Class: OpenSSL::OCSP::SingleResponse
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_ocsp.c |
Overview
An SingleResponse
represents an ::OpenSSL::OCSP SingleResponse structure, which contains the basic information of the status of the certificate.
Class Method Summary
-
.new(der_string) ⇒ SingleResponse
constructor
Creates a new
SingleResponse
from der_string.
Instance Method Summary
-
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid.
-
#certid ⇒ CertificateId
Returns the CertificateId for which this
SingleResponse
is. -
#check_validity(nsec = 0, maxsec = -1) ⇒ Boolean
Checks the validity of thisUpdate and nextUpdate fields of this
SingleResponse
. - #extensions ⇒ Array of X509::Extension
- #initialize_copy(other)
- #next_update ⇒ Time | nil
- #revocation_reason ⇒ Integer | nil
- #revocation_time ⇒ Time | nil
- #this_update ⇒ Time
-
#to_der ⇒ String
Encodes this
SingleResponse
into a DER-encoded string.
Constructor Details
.new(der_string) ⇒ SingleResponse
Creates a new SingleResponse
from der_string.
# File 'ext/openssl/ossl_ocsp.c', line 1188
static VALUE ossl_ocspsres_initialize(VALUE self, VALUE arg) { OCSP_SINGLERESP *res, *res_new; const unsigned char *p; arg = ossl_to_der_if_possible(arg); StringValue(arg); GetOCSPSingleRes(self, res); p = (unsigned char*)RSTRING_PTR(arg); res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg)); if (!res_new) ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP"); SetOCSPSingleRes(self, res_new); OCSP_SINGLERESP_free(res); return self; }
Instance Method Details
#cert_status ⇒ Integer
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by #revocation_time.
# File 'ext/openssl/ossl_ocsp.c', line 1302
static VALUE ossl_ocspsres_get_cert_status(VALUE self) { OCSP_SINGLERESP *sres; int status; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); return INT2NUM(status); }
#certid ⇒ CertificateId
Returns the CertificateId for which this SingleResponse
is.
# File 'ext/openssl/ossl_ocsp.c', line 1276
static VALUE ossl_ocspsres_get_certid(VALUE self) { OCSP_SINGLERESP *sres; OCSP_CERTID *id; GetOCSPSingleRes(self, sres); id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres)); /* FIXME */ return ossl_ocspcertid_new(id); }
#check_validity(nsec = 0, maxsec = -1) ⇒ Boolean
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse
. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the ::OpenSSL::OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec seconds of the current time.
Some responders don't set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.
# File 'ext/openssl/ossl_ocsp.c', line 1243
static VALUE ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self) { OCSP_SINGLERESP *sres; ASN1_GENERALIZEDTIME *this_update, *next_update; VALUE nsec_v, maxsec_v; int nsec, maxsec, status, ret; rb_scan_args(argc, argv, "02", &nsec_v, &maxsec_v); nsec = NIL_P(nsec_v) ? 0 : NUM2INT(nsec_v); maxsec = NIL_P(maxsec_v) ? -1 : NUM2INT(maxsec_v); GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); ret = OCSP_check_validity(this_update, next_update, nsec, maxsec); if (ret) return Qtrue; else { ossl_clear_error(); return Qfalse; } }
#extensions ⇒ Array
of
X509::Extension
# File 'ext/openssl/ossl_ocsp.c', line 1405
static VALUE ossl_ocspsres_get_extensions(VALUE self) { OCSP_SINGLERESP *sres; X509_EXTENSION *ext; int count, i; VALUE ary; GetOCSPSingleRes(self, sres); count = OCSP_SINGLERESP_get_ext_count(sres); ary = rb_ary_new2(count); for (i = 0; i < count; i++) { ext = OCSP_SINGLERESP_get_ext(sres, i); rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */ } return ary; }
#initialize_copy(other)
[ GitHub ]# File 'ext/openssl/ossl_ocsp.c', line 1208
static VALUE ossl_ocspsres_initialize_copy(VALUE self, VALUE other) { OCSP_SINGLERESP *sres, *sres_old, *sres_new; rb_check_frozen(self); GetOCSPSingleRes(self, sres_old); GetOCSPSingleRes(other, sres); sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres); if (!sres_new) ossl_raise(eOCSPError, "ASN1_item_dup"); SetOCSPSingleRes(self, sres_new); OCSP_SINGLERESP_free(sres_old); return self; }
#next_update ⇒ Time
| nil
# File 'ext/openssl/ossl_ocsp.c', line 1341
static VALUE ossl_ocspsres_get_next_update(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (!time) return Qnil; return asn1time_to_time(time); }
#revocation_reason ⇒ Integer | nil
# File 'ext/openssl/ossl_ocsp.c', line 1385
static VALUE ossl_ocspsres_get_revocation_reason(VALUE self) { OCSP_SINGLERESP *sres; int status, reason; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (status != V_OCSP_CERTSTATUS_REVOKED) ossl_raise(eOCSPError, "certificate is not revoked"); return INT2NUM(reason); }
#revocation_time ⇒ Time
| nil
# File 'ext/openssl/ossl_ocsp.c', line 1362
static VALUE ossl_ocspsres_get_revocation_time(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (status != V_OCSP_CERTSTATUS_REVOKED) ossl_raise(eOCSPError, "certificate is not revoked"); if (!time) return Qnil; return asn1time_to_time(time); }
#this_update ⇒ Time
# File 'ext/openssl/ossl_ocsp.c', line 1320
static VALUE ossl_ocspsres_get_this_update(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (!time) return Qnil; return asn1time_to_time(time); }
#to_der ⇒ String
Encodes this SingleResponse
into a DER-encoded string.
# File 'ext/openssl/ossl_ocsp.c', line 1431
static VALUE ossl_ocspsres_to_der(VALUE self) { OCSP_SINGLERESP *sres; VALUE str; long len; unsigned char *p; GetOCSPSingleRes(self, sres); if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if (i2d_OCSP_SINGLERESP(sres, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }