r509-ocsp-responder 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (55) hide show
  1. data/README.md +77 -0
  2. data/Rakefile +38 -0
  3. data/doc/R509.html +115 -0
  4. data/doc/R509/Ocsp.html +130 -0
  5. data/doc/R509/Ocsp/Helper.html +126 -0
  6. data/doc/R509/Ocsp/Helper/RequestChecker.html +739 -0
  7. data/doc/R509/Ocsp/Helper/ResponseSigner.html +583 -0
  8. data/doc/R509/Ocsp/Responder.html +129 -0
  9. data/doc/R509/Ocsp/Responder/OcspConfig.html +289 -0
  10. data/doc/R509/Ocsp/Responder/Server.html +128 -0
  11. data/doc/R509/Ocsp/Responder/StatusError.html +134 -0
  12. data/doc/R509/Ocsp/Signer.html +584 -0
  13. data/doc/_index.html +197 -0
  14. data/doc/class_list.html +53 -0
  15. data/doc/css/common.css +1 -0
  16. data/doc/css/full_list.css +57 -0
  17. data/doc/css/style.css +328 -0
  18. data/doc/file.README.html +156 -0
  19. data/doc/file_list.html +55 -0
  20. data/doc/frames.html +28 -0
  21. data/doc/index.html +156 -0
  22. data/doc/js/app.js +214 -0
  23. data/doc/js/full_list.js +173 -0
  24. data/doc/js/jquery.js +4 -0
  25. data/doc/method_list.html +164 -0
  26. data/doc/top-level-namespace.html +112 -0
  27. data/lib/r509/ocsp/responder/ocsp-config.rb +35 -0
  28. data/lib/r509/ocsp/responder/server.rb +169 -0
  29. data/lib/r509/ocsp/responder/version.rb +7 -0
  30. data/lib/r509/ocsp/signer.rb +244 -0
  31. data/spec/fixtures.rb +196 -0
  32. data/spec/fixtures/cert1.pem +24 -0
  33. data/spec/fixtures/config_test_various.yaml +46 -0
  34. data/spec/fixtures/ocsptest.r509.local.pem +27 -0
  35. data/spec/fixtures/second_ca.cer +26 -0
  36. data/spec/fixtures/second_ca.key +27 -0
  37. data/spec/fixtures/stca.pem +22 -0
  38. data/spec/fixtures/stca_ocsp_request.der +0 -0
  39. data/spec/fixtures/stca_ocsp_response.der +0 -0
  40. data/spec/fixtures/test_ca.cer +22 -0
  41. data/spec/fixtures/test_ca.key +28 -0
  42. data/spec/fixtures/test_ca_ocsp.cer +26 -0
  43. data/spec/fixtures/test_ca_ocsp.key +27 -0
  44. data/spec/fixtures/test_ca_ocsp_chain.txt +48 -0
  45. data/spec/fixtures/test_ca_request.der +0 -0
  46. data/spec/fixtures/test_ca_response.der +0 -0
  47. data/spec/fixtures/test_ca_subroot.cer +25 -0
  48. data/spec/fixtures/test_ca_subroot.key +27 -0
  49. data/spec/fixtures/test_ca_subroot_ocsp.cer +25 -0
  50. data/spec/fixtures/test_ca_subroot_ocsp.key +27 -0
  51. data/spec/fixtures/test_config.yaml +17 -0
  52. data/spec/server_spec.rb +400 -0
  53. data/spec/signer_spec.rb +275 -0
  54. data/spec/spec_helper.rb +18 -0
  55. metadata +259 -0
@@ -0,0 +1,739 @@
1
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4
+ <head>
5
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6
+ <title>
7
+ Class: R509::Ocsp::Helper::RequestChecker
8
+
9
+ &mdash; Documentation by YARD 0.8.2.1
10
+
11
+ </title>
12
+
13
+ <link rel="stylesheet" href="../../../css/style.css" type="text/css" media="screen" charset="utf-8" />
14
+
15
+ <link rel="stylesheet" href="../../../css/common.css" type="text/css" media="screen" charset="utf-8" />
16
+
17
+ <script type="text/javascript" charset="utf-8">
18
+ hasFrames = window.top.frames.main ? true : false;
19
