Class: OpenSSL::OCSP::SingleResponse
- Inherits:
-
Object
- Object
- OpenSSL::OCSP::SingleResponse
- Defined in:
- ext/openssl/ossl_ocsp.c
Instance Method Summary collapse
-
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid.
-
#certid ⇒ CertificateId
Returns the CertificateId for which this SingleResponse is.
-
#check_validity(nsec = 0, maxsec = -1) ⇒ Object
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse.
- #extensions ⇒ Array of X509::Extension
-
#OpenSSL::OCSP::SingleResponse.new(der_string) ⇒ SingleResponse
constructor
Creates a new SingleResponse from der_string.
- #initialize_copy(other) ⇒ Object
- #next_update ⇒ Time | nil
- #revocation_reason ⇒ Integer | nil
- #revocation_time ⇒ Time | nil
- #this_update ⇒ Time
-
#to_der ⇒ String
Encodes this SingleResponse into a DER-encoded string.
Constructor Details
#OpenSSL::OCSP::SingleResponse.new(der_string) ⇒ SingleResponse
Creates a new SingleResponse from der_string.
1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 |
# File 'ext/openssl/ossl_ocsp.c', line 1189
static VALUE
ossl_ocspsres_initialize(VALUE self, VALUE arg)
{
OCSP_SINGLERESP *res, *res_new;
const unsigned char *p;
arg = ossl_to_der_if_possible(arg);
StringValue(arg);
GetOCSPSingleRes(self, res);
p = (unsigned char*)RSTRING_PTR(arg);
res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg));
if (!res_new)
ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP");
SetOCSPSingleRes(self, res_new);
OCSP_SINGLERESP_free(res);
return self;
}
|
Instance Method Details
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
-
V_CERTSTATUS_GOOD
-
V_CERTSTATUS_REVOKED
-
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by #revocation_time.
1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 |
# File 'ext/openssl/ossl_ocsp.c', line 1303
static VALUE
ossl_ocspsres_get_cert_status(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
return INT2NUM(status);
}
|
#certid ⇒ CertificateId
Returns the CertificateId for which this SingleResponse is.
1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 |
# File 'ext/openssl/ossl_ocsp.c', line 1277
static VALUE
ossl_ocspsres_get_certid(VALUE self)
{
OCSP_SINGLERESP *sres;
OCSP_CERTID *id;
GetOCSPSingleRes(self, sres);
id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres)); /* FIXME */
return ossl_ocspcertid_new(id);
}
|
#check_validity(nsec = 0, maxsec = -1) ⇒ Object
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec seconds of the current time.
Some responders don’t set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.
1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 |
# File 'ext/openssl/ossl_ocsp.c', line 1244
static VALUE
ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
{
OCSP_SINGLERESP *sres;
ASN1_GENERALIZEDTIME *this_update, *next_update;
VALUE nsec_v, maxsec_v;
int nsec, maxsec, status, ret;
rb_scan_args(argc, argv, "02", &nsec_v, &maxsec_v);
nsec = NIL_P(nsec_v) ? 0 : NUM2INT(nsec_v);
maxsec = NIL_P(maxsec_v) ? -1 : NUM2INT(maxsec_v);
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
if (ret)
return Qtrue;
else {
ossl_clear_error();
return Qfalse;
}
}
|
#extensions ⇒ Array of X509::Extension
1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 |
# File 'ext/openssl/ossl_ocsp.c', line 1406
static VALUE
ossl_ocspsres_get_extensions(VALUE self)
{
OCSP_SINGLERESP *sres;
X509_EXTENSION *ext;
int count, i;
VALUE ary;
GetOCSPSingleRes(self, sres);
count = OCSP_SINGLERESP_get_ext_count(sres);
ary = rb_ary_new2(count);
for (i = 0; i < count; i++) {
ext = OCSP_SINGLERESP_get_ext(sres, i);
rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */
}
return ary;
}
|
#initialize_copy(other) ⇒ Object
1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 |
# File 'ext/openssl/ossl_ocsp.c', line 1209
static VALUE
ossl_ocspsres_initialize_copy(VALUE self, VALUE other)
{
OCSP_SINGLERESP *sres, *sres_old, *sres_new;
rb_check_frozen(self);
GetOCSPSingleRes(self, sres_old);
GetOCSPSingleRes(other, sres);
sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
if (!sres_new)
ossl_raise(eOCSPError, "ASN1_item_dup");
SetOCSPSingleRes(self, sres_new);
OCSP_SINGLERESP_free(sres_old);
return self;
}
|
#next_update ⇒ Time | nil
1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 |
# File 'ext/openssl/ossl_ocsp.c', line 1342
static VALUE
ossl_ocspsres_get_next_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (!time)
return Qnil;
return asn1time_to_time(time);
}
|
#revocation_reason ⇒ Integer | nil
1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 |
# File 'ext/openssl/ossl_ocsp.c', line 1386
static VALUE
ossl_ocspsres_get_revocation_reason(VALUE self)
{
OCSP_SINGLERESP *sres;
int status, reason;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked");
return INT2NUM(reason);
}
|
#revocation_time ⇒ Time | nil
1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 |
# File 'ext/openssl/ossl_ocsp.c', line 1363
static VALUE
ossl_ocspsres_get_revocation_time(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked");
if (!time)
return Qnil;
return asn1time_to_time(time);
}
|
#this_update ⇒ Time
1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 |
# File 'ext/openssl/ossl_ocsp.c', line 1321
static VALUE
ossl_ocspsres_get_this_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres);
status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL);
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status");
if (!time)
return Qnil;
return asn1time_to_time(time);
}
|
#to_der ⇒ String
Encodes this SingleResponse into a DER-encoded string.
1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 |
# File 'ext/openssl/ossl_ocsp.c', line 1432
static VALUE
ossl_ocspsres_to_der(VALUE self)
{
OCSP_SINGLERESP *sres;
VALUE str;
long len;
unsigned char *p;
GetOCSPSingleRes(self, sres);
if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0)
ossl_raise(eOCSPError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
ossl_raise(eOCSPError, NULL);
ossl_str_adjust(str, p);
return str;
}
|