In Files
- openssl/ossl_ocsp.c
Parent
Object
Class/Module Index
![[+]](../../images/find.png "show/hide quicksearch")
- IO
- IO::WaitReadable
- IO::WaitWritable
- Integer
- OpenSSL
- OpenSSL::ASN1
- OpenSSL::ASN1::ASN1Data
- OpenSSL::ASN1::ASN1Error
- OpenSSL::ASN1::Constructive
- OpenSSL::ASN1::ObjectId
- OpenSSL::ASN1::Primitive
- OpenSSL::BN
- OpenSSL::BNError
- OpenSSL::Buffering
- OpenSSL::Cipher
- OpenSSL::Cipher::Cipher
- OpenSSL::Cipher::CipherError
- OpenSSL::Config
- OpenSSL::ConfigError
- OpenSSL::Digest
- OpenSSL::Digest::DigestError
- OpenSSL::Engine
- OpenSSL::Engine::EngineError
- OpenSSL::ExtConfig
- OpenSSL::HMAC
- OpenSSL::HMACError
- OpenSSL::KDF
- OpenSSL::KDF::KDFError
- OpenSSL::Netscape
- OpenSSL::Netscape::SPKI
- OpenSSL::Netscape::SPKIError
- OpenSSL::OCSP
- OpenSSL::OCSP::BasicResponse
- OpenSSL::OCSP::CertificateId
- OpenSSL::OCSP::OCSPError
- OpenSSL::OCSP::Request
- OpenSSL::OCSP::Response
- OpenSSL::OCSP::SingleResponse
- OpenSSL::OpenSSLError
- OpenSSL::PKCS12
- OpenSSL::PKCS12::PKCS12Error
- OpenSSL::PKCS5
- OpenSSL::PKCS7
- OpenSSL::PKCS7::PKCS7Error
- OpenSSL::PKCS7::RecipientInfo
- OpenSSL::PKCS7::SignerInfo
- OpenSSL::PKey
- OpenSSL::PKey::DH
- OpenSSL::PKey::DHError
- OpenSSL::PKey::DSA
- OpenSSL::PKey::DSAError
- OpenSSL::PKey::EC
- OpenSSL::PKey::EC::Group
- OpenSSL::PKey::EC::Group::Error
- OpenSSL::PKey::EC::Point
- OpenSSL::PKey::EC::Point::Error
- OpenSSL::PKey::ECError
- OpenSSL::PKey::PKey
- OpenSSL::PKey::PKeyError
- OpenSSL::PKey::RSA
- OpenSSL::PKey::RSAError
- OpenSSL::Random
- OpenSSL::Random::RandomError
- OpenSSL::SSL
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLError
- OpenSSL::SSL::SSLErrorWaitReadable
- OpenSSL::SSL::SSLErrorWaitWritable
- OpenSSL::SSL::SSLServer
- OpenSSL::SSL::SSLSocket
- OpenSSL::SSL::Session
- OpenSSL::SSL::Session::SessionError
- OpenSSL::SSL::SocketForwarder
- OpenSSL::X509
- OpenSSL::X509::Attribute
- OpenSSL::X509::AttributeError
- OpenSSL::X509::CRL
- OpenSSL::X509::CRLError
- OpenSSL::X509::Certificate
- OpenSSL::X509::CertificateError
- OpenSSL::X509::Extension
- OpenSSL::X509::ExtensionError
- OpenSSL::X509::ExtensionFactory
- OpenSSL::X509::Name
- OpenSSL::X509::Name::RFC2253DN
- OpenSSL::X509::NameError
- OpenSSL::X509::Request
- OpenSSL::X509::RequestError
- OpenSSL::X509::Revoked
- OpenSSL::X509::RevokedError
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
- OpenSSL::X509::StoreError
OpenSSL::OCSP::CertificateId
An OpenSSL::OCSP::CertificateId identifies a certificate to the CA so that a status check can be performed.
Public Class Methods
OpenSSL::OCSP::CertificateId.new(subject, issuer, digest = nil) → certificate_id
click to toggle source
OpenSSL::OCSP::CertificateId.new(der_string) → certificate_id
Creates a new OpenSSL::OCSP::CertificateId for the given subject and issuer X509 certificates. The digest is a digest algorithm that is used to compute the hash values. This defaults to SHA-1.
