Class: OpenSSL::OCSP::Request
- Inherits:
-
Object
- Object
- OpenSSL::OCSP::Request
- Defined in:
- ossl_ocsp.c
Instance Method Summary collapse
- #add_certid ⇒ Object
- #add_nonce ⇒ Object
- #certid ⇒ Object
-
#check_nonce ⇒ Object
Check nonce validity in a request and response.
- #initialize ⇒ Object constructor
- #sign ⇒ Object
- #to_der ⇒ Object
- #verify ⇒ Object
Constructor Details
#initialize ⇒ Object
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'ossl_ocsp.c', line 102
static VALUE
ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
{
VALUE arg;
const unsigned char *p;
rb_scan_args(argc, argv, "01", &arg);
if(!NIL_P(arg)){
OCSP_REQUEST *req = DATA_PTR(self), *x;
arg = ossl_to_der_if_possible(arg);
StringValue(arg);
p = (unsigned char*)RSTRING_PTR(arg);
x = d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg));
DATA_PTR(self) = req;
if(!x){
ossl_raise(eOCSPError, "cannot load DER encoded request");
}
}
return self;
}
|
Instance Method Details
#add_certid ⇒ Object
172 173 174 175 176 177 178 179 180 181 182 183 184 |
# File 'ossl_ocsp.c', line 172
static VALUE
ossl_ocspreq_add_certid(VALUE self, VALUE certid)
{
OCSP_REQUEST *req;
OCSP_CERTID *id;
GetOCSPReq(self, req);
GetOCSPCertId(certid, id);
if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id)))
ossl_raise(eOCSPError, NULL);
return self;
}
|
#add_nonce ⇒ Object
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 |
# File 'ossl_ocsp.c', line 124
static VALUE
ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self)
{
OCSP_REQUEST *req;
VALUE val;
int ret;
rb_scan_args(argc, argv, "01", &val);
if(NIL_P(val)) {
GetOCSPReq(self, req);
ret = OCSP_request_add1_nonce(req, NULL, -1);
}
else{
StringValue(val);
GetOCSPReq(self, req);
ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val));
}
if(!ret) ossl_raise(eOCSPError, NULL);
return self;
}
|
#certid ⇒ Object
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
# File 'ossl_ocsp.c', line 186
static VALUE
ossl_ocspreq_get_certid(VALUE self)
{
OCSP_REQUEST *req;
OCSP_ONEREQ *one;
OCSP_CERTID *id;
VALUE ary, tmp;
int i, count;
GetOCSPReq(self, req);
count = OCSP_request_onereq_count(req);
ary = (count > 0) ? rb_ary_new() : Qnil;
for(i = 0; i < count; i++){
one = OCSP_request_onereq_get0(req, i);
if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
ossl_raise(eOCSPError, NULL);
WrapOCSPCertId(cOCSPCertId, tmp, id);
rb_ary_push(ary, tmp);
}
return ary;
}
|
#check_nonce ⇒ Object
Check nonce validity in a request and response. Return value reflects result:
1: nonces present and equal.
2: nonces both absent.
3: nonce present in response only.
0: nonces both present and not equal.
-1: nonce in request only.
For most responders clients can check return > 0.
If responder doesn't handle nonces return != 0 may be
necessary. return == 0 is always an error.
158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'ossl_ocsp.c', line 158
static VALUE
ossl_ocspreq_check_nonce(VALUE self, VALUE basic_resp)
{
OCSP_REQUEST *req;
OCSP_BASICRESP *bs;
int res;
GetOCSPReq(self, req);
SafeGetOCSPBasicRes(basic_resp, bs);
res = OCSP_check_nonce(req, bs);
return INT2NUM(res);
}
|
#sign ⇒ Object
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 |
# File 'ossl_ocsp.c', line 209
static VALUE
ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
{
VALUE signer_cert, signer_key, certs, flags;
OCSP_REQUEST *req;
X509 *signer;
EVP_PKEY *key;
STACK_OF(X509) *x509s;
unsigned long flg;
int ret;
rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
signer = GetX509CertPtr(signer_cert);
key = GetPrivPKeyPtr(signer_key);
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
if(NIL_P(certs)){
x509s = sk_X509_new_null();
flags |= OCSP_NOCERTS;
}
else x509s = ossl_x509_ary2sk(certs);
GetOCSPReq(self, req);
ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
sk_X509_pop_free(x509s, X509_free);
if(!ret) ossl_raise(eOCSPError, NULL);
return self;
}
|
#to_der ⇒ Object
258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 |
# File 'ossl_ocsp.c', line 258
static VALUE
ossl_ocspreq_to_der(VALUE self)
{
OCSP_REQUEST *req;
VALUE str;
unsigned char *p;
long len;
GetOCSPReq(self, req);
if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0)
ossl_raise(eOCSPError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if(i2d_OCSP_REQUEST(req, &p) <= 0)
ossl_raise(eOCSPError, NULL);
ossl_str_adjust(str, p);
return str;
}
|
#verify ⇒ Object
237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 |
# File 'ossl_ocsp.c', line 237
static VALUE
ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
{
VALUE certs, store, flags;
OCSP_REQUEST *req;
STACK_OF(X509) *x509s;
X509_STORE *x509st;
int flg, result;
rb_scan_args(argc, argv, "21", &certs, &store, &flags);
x509st = GetX509StorePtr(store);
flg = NIL_P(flags) ? 0 : NUM2INT(flags);
x509s = ossl_x509_ary2sk(certs);
GetOCSPReq(self, req);
result = OCSP_request_verify(req, x509s, x509st, flg);
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
return result ? Qtrue : Qfalse;
}
|