class OpenSSL::OCSP::Request
Public Class Methods
new(p1 = v1)
click to toggle source
static VALUE ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ OCSP_REQUEST *req = DATA_PTR(self), *x; arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char*)RSTRING_PTR(arg); x = d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)); DATA_PTR(self) = req; if(!x){ ossl_raise(eOCSPError, "cannot load DER encoded request"); } } return self; }
Public Instance Methods
add_certid(p1)
click to toggle source
static VALUE ossl_ocspreq_add_certid(VALUE self, VALUE certid) { OCSP_REQUEST *req; OCSP_CERTID *id; GetOCSPReq(self, req); GetOCSPCertId(certid, id); if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id))) ossl_raise(eOCSPError, NULL); return self; }
add_nonce(p1 = v1)
click to toggle source
static VALUE ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self) { OCSP_REQUEST *req; VALUE val; int ret; rb_scan_args(argc, argv, "01", &val); if(NIL_P(val)) { GetOCSPReq(self, req); ret = OCSP_request_add1_nonce(req, NULL, -1); } else{ StringValue(val); GetOCSPReq(self, req); ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LENINT(val)); } if(!ret) ossl_raise(eOCSPError, NULL); return self; }
certid()
click to toggle source
static VALUE ossl_ocspreq_get_certid(VALUE self) { OCSP_REQUEST *req; OCSP_ONEREQ *one; OCSP_CERTID *id; VALUE ary, tmp; int i, count; GetOCSPReq(self, req); count = OCSP_request_onereq_count(req); ary = (count > 0) ? rb_ary_new() : Qnil; for(i = 0; i < count; i++){ one = OCSP_request_onereq_get0(req, i); if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one)))) ossl_raise(eOCSPError, NULL); WrapOCSPCertId(cOCSPCertId, tmp, id); rb_ary_push(ary, tmp); } return ary; }
check_nonce(p1)
click to toggle source
Check nonce validity in a request and response. Return value reflects result:
1: nonces present and equal. 2: nonces both absent. 3: nonce present in response only. 0: nonces both present and not equal. -1: nonce in request only. For most responders clients can check return > 0. If responder doesn't handle nonces return != 0 may be necessary. return == 0 is always an error.
static VALUE ossl_ocspreq_check_nonce(VALUE self, VALUE basic_resp) { OCSP_REQUEST *req; OCSP_BASICRESP *bs; int res; GetOCSPReq(self, req); SafeGetOCSPBasicRes(basic_resp, bs); res = OCSP_check_nonce(req, bs); return INT2NUM(res); }
sign(p1, p2, p3 = v3, p4 = v4)
click to toggle source
static VALUE ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self) { VALUE signer_cert, signer_key, certs, flags; OCSP_REQUEST *req; X509 *signer; EVP_PKEY *key; STACK_OF(X509) *x509s; unsigned long flg; int ret; rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags); signer = GetX509CertPtr(signer_cert); key = GetPrivPKeyPtr(signer_key); flg = NIL_P(flags) ? 0 : NUM2INT(flags); if(NIL_P(certs)){ x509s = sk_X509_new_null(); flags |= OCSP_NOCERTS; } else x509s = ossl_x509_ary2sk(certs); GetOCSPReq(self, req); ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg); sk_X509_pop_free(x509s, X509_free); if(!ret) ossl_raise(eOCSPError, NULL); return self; }
to_der()
click to toggle source
static VALUE ossl_ocspreq_to_der(VALUE self) { OCSP_REQUEST *req; VALUE str; unsigned char *p; long len; GetOCSPReq(self, req); if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }
verify(p1, p2, p3 = v3)
click to toggle source
static VALUE ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self) { VALUE certs, store, flags; OCSP_REQUEST *req; STACK_OF(X509) *x509s; X509_STORE *x509st; int flg, result; rb_scan_args(argc, argv, "21", &certs, &store, &flags); x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : NUM2INT(flags); x509s = ossl_x509_ary2sk(certs); GetOCSPReq(self, req); result = OCSP_request_verify(req, x509s, x509st, flg); sk_X509_pop_free(x509s, X509_free); if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); return result ? Qtrue : Qfalse; }