Class: CertificateAuthority::OCSPHandler

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations
Defined in:
lib/certificate_authority/ocsp_handler.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeOCSPHandler

Returns a new instance of OCSPHandler.



18
19
20
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 18

def initialize
  self.certificates = {}
end

Instance Attribute Details

#certificate_idsObject

Returns the value of attribute certificate_ids.



6
7
8
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 6

def certificate_ids
  @certificate_ids
end

#certificatesObject

Returns the value of attribute certificates.



8
9
10
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 8

def certificates
  @certificates
end

#ocsp_requestObject

Returns the value of attribute ocsp_request.



5
6
7
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 5

def ocsp_request
  @ocsp_request
end

#ocsp_response_bodyObject

Returns the value of attribute ocsp_response_body.



11
12
13
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 11

def ocsp_response_body
  @ocsp_response_body
end

#parentObject

Returns the value of attribute parent.



9
10
11
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 9

def parent
  @parent
end

Instance Method Details

#<<(cert) ⇒ Object 



22
23
24
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 22

def <<(cert)
  self.certificates[cert.serial_number.number.to_s] = cert
end

#extract_certificate_serialsObject 



26
27
28
29
30
31
32
33
34
35
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 26

def extract_certificate_serials
  raise "No valid OCSP request was supplied" if self.ocsp_request.nil?
  openssl_request = OpenSSL::OCSP::Request.new(self.ocsp_request)

  self.certificate_ids = openssl_request.certid.collect do |cert_id|
    cert_id.serial
  end

  self.certificate_ids
end

#responseObject 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 38

def response
  raise "Invalid response" unless valid?

  openssl_ocsp_response = OpenSSL::OCSP::BasicResponse.new
  openssl_ocsp_request = OpenSSL::OCSP::Request.new(self.ocsp_request)
  openssl_ocsp_response.copy_nonce(openssl_ocsp_request)

  openssl_ocsp_request.certid.each do |cert_id|
    certificate = self.certificates[cert_id.serial.to_s]

    openssl_ocsp_response.add_status(cert_id,
    OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0,
      0, 0, 30, nil)
  end


  openssl_ocsp_response.sign(OpenSSL::X509::Certificate.new(self.parent.to_pem), self.parent.key_material.private_key, nil, nil)
  final_response = OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, openssl_ocsp_response)
  self.ocsp_response_body = final_response
  self.ocsp_response_body
end

#to_derObject 



60
61
62
63
 
# File 'lib/certificate_authority/ocsp_handler.rb', line 60

def to_der
  raise "No signed OCSP response body available" if self.ocsp_response_body.nil?
  self.ocsp_response_body.to_der
end