Class: OpenSSL::OCSP::CertificateId

Relationships & Source Files
Inherits:	Object
Defined in:	ext/openssl/ossl_ocsp.c

Overview

An CertificateId identifies a certificate to the CA so that a status check can be performed.

Class Method Summary

.new(subject, issuer, digest = nil) ⇒ certificate_id constructor

Creates a new CertificateId for the given subject and issuer ::OpenSSL::X509 certificates.

Instance Method Summary

#cmp(other) ⇒ Boolean

Compares this certificate id with other and returns true if they are the same.
#cmp_issuer(other) ⇒ Boolean

Compares this certificate id’s issuer with other and returns true if they are the same.
#hash_algorithm ⇒ String

Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
#issuer_key_hash ⇒ String

Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.
#issuer_name_hash ⇒ String

Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated with the hashAlgorithm.
#serial ⇒ Integer

Returns the serial number of the certificate for which status is being requested.
#to_der ⇒ String

Encodes this certificate identifier into a DER-encoded string.
#initialize_copy(other) Internal use only

Constructor Details

.new(subject, issuer, digest = nil) ⇒ `certificate_id` .new(der_string) ⇒ `certificate_id` .new(obj) ⇒ `certificate_id`

Creates a new CertificateId for the given subject and issuer ::OpenSSL::X509 certificates. The digest is a digest algorithm that is used to compute the hash values. This defaults to SHA-1.

If only one argument is given, decodes it as DER representation of a certificate ID or generates certificate ID from the object that responds to the to_der method.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1438


static VALUE
ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
{
    OCSP_CERTID *id, *newid;
    VALUE subject, issuer, digest;

    GetOCSPCertId(self, id);
    if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
        VALUE arg;
        const unsigned char *p;

        arg = ossl_to_der_if_possible(subject);
        StringValue(arg);
        p = (unsigned char *)RSTRING_PTR(arg);
        newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
        if (!newid)
            ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
    }
    else {
        X509 *x509s, *x509i;
        const EVP_MD *md;
        VALUE md_holder;

        x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
        x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
        md = NIL_P(digest) ? NULL : ossl_evp_md_fetch(digest, &md_holder);

        newid = OCSP_cert_to_id(md, x509s, x509i);
        if (!newid)
            ossl_raise(eOCSPError, "OCSP_cert_to_id");
    }

    SetOCSPCertId(self, newid);
    OCSP_CERTID_free(id);

    return self;
}

Instance Method Details

#cmp(other) ⇒ `Boolean`

Compares this certificate id with other and returns true if they are the same.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1483


static VALUE
ossl_ocspcid_cmp(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}

#cmp_issuer(other) ⇒ `Boolean`

Compares this certificate id’s issuer with other and returns true if they are the same.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1504


static VALUE
ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_issuer_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}

#hash_algorithm ⇒ `String`

Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1591


static VALUE
ossl_ocspcid_get_hash_algorithm(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OBJECT *oid;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);
    return ossl_asn1obj_to_string_long_name(oid);
}

#initialize_copy(other)

This method is for internal use only.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1405


static VALUE
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
{
    OCSP_CERTID *cid, *cid_old, *cid_new;

    rb_check_frozen(self);
    GetOCSPCertId(self, cid_old);
    GetOCSPCertId(other, cid);

    cid_new = OCSP_CERTID_dup(cid);
    if (!cid_new)
        ossl_raise(eOCSPError, "OCSP_CERTID_dup");

    SetOCSPCertId(self, cid_new);
    OCSP_CERTID_free(cid_old);

    return self;
}

#issuer_key_hash ⇒ `String`

Returns the issuerKeyHash of this certificate ID, the hash of the issuer’s public key.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1567


static VALUE
ossl_ocspcid_get_issuer_key_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *key_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);

    ret = rb_str_new(NULL, ASN1_STRING_length(key_hash) * 2);
    ossl_bin2hex(ASN1_STRING_get0_data(key_hash), RSTRING_PTR(ret),
                 ASN1_STRING_length(key_hash));

    return ret;
}

#issuer_name_hash ⇒ `String`

Returns the issuerNameHash of this certificate ID, the hash of the issuer’s distinguished name calculated with the hashAlgorithm.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1543


static VALUE
ossl_ocspcid_get_issuer_name_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *name_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);

    ret = rb_str_new(NULL, ASN1_STRING_length(name_hash) * 2);
    ossl_bin2hex(ASN1_STRING_get0_data(name_hash), RSTRING_PTR(ret),
                 ASN1_STRING_length(name_hash));

    return ret;
}

#serial ⇒ Integer

Returns the serial number of the certificate for which status is being requested.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1524


static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_INTEGER *serial;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);

    return asn1integer_to_num(serial);
}

#to_der ⇒ `String`

Encodes this certificate identifier into a DER-encoded string.

[ GitHub ]

# File 'ext/openssl/ossl_ocsp.c', line 1608


static VALUE
ossl_ocspcid_to_der(VALUE self)
{
    OCSP_CERTID *id;
    VALUE str;
    long len;
    unsigned char *p;

    GetOCSPCertId(self, id);
    if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
        ossl_raise(eOCSPError, NULL);
    str = rb_str_new(0, len);
    p = (unsigned char *)RSTRING_PTR(str);
    if (i2d_OCSP_CERTID(id, &p) <= 0)
        ossl_raise(eOCSPError, NULL);
    ossl_str_adjust(str, p);

    return str;
}

Class: OpenSSL::OCSP::CertificateId

Overview

Class Method Summary

Instance Method Summary

Constructor Details

.new(subject, issuer, digest = nil) ⇒ certificate_id .new(der_string) ⇒ certificate_id .new(obj) ⇒ certificate_id

Instance Method Details

#cmp(other) ⇒ Boolean

#cmp_issuer(other) ⇒ Boolean

#hash_algorithm ⇒ String

#initialize_copy(other)

#issuer_key_hash ⇒ String

#issuer_name_hash ⇒ String

#serial ⇒ Integer

#to_der ⇒ String

.new(subject, issuer, digest = nil) ⇒ `certificate_id` .new(der_string) ⇒ `certificate_id` .new(obj) ⇒ `certificate_id`

#cmp(other) ⇒ `Boolean`

#cmp_issuer(other) ⇒ `Boolean`

#hash_algorithm ⇒ `String`

#issuer_key_hash ⇒ `String`

#issuer_name_hash ⇒ `String`

#to_der ⇒ `String`