icontrol 0.3.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/icontrol/arx.rb +38 -8
- data/lib/icontrol/arx/api.rb +1 -0
- data/lib/icontrol/arx/chassis.rb +11 -0
- data/lib/icontrol/arx/export.rb +4 -1
- data/lib/icontrol/arx/file_change_notification.rb +25 -4
- data/lib/icontrol/arx/file_server.rb +2 -0
- data/lib/icontrol/arx/namespace.rb +2 -0
- data/lib/icontrol/arx/network.rb +3 -0
- data/lib/icontrol/arx/policy.rb +3 -0
- data/lib/icontrol/arx/share.rb +2 -0
- data/lib/icontrol/arx/virtual_service.rb +3 -0
- data/lib/icontrol/arx/volume.rb +2 -0
- data/lib/icontrol/asm.rb +18 -3
- data/lib/icontrol/asm/object_params.rb +12 -6
- data/lib/icontrol/asm/policy.rb +118 -79
- data/lib/icontrol/asm/system_configuration.rb +27 -19
- data/lib/icontrol/asm/web_application.rb +74 -52
- data/lib/icontrol/asm/web_application_group.rb +33 -24
- data/lib/icontrol/base.rb +1 -0
- data/lib/icontrol/base/exception.rb +1 -0
- data/lib/icontrol/base/icontrol/local_lb/pool.rb +7 -0
- data/lib/icontrol/base/icontrol_overlay.rb +6 -0
- data/lib/icontrol/base/predeclarations.rb +5 -4
- data/lib/icontrol/base/struct.rb +6 -2
- data/lib/icontrol/common.rb +55 -4
- data/lib/icontrol/global_lb.rb +22 -3
- data/lib/icontrol/global_lb/application.rb +63 -44
- data/lib/icontrol/global_lb/data_center.rb +82 -58
- data/lib/icontrol/global_lb/dnssec_key.rb +152 -90
- data/lib/icontrol/global_lb/dnssec_zone.rb +55 -35
- data/lib/icontrol/global_lb/globals.rb +662 -430
- data/lib/icontrol/global_lb/link.rb +181 -131
- data/lib/icontrol/global_lb/monitor.rb +174 -104
- data/lib/icontrol/global_lb/pool.rb +290 -203
- data/lib/icontrol/global_lb/pool_member.rb +118 -71
- data/lib/icontrol/global_lb/region.rb +37 -25
- data/lib/icontrol/global_lb/rule.rb +53 -37
- data/lib/icontrol/global_lb/server.rb +176 -124
- data/lib/icontrol/global_lb/topology.rb +41 -27
- data/lib/icontrol/global_lb/virtual_server.rb +118 -84
- data/lib/icontrol/global_lb/wide_ip.rb +168 -117
- data/lib/icontrol/local_lb.rb +81 -10
- data/lib/icontrol/local_lb/klass.rb +233 -153
- data/lib/icontrol/local_lb/monitor.rb +158 -96
- data/lib/icontrol/local_lb/nat.rb +74 -52
- data/lib/icontrol/local_lb/node_address.rb +123 -86
- data/lib/icontrol/local_lb/pool.rb +229 -164
- data/lib/icontrol/local_lb/pool_member.rb +134 -76
- data/lib/icontrol/local_lb/profile_auth.rb +103 -75
- data/lib/icontrol/local_lb/profile_client_ssl.rb +284 -201
- data/lib/icontrol/local_lb/profile_diameter.rb +113 -71
- data/lib/icontrol/local_lb/profile_dns.rb +65 -46
- data/lib/icontrol/local_lb/profile_fast_http.rb +265 -178
- data/lib/icontrol/local_lb/profile_fast_l4.rb +283 -194
- data/lib/icontrol/local_lb/profile_ftp.rb +81 -58
- data/lib/icontrol/local_lb/profile_http.rb +701 -433
- data/lib/icontrol/local_lb/profile_http_class.rb +169 -121
- data/lib/icontrol/local_lb/profile_iiop.rb +87 -63
- data/lib/icontrol/local_lb/profile_one_connect.rb +99 -71
- data/lib/icontrol/local_lb/profile_persistence.rb +326 -203
- data/lib/icontrol/local_lb/profile_radius.rb +94 -62
- data/lib/icontrol/local_lb/profile_rtsp.rb +207 -129
- data/lib/icontrol/local_lb/profile_sctp.rb +231 -167
- data/lib/icontrol/local_lb/profile_server_ssl.rb +268 -189
- data/lib/icontrol/local_lb/profile_sip.rb +145 -99
- data/lib/icontrol/local_lb/profile_stream.rb +71 -51
- data/lib/icontrol/local_lb/profile_tcp.rb +455 -296
- data/lib/icontrol/local_lb/profile_udp.rb +109 -78
- data/lib/icontrol/local_lb/profile_user_statistic.rb +77 -46
- data/lib/icontrol/local_lb/profile_xml.rb +116 -79
- data/lib/icontrol/local_lb/ram_cache_information.rb +43 -20
- data/lib/icontrol/local_lb/rate_class.rb +523 -318
- data/lib/icontrol/local_lb/rule.rb +53 -37
- data/lib/icontrol/local_lb/snat.rb +96 -65
- data/lib/icontrol/local_lb/snat_pool.rb +54 -39
- data/lib/icontrol/local_lb/snat_pool_member.rb +22 -15
- data/lib/icontrol/local_lb/snat_translation_address.rb +94 -69
- data/lib/icontrol/local_lb/virtual_address.rb +99 -70
- data/lib/icontrol/local_lb/virtual_server.rb +358 -243
- data/lib/icontrol/lt_config.rb +8 -1
- data/lib/icontrol/lt_config/field.rb +87 -53
