- Defined in:
Provides classes and methods to request, create and validate RFC3161-compliant timestamps. Request may be used to either create requests from scratch or to parse existing requests that again can be used to request timestamps from a timestamp server, e.g. via the net/http. The resulting timestamp response may be parsed using Response.
Please note that Response is read-only and immutable. To create a Response, an instance of Factory as well as a valid Request are needed.
Create a Response:
#Assumes ts.p12 is a PKCS#12-compatible file with a private key #and a certificate that has an extended key usage of 'timeStamping' p12 = ::.(File.open('ts.p12', 'rb'), 'pwd') md = ::.new('SHA1') hash = md.digest(data) #some binary data to be timestamped req = ::Timestamp::. req.algorithm = 'SHA1' req. = hash req.policy_id = "188.8.131.52.5" req.nonce = 42 fac = ::Timestamp::.new fac.gen_time = Time.now fac.serial_number = 1 = fac.(p12.key, p12.certificate, req)
Verify a timestamp response:
#Assume we have a timestamp token in a file called ts.der ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb') #Assume we have the Request for this token in a file called req.der req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb') # Assume the associated root CA certificate is contained in a # DER-encoded file named root.cer root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb') # get the necessary intermediate certificates, available in # DER-encoded form in inter1.cer and inter2.cer inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb') inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb') ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails