Class: R509::OCSP::Signer

Inherits:

Object

• Object
• R509::OCSP::Signer

Defined in:

lib/r509/ocsp/signer.rb

Overview

A class for signing OCSP responses

Instance Attribute Summary

• #request_checker ⇒ Object readonly

  Returns the value of attribute request_checker.

• #validity_checker ⇒ Object readonly

  Returns the value of attribute validity_checker.

Instance Method Summary

• #handle_request(request) ⇒ Hash

  • :request [OpenSSL::OCSP::Request] parsed request object * :response [OpenSSL::OCSP::Response] full response object.

• #initialize(options) ⇒ Signer constructor

  possible OCSP issuance roots that we want to issue OCSP responses for.

Constructor Details

#initialize(options) ⇒ Signer

possible OCSP issuance roots that we want to issue OCSP responses for

Parameters:

• options (Hash) —

  a customizable set of options

Options Hash (options):

• :copy_nonce (Boolean) —

  copy nonce from request to response?

• :configs (R509::Config::CAConfigPool) —

  CAConfigPool object

# File 'lib/r509/ocsp/signer.rb', line 15

def initialize(options)
  if options.has_key?(:validity_checker)
    @validity_checker = options[:validity_checker]
  else
    @validity_checker = R509::Validity::DefaultChecker.new
  end
  @request_checker = Helper::RequestChecker.new(options[:configs], @validity_checker)
  @response_signer = Helper::ResponseSigner.new(options)
end

Instance Attribute Details

#request_checker ⇒ Object (readonly)

Returns the value of attribute request_checker.

# File 'lib/r509/ocsp/signer.rb', line 10

def request_checker
  @request_checker
end

#validity_checker ⇒ Object (readonly)

Returns the value of attribute validity_checker.

# File 'lib/r509/ocsp/signer.rb', line 10

def validity_checker
  @validity_checker
end

Instance Method Details

#handle_request(request) ⇒ Hash

• :request [OpenSSL::OCSP::Request] parsed request object

• :response [OpenSSL::OCSP::Response] full response object

Parameters:

• request (String, OpenSSL::OCSP::Request) —

  OCSP request (string or parsed object)

Returns:

• (Hash)

# File 'lib/r509/ocsp/signer.rb', line 30

def handle_request(request)
  begin
    parsed_request = OpenSSL::OCSP::Request.new request
  rescue
    return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_MALFORMEDREQUEST), :request => nil}
  end

  statuses = @request_checker.check_statuses(parsed_request)
  if not @request_checker.validate_statuses(statuses)
    return {:response => @response_signer.create_response(OpenSSL::OCSP::RESPONSE_STATUS_UNAUTHORIZED), :request => nil}
  end

  basic_response = @response_signer.create_basic_response(parsed_request,statuses)

  {:response => @response_signer.create_response(
    OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL,
    basic_response
  ), :request => parsed_request}
end