- data/lib/icontrol/lt_config/klass.rb +59 -43
- data/lib/icontrol/management.rb +80 -38
- data/lib/icontrol/management/ccldap_configuration.rb +218 -144
- data/lib/icontrol/management/change_control.rb +67 -41
- data/lib/icontrol/management/crldp_configuration.rb +73 -52
- data/lib/icontrol/management/crldp_server.rb +55 -39
- data/lib/icontrol/management/db_variable.rb +32 -21
- data/lib/icontrol/management/event_notification.rb +19 -8
- data/lib/icontrol/management/event_subscription.rb +121 -74
- data/lib/icontrol/management/key_certificate.rb +235 -138
- data/lib/icontrol/management/ldap_configuration.rb +249 -179
- data/lib/icontrol/management/license_administration.rb +97 -56
- data/lib/icontrol/management/named.rb +103 -67
- data/lib/icontrol/management/ocsp_configuration.rb +33 -24
- data/lib/icontrol/management/ocsp_responder.rb +294 -165
- data/lib/icontrol/management/partition.rb +42 -23
- data/lib/icontrol/management/provision.rb +73 -39
- data/lib/icontrol/management/radius_configuration.rb +85 -57
- data/lib/icontrol/management/radius_server.rb +51 -37
- data/lib/icontrol/management/resource_record.rb +163 -121
- data/lib/icontrol/management/snmp_configuration.rb +675 -390
- data/lib/icontrol/management/tacacs_configuration.rb +99 -67
- data/lib/icontrol/management/tmos_module.rb +20 -8
- data/lib/icontrol/management/user_management.rb +198 -124
- data/lib/icontrol/management/view.rb +33 -24
- data/lib/icontrol/management/zone.rb +49 -34
- data/lib/icontrol/management/zone_runner.rb +11 -7
- data/lib/icontrol/networking.rb +31 -4
- data/lib/icontrol/networking/admin_ip.rb +92 -71
- data/lib/icontrol/networking/arp.rb +41 -28
- data/lib/icontrol/networking/i_session_advertised_route.rb +47 -32
- data/lib/icontrol/networking/i_session_local_interface.rb +72 -52
- data/lib/icontrol/networking/i_session_peer_discovery.rb +105 -68
- data/lib/icontrol/networking/i_session_remote_interface.rb +105 -76
- data/lib/icontrol/networking/interfaces.rb +241 -142
- data/lib/icontrol/networking/packet_filter.rb +111 -69
- data/lib/icontrol/networking/packet_filter_globals.rb +39 -28
- data/lib/icontrol/networking/port_mirror.rb +39 -27
- data/lib/icontrol/networking/profile_gre.rb +63 -41
- data/lib/icontrol/networking/profile_ipip.rb +38 -25
- data/lib/icontrol/networking/profile_wccpgre.rb +85 -55
- data/lib/icontrol/networking/route_domain.rb +70 -44
- data/lib/icontrol/networking/route_table.rb +128 -91
- data/lib/icontrol/networking/self_ip.rb +57 -39
- data/lib/icontrol/networking/self_ip_port_lockdown.rb +34 -22
- data/lib/icontrol/networking/stp_globals.rb +115 -63
- data/lib/icontrol/networking/stp_instance.rb +166 -68
- data/lib/icontrol/networking/trunk.rb +165 -101
- data/lib/icontrol/networking/tunnel.rb +77 -52
- data/lib/icontrol/networking/vlan.rb +140 -98
- data/lib/icontrol/networking/vlan_group.rb +145 -101
- data/lib/icontrol/system.rb +70 -33
- data/lib/icontrol/system/cluster.rb +103 -81
- data/lib/icontrol/system/config_sync.rb +128 -72
- data/lib/icontrol/system/connections.rb +27 -17
- data/lib/icontrol/system/disk.rb +134 -67
- data/lib/icontrol/system/failover.rb +44 -27
- data/lib/icontrol/system/geo_ip.rb +16 -5
- data/lib/icontrol/system/inet.rb +47 -30
- data/lib/icontrol/system/internal.rb +13 -9
- data/lib/icontrol/system/services.rb +75 -42
- data/lib/icontrol/system/software_management.rb +132 -83
- data/lib/icontrol/system/statistics.rb +443 -298
- data/lib/icontrol/system/system_info.rb +137 -95
- data/lib/icontrol/web_accelerator/applications.rb +17 -10
- data/lib/icontrol/web_accelerator/policies.rb +13 -9
- data/lib/icontrol/web_accelerator/proxy_message.rb +11 -7
- data/spec/icontrol/local_lb/pool_member_spec.rb +495 -0
- data/spec/icontrol/local_lb/profile_http_class_spec.rb +514 -0
- metadata +10 -4
@@ -7,9 +7,10 @@ module IControl::Management
|
|
7
7
|
|
8
8
|
##
|
9
9
|
# Adds/associates responders to this OCSP configurations.
|
10
|
-
# @
|
11
|
-
# @raise [IControl::Common::
|
12
|
-
# @raise [IControl::Common::
|
10
|
+
# @rspec_example
|
11
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
12
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
13
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
13
14
|
# @param [Hash] opts
|
14
15
|
# @option opts [String[]] :responders The responders to add to the OCSP configurations.
|
15
16
|
def add_responder(opts)
|
@@ -19,9 +20,10 @@ module IControl::Management
|
|
19
20
|
|
20
21
|
##
|
21
22
|
# Creates this OCSP configurations.
|
22
|
-
# @
|
23
|
-
# @raise [IControl::Common::
|
24
|
-
# @raise [IControl::Common::
|
23
|
+
# @rspec_example
|
24
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
25
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
26
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
25
27
|
# @param [Hash] opts
|
26
28
|
# @option opts [String[]] :responders The list of responders to be assigned to each of the configurations.
|
27
29
|
def create(opts)
|
@@ -31,44 +33,49 @@ module IControl::Management
|
|
31
33
|
|
32
34
|
##
|
33
35
|
# Deletes all OCSP configurations.
|
34
|
-
# @
|
35
|
-
# @raise [IControl::Common::
|
36
|
-
# @raise [IControl::Common::
|
36
|
+
# @rspec_example
|
37
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
38
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
39
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
37
40
|
def delete_all_configurations
|
38
41
|
super
|
39
42
|
end
|
40
43
|
|
41
44
|
##
|
42
45
|
# Deletes this OCSP configurations.
|
43
|
-
# @
|
44
|
-
# @raise [IControl::Common::
|
45
|
-
# @raise [IControl::Common::
|
46
|
+
# @rspec_example
|
47
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
48
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
49
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
46
50
|
def delete_configuration
|
47
51
|
super
|
48
52
|
end
|
49
53
|
|
50
54
|
##
|
51
55
|
# Gets a list of all OCSP configurations.
|
56
|
+
# @rspec_example
|
52
57
|
# @return [String]
|
53
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
54
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
55
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
58
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
59
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
60
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
56
61
|
def list
|
57
62
|
super
|
58
63
|
end
|
59
64
|
|
60
65
|
##
|
61
66
|
# Gets the lists of responders this OCSP configurations are associated with.
|
67
|
+
# @rspec_example
|
62
68
|
# @return [String[]]
|
63
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
64
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
65
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
69
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
70
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
71
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
66
72
|
def responder
|
67
73
|
super
|
68
74
|
end
|
69
75
|
|
70
76
|
##
|
71
77
|
# Gets the version information for this interface.
|
78
|
+
# @rspec_example
|
72
79
|
# @return [String]
|
73
80
|
def version
|
74
81
|
super
|
@@ -76,18 +83,20 @@ module IControl::Management
|
|
76
83
|
|
77
84
|
##
|
78
85
|
# Removes all responders from this OCSP configurations.
|
79
|
-
# @
|
80
|
-
# @raise [IControl::Common::
|
81
|
-
# @raise [IControl::Common::
|
86
|
+
# @rspec_example
|
87
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
88
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
89
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
82
90
|
def remove_all_responders
|
83
91
|
super
|
84
92
|
end
|
85
93
|
|
86
94
|
##
|
87
95
|
# Removes responders from this OCSP configurations.
|
88
|
-
# @
|
89
|
-
# @raise [IControl::Common::
|
90
|
-
# @raise [IControl::Common::
|
96
|
+
# @rspec_example
|
97
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
98
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
99
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
91
100
|
# @param [Hash] opts
|
92
101
|
# @option opts [String[]] :responders The responders to remove from the OCSP configurations.
|
93
102
|
def remove_responder(opts)
|
@@ -6,255 +6,325 @@ module IControl::Management
|
|
6
6
|
set_id_name "responders"
|
7
7
|
|
8
8
|
class ResponderDefinition < IControl::Base::Struct; end
|
9
|
-
class SignInformation < IControl::Base::Struct; end
|
9
|
+
class SignInformation < IControl::Base::Struct; end
|
10
|
+
class ResponderDefinitionSequence < IControl::Base::Sequence ; end
|
11
|
+
class SignInformationSequence < IControl::Base::Sequence ; end ##
|
10
12
|
# Creates this OCSP responder.
|
11
|
-
# @
|
12
|
-
# @raise [IControl::Common::
|
13
|
-
# @raise [IControl::Common::
|
13
|
+
# @rspec_example
|
14
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
15
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
16
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
14
17
|
def create
|
15
18
|
super
|
16
19
|
end
|
17
20
|
|
18
21
|
##
|
19
22
|
# Deletes all OCSP responder.
|
20
|
-
# @
|
21
|
-
# @raise [IControl::Common::
|
22
|
-
# @raise [IControl::Common::
|
23
|
+
# @rspec_example
|
24
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
25
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
26
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
23
27
|
def delete_all_responders
|
24
28
|
super
|
25
29
|
end
|
26
30
|
|
27
31
|
##
|
28
32
|
# Deletes this OCSP responder.
|
29
|
-
# @
|
30
|
-
# @raise [IControl::Common::
|
31
|
-
# @raise [IControl::Common::
|
33
|
+
# @rspec_example
|
34
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
35
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
36
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
32
37
|
def delete_responder
|
33
38
|
super
|
34
39
|
end
|
35
40
|
|
36
41
|
##
|
37
|
-
# Gets the states that that indicate whether to allow the addition of certificates
|
42
|
+
# Gets the states that that indicate whether to allow the addition of certificates
|
43
|
+
# to the OCSP request. This option should normally only be used for testing purposes.
|
44
|
+
# @rspec_example
|
38
45
|
# @return [EnabledState]
|
39
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
40
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
41
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
46
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
47
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
48
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
42
49
|
def allow_additional_certificate_state
|
43
50
|
super
|
44
51
|
end
|
45
52
|
|
46
53
|
##
|
47
|
-
# Gets the names of the trusted CA certificates used by the responder to verify the
|
54
|
+
# Gets the names of the trusted CA certificates used by the responder to verify the
|
55
|
+
# signature on the OCSP response.
|
56
|
+
# @rspec_example
|
48
57
|
# @return [String]
|
49
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
50
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
51
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
58
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
59
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
60
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
52
61
|
def ca_file
|
53
62
|
super
|
54
63
|
end
|
55
64
|
|
56
65
|
##
|
57
|
-
# Gets the paths of the trusted CA certificates used by the responder to verify the
|
66
|
+
# Gets the paths of the trusted CA certificates used by the responder to verify the
|
67
|
+
# signature on the OCSP response.
|
68
|
+
# @rspec_example
|
58
69
|
# @return [String]
|
59
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
60
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
61
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
70
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
71
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
72
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
62
73
|
def ca_path
|
63
74
|
super
|
64
75
|
end
|
65
76
|
|
66
77
|
##
|
67
|
-
# Gets the states that indicate whether to perform any additional checks on the OCSP
|
78
|
+
# Gets the states that indicate whether to perform any additional checks on the OCSP
|
79
|
+
# response signers certificate. If false, do not make any checks to see if the signers
|
80
|
+
# certificate is authorized to provide the necessary status information: as a result
|
81
|
+
# this option should only be used for testing purposes.
|
82
|
+
# @rspec_example
|
68
83
|
# @return [EnabledState]
|
69
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
70
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
71
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
84
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
85
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
86
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
72
87
|
def certificate_check_state
|
73
88
|
super
|
74
89
|
end
|
75
90
|
|
76
91
|
##
|
77
|
-
# Gets the digest algorithm for hashing the certificate information used to create
|
92
|
+
# Gets the digest algorithm for hashing the certificate information used to create
|
93
|
+
# the certificate ID that is sent to the responder.
|
94
|
+
# @rspec_example
|
78
95
|
# @return [OCSPDigestMethod]
|
79
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
80
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
81
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
96
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
97
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
98
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
82
99
|
def certificate_id_digest_method
|
83
100
|
super
|
84
101
|
end
|
85
102
|
|
86
103
|
##
|
87
104
|
# Gets the states that indicate whether to check the certificates in the OCSP responses.
|
105
|
+
# @rspec_example
|
88
106
|
# @return [EnabledState]
|
89
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
90
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
91
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
107
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
108
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
109
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
92
110
|
def certificate_verification_state
|
93
111
|
super
|
94
112
|
end
|
95
113
|
|
96
114
|
##
|
97
|
-
# Gets the states that indicate whether to use certificates in the response as additional
|
115
|
+
# Gets the states that indicate whether to use certificates in the response as additional
|
116
|
+
# untrusted CA certificates.
|
117
|
+
# @rspec_example
|
98
118
|
# @return [EnabledState]
|
99
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
100
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
101
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
119
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
120
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
121
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
102
122
|
def chain_state
|
103
123
|
super
|
104
124
|
end
|
105
125
|
|
106
126
|
##
|
107
|
-
# Gets the states that indicate whether to explicitly trust the OCSP response signers
|
127
|
+
# Gets the states that indicate whether to explicitly trust the OCSP response signers
|
128
|
+
# certificate as authorized for OCSP response signing. Specifying this option causes
|
129
|
+
# a response to be untrusted if the signers certificate does not contain the &quot;OCSPSigning"
|
130
|
+
# extension.
|
131
|
+
# @rspec_example
|
108
132
|
# @return [EnabledState]
|
109
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
110
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
111
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
133
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
134
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
135
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
112
136
|
def explicit_state
|
113
137
|
super
|
114
138
|
end
|
115
139
|
|
116
140
|
##
|
117
|
-
# Gets the states that if true, then always use the URL specified in the configuration
|
141
|
+
# Gets the states that if true, then always use the URL specified in the configuration
|
