Class: R509::Ocsp::Helper::ResponseSigner
- Inherits:
-
Object
- Object
- R509::Ocsp::Helper::ResponseSigner
- Defined in:
- lib/r509/ocsp/signer.rb
Overview
signs OCSP responses
Instance Method Summary (collapse)
-
- (OpenSSL::OCSP::BasicResponse) create_basic_response(request, statuses)
It is UNWISE to call this method directly because it assumes that the request is validated.
-
- (OpenSSL::OCSP::OCSPResponse) create_response(response_status, basic_response = nil)
Builds final response.
-
- (ResponseSigner) initialize(options)
constructor
A new instance of ResponseSigner.
Constructor Details
- (ResponseSigner) initialize(options)
A new instance of ResponseSigner
172 173 174 175 176 177 178 |
# File 'lib/r509/ocsp/signer.rb', line 172 def initialize() if .has_key?(:copy_nonce) @copy_nonce = [:copy_nonce] else @copy_nonce = false end end |
Instance Method Details
- (OpenSSL::OCSP::BasicResponse) create_basic_response(request, statuses)
It is UNWISE to call this method directly because it assumes that the request is validated. You probably want to take a look at R509::Ocsp::Signer#handle_request
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/r509/ocsp/signer.rb', line 186 def create_basic_response(request,statuses) basic_response = OpenSSL::OCSP::BasicResponse.new basic_response.copy_nonce(request) if @copy_nonce statuses.each do |status| #revocation time is retarded and is relative to now, so #let's figure out what that is. if status[:status] == OpenSSL::OCSP::V_CERTSTATUS_REVOKED revocation_time = status[:revocation_time].to_i - Time.now.to_i end basic_response.add_status(status[:certid], status[:status], status[:revocation_reason], revocation_time, -1*status[:config].ocsp_start_skew_seconds, status[:config].ocsp_validity_hours*3600, [] #array of OpenSSL::X509::Extensions ) end #this method assumes the request data is validated by validate_request so all configs will be the same and #we can choose to use the first one safely config = statuses[0][:config] #confusing, but R509::Cert contains R509::PrivateKey under #key. PrivateKey#key gives the OpenSSL object #turns out BasicResponse#sign can take up to 4 params #cert, key, array of OpenSSL::X509::Certificates, flags (not sure what the enumeration of those are) basic_response.sign(config.ocsp_cert.cert,config.ocsp_cert.key.key,config.ocsp_chain) end |
- (OpenSSL::OCSP::OCSPResponse) create_response(response_status, basic_response = nil)
Builds final response.
generated by create_basic_response
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 |
# File 'lib/r509/ocsp/signer.rb', line 223 def create_response(response_status,basic_response=nil) # first arg is the response status code, comes from this list # these can also be enumerated via OpenSSL::OCSP::RESPONSE_STATUS_* #OCSPResponseStatus ::= ENUMERATED { # successful (0), --Response has valid confirmations # malformedRequest (1), --Illegal confirmation request # internalError (2), --Internal error in issuer # tryLater (3), --Try again later # --(4) is not used # sigRequired (5), --Must sign the request # unauthorized (6) --Request unauthorized #} # R509::Ocsp::Response.new( OpenSSL::OCSP::Response.create( response_status, basic_response ) ) end |