Class: IControl::Management::OCSPResponder

Inherits:
Base
  • Object
show all
Defined in:
lib/icontrol/management/ocsp_responder.rb,
lib/icontrol/management.rb

Overview

The OCSPResponder interface enables you to manage OCSP responder configuration.

Defined Under Namespace

Classes: ResponderDefinition, ResponderDefinitionSequence, SignInformation, SignInformationSequence

Instance Method Summary collapse

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class IControl::Base

Instance Method Details

#allow_additional_certificate_stateEnabledState

Gets the states that that indicate whether to allow the addition of certificates to the OCSP request. This option should normally only be used for testing purposes.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


49
50
51
# File 'lib/icontrol/management/ocsp_responder.rb', line 49

def allow_additional_certificate_state
  super
end

#ca_fileString

Gets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


61
62
63
# File 'lib/icontrol/management/ocsp_responder.rb', line 61

def ca_file
  super
end

#ca_pathString

Gets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


73
74
75
# File 'lib/icontrol/management/ocsp_responder.rb', line 73

def ca_path
  super
end

#certificate_check_stateEnabledState

Gets the states that indicate whether to perform any additional checks on the OCSP response signers certificate. If false, do not make any checks to see if the signers certificate is authorized to provide the necessary status information: as a result this option should only be used for testing purposes.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


87
88
89
# File 'lib/icontrol/management/ocsp_responder.rb', line 87

def certificate_check_state
  super
end

#certificate_id_digest_methodOCSPDigestMethod

Gets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


99
100
101
# File 'lib/icontrol/management/ocsp_responder.rb', line 99

def certificate_id_digest_method
  super
end

#certificate_verification_stateEnabledState

Gets the states that indicate whether to check the certificates in the OCSP responses.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


110
111
112
# File 'lib/icontrol/management/ocsp_responder.rb', line 110

def certificate_verification_state
  super
end

#chain_stateEnabledState

Gets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


122
123
124
# File 'lib/icontrol/management/ocsp_responder.rb', line 122

def chain_state
  super
end

#createObject

Creates this OCSP responder.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


17
18
19
# File 'lib/icontrol/management/ocsp_responder.rb', line 17

def create
  super
end

#delete_all_respondersObject

Deletes all OCSP responder.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


27
28
29
# File 'lib/icontrol/management/ocsp_responder.rb', line 27

def delete_all_responders
  super
end

#delete_responderObject

Deletes this OCSP responder.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


37
38
39
# File 'lib/icontrol/management/ocsp_responder.rb', line 37

def delete_responder
  super
end

#explicit_stateEnabledState

Gets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing. Specifying this option causes a response to be untrusted if the signers certificate does not contain the "OCSPSigning“ extension.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


136
137
138
# File 'lib/icontrol/management/ocsp_responder.rb', line 136

def explicit_state
  super
end

#ignore_aia_stateEnabledState

Gets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates' authorityInfoAccess OCSP field. If this option is not set (the default) AND the client certificate has a valid AIA OCSP field set, then first attempt to connect to the responder in the client's AIA OCSP field, and fall back to the URL in the responder definition if that server is not available. See RFC2560 for more detail of the authorityInfoAccess x509 extension and its intended usage.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


153
154
155
# File 'lib/icontrol/management/ocsp_responder.rb', line 153

def ignore_aia_state
  super
end

#intern_stateEnabledState

Gets the states that that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_certs or -VAfile options.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


166
167
168
# File 'lib/icontrol/management/ocsp_responder.rb', line 166

def intern_state
  super
end

#listString

Gets a list of all OCSP responder.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


177
178
179
# File 'lib/icontrol/management/ocsp_responder.rb', line 177

def list
  super
end

#nonce_stateEnabledState

Gets the state that indicates whether to send a nonce in the OCSP request.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


188
189
190
# File 'lib/icontrol/management/ocsp_responder.rb', line 188

def nonce_state
  super
end

#other_certificate_fileString

Gets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responder omit the actual signer's certificates from the response: this option can be used to supply the necessary certificates in such cases.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


202
203
204
# File 'lib/icontrol/management/ocsp_responder.rb', line 202

def other_certificate_file
  super
end

#set_allow_additional_certificate_state(opts) ⇒ Object

Sets the states that indicate whether to allow the addition of certificates to the OCSP request. This option should normally only be used for testing purposes.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


330
331
332
333
# File 'lib/icontrol/management/ocsp_responder.rb', line 330

def set_allow_additional_certificate_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_ca_file(opts) ⇒ Object

Sets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :ca_files (String)

    The CA file names used by the responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


344
345
346
347
# File 'lib/icontrol/management/ocsp_responder.rb', line 344

def set_ca_file(opts)
  opts = check_params(opts,[:ca_files])
  super(opts)
end

#set_ca_path(opts) ⇒ Object

Sets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :ca_paths (String)

    The CA paths used by the responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


358
359
360
361
# File 'lib/icontrol/management/ocsp_responder.rb', line 358

def set_ca_path(opts)
  opts = check_params(opts,[:ca_paths])
  super(opts)
end

#set_certificate_check_state(opts) ⇒ Object

Sets the states that indicate whether to perform any additional checks on the OCSP response signers certificate. If false, do not make any checks to see if the signers certificate is authorized to provide the necessary status information: as a result this option should only be used for testing purposes.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


374
375
376
377
# File 'lib/icontrol/management/ocsp_responder.rb', line 374

def set_certificate_check_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_certificate_id_digest_method(opts) ⇒ Object

Sets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


388
389
390
391
# File 'lib/icontrol/management/ocsp_responder.rb', line 388

def set_certificate_id_digest_method(opts)
  opts = check_params(opts,[:digest_methods])
  super(opts)
end

#set_certificate_verification_state(opts) ⇒ Object

Sets the states that indicate whether to check the certificates in the OCSP responses.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


401
402
403
404
# File 'lib/icontrol/management/ocsp_responder.rb', line 401

def set_certificate_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_chain_state(opts) ⇒ Object

Sets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


415
416
417
418
# File 'lib/icontrol/management/ocsp_responder.rb', line 415

def set_chain_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_explicit_state(opts) ⇒ Object

Sets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing. Specifying this option causes a response to be untrusted if the signers certificate does not contain the "OCSPSigning“ extension.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


431
432
433
434
# File 'lib/icontrol/management/ocsp_responder.rb', line 431

def set_explicit_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_ignore_aia_state(opts) ⇒ Object

Sets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates' authorityInfoAccess OCSP field. If this option is not set (the default) AND the client certificate has a valid AIA OCSP field set, then first attempt to connect to the responder in the client's AIA OCSP field, and fall back to the URL in the responder definition if that server is not available. See RFC2560 for more detail of the authorityInfoAccess x509 extension and its intended usage.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


450
451
452
453
# File 'lib/icontrol/management/ocsp_responder.rb', line 450

def set_ignore_aia_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_intern_state(opts) ⇒ Object

Sets the states that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_certs or -VAfile options.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


465
466
467
468
# File 'lib/icontrol/management/ocsp_responder.rb', line 465

def set_intern_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_nonce_state(opts) ⇒ Object

Sets the state that indicates whether to send a nonce in the OCSP request.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


478
479
480
481
# File 'lib/icontrol/management/ocsp_responder.rb', line 478

def set_nonce_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_other_certificate_file(opts) ⇒ Object

Sets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responder omit the actual signer's certificates from the response: this option can be used to supply the necessary certificates in such cases.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :other_files (String)

    The files containing other certificates used by the responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


494
495
496
497
# File 'lib/icontrol/management/ocsp_responder.rb', line 494

def set_other_certificate_file(opts)
  opts = check_params(opts,[:other_files])
  super(opts)
end

#set_signature_verification_state(opts) ⇒ Object

Sets the states that indicate whether to check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


509
510
511
512
# File 'lib/icontrol/management/ocsp_responder.rb', line 509

def set_signature_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_signing_information(opts) ⇒ Object