142
|
+
# file, and ignore any URL contained in the client certificates' authorityInfoAccess
|
143
|
+
# OCSP field. If this option is not set (the default) AND the client certificate has
|
144
|
+
# a valid AIA OCSP field set, then first attempt to connect to the responder in the
|
145
|
+
# client's AIA OCSP field, and fall back to the URL in the responder definition if
|
146
|
+
# that server is not available. See RFC2560 for more detail of the authorityInfoAccess
|
147
|
+
# x509 extension and its intended usage.
|
148
|
+
# @rspec_example
|
118
149
|
# @return [EnabledState]
|
119
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
120
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
121
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
150
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
151
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
152
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
122
153
|
def ignore_aia_state
|
123
154
|
super
|
124
155
|
end
|
125
156
|
|
126
157
|
##
|
127
|
-
# Gets the states that that indicate whether to ignore certificates contained in the
|
158
|
+
# Gets the states that that indicate whether to ignore certificates contained in the
|
159
|
+
# OCSP response when searching for the signers certificate. With this option the signers
|
160
|
+
# certificate must be specified with either the -verify_certs or -VAfile options.
|
161
|
+
# @rspec_example
|
128
162
|
# @return [EnabledState]
|
129
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
130
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
131
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
163
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
164
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
165
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
132
166
|
def intern_state
|
133
167
|
super
|
134
168
|
end
|
135
169
|
|
136
170
|
##
|
137
171
|
# Gets a list of all OCSP responder.
|
172
|
+
# @rspec_example
|
138
173
|
# @return [String]
|
139
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
140
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
141
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
174
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
175
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
176
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
142
177
|
def list
|
143
178
|
super
|
144
179
|
end
|
145
180
|
|
146
181
|
##
|
147
182
|
# Gets the state that indicates whether to send a nonce in the OCSP request.
|
183
|
+
# @rspec_example
|
148
184
|
# @return [EnabledState]
|
149
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
150
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
151
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
185
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
186
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
187
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
152
188
|
def nonce_state
|
153
189
|
super
|
154
190
|
end
|
155
191
|
|
156
192
|
##
|
157
|
-
# Gets the files containing additional certificates to search when attempting to locate
|
193
|
+
# Gets the files containing additional certificates to search when attempting to locate
|
194
|
+
# the OCSP response signing certificate. Some responder omit the actual signer's certificates
|
195
|
+
# from the response: this option can be used to supply the necessary certificates in
|
196
|
+
# such cases.
|
197
|
+
# @rspec_example
|
158
198
|
# @return [String]
|
159
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
160
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
161
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
199
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
200
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
201
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
162
202
|
def other_certificate_file
|
163
203
|
super
|
164
204
|
end
|
165
205
|
|
166
206
|
##
|
167
|
-
# Gets the states that indicate whether to check the signature on the OCSP response.
|
207
|
+
# Gets the states that indicate whether to check the signature on the OCSP response.
|
208
|
+
# Since this option tolerates invalid signatures on OCSP responses it will normally
|
209
|
+
# only be used for testing purposes.
|
210
|
+
# @rspec_example
|
168
211
|
# @return [EnabledState]
|
169
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
170
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
171
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
212
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
213
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
214
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
172
215
|
def signature_verification_state
|
173
216
|
super
|
174
217
|
end
|
175
218
|
|
176
219
|
##
|
177
220
|
# Gets the signing information necessary to sign the OCSP requests.
|
221
|
+
# @rspec_example
|
178
222
|
# @return [SignInformation]
|
179
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
180
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
181
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
223
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
224
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
225
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
182
226
|
def signing_information
|
183
227
|
super
|
184
228
|
end
|
185
229
|
|
186
230
|
##
|
187
|
-
# Gets the status ages (sec) for the OCSP response. If the notAfter time is omitted
|
231
|
+
# Gets the status ages (sec) for the OCSP response. If the notAfter time is omitted
|
232
|
+
# from a response then this means that new status information is immediately available.
|
233
|
+
# In this case the age of the notBefore field is checked to see it is not older than
|
234
|
+
# age seconds old. By default this additional check is not performed when -status_age
|
235
|
+
# is not specified.
|
236
|
+
# @rspec_example
|
188
237
|
# @return [long]
|
189
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
190
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
191
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
238
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
239
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
240
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
192
241
|
def status_age
|
193
242
|
super
|
194
243
|
end
|
195
244
|
|
196
245
|
##
|
197
|
-
# Gets the states indicating whether to be explicitly trust the other certificates
|
246
|
+
# Gets the states indicating whether to be explicitly trust the other certificates
|
247
|
+
# specified via set_other_certificate_file and no additional checks will be performed
|
248
|
+
# on them. This is useful when the complete responder certificate chain is not available
|
249
|
+
# or trusting a root CA is not appropriate.
|
250
|
+
# @rspec_example
|
198
251
|
# @return [EnabledState]
|
199
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
200
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
201
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
252
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
253
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
254
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
202
255
|
def trust_other_certificate_state
|
203
256
|
super
|
204
257
|
end
|
205
258
|
|
206
259
|
##
|
207
260
|
# Gets the URL or hostnames of the responder.
|
261
|
+
# @rspec_example
|
208
262
|
# @return [String]
|
209
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
210
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
211
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
263
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
264
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
265
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
212
266
|
