RubyGems - r509-ocsp-responder - Versions diffs - 0.3.1 - Mend

r509-ocsp-responder 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

data/README.md +77 -0
data/Rakefile +38 -0
data/doc/R509.html +115 -0
data/doc/R509/Ocsp.html +130 -0
data/doc/R509/Ocsp/Helper.html +126 -0
data/doc/R509/Ocsp/Helper/RequestChecker.html +739 -0
data/doc/R509/Ocsp/Helper/ResponseSigner.html +583 -0
data/doc/R509/Ocsp/Responder.html +129 -0
data/doc/R509/Ocsp/Responder/OcspConfig.html +289 -0
data/doc/R509/Ocsp/Responder/Server.html +128 -0
data/doc/R509/Ocsp/Responder/StatusError.html +134 -0
data/doc/R509/Ocsp/Signer.html +584 -0
data/doc/_index.html +197 -0
data/doc/class_list.html +53 -0
data/doc/css/common.css +1 -0
data/doc/css/full_list.css +57 -0
data/doc/css/style.css +328 -0
data/doc/file.README.html +156 -0
data/doc/file_list.html +55 -0
data/doc/frames.html +28 -0
data/doc/index.html +156 -0
data/doc/js/app.js +214 -0
data/doc/js/full_list.js +173 -0
data/doc/js/jquery.js +4 -0
data/doc/method_list.html +164 -0
data/doc/top-level-namespace.html +112 -0
data/lib/r509/ocsp/responder/ocsp-config.rb +35 -0
data/lib/r509/ocsp/responder/server.rb +169 -0
data/lib/r509/ocsp/responder/version.rb +7 -0
data/lib/r509/ocsp/signer.rb +244 -0
data/spec/fixtures.rb +196 -0
data/spec/fixtures/cert1.pem +24 -0
data/spec/fixtures/config_test_various.yaml +46 -0
data/spec/fixtures/ocsptest.r509.local.pem +27 -0
data/spec/fixtures/second_ca.cer +26 -0
data/spec/fixtures/second_ca.key +27 -0
data/spec/fixtures/stca.pem +22 -0
data/spec/fixtures/stca_ocsp_request.der +0 -0
data/spec/fixtures/stca_ocsp_response.der +0 -0
data/spec/fixtures/test_ca.cer +22 -0
data/spec/fixtures/test_ca.key +28 -0
data/spec/fixtures/test_ca_ocsp.cer +26 -0
data/spec/fixtures/test_ca_ocsp.key +27 -0
data/spec/fixtures/test_ca_ocsp_chain.txt +48 -0
data/spec/fixtures/test_ca_request.der +0 -0
data/spec/fixtures/test_ca_response.der +0 -0
data/spec/fixtures/test_ca_subroot.cer +25 -0
data/spec/fixtures/test_ca_subroot.key +27 -0
data/spec/fixtures/test_ca_subroot_ocsp.cer +25 -0
data/spec/fixtures/test_ca_subroot_ocsp.key +27 -0
data/spec/fixtures/test_config.yaml +17 -0
data/spec/server_spec.rb +400 -0
data/spec/signer_spec.rb +275 -0
data/spec/spec_helper.rb +18 -0
metadata +259 -0

data/doc/R509/Ocsp/Helper/ResponseSigner.html ADDED

@@ -0,0 +1,583 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>
+  Class: R509::Ocsp::Helper::ResponseSigner
+    &mdash; Documentation by YARD 0.8.2.1
+</title>
+  <link rel="stylesheet" href="../../../css/style.css" type="text/css" media="screen" charset="utf-8" />
+  <link rel="stylesheet" href="../../../css/common.css" type="text/css" media="screen" charset="utf-8" />
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '../../../';
+  framesUrl = "../../../frames.html#!" + escape(window.location.href);
+</script>
+  <script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
+  <script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+    <a href="../../../_index.html">Index (R)</a> &raquo;
+    <span class='title'><span class='object_link'><a href="../../../R509.html" title="R509 (module)">R509</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Ocsp.html" title="R509::Ocsp (module)">Ocsp</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Helper.html" title="R509::Ocsp::Helper (module)">Helper</a></span></span>
+     &raquo;
+    <span class="title">ResponseSigner</span>
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+      <div id="search">
+    <a class="full_list_link" id="class_list_link"
+        href="../../../class_list.html">
+      Class List
+    </a>
+    <a class="full_list_link" id="method_list_link"
+        href="../../../method_list.html">
+      Method List
+    </a>
+    <a class="full_list_link" id="file_list_link"
+        href="../../../file_list.html">
+      File List
+    </a>
+</div>
+      <div class="clear"></div>
+    </div>
+    <iframe id="search_frame"></iframe>
+    <div id="content"><h1>Class: R509::Ocsp::Helper::ResponseSigner
+</h1>
+<dl class="box">
+    <dt class="r1">Inherits:</dt>
+    <dd class="r1">
+      <span class="inheritName">Object</span>
+        <ul class="fullTree">
+          <li>Object</li>
+            <li class="next">R509::Ocsp::Helper::ResponseSigner</li>
+        </ul>
+        <a href="#" class="inheritanceTree">show all</a>
+      </dd>
+    <dt class="r2 last">Defined in:</dt>
+    <dd class="r2 last">lib/r509/ocsp/signer.rb</dd>
+</dl>
+<div class="clear"></div>
+<h2>Overview</h2><div class="docstring">
+  <div class="discussion">
+<p>signs OCSP responses</p>
+  </div>
+</div>
+<div class="tags">
+</div>
+    <h2>
+      Instance Method Summary
+      <small>(<a href="#" class="summary_toggle">collapse</a>)</small>
+    </h2>
+    <ul class="summary">
+        <li class="public ">
+  <span class="summary_signature">
+      <a href="#create_basic_response-instance_method" title="#create_basic_response (instance method)">- (OpenSSL::OCSP::BasicResponse) <strong>create_basic_response</strong>(request, statuses) </a>
+  </span>
+    <span class="summary_desc"><div class='inline'>
+<p>It is UNWISE to call this method directly because it assumes that the
+request is validated.</p>
+</div></span>
+</li>
+        <li class="public ">
+  <span class="summary_signature">
+      <a href="#create_response-instance_method" title="#create_response (instance method)">- (OpenSSL::OCSP::OCSPResponse) <strong>create_response</strong>(response_status, basic_response = nil) </a>
+  </span>
+    <span class="summary_desc"><div class='inline'>
+<p>Builds final response.</p>
+</div></span>
+</li>
+        <li class="public ">
+  <span class="summary_signature">
+      <a href="#initialize-instance_method" title="#initialize (instance method)">- (ResponseSigner) <strong>initialize</strong>(options) </a>
+  </span>
+    <span class="note title constructor">constructor</span>
+    <span class="summary_desc"><div class='inline'>
+<p>A new instance of ResponseSigner.</p>
+</div></span>
+</li>
+    </ul>
+<div id="constructor_details" class="method_details_list">
+  <h2>Constructor Details</h2>
+    <div class="method_details first">
+  <h3 class="signature first" id="initialize-instance_method">
+    - (<tt><span class='object_link'><a href="" title="R509::Ocsp::Helper::ResponseSigner (class)">ResponseSigner</a></span></tt>) <strong>initialize</strong>(options)
+</h3><div class="docstring">
+  <div class="discussion">
+<p>A new instance of ResponseSigner</p>
+  </div>
+</div>
+<div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+    <li>
+        <span class='name'>options</span>
+        <span class='type'>(<tt>Hash</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>a customizable set of options</p>
+</div>
+    </li>
+</ul>
+    <p class="tag_title">Options Hash (<tt>options</tt>):</p>
+    <ul class="option">
+        <li>
+          <span class="name">:copy_nonce</span>
+          <span class="type">(<tt>Boolean</tt>)</span>
+          <span class="default">
+          </span>
+        </li>
+    </ul>
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+172
+173
+174
+175
+176
+177
+178</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 172</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
+    <span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:copy_nonce</span><span class='rparen'>)</span>
+        <span class='ivar'>@copy_nonce</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:copy_nonce</span><span class='rbracket'>]</span>
+    <span class='kw'>else</span>
+        <span class='ivar'>@copy_nonce</span> <span class='op'>=</span> <span class='kw'>false</span>
+    <span class='kw'>end</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+</div>
+  <div id="instance_method_details" class="method_details_list">
+    <h2>Instance Method Details</h2>
+      <div class="method_details first">
+  <h3 class="signature first" id="create_basic_response-instance_method">
+    - (<tt>OpenSSL::OCSP::BasicResponse</tt>) <strong>create_basic_response</strong>(request, statuses)
+</h3><div class="docstring">
+  <div class="discussion">
+<p>It is UNWISE to call this method directly because it assumes that the
+request is validated. You probably want to take a look at
+R509::Ocsp::Signer#handle_request</p>
+  </div>
+</div>
+<div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+    <li>
+        <span class='name'>request</span>
+        <span class='type'>(<tt>OpenSSL::OCSP::Request</tt>)</span>
+    </li>
+    <li>
+        <span class='name'>statuses</span>
+        <span class='type'>(<tt>Hash</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>hash from R509::Ocsp::Helper::RequestChecker#check_statuses</p>
+</div>
+    </li>
+</ul>
+<p class="tag_title">Returns:</p>
+<ul class="return">
+    <li>
+        <span class='type'>(<tt>OpenSSL::OCSP::BasicResponse</tt>)</span>
+    </li>
+</ul>
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 186</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_create_basic_response'>create_basic_response</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='comma'>,</span><span class='id identifier rubyid_statuses'>statuses</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_basic_response'>basic_response</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>BasicResponse</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
+    <span class='id identifier rubyid_basic_response'>basic_response</span><span class='period'>.</span><span class='id identifier rubyid_copy_nonce'>copy_nonce</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='ivar'>@copy_nonce</span>
+    <span class='id identifier rubyid_statuses'>statuses</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_status'>status</span><span class='op'>|</span>
+        <span class='comment'>#revocation time is retarded and is relative to now, so
+</span>        <span class='comment'>#let's figure out what that is.
+</span>        <span class='kw'>if</span> <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:status</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>V_CERTSTATUS_REVOKED</span>
+            <span class='id identifier rubyid_revocation_time'>revocation_time</span> <span class='op'>=</span> <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:revocation_time</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span> <span class='op'>-</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
+        <span class='kw'>end</span>
+        <span class='id identifier rubyid_basic_response'>basic_response</span><span class='period'>.</span><span class='id identifier rubyid_add_status'>add_status</span><span class='lparen'>(</span><span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:certid</span><span class='rbracket'>]</span><span class='comma'>,</span>
+                                <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:status</span><span class='rbracket'>]</span><span class='comma'>,</span>
+                                <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:revocation_reason</span><span class='rbracket'>]</span><span class='comma'>,</span>
+                                <span class='id identifier rubyid_revocation_time'>revocation_time</span><span class='comma'>,</span>
+                                <span class='op'>-</span><span class='int'>1</span><span class='op'>*</span><span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_start_skew_seconds'>ocsp_start_skew_seconds</span><span class='comma'>,</span>
+                                <span class='id identifier rubyid_status'>status</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_validity_hours'>ocsp_validity_hours</span><span class='op'>*</span><span class='int'>3600</span><span class='comma'>,</span>
+                                <span class='lbracket'>[</span><span class='rbracket'>]</span> <span class='comment'>#array of OpenSSL::X509::Extensions
+</span>                                <span class='rparen'>)</span>
+    <span class='kw'>end</span>
+    <span class='comment'>#this method assumes the request data is validated by validate_request so all configs will be the same and
+</span>    <span class='comment'>#we can choose to use the first one safely
+</span>    <span class='id identifier rubyid_config'>config</span> <span class='op'>=</span> <span class='id identifier rubyid_statuses'>statuses</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:config</span><span class='rbracket'>]</span>
+    <span class='comment'>#confusing, but R509::Cert contains R509::PrivateKey under #key. PrivateKey#key gives the OpenSSL object
+</span>    <span class='comment'>#turns out BasicResponse#sign can take up to 4 params
+</span>    <span class='comment'>#cert, key, array of OpenSSL::X509::Certificates, flags (not sure what the enumeration of those are)
+</span>    <span class='id identifier rubyid_basic_response'>basic_response</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_cert'>ocsp_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_cert'>ocsp_cert</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_chain'>ocsp_chain</span><span class='rparen'>)</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+      <div class="method_details ">
+  <h3 class="signature " id="create_response-instance_method">
+    - (<tt>OpenSSL::OCSP::OCSPResponse</tt>) <strong>create_response</strong>(response_status, basic_response = nil)
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Builds final response.</p>
+<p>generated by create_basic_response</p>
+  </div>
+</div>
+<div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+    <li>
+        <span class='name'>response_status</span>
+        <span class='type'>(<tt>OpenSSL::OCSP::RESPONSE_STATUS_*</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>the primary response status</p>
+</div>
+    </li>
+    <li>
+        <span class='name'>basic_response</span>
+        <span class='type'>(<tt>OpenSSL::OCSP::BasicResponse</tt>)</span>
+        <em class="default">(defaults to: <tt>nil</tt>)</em>
+        &mdash;
+        <div class='inline'>
+<p>an optional basic response object</p>
+</div>
+    </li>
+</ul>
+<p class="tag_title">Returns:</p>
+<ul class="return">
+    <li>
+        <span class='type'>(<tt>OpenSSL::OCSP::OCSPResponse</tt>)</span>
+    </li>
+</ul>
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+237
+238
+239
+240
+241
+242</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/ocsp/signer.rb', line 223</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_create_response'>create_response</span><span class='lparen'>(</span><span class='id identifier rubyid_response_status'>response_status</span><span class='comma'>,</span><span class='id identifier rubyid_basic_response'>basic_response</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
+    <span class='comment'># first arg is the response status code, comes from this list
+</span>    <span class='comment'># these can also be enumerated via OpenSSL::OCSP::RESPONSE_STATUS_*
+</span>    <span class='comment'>#OCSPResponseStatus ::= ENUMERATED {
+</span>    <span class='comment'>#    successful            (0),      --Response has valid confirmations
+</span>    <span class='comment'>#    malformedRequest      (1),      --Illegal confirmation request
+</span>    <span class='comment'>#    internalError         (2),      --Internal error in issuer
+</span>    <span class='comment'>#    tryLater              (3),      --Try again later
+</span>    <span class='comment'>#                       --(4) is not used
+</span>    <span class='comment'>#    sigRequired           (5),      --Must sign the request
+</span>    <span class='comment'>#    unauthorized          (6)       --Request unauthorized
+</span>    <span class='comment'>#}
+</span>    <span class='comment'>#
+</span>    <span class='const'>R509</span><span class='op'>::</span><span class='const'>Ocsp</span><span class='op'>::</span><span class='const'>Response</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
+        <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>OCSP</span><span class='op'>::</span><span class='const'>Response</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span>
+            <span class='id identifier rubyid_response_status'>response_status</span><span class='comma'>,</span> <span class='id identifier rubyid_basic_response'>basic_response</span>
+        <span class='rparen'>)</span>
+    <span class='rparen'>)</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+  </div>
+</div>
+    <div id="footer">
+  Generated on Thu Nov  8 14:33:53 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.2.1 (ruby-1.9.3).
+</div>
+  </body>
+</html>