP::SingleResponse.new(der_string) ⇒ SingleResponse
constructor
Creates a new SingleResponse from
der_string
. - #next_update ⇒ Time | nil
- #revocation_reason ⇒ Integer | nil
- #revocation_time ⇒ Time | nil
- #this_update ⇒ Time
-
#to_der ⇒ String
Encodes this SingleResponse into a DER-encoded string.
Constructor Details
#OpenSSL::OCSP::SingleResponse.new(der_string) ⇒ SingleResponse
Creates a new SingleResponse from der_string
.
1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 |
# File 'ext/openssl/ossl_ocsp.c', line 1189
static VALUE
ossl_ocspsres_initialize(VALUE self, VALUE arg)
{
OCSP_SINGLERESP *res, *res_new;
const unsigned char *p;
arg = ossl_to_der_if_possible(arg);
StringValue(arg);
GetOCSPSingleRes(self, res);
p = (unsigned char*)RSTRING_PTR(arg);
res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
if (!res_new)
ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
SetOCSPSingleRes(self, res_new);
OCSP_SINGLERESP_free(res);
return self;
}
|
Instance Method Details
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
-
V_CERTSTATUS_GOOD
-
V_CERTSTATUS_REVOKED
-
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by #revocation_time.
1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 |
# File 'ext/openssl/ossl_ocsp.c', line 1303
static VALUE
ossl_ocspsres_get_cert_status(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
return INT2NUM(status);
}
|
#certid ⇒ CertificateId
Returns the CertificateId for which this SingleResponse is.
1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 |
# File 'ext/openssl/ossl_ocsp.c', line 1277
static VALUE
ossl_ocspsres_get_certid(VALUE self)
{
OCSP_SINGLERESP *sres;
OCSP_CERTID *id;
GetOCSPSingleRes(self, sres);
id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres)); /* FIXME */
return ossl_ocspcertid_new(id);
}
|
#check_validity(nsec = 0, maxsec = -1) ⇒ Object
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec
of the current time.
Some responders don’t set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec
parameter can be used to limit the age of responses.
1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 |
# File 'ext/openssl/ossl_ocsp.c', line 1244
static VALUE
ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
{
OCSP_SINGLERESP *sres;
ASN1_GENERALIZEDTIME *this_update, *next_update;
VALUE nsec_v, maxsec_v;
int nsec, maxsec, status, ret;
rb_scan_args(argc, argv, "02", &nsec_v, &maxsec_v);
nsec = NIL_P(nsec_v) ? 0 : NUM2INT(nsec_v);
maxsec = NIL_P(maxsec_v) ? -1 : NUM2INT(maxsec_v);
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
if (ret)
return Qtrue;
else {
ossl_clear_error();
return Qfalse;
}
}
|
#extensions ⇒ Array of X509::Extension
1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 |
# File 'ext/openssl/ossl_ocsp.c', line 1400
static VALUE
ossl_ocspsres_get_extensions(VALUE self)
{
OCSP_SINGLERESP *sres;
X509_EXTENSION *ext;
int count, i;
VALUE ary;
GetOCSPSingleRes(self, sres);
count = OCSP_SINGLERESP_get_ext_count(sres);
ary = rb_ary_new2(count);
for (i = 0; i < count; i++) {
ext = OCSP_SINGLERESP_get_ext(sres, i);
rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */
}
return ary;
}
|
#next_update ⇒ Time | nil
1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 |
# File 'ext/openssl/ossl_ocsp.c', line 1340
static VALUE
ossl_ocspsres_get_next_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
return asn1time_to_time(time);
}
|
#revocation_reason ⇒ Integer | nil
1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 |
# File 'ext/openssl/ossl_ocsp.c', line 1380
static VALUE
ossl_ocspsres_get_revocation_reason(VALUE self)
{
OCSP_SINGLERESP *sres;
int status, reason;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked");
return INT2NUM(reason);
}
|
#revocation_time ⇒ Time | nil
1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 |
# File 'ext/openssl/ossl_ocsp.c', line 1359
static VALUE
ossl_ocspsres_get_revocation_time(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked");
return asn1time_to_time(time);
}
|
#this_update ⇒ Time
1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 |
# File 'ext/openssl/ossl_ocsp.c', line 1321
static VALUE
ossl_ocspsres_get_this_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
return asn1time_to_time(time); /* will handle NULL */
}
|
#to_der ⇒ String
Encodes this SingleResponse into a DER-encoded string.
1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 |
# File 'ext/openssl/ossl_ocsp.c', line 1426
static VALUE
ossl_ocspsres_to_der(VALUE self)
{
OCSP_SINGLERESP *sres;
VALUE str;
long len;
unsigned char *p;
GetOCSPSingleRes(self, sres);
if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0)
ossl_raise(eOCSPError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
ossl_raise(eOCSPError, NULL);
ossl_str_adjust(str, p);
return str;
}
|