类 OpenSSL::OCSP::SingleResponse
一个 OpenSSL::OCSP::SingleResponse
代表一个 OCSP
SingleResponse
结构,它包含证书状态的基本信息。
公共类方法
OpenSSL::OCSP::SingleResponse.new(der_string) → SingleResponse 点击切换源代码
从 der_string 创建一个新的 SingleResponse
。
static VALUE ossl_ocspsres_initialize(VALUE self, VALUE arg) { OCSP_SINGLERESP *res, *res_new; const unsigned char *p; arg = ossl_to_der_if_possible(arg); StringValue(arg); GetOCSPSingleRes(self, res); p = (unsigned char*)RSTRING_PTR(arg); res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg)); if (!res_new) ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP"); SetOCSPSingleRes(self, res_new); OCSP_SINGLERESP_free(res); return self; }
公共实例方法
cert_status → Integer 点击切换源代码
返回由 certid 标识的证书的状态。返回值可能是以下常量之一
-
V_CERTSTATUS_GOOD
-
V_CERTSTATUS_REVOKED
-
V_CERTSTATUS_UNKNOWN
当状态为 V_CERTSTATUS_REVOKED 时,可以通过 revocation_time
获取证书被吊销的时间。
static VALUE ossl_ocspsres_get_cert_status(VALUE self) { OCSP_SINGLERESP *sres; int status; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); return INT2NUM(status); }
certid → CertificateId 点击切换源代码
返回此 SingleResponse
所属的 CertificateId
。
static VALUE ossl_ocspsres_get_certid(VALUE self) { OCSP_SINGLERESP *sres; OCSP_CERTID *id; GetOCSPSingleRes(self, sres); id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres)); /* FIXME */ return ossl_ocspcertid_new(id); }
check_validity(nsec = 0, maxsec = -1) → true | false 点击切换源代码
检查此 SingleResponse
的 thisUpdate 和 nextUpdate 字段的有效性。这将检查当前时间是否在 thisUpdate 到 nextUpdate 的范围内。
有可能 OCSP
请求需要几秒钟,或者时间不准确。为了避免拒绝有效的响应,此方法允许时间在当前时间的 nsec 秒内。
一些响应者没有设置 nextUpdate 字段。这可能会导致非常旧的响应被认为有效。maxsec 参数可以用来限制响应的年龄。
static VALUE ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self) { OCSP_SINGLERESP *sres; ASN1_GENERALIZEDTIME *this_update, *next_update; VALUE nsec_v, maxsec_v; int nsec, maxsec, status, ret; rb_scan_args(argc, argv, "02", &nsec_v, &maxsec_v); nsec = NIL_P(nsec_v) ? 0 : NUM2INT(nsec_v); maxsec = NIL_P(maxsec_v) ? -1 : NUM2INT(maxsec_v); GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); ret = OCSP_check_validity(this_update, next_update, nsec, maxsec); if (ret) return Qtrue; else { ossl_clear_error(); return Qfalse; } }
extensions → Array of X509::Extension 点击切换源代码
static VALUE ossl_ocspsres_get_extensions(VALUE self) { OCSP_SINGLERESP *sres; X509_EXTENSION *ext; int count, i; VALUE ary; GetOCSPSingleRes(self, sres); count = OCSP_SINGLERESP_get_ext_count(sres); ary = rb_ary_new2(count); for (i = 0; i < count; i++) { ext = OCSP_SINGLERESP_get_ext(sres, i); rb_ary_push(ary, ossl_x509ext_new(ext)); /* will dup */ } return ary; }
initialize_copy(p1) 点击切换源代码
static VALUE ossl_ocspsres_initialize_copy(VALUE self, VALUE other) { OCSP_SINGLERESP *sres, *sres_old, *sres_new; rb_check_frozen(self); GetOCSPSingleRes(self, sres_old); GetOCSPSingleRes(other, sres); sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres); if (!sres_new) ossl_raise(eOCSPError, "ASN1_item_dup"); SetOCSPSingleRes(self, sres_new); OCSP_SINGLERESP_free(sres_old); return self; }
next_update → Time | nil 点击切换源代码
static VALUE ossl_ocspsres_get_next_update(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (!time) return Qnil; return asn1time_to_time(time); }
revocation_reason → Integer | nil 点击切换源代码
static VALUE ossl_ocspsres_get_revocation_reason(VALUE self) { OCSP_SINGLERESP *sres; int status, reason; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (status != V_OCSP_CERTSTATUS_REVOKED) ossl_raise(eOCSPError, "certificate is not revoked"); return INT2NUM(reason); }
revocation_time → Time | nil 点击切换源代码
static VALUE ossl_ocspsres_get_revocation_time(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (status != V_OCSP_CERTSTATUS_REVOKED) ossl_raise(eOCSPError, "certificate is not revoked"); if (!time) return Qnil; return asn1time_to_time(time); }
this_update → Time 点击切换源代码
static VALUE ossl_ocspsres_get_this_update(VALUE self) { OCSP_SINGLERESP *sres; int status; ASN1_GENERALIZEDTIME *time; GetOCSPSingleRes(self, sres); status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL); if (status < 0) ossl_raise(eOCSPError, "OCSP_single_get0_status"); if (!time) return Qnil; return asn1time_to_time(time); }
to_der → String 点击切换源代码
将此 SingleResponse
编码为 DER 编码的字符串。
static VALUE ossl_ocspsres_to_der(VALUE self) { OCSP_SINGLERESP *sres; VALUE str; long len; unsigned char *p; GetOCSPSingleRes(self, sres); if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); p = (unsigned char *)RSTRING_PTR(str); if (i2d_OCSP_SINGLERESP(sres, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); return str; }