+ relpath = '../../../';
20
+ framesUrl = "../../../frames.html#!" + escape(window.location.href);
21
+ </script>
22
+
23
+
24
+ <script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
25
+
26
+ <script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
27
+
28
+
29
+ </head>
30
+ <body>
31
+ <div id="header">
32
+ <div id="menu">
33
+
34
+ <a href="../../../_index.html">Index (R)</a> &raquo;
35
+ <span class='title'><span class='object_link'><a href="../../../R509.html" title="R509 (module)">R509</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Ocsp.html" title="R509::Ocsp (module)">Ocsp</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Helper.html" title="R509::Ocsp::Helper (module)">Helper</a></span></span>
36
+ &raquo;
37
+ <span class="title">RequestChecker</span>
38
+
39
+
40
+ <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
41
+ </div>
42
+
43
+ <div id="search">
44
+
45
+ <a class="full_list_link" id="class_list_link"
46
+ href="../../../class_list.html">
47
+ Class List
48
+ </a>
49
+
50
+ <a class="full_list_link" id="method_list_link"
51
+ href="../../../method_list.html">
52
+ Method List
53
+ </a>
54
+
55
+ <a class="full_list_link" id="file_list_link"
56
+ href="../../../file_list.html">
57
+ File List
58
+ </a>
59
+
60
+ </div>
61
+ <div class="clear"></div>
62
+ </div>
63
+
64
+ <iframe id="search_frame"></iframe>
65
+
66
+ <div id="content"><h1>Class: R509::Ocsp::Helper::RequestChecker
67
+
68
+
69
+
70
+ </h1>
71
+
72
+ <dl class="box">
73
+
74
+ <dt class="r1">Inherits:</dt>
75
+ <dd class="r1">
76
+ <span class="inheritName">Object</span>
77
+
78
+ <ul class="fullTree">
79
+ <li>Object</li>
80
+
81
+ <li class="next">R509::Ocsp::Helper::RequestChecker</li>
82
+
83
+ </ul>
84
+ <a href="#" class="inheritanceTree">show all</a>
85
+
86
+ </dd>
87
+
88
+
89
+
90
+
91
+
92
+
93
+ <dt class="r2">Includes:</dt>
94
+ <dd class="r2">Dependo::Mixin</dd>
95
+
96
+
97
+
98
+
99
+
100
+ <dt class="r1 last">Defined in:</dt>
101
+ <dd class="r1 last">lib/r509/ocsp/signer.rb</dd>
102
+
103
+ </dl>
104
+ <div class="clear"></div>
105
+
106
+ <h2>Overview</h2><div class="docstring">
107
+ <div class="discussion">
108
+
109
+ <p>checks requests for validity against a set of configs</p>
110
+
111
+
112
+ </div>
113
+ </div>
114
+ <div class="tags">
115
+
116
+
117
+ </div>
118
+
119
+
120
+
121
+ <h2>Instance Attribute Summary <small>(<a href="#" class="summary_toggle">collapse</a>)</small></h2>
122
+ <ul class="summary">
123
+
124
+ <li class="public ">
125
+ <span class="summary_signature">
126
+
127
+ <a href="#configs-instance_method" title="#configs (instance method)">- (Object) <strong>configs</strong> </a>
128
+
129
+
130
+
131
+ </span>
132
+
133
+
134
+
135
+
136
+ <span class="note title readonly">readonly</span>
137
+
138
+
139
+
140
+
141
+
142
+
143
+
144
+
145
+
146
+ <span class="summary_desc"><div class='inline'>
147
+ <p>Returns the value of attribute configs.</p>
148
+ </div></span>
149
+
150
+ </li>
151
+
152
+
153
+ <li class="public ">
154
+ <span class="summary_signature">
155
+
156
+ <a href="#configs_hash-instance_method" title="#configs_hash (instance method)">- (Object) <strong>configs_hash</strong> </a>
157
+
158
+
159
+
160
+ </span>
161
+
162
+
163
+
164
+
165
+ <span class="note title readonly">readonly</span>
166
+
167
+
168
+
169
+
170
+
171
+
172
+
173
+
174
+
175
+ <span class="summary_desc"><div class='inline'>
176
+ <p>Returns the value of attribute configs_hash.</p>
177
+ </div></span>
178
+
179
+ </li>
180
+
181
+
182
+ </ul>
183
+
184
+
185
+
186
+
187
+
188
+ <h2>
189
+ Instance Method Summary
190
+ <small>(<a href="#" class="summary_toggle">collapse</a>)</small>
191
+ </h2>
192
+
193
+ <ul class="summary">
194
+
195
+ <li class="public ">
196
+ <span class="summary_signature">
197
+
198
+ <a href="#check_statuses-instance_method" title="#check_statuses (instance method)">- (Hash) <strong>check_statuses</strong>(request) </a>
199
+
200
+
201
+
202
+ </span>
203
+
204
+
205
+
206
+
207
+
208
+
209
+
210
+
211
+
212
+ <span class="summary_desc"><div class='inline'>
213
+ <p>Loads and checks a raw OCSP request.</p>
214
+ </div></span>
215
+
216
+ </li>
217
+
218
+
219
+ <li class="public ">
220
+ <span class="summary_signature">
221
+
222
+ <a href="#initialize-instance_method" title="#initialize (instance method)">- (RequestChecker) <strong>initialize</strong>(configs, validity_checker) </a>
223
+
224
+
225
+
226
+ </span>
227
+
228
+
229
+ <span class="note title constructor">constructor</span>
230
+
231
+
232
+
233
+
234
+
235
+
236
+
237
+
238
+ <span class="summary_desc"><div class='inline'>
239
+ <p>A new instance of RequestChecker.</p>
240
+ </div></span>
241
+
242
+ </li>
243
+
244
+
245
+ <li class="public ">
246
+ <span class="summary_signature">
247
+
248
+ <a href="#validate_statuses-instance_method" title="#validate_statuses (instance method)">- (Boolean) <strong>validate_statuses</strong>(statuses) </a>
249
+
250
+
251
+
252
+ </span>
253
+
254
+
255
+
256
+
257
+
258
+
259
+
260
+
261
+
262
+ <span class="summary_desc"><div class='inline'>
263
+ <p>Determines whether the statuses constitute a request that is compliant.</p>
264
+ </div></span>
265
+
266
+ </li>
267
+
268
+
269
+ </ul>
270
+
271
+
272
+
273
+ <div id="constructor_details" class="method_details_list">
274
+ <h2>Constructor Details</h2>
275
+
276
+ <div class="method_details first">
277
+ <h3 class="signature first" id="initialize-instance_method">
278
+
279
+ - (<tt><span class='object_link'><a href="" title="R509::Ocsp::Helper::RequestChecker (class)">RequestChecker</a></span></tt>) <strong>initialize</strong>(configs, validity_checker)
280
+
281
+
282
+
283
+
284
+
285
+ </h3><div class="docstring">
286
+ <div class="discussion">
287
+
288
+ <p>A new instance of RequestChecker</p>
289
+
290
+
291
+ </div>
292
+ </div>
293
+ <div class="tags">
294
+ <p class="tag_title">Parameters:</p>
295
+ <ul class="param">
296
+
297
+ <li>
298
+
299
+ <span class='name'>configs</span>
300
+
301
+
302
+ <span class='type'>(<tt>R509::Config::CaConfigPool</tt>)</span>
303
+
304
+
305
+
306
+ &mdash;
307
+ <div class='inline'>
308
+ <p>CaConfigPool object</p>
309
+ </div>
310
+
311
+ </li>
312
+
313
+ <li>
314
+
315
+ <span class='name'>validity_checker</span>
316
+
317
+
318
