class R509::OCSP::Response

builds OCSP responses

Public Class Methods

new(ocsp_response) click to toggle source

@param ocsp_response [OpenSSL::OCSP::Response]

# File lib/r509/ocsp.rb, line 10
def initialize(ocsp_response)
  unless ocsp_response.is_a?(OpenSSL::OCSP::Response)
    raise R509::R509Error, 'You must pass an OpenSSL::OCSP::Response object to the constructor. See R509::OCSP::Response.parse if you are trying to parse'
  end
  @ocsp_response = ocsp_response
end
parse(ocsp_string) click to toggle source

@param [String,OpenSSL::OCSP::Response] ocsp_string parses an existing response @return [R509::OCSP::Response]

# File lib/r509/ocsp.rb, line 18
def self.parse(ocsp_string)
  if ocsp_string.nil?
    raise R509::R509Error, 'You must pass a DER encoded OCSP response to this method'
  end
  R509::OCSP::Response.new(OpenSSL::OCSP::Response.new(ocsp_string))
end

Public Instance Methods

basic() click to toggle source

@return [OpenSSL::OCSP::BasicResponse]

# File lib/r509/ocsp.rb, line 36
def basic
  @ocsp_response.basic
end
check_nonce(ocsp_request) click to toggle source

@param [OpenSSL::OCSP::Request] ocsp_request the OCSP request whose nonce to check @return [R509::OCSP::Request::Nonce::CONSTANT] the status code of the nonce check

# File lib/r509/ocsp.rb, line 66
def check_nonce(ocsp_request)
  ocsp_request.check_nonce(@ocsp_response.basic)
end
status() click to toggle source

@return [OpenSSL::OCSP] response status of this response

# File lib/r509/ocsp.rb, line 26
def status
  @ocsp_response.status
end
to_der() click to toggle source

@return [String] der encoded string

# File lib/r509/ocsp.rb, line 31
def to_der
  @ocsp_response.to_der
end
verify(certs) click to toggle source

@param [Array<OpenSSL::X509::Certificate>,OpenSSL::X509::Certificate] certs A cert or array of certs to verify against @return [Boolean] true if the response is valid according to the given root

# File lib/r509/ocsp.rb, line 42
def verify(certs)
  store = OpenSSL::X509::Store.new
  if certs.is_a?(Array)
    stack = certs
    certs.each do |cert|
      store.add_cert(cert)
    end
  else
    stack = [certs]
    store.add_cert(certs)
  end

  # suppress verbosity since #verify will output a warning if it does not match
  # as well as returning false. we just want the boolean
  original_verbosity = $VERBOSE
  $VERBOSE = nil
  # still a bit unclear on why we add to store and pass in array to verify
  result = @ocsp_response.basic.verify(stack, store)
  $VERBOSE = original_verbosity
  result
end