def url
|
213
267
|
super
|
214
268
|
end
|
215
269
|
|
216
270
|
##
|
217
|
-
# Gets the files containing explicitly trusted responder certificates. This functionality
|
271
|
+
# Gets the files containing explicitly trusted responder certificates. This functionality
|
272
|
+
# is equivalent to having the other certificates specified via set_other_certificate_file,
|
273
|
+
# and setting the state via set_trust_other_certificate_state.
|
274
|
+
# @rspec_example
|
218
275
|
# @return [String]
|
219
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
220
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
221
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
276
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
277
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
278
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
222
279
|
def va_file
|
223
280
|
super
|
224
281
|
end
|
225
282
|
|
226
283
|
##
|
227
|
-
# Gets the range of times, in seconds, which will be tolerated in an OCSP response.
|
284
|
+
# Gets the range of times, in seconds, which will be tolerated in an OCSP response.
|
285
|
+
# Each certificate status response includes a notBefore time and an optional notAfter
|
286
|
+
# time. The current time should fall between these two values, but the interval between
|
287
|
+
# the two times may be only a few seconds. In practice the OCSP responder and clients
|
288
|
+
# clocks may not be precisely synchronized and so such a check may fail. To avoid this
|
289
|
+
# the -validity_period option can be used to specify an acceptable error range in seconds,
|
290
|
+
# the default value is 300 seconds.
|
291
|
+
# @rspec_example
|
228
292
|
# @return [long]
|
229
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
230
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
231
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
293
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
294
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
295
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
232
296
|
def validity_period
|
233
297
|
super
|
234
298
|
end
|
235
299
|
|
236
300
|
##
|
237
|
-
# Gets the states that indicate whether to attempt to verify the OCSP response signature
|
301
|
+
# Gets the states that indicate whether to attempt to verify the OCSP response signature
|
302
|
+
# or the nonce values. This option will normally only be used for debugging since it
|
303
|
+
# disables all verification of the responder certificate.
|
304
|
+
# @rspec_example
|
238
305
|
# @return [EnabledState]
|
239
|
-
# @raise [IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
240
|
-
# @raise [IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
241
|
-
# @raise [IControl::Common::OperationFailed] raised if an operation error occurs.
|
306
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
307
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
308
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
242
309
|
def verification_state
|
243
310
|
super
|
244
311
|
end
|
245
312
|
|
246
313
|
##
|
247
314
|
# Gets the version information for this interface.
|
315
|
+
# @rspec_example
|
248
316
|
# @return [String]
|
249
317
|
def version
|
250
318
|
super
|
251
319
|
end
|
252
320
|
|
253
321
|
##
|
254
|
-
# Sets the states that indicate whether to allow the addition of certificates to the
|
255
|
-
#
|
256
|
-
# @
|
257
|
-
# @raise [IControl::Common::
|
322
|
+
# Sets the states that indicate whether to allow the addition of certificates to the
|
323
|
+
# OCSP request. This option should normally only be used for testing purposes.
|
324
|
+
# @rspec_example
|
325
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
326
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
327
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
258
328
|
# @param [Hash] opts
|
259
329
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
260
330
|
def set_allow_additional_certificate_state(opts)
|
@@ -263,10 +333,12 @@ module IControl::Management
|
|
263
333
|
end
|
264
334
|
|
265
335
|
##
|
266
|
-
# Sets the names of the trusted CA certificates used by the responder to verify the
|
267
|
-
#
|
268
|
-
# @
|
269
|
-
# @raise [IControl::Common::
|
336
|
+
# Sets the names of the trusted CA certificates used by the responder to verify the
|
337
|
+
# signature on the OCSP response.
|
338
|
+
# @rspec_example
|
339
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
340
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
341
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
270
342
|
# @param [Hash] opts
|
271
343
|
# @option opts [String] :ca_files The CA file names used by the responders.
|
272
344
|
def set_ca_file(opts)
|
@@ -275,10 +347,12 @@ module IControl::Management
|
|
275
347
|
end
|
276
348
|
|
277
349
|
##
|
278
|
-
# Sets the paths of the trusted CA certificates used by the responder to verify the
|
279
|
-
#
|
280
|
-
# @
|
281
|
-
# @raise [IControl::Common::
|
350
|
+
# Sets the paths of the trusted CA certificates used by the responder to verify the
|
351
|
+
# signature on the OCSP response.
|
352
|
+
# @rspec_example
|
353
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
354
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
355
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
282
356
|
# @param [Hash] opts
|
283
357
|
# @option opts [String] :ca_paths The CA paths used by the responders.
|
284
358
|
def set_ca_path(opts)
|
@@ -287,10 +361,14 @@ module IControl::Management
|
|
287
361
|
end
|
288
362
|
|
289
363
|
##
|
290
|
-
# Sets the states that indicate whether to perform any additional checks on the OCSP
|
291
|
-
#
|
292
|
-
#
|
293
|
-
#
|
364
|
+
# Sets the states that indicate whether to perform any additional checks on the OCSP
|
365
|
+
# response signers certificate. If false, do not make any checks to see if the signers
|
366
|
+
# certificate is authorized to provide the necessary status information: as a result
|
367
|
+
# this option should only be used for testing purposes.
|
368
|
+
# @rspec_example
|
369
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
370
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
371
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
294
372
|
# @param [Hash] opts
|
295
373
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
296
374
|
def set_certificate_check_state(opts)
|
@@ -299,10 +377,12 @@ module IControl::Management
|
|
299
377
|
end
|
300
378
|
|
301
379
|
##
|
302
|
-
# Sets the digest algorithm for hashing the certificate information used to create
|
303
|
-
#
|
304
|
-
# @
|
305
|
-
# @raise [IControl::Common::
|
380
|
+
# Sets the digest algorithm for hashing the certificate information used to create
|
381
|
+
# the certificate ID that is sent to the responder.
|
382
|
+
# @rspec_example
|
383
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
384
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
385
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
306
386
|
# @param [Hash] opts
|
307
387
|
# @option opts [IControl::Management::OCSPDigestMethod] :digest_methods The signing information to sign the OCSP requests.
|
308
388
|
def set_certificate_id_digest_method(opts)
|
@@ -312,9 +392,10 @@ module IControl::Management
|
|
312
392
|
|
313
393
|
##
|
314
394
|
# Sets the states that indicate whether to check the certificates in the OCSP responses.
|
315
|
-
# @
|
316
|
-
# @raise [IControl::Common::
|
317
|
-
# @raise [IControl::Common::
|
395
|
+
# @rspec_example
|
396
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
397
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
398
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
318
399
|
# @param [Hash] opts
|
319
400
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
320
401
|
def set_certificate_verification_state(opts)