+ <span class='type'>(<tt>R509::Validity::Checker</tt>)</span>
319
+
320
+
321
+
322
+ &mdash;
323
+ <div class='inline'>
324
+ <p>an implementation of the R509::Validity::Checker class</p>
325
+ </div>
326
+
327
+ </li>
328
+
329
+ </ul>
330
+
331
+
332
+ </div><table class="source_code">
333
+ <tr>
334
+ <td>
335
+ <pre class="lines">
336
+
337
+
338
+ 62
339
+ 63
340
+ 64
341
+ 65
342
+ 66
343
+ 67
344
+ 68
345
+ 69
346
+ 70
347
+ 71
348
+ 72
349
+ 73
350
+ 74
351
+ 75
352
+ 76
353
+ 77
354
+ 78
355
+ 79
356
+ 80
357
+ 81
358
+ 82
359
+ 83
360
+ 84
361
+ 85
362
+ 86
363
+ 87
364
+ 88
365
+ 89
366
+ 90
367
+ 91</pre>
368
+ </td>
369
+ <td>
370
+ <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 62</span>
371
+
372
+ <span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_configs'>configs</span><span class='comma'>,</span> <span class='id identifier rubyid_validity_checker'>validity_checker</span><span class='rparen'>)</span>
373
+ <span class='kw'>unless</span> <span class='id identifier rubyid_configs'>configs</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CaConfigPool</span><span class='rparen'>)</span>
374
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Must pass R509::Config::CaConfigPool object</span><span class='tstring_end'>&quot;</span></span>
375
+ <span class='kw'>end</span>
376
+ <span class='kw'>if</span> <span class='id identifier rubyid_configs'>configs</span><span class='period'>.</span><span class='id identifier rubyid_all'>all</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
377
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Must be at least one R509::Config object</span><span class='tstring_end'>&quot;</span></span>
378
+ <span class='kw'>end</span>
379
+ <span class='ivar'>@configs</span> <span class='op'>=</span> <span class='id identifier rubyid_configs'>configs</span><span class='period'>.</span><span class='id identifier rubyid_all'>all</span>
380
+ <span class='id identifier rubyid_test_cid'>test_cid</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>CertificateId</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='comma'>,</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='rparen'>)</span>
381
+ <span class='kw'>if</span> <span class='id identifier rubyid_test_cid'>test_cid</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:issuer_key_hash</span><span class='rparen'>)</span>
382
+ <span class='ivar'>@configs_hash</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
383
+ <span class='ivar'>@configs</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_config'>config</span><span class='op'>|</span>
384
+ <span class='id identifier rubyid_ee_cert'>ee_cert</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
385
+ <span class='id identifier rubyid_ee_cert'>ee_cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span> <span class='op'>=</span> <span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span>
386
+ <span class='comment'># per RFC 5019
387
+ </span> <span class='comment'># Clients MUST use SHA1 as the hashing algorithm for the
388
+ </span> <span class='comment'># CertID.issuerNameHash and the CertID.issuerKeyHash values.
