Class: OpenSSL::OCSP::BasicResponse
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | ext/openssl/ossl_ocsp.c |
Overview
Class Method Summary
-
.new(der_string = nil) ⇒ basic_response
constructor
Creates a new
BasicResponse.
Instance Method Summary
-
#add_nonce(nonce = nil)
Adds
nonceto this response. -
#add_status(certificate_id, status, reason, revocation_time, this_update, next_update, extensions) ⇒ basic_response
Adds a certificate status for
certificate_id. -
#copy_nonce(request) ⇒ Integer
Copies the nonce from
requestinto this response. -
#find_response(certificate_id) ⇒ SingleResponse | nil
Returns a SingleResponse whose CertId matches with
certificate_id, or nil if thisBasicResponsedoes not contain it. -
#responses ⇒ Array of SingleResponse
Returns an Array of SingleResponse for this
BasicResponse. -
#sign(cert, key, certs = nil, flags = 0, digest = nil) ⇒ self
Signs this ::OpenSSL::OCSP response using the
cert,keyand optionaldigest. -
#status ⇒ statuses
Returns an Array of statuses for this response.
-
#to_der ⇒ String
Encodes this basic response into a DER-encoded string.
-
#verify(certificates, store, flags = 0) ⇒ Boolean
Verifies the signature of the response using the given
certificatesandstore.
Constructor Details
.new(der_string = nil) ⇒ basic_response
Creates a new BasicResponse. If der_string is given, decodes der_string as DER.
Instance Method Details
#add_nonce(nonce = nil)
Adds nonce to this response. If no nonce was provided a random nonce will be added.
#add_status(certificate_id, status, reason, revocation_time, this_update, next_update, extensions) ⇒ basic_response
Adds a certificate status for certificate_id. #status is the status, and must be one of these:
reason and revocation_time can be given only when #status is V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which ths status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array of ::OpenSSL::X509::Extension to be included in the SingleResponse. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of ::Integer or Time object. If they are ::Integer, it is treated as the relative seconds from the current time.
#copy_nonce(request) ⇒ Integer
Copies the nonce from request into this response. Returns 1 on success and 0 on failure.
#find_response(certificate_id) ⇒ SingleResponse | nil
Returns a SingleResponse whose CertId matches with certificate_id, or nil if this BasicResponse does not contain it.
#responses ⇒ Array of SingleResponse
Returns an Array of SingleResponse for this BasicResponse.
#sign(cert, key, certs = nil, flags = 0, digest = nil) ⇒ self
Signs this ::OpenSSL::OCSP response using the cert, key and optional digest. This behaves in the similar way as Request#sign.
flags can include:
- OpenSSL::OCSP::NOCERTS
-
don't include certificates
- OpenSSL::OCSP::NOTIME
-
don't set producedAt
- OpenSSL::OCSP::RESPID_KEY
-
use signer's public key hash as responderID
#status ⇒ statuses
Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 for good, 1 for revoked, 2 for unknown), the reason for the status, the revocation time, the time of this update, the time for the next update and a list of OpenSSL::X509::Extensions.
This should be superseded by #responses and #find_response that return SingleResponse.
#to_der ⇒ String
Encodes this basic response into a DER-encoded string.
#verify(certificates, store, flags = 0) ⇒ Boolean
Verifies the signature of the response using the given certificates and store. This works in the similar way as Request#verify.