|
@@ -323,10 +404,12 @@ module IControl::Management
|
|
323
404
|
end
|
324
405
|
|
325
406
|
##
|
326
|
-
# Sets the states that indicate whether to use certificates in the response as additional
|
327
|
-
#
|
328
|
-
# @
|
329
|
-
# @raise [IControl::Common::
|
407
|
+
# Sets the states that indicate whether to use certificates in the response as additional
|
408
|
+
# untrusted CA certificates.
|
409
|
+
# @rspec_example
|
410
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
411
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
412
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
330
413
|
# @param [Hash] opts
|
331
414
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
332
415
|
def set_chain_state(opts)
|
@@ -335,10 +418,14 @@ module IControl::Management
|
|
335
418
|
end
|
336
419
|
|
337
420
|
##
|
338
|
-
# Sets the states that indicate whether to explicitly trust the OCSP response signers
|
339
|
-
#
|
340
|
-
#
|
341
|
-
#
|
421
|
+
# Sets the states that indicate whether to explicitly trust the OCSP response signers
|
422
|
+
# certificate as authorized for OCSP response signing. Specifying this option causes
|
423
|
+
# a response to be untrusted if the signers certificate does not contain the &quot;OCSPSigning"
|
424
|
+
# extension.
|
425
|
+
# @rspec_example
|
426
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
427
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
428
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
342
429
|
# @param [Hash] opts
|
343
430
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
344
431
|
def set_explicit_state(opts)
|
@@ -347,10 +434,17 @@ module IControl::Management
|
|
347
434
|
end
|
348
435
|
|
349
436
|
##
|
350
|
-
# Sets the states that if true, then always use the URL specified in the configuration
|
351
|
-
#
|
352
|
-
#
|
353
|
-
#
|
437
|
+
# Sets the states that if true, then always use the URL specified in the configuration
|
438
|
+
# file, and ignore any URL contained in the client certificates' authorityInfoAccess
|
439
|
+
# OCSP field. If this option is not set (the default) AND the client certificate has
|
440
|
+
# a valid AIA OCSP field set, then first attempt to connect to the responder in the
|
441
|
+
# client's AIA OCSP field, and fall back to the URL in the responder definition if
|
442
|
+
# that server is not available. See RFC2560 for more detail of the authorityInfoAccess
|
443
|
+
# x509 extension and its intended usage.
|
444
|
+
# @rspec_example
|
445
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
446
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
447
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
354
448
|
# @param [Hash] opts
|
355
449
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
356
450
|
def set_ignore_aia_state(opts)
|
@@ -359,10 +453,13 @@ module IControl::Management
|
|
359
453
|
end
|
360
454
|
|
361
455
|
##
|
362
|
-
# Sets the states that indicate whether to ignore certificates contained in the OCSP
|
363
|
-
#
|
364
|
-
#
|
365
|
-
# @
|
456
|
+
# Sets the states that indicate whether to ignore certificates contained in the OCSP
|
457
|
+
# response when searching for the signers certificate. With this option the signers
|
458
|
+
# certificate must be specified with either the -verify_certs or -VAfile options.
|
459
|
+
# @rspec_example
|
460
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
461
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
462
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
366
463
|
# @param [Hash] opts
|
367
464
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
368
465
|
def set_intern_state(opts)
|
@@ -372,9 +469,10 @@ module IControl::Management
|
|
372
469
|
|
373
470
|
##
|
374
471
|
# Sets the state that indicates whether to send a nonce in the OCSP request.
|
375
|
-
# @
|
376
|
-
# @raise [IControl::Common::
|
377
|
-
# @raise [IControl::Common::
|
472
|
+
# @rspec_example
|
473
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
474
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
475
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
378
476
|
# @param [Hash] opts
|
379
477
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
380
478
|
def set_nonce_state(opts)
|
@@ -383,10 +481,14 @@ module IControl::Management
|
|
383
481
|
end
|
384
482
|
|
385
483
|
##
|
386
|
-
# Sets the files containing additional certificates to search when attempting to locate
|
387
|
-
#
|
388
|
-
#
|
389
|
-
#
|
484
|
+
# Sets the files containing additional certificates to search when attempting to locate
|
485
|
+
# the OCSP response signing certificate. Some responder omit the actual signer's certificates
|
486
|
+
# from the response: this option can be used to supply the necessary certificates in
|
487
|
+
# such cases.
|
488
|
+
# @rspec_example
|
489
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
490
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
491
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
390
492
|
# @param [Hash] opts
|
391
493
|
# @option opts [String] :other_files The files containing other certificates used by the responders.
|
392
494
|
def set_other_certificate_file(opts)
|
@@ -395,10 +497,13 @@ module IControl::Management
|
|
395
497
|
end
|
396
498
|
|
397
499
|
##
|
398
|
-
# Sets the states that indicate whether to check the signature on the OCSP response.
|
399
|
-
#
|
400
|
-
#
|
401
|
-
# @
|
500
|
+
# Sets the states that indicate whether to check the signature on the OCSP response.
|
501
|
+
# Since this option tolerates invalid signatures on OCSP responses it will normally
|
502
|
+
# only be used for testing purposes.
|
503
|
+
# @rspec_example
|
504
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
505
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
506
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
402
507
|
# @param [Hash] opts
|
403
508
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
404
509
|
def set_signature_verification_state(opts)
|
@@ -408,9 +513,10 @@ module IControl::Management
|
|
408
513
|
|
409
514
|
##
|
410
515
|
# Sets the signing information necessary to sign the OCSP requests.
|
411
|
-
# @
|
412
|
-
# @raise [IControl::Common::
|
413
|
-
# @raise [IControl::Common::
|
516
|
+
# @rspec_example
|
517
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
518
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
519
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
414
520
|
# @param [Hash] opts
|
415
521
|
# @option opts [IControl::Management::OCSPResponder::SignInformation] :signers The signing information to sign the OCSP requests.