389
+ </span> <span class='comment'># so we can safely assume that our inbound hashes will be SHA1
390
+ </span> <span class='id identifier rubyid_issuer_certid'>issuer_certid</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>CertificateId</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_ee_cert'>ee_cert</span><span class='comma'>,</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Digest</span><span class='op'>::</span><span class='const'>SHA1</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='rparen'>)</span>
391
+ <span class='ivar'>@configs_hash</span><span class='lbracket'>[</span><span class='id identifier rubyid_issuer_certid'>issuer_certid</span><span class='period'>.</span><span class='id identifier rubyid_issuer_key_hash'>issuer_key_hash</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_config'>config</span>
392
+ <span class='kw'>end</span>
393
+ <span class='kw'>end</span>
394
+ <span class='ivar'>@validity_checker</span> <span class='op'>=</span> <span class='id identifier rubyid_validity_checker'>validity_checker</span>
395
+ <span class='kw'>if</span> <span class='ivar'>@validity_checker</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
396
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Must supply a R509::Validity::Checker</span><span class='tstring_end'>&quot;</span></span>
397
+ <span class='kw'>end</span>
398
+ <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@validity_checker</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:check</span><span class='rparen'>)</span>
399
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The validity checker must have a check method</span><span class='tstring_end'>&quot;</span></span>
400
+ <span class='kw'>end</span>
401
+ <span class='kw'>end</span></pre>
402
+ </td>
403
+ </tr>
404
+ </table>
405
+ </div>
406
+
407
+ </div>
408
+
409
+ <div id="instance_attr_details" class="attr_details">
410
+ <h2>Instance Attribute Details</h2>
411
+
412
+
413
+ <span id=""></span>
414
+ <div class="method_details first">
415
+ <h3 class="signature first" id="configs-instance_method">
416
+
417
+ - (<tt>Object</tt>) <strong>configs</strong> <span class="extras">(readonly)</span>
418
+
419
+
420
+
421
+
422
+
423
+ </h3><div class="docstring">
424
+ <div class="discussion">
425
+
426
+ <p>Returns the value of attribute configs</p>
427
+
428
+
429
+ </div>
430
+ </div>
431
+ <div class="tags">
432
+
433
+
434
+ </div><table class="source_code">
435
+ <tr>
436
+ <td>
437
+ <pre class="lines">
438
+
439
+
440
+ 58
441
+ 59
442
+ 60</pre>
443
+ </td>
444
+ <td>
445
+ <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 58</span>
446
+
447
+ <span class='kw'>def</span> <span class='id identifier rubyid_configs'>configs</span>
448
+ <span class='ivar'>@configs</span>
449
+ <span class='kw'>end</span></pre>
450
+ </td>
451
+ </tr>
452
+ </table>
453
+ </div>
454
+
455
+
456
+ <span id=""></span>
457
+ <div class="method_details ">
458
+ <h3 class="signature " id="configs_hash-instance_method">
459
+
460
+ - (<tt>Object</tt>) <strong>configs_hash</strong> <span class="extras">(readonly)</span>
461
+
462
+
463
+
464
+
465
+
466
+ </h3><div class="docstring">
467
+ <div class="discussion">
468
+
469
+ <p>Returns the value of attribute configs_hash</p>
470
+
471
+
472
+ </div>
473
+ </div>
474
+ <div class="tags">
475
+
476
+
477
+ </div><table class="source_code">
478
+ <tr>
479
+ <td>
480
+ <pre class="lines">
481
+
482
+
483
+ 58
484
+ 59
485
+ 60</pre>
486
+ </td>
487
+ <td>
488
+ <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 58</span>
489
+
490
+ <span class='kw'>def</span> <span class='id identifier rubyid_configs_hash'>configs_hash</span>
491
+ <span class='ivar'>@configs_hash</span>
492
+ <span class='kw'>end</span></pre>
493
+ </td>
494
+ </tr>
495
+ </table>
496
+ </div>
497
+
498
+ </div>
499
+
500
+
501
+ <div id="instance_method_details" class="method_details_list">
502
+ <h2>Instance Method Details</h2>
503
+
504
+
505
+ <div class="method_details first">
506
+ <h3 class="signature first" id="check_statuses-instance_method">
507
