Class: R509::Ocsp::Signer

Inherits:

Object

• Object
• R509::Ocsp::Signer

Defined in:

lib/r509/ocsp/signer.rb

Overview

A class for signing OCSP responses

Instance Attribute Summary

• #request_checker ⇒ Object readonly

  Returns the value of attribute request_checker.

• #validity_checker ⇒ Object readonly

  Returns the value of attribute validity_checker.

Instance Method Summary

• #handle_request(request) ⇒ Hash

  • :request [OpenSSL::OCSP::Request] parsed request object * :response [OpenSSL::OCSP::Response] full response object.

• #initialize(options) ⇒ Signer constructor

  possible OCSP issuance roots that we want to issue OCSP responses for.

Constructor Details

#initialize(options) ⇒ Signer

possible OCSP issuance roots that we want to issue OCSP responses for

Parameters:

• options (Hash) —

  a customizable set of options

Options Hash (options):

• :copy_nonce (Boolean) —

  copy nonce from request to response?

• :configs (R509::Config::CaConfigPool) —

  CaConfigPool object

# File 'lib/r509/ocsp/signer.rb', line 15

def initialize(options)
    if options.has_key?(:validity_checker)
        @validity_checker = options[:validity_checker]
    else
        @validity_checker = R509::Validity::DefaultChecker.new
    end
    @request_checker = Helper::RequestChecker.new(options[:configs], @validity_checker)
    @response_signer = Helper::ResponseSigner.new(options)
end

Instance Attribute Details

#request_checker ⇒ Object (readonly)

Returns the value of attribute request_checker.

# File 'lib/r509/ocsp/signer.rb', line 10

def request_checker
  @request_checker
end

#validity_checker ⇒ Object (readonly)

Returns the value of attribute validity_checker.

# File 'lib/r509/ocsp/signer.rb', line 10

def validity_checker
  @validity_checker
end

Instance Method Details

#handle_request(request) ⇒ Hash

Returns * :request [OpenSSL::OCSP::Request] parsed request object

• :response [OpenSSL::OCSP::Response] full response object.

Parameters:

• request (String, OpenSSL::OCSP::Request) —

  OCSP request (string or parsed object)

Returns:

• (Hash) —

  • :request [OpenSSL::OCSP::Request] parsed request object

  • :response [OpenSSL::OCSP::Response] full response object

# File 'lib/r509/ocsp/signer.rb', line 30

def handle_request(request)
    begin
        parsed_request = OpenSSL::OCSP::Request.new request
    rescue
        return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_MALFORMEDREQUEST), :request => nil}
    end

    statuses = @request_checker.check_statuses(parsed_request)
    if not @request_checker.validate_statuses(statuses)
        return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED), :request => nil}
    end

    basic_response = @response_signer.create_basic_response(parsed_request,statuses)

    {:response => @response_signer.create_response(
        OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
        basic_response
    ), :request => parsed_request}
end