Class: R509::OCSP::Response

Inherits:

Object

• Object
• R509::OCSP::Response

Defined in:

lib/r509/ocsp.rb

Overview

builds OCSP responses

Class Method Summary

• .parse(ocsp_string) ⇒ R509::OCSP::Response

Instance Method Summary

• #basic ⇒ OpenSSL::OCSP::BasicResponse
• #check_nonce(ocsp_request) ⇒ R509::OCSP::Request::Nonce::CONSTANT

  The status code of the nonce check.

• #initialize(ocsp_response) ⇒ Response constructor

  A new instance of Response.

• #status ⇒ OpenSSL::OCSP

  Response status of this response.

• #to_der ⇒ String

  Der encoded string.

• #verify(certs) ⇒ Boolean

  True if the response is valid according to the given root.

Constructor Details

#initialize(ocsp_response) ⇒ Response

Returns a new instance of Response

Parameters:

• ocsp_response (OpenSSL::OCSP::Response)

# File 'lib/r509/ocsp.rb', line 10

def initialize(ocsp_response)
  unless ocsp_response.is_a?(OpenSSL::OCSP::Response)
    raise R509::R509Error, 'You must pass an OpenSSL::OCSP::Response object to the constructor. See R509::OCSP::Response.parse if you are trying to parse'
  end
  @ocsp_response = ocsp_response
end

Class Method Details

.parse(ocsp_string) ⇒ R509::OCSP::Response

Parameters:

• ocsp_string (String, OpenSSL::OCSP::Response) —

  parses an existing response

Returns:

• (R509::OCSP::Response)

# File 'lib/r509/ocsp.rb', line 18

def self.parse(ocsp_string)
  if ocsp_string.nil?
    raise R509::R509Error, 'You must pass a DER encoded OCSP response to this method'
  end
  R509::OCSP::Response.new(OpenSSL::OCSP::Response.new(ocsp_string))
end

Instance Method Details

#basic ⇒ OpenSSL::OCSP::BasicResponse

Returns:

• (OpenSSL::OCSP::BasicResponse)

# File 'lib/r509/ocsp.rb', line 36

def basic
  @ocsp_response.basic
end

#check_nonce(ocsp_request) ⇒ R509::OCSP::Request::Nonce::CONSTANT

Returns the status code of the nonce check

Parameters:

• ocsp_request (OpenSSL::OCSP::Request) —

  the OCSP request whose nonce to check

Returns:

• (R509::OCSP::Request::Nonce::CONSTANT) —

  the status code of the nonce check

# File 'lib/r509/ocsp.rb', line 66

def check_nonce(ocsp_request)
  ocsp_request.check_nonce(@ocsp_response.basic)
end

#status ⇒ OpenSSL::OCSP

Returns response status of this response

Returns:

• (OpenSSL::OCSP) —

  response status of this response

# File 'lib/r509/ocsp.rb', line 26

def status
  @ocsp_response.status
end

#to_der ⇒ String

Returns der encoded string

Returns:

• (String) —

  der encoded string

# File 'lib/r509/ocsp.rb', line 31

def to_der
  @ocsp_response.to_der
end

#verify(certs) ⇒ Boolean

Returns true if the response is valid according to the given root

Parameters:

• certs (Array<OpenSSL::X509::Certificate>, OpenSSL::X509::Certificate) —

  A cert or array of certs to verify against

Returns:

• (Boolean) —

  true if the response is valid according to the given root

# File 'lib/r509/ocsp.rb', line 42

def verify(certs)
  store = OpenSSL::X509::Store.new
  if certs.is_a?(Array)
    stack = certs
    certs.each do |cert|
      store.add_cert(cert)
    end
  else
    stack = [certs]
    store.add_cert(certs)
  end

  # suppress verbosity since #verify will output a warning if it does not match
  # as well as returning false. we just want the boolean
  original_verbosity = $VERBOSE
  $VERBOSE = nil
  # still a bit unclear on why we add to store and pass in array to verify
  result = @ocsp_response.basic.verify(stack, store)
  $VERBOSE = original_verbosity
  result
end