+
508
+ - (<tt>Hash</tt>) <strong>check_statuses</strong>(request)
509
+
510
+
511
+
512
+
513
+
514
+ </h3><div class="docstring">
515
+ <div class="discussion">
516
+
517
+ <p>Loads and checks a raw OCSP request</p>
518
+
519
+
520
+ </div>
521
+ </div>
522
+ <div class="tags">
523
+ <p class="tag_title">Parameters:</p>
524
+ <ul class="param">
525
+
526
+ <li>
527
+
528
+ <span class='name'>request</span>
529
+
530
+
531
+ <span class='type'>(<tt>OpenSSL::OCSP::Request</tt>)</span>
532
+
533
+
534
+
535
+ &mdash;
536
+ <div class='inline'>
537
+ <p>OpenSSL OCSP Request object</p>
538
+ </div>
539
+
540
+ </li>
541
+
542
+ </ul>
543
+
544
+ <p class="tag_title">Returns:</p>
545
+ <ul class="return">
546
+
547
+ <li>
548
+
549
+
550
+ <span class='type'>(<tt>Hash</tt>)</span>
551
+
552
+
553
+
554
+ &mdash;
555
+ <div class='inline'>
556
+ <p>hash from the check_status method</p>
557
+ </div>
558
+
559
+ </li>
560
+
561
+ </ul>
562
+
563
+ </div><table class="source_code">
564
+ <tr>
565
+ <td>
566
+ <pre class="lines">
567
+
568
+
569
+ 97
570
+ 98
571
+ 99
572
+ 100
573
+ 101
574
+ 102
575
+ 103
576
+ 104
577
+ 105
578
+ 106
579
+ 107
580
+ 108
581
+ 109
582
+ 110
583
+ 111
584
+ 112
585
+ 113
586
+ 114
587
+ 115
588
+ 116
589
+ 117
590
+ 118</pre>
591
+ </td>
592
+ <td>
593
+ <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 97</span>
594
+
595
+ <span class='kw'>def</span> <span class='id identifier rubyid_check_statuses'>check_statuses</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
596
+ <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_certid'>certid</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_certid'>certid</span><span class='op'>|</span>
597
+ <span class='kw'>if</span> <span class='id identifier rubyid_certid'>certid</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:issuer_key_hash</span><span class='rparen'>)</span>
598
+ <span class='id identifier rubyid_validated_config'>validated_config</span> <span class='op'>=</span> <span class='ivar'>@configs_hash</span><span class='lbracket'>[</span><span class='id identifier rubyid_certid'>certid</span><span class='period'>.</span><span class='id identifier rubyid_issuer_key_hash'>issuer_key_hash</span><span class='rbracket'>]</span>
599
+ <span class='kw'>else</span>
600
+ <span class='id identifier rubyid_validated_config'>validated_config</span> <span class='op'>=</span> <span class='ivar'>@configs</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_config'>config</span><span class='op'>|</span>
601
+ <span class='comment'>#we need to create an OCSP::CertificateId object that has the right
602
+ </span> <span class='comment'>#issuer so we can pass it to #cmp_issuer. This is annoying because
603
+ </span> <span class='comment'>#CertificateId wants a cert and its issuer, but we don't want to
604
+ </span> <span class='comment'>#force users to provide an end entity cert just to make this comparison
605
+ </span> <span class='comment'>#work. So, we create a fake new cert and pass it in.
606
+ </span> <span class='id identifier rubyid_ee_cert'>ee_cert</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
607
+ <span class='id identifier rubyid_ee_cert'>ee_cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span> <span class='op'>=</span> <span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span>
608
+ <span class='id identifier rubyid_issuer_certid'>issuer_certid</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>CertificateId</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_ee_cert'>ee_cert</span><span class='comma'>,</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
609
+ <span class='id identifier rubyid_certid'>certid</span><span class='period'>.</span><span class='id identifier rubyid_cmp_issuer'>cmp_issuer</span><span class='lparen'>(</span><span class='id identifier rubyid_issuer_certid'>issuer_certid</span><span class='rparen'>)</span>
610
+ <span class='kw'>end</span>
611
+ <span class='kw'>end</span>
612
+
613