Sets the signing information necessary to sign the OCSP requests.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


522
523
524
525
# File 'lib/icontrol/management/ocsp_responder.rb', line 522

def set_signing_information(opts)
  opts = check_params(opts,[:signers])
  super(opts)
end

#set_status_age(opts) ⇒ Object

Sets the status ages (sec) for the OCSP response. If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed when -status_age is not specified.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :ages (long)

    The status ages for OCSP responses for the specified responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


539
540
541
542
# File 'lib/icontrol/management/ocsp_responder.rb', line 539

def set_status_age(opts)
  opts = check_params(opts,[:ages])
  super(opts)
end

#set_trust_other_certificate_state(opts) ⇒ Object

Sets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


555
556
557
558
# File 'lib/icontrol/management/ocsp_responder.rb', line 555

def set_trust_other_certificate_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_url(opts) ⇒ Object

Sets the URLs of the responder.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :urls (String)

    The URLs used by the responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


568
569
570
571
# File 'lib/icontrol/management/ocsp_responder.rb', line 568

def set_url(opts)
  opts = check_params(opts,[:urls])
  super(opts)
end

#set_va_file(opts) ⇒ Object

Sets the files containing explicitly trusted responder certificates. This functionality is equivalent to having the other certificates specified via set_other_certificate_file, and setting the state via set_trust_other_certificate_state.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :va_files (String)

    The files containing explicitly trusted responder certificates.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


583
584
585
586
# File 'lib/icontrol/management/ocsp_responder.rb', line 583

def set_va_file(opts)
  opts = check_params(opts,[:va_files])
  super(opts)
end

#set_validity_period(opts) ⇒ Object

Sets the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronized and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 300 seconds.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :ranges (long)

    The validity range of times for OCSP responses for the specified responders.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


602
603
604
605
# File 'lib/icontrol/management/ocsp_responder.rb', line 602

def set_validity_period(opts)
  opts = check_params(opts,[:ranges])
  super(opts)
end

#set_verification_state(opts) ⇒ Object

Sets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responder certificate.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


617
618
619
620
# File 'lib/icontrol/management/ocsp_responder.rb', line 617

def set_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#signature_verification_stateEnabledState

Gets the states that indicate whether to check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


215
216
217
# File 'lib/icontrol/management/ocsp_responder.rb', line 215

def signature_verification_state
  super
end

#signing_informationSignInformation

Gets the signing information necessary to sign the OCSP requests.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


226
227
228
# File 'lib/icontrol/management/ocsp_responder.rb', line 226

def signing_information
  super
end

#status_agelong

Gets the status ages (sec) for the OCSP response. If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed when -status_age is not specified.

Returns:

  • (long)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


241
242
243
# File 'lib/icontrol/management/ocsp_responder.rb', line 241

def status_age
  super
end

#trust_other_certificate_stateEnabledState

Gets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


255
256
257
# File 'lib/icontrol/management/ocsp_responder.rb', line 255

def trust_other_certificate_state
  super
end

#urlString

Gets the URL or hostnames of the responder.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


266
267
268
# File 'lib/icontrol/management/ocsp_responder.rb', line 266

def url
  super
end

#va_fileString

Gets the files containing explicitly trusted responder certificates. This functionality is equivalent to having the other certificates specified via set_other_certificate_file, and setting the state via set_trust_other_certificate_state.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


279
280
281
# File 'lib/icontrol/management/ocsp_responder.rb', line 279

def va_file
  super
end

#validity_periodlong

Gets the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronized and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 300 seconds.

Returns:

  • (long)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


296
297
298
# File 'lib/icontrol/management/ocsp_responder.rb', line 296

def validity_period
  super
end

#verification_stateEnabledState

Gets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responder certificate.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.


309
310
311
# File 'lib/icontrol/management/ocsp_responder.rb', line 309

def verification_state
  super
end

#versionString

Gets the version information for this interface.

Returns:

  • (String)

317
318
319
# File 'lib/icontrol/management/ocsp_responder.rb', line 317

def version
  super
end