Class: Pkernel::OCSP

Inherits:

Object

• Object
• Pkernel::OCSP

Extended by:

PkernelJce::OCSP

Defined in:

lib/pkernel_jce/ocsp.rb,
lib/pkernel_jce.rb

Constant Summary

GOOD_CERT =

org.bouncycastle.cert.ocsp.CertificateStatus::GOOD

REVOKED_CERT =

lambda do |dt,reason|
  revokedOn = dt
  revokedOn = revokedOn.to_java_date
  org.bouncycastle.cert.ocsp.RevokedStatus.new(revokedOn, reason)
end

UNKNOWN_CERT =

lambda { org.bouncycastle.cert.ocsp.UnknownStatus.new }

Class Method Summary

• .request_to_bin(req) ⇒ Object
• .response_to_bin(resp) ⇒ Object
• .to_cert_id(cert, issuer = nil, opts = { }) ⇒ Object

Class Method Details

.request_to_bin(req) ⇒ Object

# File 'lib/pkernel_jce/ocsp.rb', line 16

def self.request_to_bin(req)
  PkernelJce::OCSPRequestEngine.to_bin(req) 
end

.response_to_bin(resp) ⇒ Object

# File 'lib/pkernel_jce/ocsp.rb', line 20

def self.response_to_bin(resp)
  PkernelJce::OCSPResponseEngine.to_bin(resp)
end

.to_cert_id(cert, issuer = nil, opts = { }) ⇒ Object

# File 'lib/pkernel_jce/ocsp.rb', line 24

def self.to_cert_id(cert, issuer = nil, opts = { })
  
  digest = org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder.new.setProvider(PkernelJce::Provider::DefProvider).build
  signHash = opts[:signHash] || :sha1
  case signHash
  when :sha1, "SHA1"
  else
    PkernelJce::GConf.instance.glog.warn "Hashing algo '#{signHash}' not yet supported by library. Adjusted to SHA1 as default"
  end

  # for this version of BC (157) this is the only option
  d = digest.get(org.bouncycastle.cert.ocsp.CertificateID::HASH_SHA1)
  
  org.bouncycastle.cert.ocsp.CertificateID.new(d,PkernelJce::Certificate.ensure_bc_cert(cert),PkernelJce::Certificate.ensure_java_cert(cert).serial_number)
end