class CertificateAuthority::OCSPResponseBuilder
Constants
- GOOD
- KEY_COMPROMISED
- NO_REASON
- REVOKED
- UNSPECIFIED
Attributes
next_update[RW]
ocsp_request_reader[RW]
ocsp_response[RW]
parent[RW]
verification_mechanism[RW]
Public Class Methods
from_request_reader(request_reader,verification_mechanism=nil)
click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/ocsp_handler.rb, line 38 def self.from_request_reader(request_reader,verification_mechanism=nil) response_builder = OCSPResponseBuilder.new response_builder.ocsp_request_reader = request_reader ocsp_response = OpenSSL::OCSP::BasicResponse.new ocsp_response.copy_nonce(request_reader.ocsp_request) response_builder.ocsp_response = ocsp_response response_builder.next_update = 60*15 #Default of 15 minutes response_builder end
Public Instance Methods
build_response()
click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/ocsp_handler.rb, line 16 def build_response() raise "Requires a parent for signing" if @parent.nil? if @verification_mechanism.nil? ## If no verification callback is provided we're marking it GOOD @verification_mechanism = lambda {|cert_id| [GOOD,NO_REASON] } end @ocsp_request_reader.ocsp_request.certid.each do |cert_id| result,reason = verification_mechanism.call(cert_id.serial) ## cert_id, status, reason, rev_time, this update, next update, ext ## - unit of time is seconds ## - rev_time is currently set to "now" @ocsp_response.add_status(cert_id, result, reason, 0, 0, @next_update, nil) end @ocsp_response.sign(OpenSSL::X509::Certificate.new(@parent.to_pem), @parent.key_material.private_key, nil, nil) OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, @ocsp_response) end