If only one argument is given, decodes it as DER representation of a certificate ID.
static VALUE
ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
{
OCSP_CERTID *id, *newid;
VALUE subject, issuer, digest;
GetOCSPCertId(self, id);
if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
VALUE arg;
const unsigned char *p;
arg = ossl_to_der_if_possible(subject);
StringValue(arg);
p = (unsigned char *)RSTRING_PTR(arg);
newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
if (!newid)
ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
}
else {
X509 *x509s, *x509i;
const EVP_MD *md;
x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
md = !NIL_P(digest) ? ossl_evp_get_digestbyname(digest) : NULL;
newid = OCSP_cert_to_id(md, x509s, x509i);
if (!newid)
ossl_raise(eOCSPError, "OCSP_cert_to_id");
}
SetOCSPCertId(self, newid);
OCSP_CERTID_free(id);
return self;
}
Public Instance Methods
cmp(other) → true or false
click to toggle source
Compares this certificate id with other and returns true if they are the same.
static VALUE
ossl_ocspcid_cmp(VALUE self, VALUE other)
{
OCSP_CERTID *id, *id2;
int result;
GetOCSPCertId(self, id);
GetOCSPCertId(other, id2);
result = OCSP_id_cmp(id, id2);
return (result == 0) ? Qtrue : Qfalse;
}
cmp_issuer(other) → true or false
click to toggle source
Compares this certificate id's issuer with other and returns true if they are the same.
static VALUE
ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
{
OCSP_CERTID *id, *id2;
int result;
GetOCSPCertId(self, id);
GetOCSPCertId(other, id2);
result = OCSP_id_issuer_cmp(id, id2);
return (result == 0) ? Qtrue : Qfalse;
}
hash_algorithm → String
click to toggle source
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
static VALUE
ossl_ocspcid_get_hash_algorithm(VALUE self)
{
OCSP_CERTID *id;
ASN1_OBJECT *oid;
BIO *out;
GetOCSPCertId(self, id);
OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);
if (!(out = BIO_new(BIO_s_mem())))
ossl_raise(eOCSPError, "BIO_new");
if (!i2a_ASN1_OBJECT(out, oid)) {
BIO_free(out);
ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
}
return ossl_membio2str(out);
}
initialize_copy(p1)
click to toggle source
static VALUE
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
{
OCSP_CERTID *cid, *cid_old, *cid_new;
rb_check_frozen(self);
GetOCSPCertId(self, cid_old);
GetOCSPCertId(other, cid);
cid_new = OCSP_CERTID_dup(cid);
if (!cid_new)
ossl_raise(eOCSPError, "OCSP_CERTID_dup");
SetOCSPCertId(self, cid_new);
OCSP_CERTID_free(cid_old);
return self;
}
issuer_key_hash → String
click to toggle source
Returns the issuerKeyHash of this certificate ID, the hash of the issuer's public key.
static VALUE
ossl_ocspcid_get_issuer_key_hash(VALUE self)
{
OCSP_CERTID *id;
ASN1_OCTET_STRING *key_hash;
VALUE ret;
GetOCSPCertId(self, id);
OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);
ret = rb_str_new(NULL, key_hash->length * 2);
ossl_bin2hex(key_hash->data, RSTRING_PTR(ret), key_hash->length);
return ret;
}
issuer_name_hash → String
click to toggle source
Returns the issuerNameHash of this certificate ID, the hash of the issuer's distinguished name calculated with the hashAlgorithm.
static VALUE
ossl_ocspcid_get_issuer_name_hash(VALUE self)
{
OCSP_CERTID *id;
ASN1_OCTET_STRING *name_hash;
VALUE ret;
GetOCSPCertId(self, id);
OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);
ret = rb_str_new(NULL, name_hash->length * 2);
ossl_bin2hex(name_hash->data, RSTRING_PTR(ret), name_hash->length);
return ret;
}
serial → Integer
click to toggle source
Returns the serial number of the certificate for which status is being requested.
static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
OCSP_CERTID *id;
ASN1_INTEGER *serial;
GetOCSPCertId(self, id);
OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);
return asn1integer_to_num(serial);
}
to_der → String
click to toggle source
Encodes this certificate identifier into a DER-encoded string.
static VALUE
ossl_ocspcid_to_der(VALUE self)
{
OCSP_CERTID *id;
VALUE str;
long len;
unsigned char *p;
GetOCSPCertId(self, id);
if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
ossl_raise(eOCSPError, NULL);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if (i2d_OCSP_CERTID(id, &p) <= 0)
ossl_raise(eOCSPError, NULL);
ossl_str_adjust(str, p);
return str;
}