+ <span class='id identifier rubyid_log'>log</span><span class='period'>.</span><span class='id identifier rubyid_info'>info</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_validated_config'>validated_config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='rbrace'>}</span><span class='tstring_content'> found for issuer</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_validated_config'>validated_config</span>
614
+ <span class='id identifier rubyid_check_status'>check_status</span><span class='lparen'>(</span><span class='id identifier rubyid_certid'>certid</span><span class='comma'>,</span> <span class='id identifier rubyid_validated_config'>validated_config</span><span class='rparen'>)</span>
615
+ <span class='rbrace'>}</span>
616
+ <span class='kw'>end</span></pre>
617
+ </td>
618
+ </tr>
619
+ </table>
620
+ </div>
621
+
622
+ <div class="method_details ">
623
+ <h3 class="signature " id="validate_statuses-instance_method">
624
+
625
+ - (<tt>Boolean</tt>) <strong>validate_statuses</strong>(statuses)
626
+
627
+
628
+
629
+
630
+
631
+ </h3><div class="docstring">
632
+ <div class="discussion">
633
+
634
+ <p>Determines whether the statuses constitute a request that is compliant. No
635
+ config means we don't know the CA, different configs means there are
636
+ requests from two different CAs in there. Both are invalid.</p>
637
+
638
+
639
+ </div>
640
+ </div>
641
+ <div class="tags">
642
+ <p class="tag_title">Parameters:</p>
643
+ <ul class="param">
644
+
645
+ <li>
646
+
647
+ <span class='name'>statuses</span>
648
+
649
+
650
+ <span class='type'>(<tt>Array&lt;Hash&gt;</tt>)</span>
651
+
652
+
653
+
654
+ &mdash;
655
+ <div class='inline'>
656
+ <p>array of hashes from check_statuses</p>
657
+ </div>
658
+
659
+ </li>
660
+
661
+ </ul>
662
+
663
+ <p class="tag_title">Returns:</p>
664
+ <ul class="return">
665
+
666
+ <li>
667
+
668
+
669
+ <span class='type'>(<tt>Boolean</tt>)</span>
670
+
671
+
672
+
673
+ </li>
674
+
675
+ </ul>
676
+
677
+ </div><table class="source_code">
678
+ <tr>
679
+ <td>
680
+ <pre class="lines">
681
+
682
+
683
+ 126
684
+ 127
685
+ 128
686
+ 129
687
+ 130
688
+ 131
689
+ 132
690
+ 133
691
+ 134
692
+ 135
693
+ 136
694
+ 137
695
+ 138
696
+ 139
697
+ 140
698
+ 141
699
+ 142
700
+ 143</pre>
701
+ </td>
702
+ <td>
703
+ <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 126</span>
704
+
705
+ <span class='kw'>def</span> <span class='id identifier rubyid_validate_statuses'>validate_statuses</span><span class='lparen'>(</span><span class='id identifier rubyid_statuses'>statuses</span><span class='rparen'>)</span>
706
+ <span class='id identifier rubyid_validity'>validity</span> <span class='op'>=</span> <span class='kw'>true</span>
707
+ <span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='kw'>nil</span>
708
+
709
+ <span class='id identifier rubyid_statuses'>statuses</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_status'>status</span><span class='op'>|</span>
710
+ <span class='kw'>if</span> <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
711
+ <span class='id identifier rubyid_validity'>validity</span> <span class='op'>=</span> <span class='kw'>false</span>
712
+ <span class='kw'>end</span>
713
+ <span class='kw'>if</span> <span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
714
+ <span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span>
715
+ <span class='kw'>end</span>
716
+ <span class='kw'>if</span> <span class='id identifier rubyid_config'>config</span> <span class='op'>!=</span> <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span>
717
+ <span class='id identifier rubyid_validity'>validity</span> <span class='op'>=</span> <span class='kw'>false</span>
718
+ <span class='kw'>end</span>
719
+ <span class='kw'>end</span>
720
+
721
+ <span class='id identifier rubyid_validity'>validity</span>
722
+ <span class='kw'>end</span></pre>
723
+ </td>
724
+ </tr>
725
+ </table>
726
+ </div>
727
+
728
+ </div>
729
+
730
+ </div>
731
+
732
+ <div id="footer">
733
+ Generated on Thu Nov 8 14:33:52 2012 by
734
+ <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
735
+ 0.8.2.1 (ruby-1.9.3).
736
+ </div>
737
+
738
+ </body>
739
+ </html>