Class: R509::OCSP::Signer

Inherits:
Object
  • Object
show all
Defined in:
lib/r509/ocsp/signer.rb

Overview

A class for signing OCSP responses

Instance Attribute Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Signer) initialize(options)

possible OCSP issuance roots that we want to issue OCSP responses for

Parameters:

  • options (Hash)

    a customizable set of options

Options Hash (options):

  • :copy_nonce (Boolean)

    copy nonce from request to response?

  • :configs (R509::Config::CAConfigPool)

    CAConfigPool object



15
16
17
18
19
20
21
22
23
# File 'lib/r509/ocsp/signer.rb', line 15

def initialize(options)
  if options.has_key?(:validity_checker)
    @validity_checker = options[:validity_checker]
  else
    @validity_checker = R509::Validity::DefaultChecker.new
  end
  @request_checker = Helper::RequestChecker.new(options[:configs], @validity_checker)
  @response_signer = Helper::ResponseSigner.new(options)
end

Instance Attribute Details

- (Object) request_checker (readonly)

Returns the value of attribute request_checker



10
11
12
# File 'lib/r509/ocsp/signer.rb', line 10

def request_checker
  @request_checker
end

- (Object) validity_checker (readonly)

Returns the value of attribute validity_checker



10
11
12
# File 'lib/r509/ocsp/signer.rb', line 10

def validity_checker
  @validity_checker
end

Instance Method Details

- (Hash) handle_request(request)

  • :request [OpenSSL::OCSP::Request] parsed request object

  • :response [OpenSSL::OCSP::Response] full response object

Parameters:

  • request (String, OpenSSL::OCSP::Request)

    OCSP request (string or parsed object)

Returns:

  • (Hash)


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# File 'lib/r509/ocsp/signer.rb', line 30

def handle_request(request)
  begin
    parsed_request = OpenSSL::OCSP::Request.new request
  rescue
    return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_MALFORMEDREQUEST), :request => nil}
  end

  statuses = @request_checker.check_statuses(parsed_request)
  if not @request_checker.validate_statuses(statuses)
    return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED), :request => nil}
  end

  basic_response = @response_signer.create_basic_response(parsed_request,statuses)

  {:response => @response_signer.create_response(
    OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
    basic_response
  ), :request => parsed_request}
end