class CertificateAuthority::OCSPResponseBuilder

Constants

GOOD
KEY_COMPROMISED
NO_REASON
REVOKED
UNSPECIFIED

Attributes

next_update[RW]
ocsp_request_reader[RW]
ocsp_response[RW]
parent[RW]
verification_mechanism[RW]

Public Class Methods

from_request_reader(request_reader,verification_mechanism=nil) click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/ocsp_handler.rb, line 38
def self.from_request_reader(request_reader,verification_mechanism=nil)
  response_builder = OCSPResponseBuilder.new
  response_builder.ocsp_request_reader = request_reader

  ocsp_response = OpenSSL::OCSP::BasicResponse.new
  ocsp_response.copy_nonce(request_reader.ocsp_request)
  response_builder.ocsp_response = ocsp_response
  response_builder.next_update = 60*15 #Default of 15 minutes
  response_builder
end

Public Instance Methods

build_response() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/ocsp_handler.rb, line 16
def build_response()
  raise "Requires a parent for signing" if @parent.nil?
  if @verification_mechanism.nil?
    ## If no verification callback is provided we're marking it GOOD
    @verification_mechanism = lambda {|cert_id| [GOOD,NO_REASON] }
  end

  @ocsp_request_reader.ocsp_request.certid.each do |cert_id|
    result,reason = verification_mechanism.call(cert_id.serial)

    ## cert_id, status, reason, rev_time, this update, next update, ext
    ## - unit of time is seconds
    ## - rev_time is currently set to "now"
    @ocsp_response.add_status(cert_id,
    result, reason,
      0, 0, @next_update, nil)
  end

  @ocsp_response.sign(OpenSSL::X509::Certificate.new(@parent.to_pem), @parent.key_material.private_key, nil, nil)
  OpenSSL::OCSP::Response.create(OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL, @ocsp_response)
end