OpenSSL::OCSP::SingleResponse
class OpenSSL::OCSP::SingleResponse
父类:对象
OpenSSL :: OCSP :: SingleResponse表示OCSP SingleResponse结构,其中包含证书状态的基本信息。
公共类方法
OpenSSL :: OCSP :: SingleResponse.new(der_string)→SingleResponse显示源代码
从中创建一个新的SingleResponse der_string。
static VALUE
ossl_ocspsres_initialize(VALUE self, VALUE arg)
{
OCSP_SINGLERESP *res, *res_new;
const unsigned char *p;
arg = ossl_to_der_if_possible(arg
StringValue(arg
GetOCSPSingleRes(self, res
p = (unsigned char*)RSTRING_PTR(arg
res_new = d2i_OCSP_SINGLERESP(NULL, &p, RSTRING_LEN(arg)
if (!res_new)
ossl_raise(eOCSPError, "d2i_OCSP_SINGLERESP"
SetOCSPSingleRes(self, res_new
OCSP_SINGLERESP_free(res
return self;
}
公共实例方法
cert_status→整数显示源
返回由certid标识的证书的状态。返回值可能是以下常量之一:
- V_CERTSTATUS_GOOD
- V_CERTSTATUS_REVOKED
- V_CERTSTATUS_UNKNOWN
状态为V_CERTSTATUS_REVOKED时,可以通过revocation_time检索证书被吊销的时间。
static VALUE
ossl_ocspsres_get_cert_status(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, NULL
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
return INT2NUM(status
}
certid→CertificateId显示来源
返回此SingleResponse所属的CertificateId。
static VALUE
ossl_ocspsres_get_certid(VALUE self)
{
OCSP_SINGLERESP *sres;
OCSP_CERTID *id;
GetOCSPSingleRes(self, sres
id = OCSP_CERTID_dup((OCSP_CERTID *)OCSP_SINGLERESP_get0_id(sres) /* FIXME */
return ossl_ocspcertid_new(id
}
check_validity(nsec = 0,maxsec = -1)→true | false 显示源
检查此SingleResponse的thisUpdate和nextUpdate字段的有效性。这将检查当前时间是否在thisUpdate到nextUpdate的范围内。
OCSP请求可能需要几秒钟或时间不准确。为避免拒绝有效的响应,此方法允许时间nsec在当前时间之内。
一些响应者不设置nextUpdate字段。这可能会导致很旧的回复被认为是有效的。该maxsec参数可用于限制响应的年龄。
static VALUE
ossl_ocspsres_check_validity(int argc, VALUE *argv, VALUE self)
{
OCSP_SINGLERESP *sres;
ASN1_GENERALIZEDTIME *this_update, *next_update;
VALUE nsec_v, maxsec_v;
int nsec, maxsec, status, ret;
rb_scan_args(argc, argv, "02", &nsec_v, &maxsec_v
nsec = NIL_P(nsec_v) ? 0 : NUM2INT(nsec_v
maxsec = NIL_P(maxsec_v) ? -1 : NUM2INT(maxsec_v
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, NULL, NULL, &this_update, &next_update
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
ret = OCSP_check_validity(this_update, next_update, nsec, maxsec
if (ret)
return Qtrue;
else {
ossl_clear_error(
return Qfalse;
}
}
扩展→X509 ::扩展显示源的数组
static VALUE
ossl_ocspsres_get_extensions(VALUE self)
{
OCSP_SINGLERESP *sres;
X509_EXTENSION *ext;
int count, i;
VALUE ary;
GetOCSPSingleRes(self, sres
count = OCSP_SINGLERESP_get_ext_count(sres
ary = rb_ary_new2(count
for (i = 0; i < count; i++) {
ext = OCSP_SINGLERESP_get_ext(sres, i
rb_ary_push(ary, ossl_x509ext_new(ext) /* will dup */
}
return ary;
}
next_update→时间| 无显示源
static VALUE
ossl_ocspsres_get_next_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, NULL, NULL, NULL, &time
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
return asn1time_to_time(time
}
revocation_reason→Integer | 无显示源
static VALUE
ossl_ocspsres_get_revocation_reason(VALUE self)
{
OCSP_SINGLERESP *sres;
int status, reason;
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, &reason, NULL, NULL, NULL
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked"
return INT2NUM(reason
}
revocation_time→时间| 无显示源
static VALUE
ossl_ocspsres_get_revocation_time(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, NULL, &time, NULL, NULL
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
if (status != V_OCSP_CERTSTATUS_REVOKED)
ossl_raise(eOCSPError, "certificate is not revoked"
return asn1time_to_time(time
}
this_update→时间显示来源
static VALUE
ossl_ocspsres_get_this_update(VALUE self)
{
OCSP_SINGLERESP *sres;
int status;
ASN1_GENERALIZEDTIME *time;
GetOCSPSingleRes(self, sres
status = OCSP_single_get0_status(sres, NULL, NULL, &time, NULL
if (status < 0)
ossl_raise(eOCSPError, "OCSP_single_get0_status"
return asn1time_to_time(time /* will handle NULL */
}
to_der→字符串显示源
将此SingleResponse编码为DER编码的字符串。
static VALUE
ossl_ocspsres_to_der(VALUE self)
{
OCSP_SINGLERESP *sres;
VALUE str;
long len;
unsigned char *p;
GetOCSPSingleRes(self, sres
if ((len = i2d_OCSP_SINGLERESP(sres, NULL)) <= 0)
ossl_raise(eOCSPError, NULL
str = rb_str_new(0, len
p = (unsigned char *)RSTRING_PTR(str
if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
ossl_raise(eOCSPError, NULL
ossl_str_adjust(str, p
return str;
}
