Class: OpenSSL::OCSP::CertificateId

Inherits:
Object
  • Object
show all
Defined in:
ext/openssl/ossl_ocsp.c

Instance Method Summary collapse

Constructor Details

#OpenSSL::OCSP::CertificateId.new(subject, issuer, digest = nil) ⇒ Object #OpenSSL::OCSP::CertificateId.new(der_string) ⇒ Object #OpenSSL::OCSP::CertificateId.new(obj) ⇒ Object

Creates a new OpenSSL::OCSP::CertificateId for the given subject and issuer X509 certificates. The digest is a digest algorithm that is used to compute the hash values. This defaults to SHA-1.

If only one argument is given, decodes it as DER representation of a certificate ID or generates certificate ID from the object that responds to the to_der method.



1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
# File 'ext/openssl/ossl_ocsp.c', line 1454

static VALUE
ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
{
    OCSP_CERTID *id, *newid;
    VALUE subject, issuer, digest;

    GetOCSPCertId(self, id);
    if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
	VALUE arg;
	const unsigned char *p;

	arg = ossl_to_der_if_possible(subject);
	StringValue(arg);
	p = (unsigned char *)RSTRING_PTR(arg);
	newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
	if (!newid)
	    ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
    }
    else {
	X509 *x509s, *x509i;
	const EVP_MD *md;

	x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
	x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
	md = !NIL_P(digest) ? ossl_evp_get_digestbyname(digest) : NULL;

	newid = OCSP_cert_to_id(md, x509s, x509i);
	if (!newid)
	    ossl_raise(eOCSPError, "OCSP_cert_to_id");
    }

    SetOCSPCertId(self, newid);
    OCSP_CERTID_free(id);

    return self;
}

Instance Method Details

#cmp(other) ⇒ Boolean

Compares this certificate id with other and returns true if they are the same.

Returns:

  • (Boolean)


1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
# File 'ext/openssl/ossl_ocsp.c', line 1498

static VALUE
ossl_ocspcid_cmp(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}

#cmp_issuer(other) ⇒ Boolean

Compares this certificate id’s issuer with other and returns true if they are the same.

Returns:

  • (Boolean)


1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
# File 'ext/openssl/ossl_ocsp.c', line 1519

static VALUE
ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_issuer_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}

#hash_algorithmString

Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.

Returns:

  • (String)


1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
# File 'ext/openssl/ossl_ocsp.c', line 1604

static VALUE
ossl_ocspcid_get_hash_algorithm(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OBJECT *oid;
    BIO *out;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);

    if (!(out = BIO_new(BIO_s_mem())))
	ossl_raise(eOCSPError, "BIO_new");

    if (!i2a_ASN1_OBJECT(out, oid)) {
	BIO_free(out);
	ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
    }
    return ossl_membio2str(out);
}

#initialize_copy(other) ⇒ Object



1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
# File 'ext/openssl/ossl_ocsp.c', line 1421

static VALUE
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
{
    OCSP_CERTID *cid, *cid_old, *cid_new;

    rb_check_frozen(self);
    GetOCSPCertId(self, cid_old);
    GetOCSPCertId(other, cid);

    cid_new = OCSP_CERTID_dup(cid);
    if (!cid_new)
	ossl_raise(eOCSPError, "OCSP_CERTID_dup");

    SetOCSPCertId(self, cid_new);
    OCSP_CERTID_free(cid_old);

    return self;
}

#issuer_key_hashString

Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.

Returns:

  • (String)


1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
# File 'ext/openssl/ossl_ocsp.c', line 1581

static VALUE
ossl_ocspcid_get_issuer_key_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *key_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);

    ret = rb_str_new(NULL, key_hash->length * 2);
    ossl_bin2hex(key_hash->data, RSTRING_PTR(ret), key_hash->length);

    return ret;
}

#issuer_name_hashString

Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated with the hashAlgorithm.

Returns:

  • (String)


1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
# File 'ext/openssl/ossl_ocsp.c', line 1558

static VALUE
ossl_ocspcid_get_issuer_name_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *name_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);

    ret = rb_str_new(NULL, name_hash->length * 2);
    ossl_bin2hex(name_hash->data, RSTRING_PTR(ret), name_hash->length);

    return ret;
}

#serialInteger

Returns the serial number of the certificate for which status is being requested.

Returns:



1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
# File 'ext/openssl/ossl_ocsp.c', line 1539

static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_INTEGER *serial;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);

    return asn1integer_to_num(serial);
}

#to_derString

Encodes this certificate identifier into a DER-encoded string.

Returns:

  • (String)


1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
# File 'ext/openssl/ossl_ocsp.c', line 1630

static VALUE
ossl_ocspcid_to_der(VALUE self)
{
    OCSP_CERTID *id;
    VALUE str;
    long len;
    unsigned char *p;

    GetOCSPCertId(self, id);
    if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
	ossl_raise(eOCSPError, NULL);
    str = rb_str_new(0, len);
    p = (unsigned char *)RSTRING_PTR(str);
    if (i2d_OCSP_CERTID(id, &p) <= 0)
	ossl_raise(eOCSPError, NULL);
    ossl_str_adjust(str, p);

    return str;
}