|
416
522
|
def set_signing_information(opts)
|
@@ -419,10 +525,15 @@ module IControl::Management
|
|
419
525
|
end
|
420
526
|
|
421
527
|
##
|
422
|
-
# Sets the status ages (sec) for the OCSP response. If the notAfter time is omitted
|
423
|
-
#
|
424
|
-
#
|
425
|
-
#
|
528
|
+
# Sets the status ages (sec) for the OCSP response. If the notAfter time is omitted
|
529
|
+
# from a response then this means that new status information is immediately available.
|
530
|
+
# In this case the age of the notBefore field is checked to see it is not older than
|
531
|
+
# age seconds old. By default this additional check is not performed when -status_age
|
532
|
+
# is not specified.
|
533
|
+
# @rspec_example
|
534
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
535
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
536
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
426
537
|
# @param [Hash] opts
|
427
538
|
# @option opts [long] :ages The status ages for OCSP responses for the specified responders.
|
428
539
|
def set_status_age(opts)
|
@@ -431,10 +542,14 @@ module IControl::Management
|
|
431
542
|
end
|
432
543
|
|
433
544
|
##
|
434
|
-
# Sets the states indicating whether to be explicitly trust the other certificates
|
435
|
-
#
|
436
|
-
#
|
437
|
-
#
|
545
|
+
# Sets the states indicating whether to be explicitly trust the other certificates
|
546
|
+
# specified via set_other_certificate_file and no additional checks will be performed
|
547
|
+
# on them. This is useful when the complete responder certificate chain is not available
|
548
|
+
# or trusting a root CA is not appropriate.
|
549
|
+
# @rspec_example
|
550
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
551
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
552
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
438
553
|
# @param [Hash] opts
|
439
554
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
440
555
|
def set_trust_other_certificate_state(opts)
|
@@ -444,9 +559,10 @@ module IControl::Management
|
|
444
559
|
|
445
560
|
##
|
446
561
|
# Sets the URLs of the responder.
|
447
|
-
# @
|
448
|
-
# @raise [IControl::Common::
|
449
|
-
# @raise [IControl::Common::
|
562
|
+
# @rspec_example
|
563
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
564
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
565
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
450
566
|
# @param [Hash] opts
|
451
567
|
# @option opts [String] :urls The URLs used by the responders.
|
452
568
|
def set_url(opts)
|
@@ -455,10 +571,13 @@ module IControl::Management
|
|
455
571
|
end
|
456
572
|
|
457
573
|
##
|
458
|
-
# Sets the files containing explicitly trusted responder certificates. This functionality
|
459
|
-
#
|
460
|
-
#
|
461
|
-
# @
|
574
|
+
# Sets the files containing explicitly trusted responder certificates. This functionality
|
575
|
+
# is equivalent to having the other certificates specified via set_other_certificate_file,
|
576
|
+
# and setting the state via set_trust_other_certificate_state.
|
577
|
+
# @rspec_example
|
578
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
579
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
580
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
462
581
|
# @param [Hash] opts
|
463
582
|
# @option opts [String] :va_files The files containing explicitly trusted responder certificates.
|
464
583
|
def set_va_file(opts)
|
@@ -467,10 +586,17 @@ module IControl::Management
|
|
467
586
|
end
|
468
587
|
|
469
588
|
##
|
470
|
-
# Sets the range of times, in seconds, which will be tolerated in an OCSP response.
|
471
|
-
#
|
472
|
-
#
|
473
|
-
#
|
589
|
+
# Sets the range of times, in seconds, which will be tolerated in an OCSP response.
|
590
|
+
# Each certificate status response includes a notBefore time and an optional notAfter
|
591
|
+
# time. The current time should fall between these two values, but the interval between
|
592
|
+
# the two times may be only a few seconds. In practice the OCSP responder and clients
|
593
|
+
# clocks may not be precisely synchronized and so such a check may fail. To avoid this
|
594
|
+
# the -validity_period option can be used to specify an acceptable error range in seconds,
|
595
|
+
# the default value is 300 seconds.
|
596
|
+
# @rspec_example
|
597
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
598
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
599
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
474
600
|
# @param [Hash] opts
|
475
601
|
# @option opts [long] :ranges The validity range of times for OCSP responses for the specified responders.
|
476
602
|
def set_validity_period(opts)
|
@@ -479,10 +605,13 @@ module IControl::Management
|
|
479
605
|
end
|
480
606
|
|
481
607
|
##
|
482
|
-
# Sets the states that indicate whether to attempt to verify the OCSP response signature
|
483
|
-
#
|
484
|
-
#
|
485
|
-
# @
|
608
|
+
# Sets the states that indicate whether to attempt to verify the OCSP response signature
|
609
|
+
# or the nonce values. This option will normally only be used for debugging since it
|
610
|
+
# disables all verification of the responder certificate.
|
611
|
+
# @rspec_example
|
612
|
+
# @raise [IControl::IControl::Common::AccessDenied] raised if the client credentials are not valid.
|
613
|
+
# @raise [IControl::IControl::Common::InvalidArgument] raised if one of the arguments is invalid.
|
614
|
+
# @raise [IControl::IControl::Common::OperationFailed] raised if an operation error occurs.
|
486
615
|
# @param [Hash] opts
|
487
616
|
# @option opts [IControl::Common::EnabledState] :states The states of the specified responders.
|
488
617
|
def set_verification_state(opts)
|