Class: R509::OCSP::Response

Inherits:
Object
  • Object
show all
Defined in:
lib/r509/ocsp.rb

Overview

builds OCSP responses

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (Response) initialize(ocsp_response)

A new instance of Response

Parameters:

  • ocsp_response (OpenSSL::OCSP::Response) 


11
12
13
14
15
16
 
# File 'lib/r509/ocsp.rb', line 11

def initialize(ocsp_response)
  if not ocsp_response.kind_of?(OpenSSL::OCSP::Response)
    raise R509::R509Error, 'You must pass an OpenSSL::OCSP::Response object to the constructor. See R509::OCSP::Response.parse if you are trying to parse'
  end
  @ocsp_response = ocsp_response
end

Class Method Details

+ (R509::OCSP::Response) parse(ocsp_string)

Parameters:

  • ocsp_string (String, OpenSSL::OCSP::Response)

    parses an existing response

Returns:



19
20
21
22
23
24
 
# File 'lib/r509/ocsp.rb', line 19

def self.parse(ocsp_string)
  if ocsp_string.nil?
    raise R509::R509Error, 'You must pass a DER encoded OCSP response to this method'
  end
  R509::OCSP::Response.new(OpenSSL::OCSP::Response.new(ocsp_string))
end

Instance Method Details

- (OpenSSL::OCSP::BasicResponse) basic

Returns:

  • (OpenSSL::OCSP::BasicResponse) 


37
38
39
 
# File 'lib/r509/ocsp.rb', line 37

def basic
  @ocsp_response.basic
end

- (R509::OCSP::Request::Nonce::CONSTANT) check_nonce(ocsp_request)

The status code of the nonce check

Parameters:

  • ocsp_request (OpenSSL::OCSP::Request)

    the OCSP request whose nonce to check

Returns:

  • (R509::OCSP::Request::Nonce::CONSTANT)

    the status code of the nonce check



67
68
69
 
# File 'lib/r509/ocsp.rb', line 67

def check_nonce(ocsp_request)
  ocsp_request.check_nonce(@ocsp_response.basic)
end

- (OpenSSL::OCSP) status

Response status of this response

Returns:

  • (OpenSSL::OCSP)

    response status of this response



27
28
29
 
# File 'lib/r509/ocsp.rb', line 27

def status
  @ocsp_response.status
end

- (String) to_der

Der encoded string

Returns:

  • (String)

    der encoded string



32
33
34
 
# File 'lib/r509/ocsp.rb', line 32

def to_der
  @ocsp_response.to_der
end

- (Boolean) verify(certs)

True if the response is valid according to the given root

Parameters:

  • certs (Array<OpenSSL::X509::Certificate>, OpenSSL::X509::Certificate)

    A cert or array of certs to verify against

Returns:

  • (Boolean)

    true if the response is valid according to the given root



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/r509/ocsp.rb', line 43

def verify(certs)
  store = OpenSSL::X509::Store.new
  if certs.kind_of?(Array)
    stack = certs
    certs.each do |cert|
      store.add_cert(cert)
    end
  else
    stack = [certs]
    store.add_cert(certs)
  end

  #suppress verbosity since #verify will output a warning if it does not match
  #as well as returning false. we just want the boolean
  original_verbosity = $VERBOSE
  $VERBOSE = nil
  #still a bit unclear on why we add to store and pass in array to verify
  result = @ocsp_response.basic.verify(stack, store)
  $VERBOSE = original_verbosity
  return result
end