Class: OpenSSL::OCSP::CertificateId
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_ocsp.c |
Overview
An CertificateId
identifies a certificate to the CA so that a status check can be performed.
Class Method Summary
-
.new(subject, issuer, digest = nil) ⇒ certificate_id
constructor
Creates a new
CertificateId
for the given subject and issuer::OpenSSL::X509
certificates.
Instance Method Summary
-
#cmp(other) ⇒ Boolean
Compares this certificate id with other and returns
true
if they are the same. -
#cmp_issuer(other) ⇒ Boolean
Compares this certificate id’s issuer with other and returns
true
if they are the same. -
#hash_algorithm ⇒ String
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
- #initialize_copy(other)
-
#issuer_key_hash ⇒ String
Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.
-
#issuer_name_hash ⇒ String
Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated with the hashAlgorithm.
-
#serial ⇒ Integer
Returns the serial number of the certificate for which status is being requested.
-
#to_der ⇒ String
Encodes this certificate identifier into a DER-encoded string.
Constructor Details
.new(subject, issuer, digest = nil) ⇒ certificate_id
.new(der_string) ⇒ certificate_id
.new(obj) ⇒ certificate_id
certificate_id
.new(der_string) ⇒ certificate_id
.new(obj) ⇒ certificate_id
Creates a new CertificateId
for the given subject and issuer ::OpenSSL::X509
certificates. The digest is a digest algorithm that is used to compute the hash values. This defaults to SHA-1.
If only one argument is given, decodes it as DER representation of a certificate ID or generates certificate ID from the object that responds to the to_der method.
# File 'ext/openssl/ossl_ocsp.c', line 1502
static VALUE ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self) { OCSP_CERTID *id, *newid; VALUE subject, issuer, digest; GetOCSPCertId(self, id); if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) { VALUE arg; const unsigned char *p; arg = ossl_to_der_if_possible(subject); StringValue(arg); p = (unsigned char *)RSTRING_PTR(arg); newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg)); if (!newid) ossl_raise(eOCSPError, "d2i_OCSP_CERTID"); } else { X509 *x509s, *x509i; const EVP_MD *md; x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */ x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */ md = !NIL_P(digest) ? ossl_evp_get_digestbyname(digest) : NULL; newid = OCSP_cert_to_id(md, x509s, x509i); if (!newid) ossl_raise(eOCSPError, "OCSP_cert_to_id"); } SetOCSPCertId(self, newid); OCSP_CERTID_free(id); return self; }
Instance Method Details
#cmp(other) ⇒ Boolean
Compares this certificate id with other and returns true
if they are the same.
# File 'ext/openssl/ossl_ocsp.c', line 1546
static VALUE ossl_ocspcid_cmp(VALUE self, VALUE other) { OCSP_CERTID *id, *id2; int result; GetOCSPCertId(self, id); GetOCSPCertId(other, id2); result = OCSP_id_cmp(id, id2); return (result == 0) ? Qtrue : Qfalse; }
#cmp_issuer(other) ⇒ Boolean
Compares this certificate id’s issuer with other and returns true
if they are the same.
# File 'ext/openssl/ossl_ocsp.c', line 1567
static VALUE ossl_ocspcid_cmp_issuer(VALUE self, VALUE other) { OCSP_CERTID *id, *id2; int result; GetOCSPCertId(self, id); GetOCSPCertId(other, id2); result = OCSP_id_issuer_cmp(id, id2); return (result == 0) ? Qtrue : Qfalse; }
#hash_algorithm ⇒ String
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
# File 'ext/openssl/ossl_ocsp.c', line 1652
static VALUE ossl_ocspcid_get_hash_algorithm(VALUE self) { OCSP_CERTID *id; ASN1_OBJECT *oid; BIO *out; GetOCSPCertId(self, id); OCSP_id_get0_info(NULL, &oid, NULL, NULL, id); if (!(out = BIO_new(BIO_s_mem()))) ossl_raise(eOCSPError, "BIO_new"); if (!i2a_ASN1_OBJECT(out, oid)) { BIO_free(out); ossl_raise(eOCSPError, "i2a_ASN1_OBJECT"); } return ossl_membio2str(out); }
#initialize_copy(other)
[ GitHub ]# File 'ext/openssl/ossl_ocsp.c', line 1469
static VALUE ossl_ocspcid_initialize_copy(VALUE self, VALUE other) { OCSP_CERTID *cid, *cid_old, *cid_new; rb_check_frozen(self); GetOCSPCertId(self, cid_old); GetOCSPCertId(other, cid); cid_new = OCSP_CERTID_dup(cid); if (!cid_new) ossl_raise(eOCSPError, "OCSP_CERTID_dup"); SetOCSPCertId(self, cid_new); OCSP_CERTID_free(cid_old); return self; }
#issuer_key_hash ⇒ String
Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.
# File 'ext/openssl/ossl_ocsp.c', line 1629
static VALUE ossl_ocspcid_get_issuer_key_hash(VALUE self) { OCSP_CERTID *id; ASN1_OCTET_STRING *key_hash; VALUE ret; GetOCSPCertId(self, id); OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id); ret = rb_str_new(NULL, key_hash->length * 2); ossl_bin2hex(key_hash->data, RSTRING_PTR(ret), key_hash->length); return ret; }
#issuer_name_hash ⇒ String
Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated with the hashAlgorithm.
# File 'ext/openssl/ossl_ocsp.c', line 1606
static VALUE ossl_ocspcid_get_issuer_name_hash(VALUE self) { OCSP_CERTID *id; ASN1_OCTET_STRING *name_hash; VALUE ret; GetOCSPCertId(self, id); OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id); ret = rb_str_new(NULL, name_hash->length * 2); ossl_bin2hex(name_hash->data, RSTRING_PTR(ret), name_hash->length); return ret; }
#serial ⇒ Integer
Returns the serial number of the certificate for which status is being requested.
# File 'ext/openssl/ossl_ocsp.c', line 1587
static VALUE ossl_ocspcid_get_serial(VALUE self) { OCSP_CERTID *id; ASN1_INTEGER *serial; GetOCSPCertId(self, id); OCSP_id_get0_info(NULL, NULL, NULL, &serial, id); return asn1integer_to_num(serial); }
#to_der ⇒ String
Encodes this certificate identifier into a DER-encoded string.
# File 'ext/openssl/ossl_ocsp.c', line 1678
static VALUE ossl_ocspcid_to_der(VALUE self) { OCSP_CERTID *id; VALUE str; long len; unsigned char *p; GetOCSPCertId(self, id); if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if (i2d_OCSP_CERTID(id, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }