14 #if defined(OSSL_OCSP_ENABLED) 16 #define WrapOCSPReq(klass, obj, req) do { \ 17 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \ 18 (obj) = Data_Wrap_Struct((klass), 0, OCSP_REQUEST_free, (req)); \ 20 #define GetOCSPReq(obj, req) do { \ 21 Data_Get_Struct((obj), OCSP_REQUEST, (req)); \ 22 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \ 24 #define SafeGetOCSPReq(obj, req) do { \ 25 OSSL_Check_Kind((obj), cOCSPReq); \ 26 GetOCSPReq((obj), (req)); \ 29 #define WrapOCSPRes(klass, obj, res) do { \ 30 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 31 (obj) = Data_Wrap_Struct((klass), 0, OCSP_RESPONSE_free, (res)); \ 33 #define GetOCSPRes(obj, res) do { \ 34 Data_Get_Struct((obj), OCSP_RESPONSE, (res)); \ 35 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 37 #define SafeGetOCSPRes(obj, res) do { \ 38 OSSL_Check_Kind((obj), cOCSPRes); \ 39 GetOCSPRes((obj), (res)); \ 42 #define WrapOCSPBasicRes(klass, obj, res) do { \ 43 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 44 (obj) = Data_Wrap_Struct((klass), 0, OCSP_BASICRESP_free, (res)); \ 46 #define GetOCSPBasicRes(obj, res) do { \ 47 Data_Get_Struct((obj), OCSP_BASICRESP, (res)); \ 48 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \ 50 #define SafeGetOCSPBasicRes(obj, res) do { \ 51 OSSL_Check_Kind((obj), cOCSPBasicRes); \ 52 GetOCSPBasicRes((obj), (res)); \ 55 #define WrapOCSPCertId(klass, obj, cid) do { \ 56 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \ 57 (obj) = Data_Wrap_Struct((klass), 0, OCSP_CERTID_free, (cid)); \ 59 #define GetOCSPCertId(obj, cid) do { \ 60 Data_Get_Struct((obj), OCSP_CERTID, (cid)); \ 61 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \ 63 #define SafeGetOCSPCertId(obj, cid) do { \ 64 OSSL_Check_Kind((obj), cOCSPCertId); \ 65 GetOCSPCertId((obj), (cid)); \ 79 ossl_ocspcertid_new(OCSP_CERTID *cid)
82 WrapOCSPCertId(cOCSPCertId, obj, cid);
90 ossl_ocspreq_alloc(
VALUE klass)
95 if (!(req = OCSP_REQUEST_new()))
97 WrapOCSPReq(klass, obj, req);
106 const unsigned char *p;
110 OCSP_REQUEST *req =
DATA_PTR(
self), *x;
117 ossl_raise(eOCSPError,
"cannot load DER encoded request");
133 GetOCSPReq(
self, req);
134 ret = OCSP_request_add1_nonce(req,
NULL, -1);
138 GetOCSPReq(
self, req);
159 ossl_ocspreq_check_nonce(
VALUE self,
VALUE basic_resp)
165 GetOCSPReq(
self, req);
166 SafeGetOCSPBasicRes(basic_resp, bs);
167 res = OCSP_check_nonce(req, bs);
173 ossl_ocspreq_add_certid(
VALUE self,
VALUE certid)
178 GetOCSPReq(
self, req);
179 GetOCSPCertId(certid,
id);
180 if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(
id)))
187 ossl_ocspreq_get_certid(
VALUE self)
195 GetOCSPReq(
self, req);
196 count = OCSP_request_onereq_count(req);
198 for(i = 0; i <
count; i++){
199 one = OCSP_request_onereq_get0(req, i);
200 if(!(
id = OCSP_CERTID_dup(OCSP_onereq_get0_id(
one))))
202 WrapOCSPCertId(cOCSPCertId, tmp,
id);
212 VALUE signer_cert, signer_key, certs, flags;
225 x509s = sk_X509_new_null();
226 flags |= OCSP_NOCERTS;
228 else x509s = ossl_x509_ary2sk(certs);
229 GetOCSPReq(
self, req);
230 ret = OCSP_request_sign(req, signer,
key, EVP_sha1(), x509s, flg);
231 sk_X509_pop_free(x509s, X509_free);
240 VALUE certs, store, flags;
249 x509s = ossl_x509_ary2sk(certs);
250 GetOCSPReq(
self, req);
251 result = OCSP_request_verify(req, x509s, x509st, flg);
252 sk_X509_pop_free(x509s, X509_free);
259 ossl_ocspreq_to_der(
VALUE self)
266 GetOCSPReq(
self, req);
267 if((len = i2d_OCSP_REQUEST(req,
NULL)) <= 0)
271 if(i2d_OCSP_REQUEST(req, &p) <= 0)
290 else GetOCSPBasicRes(basic_resp, bs);
291 if(!(res = OCSP_response_create(st, bs)))
293 WrapOCSPRes(klass, obj, res);
299 ossl_ocspres_alloc(
VALUE klass)
304 if(!(res = OCSP_RESPONSE_new()))
306 WrapOCSPRes(klass, obj, res);
315 const unsigned char *p;
319 OCSP_RESPONSE *res =
DATA_PTR(
self), *x;
326 ossl_raise(eOCSPError,
"cannot load DER encoded response");
334 ossl_ocspres_status(
VALUE self)
339 GetOCSPRes(
self, res);
340 st = OCSP_response_status(res);
346 ossl_ocspres_status_string(
VALUE self)
351 GetOCSPRes(
self, res);
352 st = OCSP_response_status(res);
358 ossl_ocspres_get_basic(
VALUE self)
364 GetOCSPRes(
self, res);
365 if(!(bs = OCSP_response_get1_basic(res)))
367 WrapOCSPBasicRes(cOCSPBasicRes, ret, bs);
373 ossl_ocspres_to_der(
VALUE self)
380 GetOCSPRes(
self, res);
381 if((len = i2d_OCSP_RESPONSE(res,
NULL)) <= 0)
385 if(i2d_OCSP_RESPONSE(res, &p) <= 0)
396 ossl_ocspbres_alloc(
VALUE klass)
401 if(!(bs = OCSP_BASICRESP_new()))
403 WrapOCSPBasicRes(klass, obj, bs);
415 ossl_ocspbres_copy_nonce(
VALUE self,
VALUE request)
421 GetOCSPBasicRes(
self, bs);
422 SafeGetOCSPReq(request, req);
423 ret = OCSP_copy_nonce(bs, req);
437 GetOCSPBasicRes(
self, bs);
438 ret = OCSP_basic_add1_nonce(bs,
NULL, -1);
442 GetOCSPBasicRes(
self, bs);
456 OCSP_SINGLERESP *single;
459 ASN1_TIME *ths, *nxt, *rev;
460 int error, i, rstatus = 0;
473 ths = nxt = rev =
NULL;
476 if(rstatus)
goto err;
480 if(rstatus)
goto err;
483 if(rstatus)
goto err;
486 GetOCSPBasicRes(
self, bs);
487 SafeGetOCSPCertId(cid,
id);
488 if(!(single = OCSP_basic_add1_status(bs,
id, st, rsn, rev, ths, nxt))){
494 X509_EXTENSION *x509ext;
495 sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
496 single->singleExtensions =
NULL;
499 if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
500 X509_EXTENSION_free(x509ext);
504 X509_EXTENSION_free(x509ext);
519 ossl_ocspbres_get_status(
VALUE self)
522 OCSP_SINGLERESP *single;
524 ASN1_TIME *revtime, *thisupd, *nextupd;
526 X509_EXTENSION *x509ext;
528 int count, ext_count, i, j;
530 GetOCSPBasicRes(
self, bs);
532 count = OCSP_resp_count(bs);
533 for(i = 0; i <
count; i++){
534 single = OCSP_resp_get0(bs, i);
535 if(!single)
continue;
537 revtime = thisupd = nextupd =
NULL;
538 status = OCSP_single_get0_status(single, &reason, &revtime,
540 if(status < 0)
continue;
541 if(!(cid = OCSP_CERTID_dup(single->certId)))
551 ext_count = OCSP_SINGLERESP_get_ext_count(single);
552 for(j = 0; j < ext_count; j++){
553 x509ext = OCSP_SINGLERESP_get_ext(single, j);
566 VALUE signer_cert, signer_key, certs, flags;
579 x509s = sk_X509_new_null();
583 x509s = ossl_x509_ary2sk(certs);
585 GetOCSPBasicRes(
self, bs);
586 ret = OCSP_basic_sign(bs, signer,
key, EVP_sha1(), x509s, flg);
587 sk_X509_pop_free(x509s, X509_free);
605 x509s = ossl_x509_ary2sk(certs);
606 GetOCSPBasicRes(
self, bs);
608 sk_X509_pop_free(x509s, X509_free);
618 ossl_ocspcid_alloc(
VALUE klass)
623 if(!(
id = OCSP_CERTID_new()))
625 WrapOCSPCertId(klass, obj,
id);
633 OCSP_CERTID *
id, *newid;
635 VALUE subject, issuer, digest;
645 if (!
NIL_P(digest)) {
647 newid = OCSP_cert_to_id(md, x509s, x509i);
649 newid = OCSP_cert_to_id(
NULL, x509s, x509i);
653 GetOCSPCertId(
self,
id);
654 OCSP_CERTID_free(
id);
655 RDATA(
self)->data = newid;
663 OCSP_CERTID *
id, *id2;
666 GetOCSPCertId(
self,
id);
667 SafeGetOCSPCertId(other, id2);
668 result = OCSP_id_cmp(
id, id2);
674 ossl_ocspcid_cmp_issuer(
VALUE self,
VALUE other)
676 OCSP_CERTID *
id, *id2;
679 GetOCSPCertId(
self,
id);
680 SafeGetOCSPCertId(other, id2);
681 result = OCSP_id_issuer_cmp(
id, id2);
687 ossl_ocspcid_get_serial(
VALUE self)
691 GetOCSPCertId(
self,
id);
725 rb_define_method(cOCSPBasicRes,
"initialize", ossl_ocspbres_initialize, -1);
740 #define DefOCSPConst(x) rb_define_const(mOCSP, #x, INT2NUM(OCSP_##x)) 742 DefOCSPConst(RESPONSE_STATUS_SUCCESSFUL);
743 DefOCSPConst(RESPONSE_STATUS_MALFORMEDREQUEST);
744 DefOCSPConst(RESPONSE_STATUS_INTERNALERROR);
745 DefOCSPConst(RESPONSE_STATUS_TRYLATER);
746 DefOCSPConst(RESPONSE_STATUS_SIGREQUIRED);
747 DefOCSPConst(RESPONSE_STATUS_UNAUTHORIZED);
749 DefOCSPConst(REVOKED_STATUS_NOSTATUS);
750 DefOCSPConst(REVOKED_STATUS_UNSPECIFIED);
751 DefOCSPConst(REVOKED_STATUS_KEYCOMPROMISE);
752 DefOCSPConst(REVOKED_STATUS_CACOMPROMISE);
753 DefOCSPConst(REVOKED_STATUS_AFFILIATIONCHANGED);
754 DefOCSPConst(REVOKED_STATUS_SUPERSEDED);
755 DefOCSPConst(REVOKED_STATUS_CESSATIONOFOPERATION);
756 DefOCSPConst(REVOKED_STATUS_CERTIFICATEHOLD);
757 DefOCSPConst(REVOKED_STATUS_REMOVEFROMCRL);
759 DefOCSPConst(NOCERTS);
760 DefOCSPConst(NOINTERN);
761 DefOCSPConst(NOSIGS);
762 DefOCSPConst(NOCHAIN);
763 DefOCSPConst(NOVERIFY);
764 DefOCSPConst(NOEXPLICIT);
765 DefOCSPConst(NOCASIGN);
766 DefOCSPConst(NODELEGATED);
767 DefOCSPConst(NOCHECKS);
768 DefOCSPConst(TRUSTOTHER);
769 DefOCSPConst(RESPID_KEY);
770 DefOCSPConst(NOTIME);
772 #define DefOCSPVConst(x) rb_define_const(mOCSP, "V_" #x, INT2NUM(V_OCSP_##x)) 774 DefOCSPVConst(CERTSTATUS_GOOD);
775 DefOCSPVConst(CERTSTATUS_REVOKED);
776 DefOCSPVConst(CERTSTATUS_UNKNOWN);
777 DefOCSPVConst(RESPID_NAME);
778 DefOCSPVConst(RESPID_KEY);
void rb_define_singleton_method(VALUE obj, const char *name, VALUE(*func)(ANYARGS), int argc)
Defines a singleton method for obj.
EVP_PKEY * GetPrivPKeyPtr(VALUE obj)
#define ossl_str_adjust(str, p)
VALUE rb_ary_push(VALUE ary, VALUE item)
VALUE rb_protect(VALUE(*proc)(VALUE), VALUE data, int *state)
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
STACK_OF(X509) *ossl_x509_ary2sk0(VALUE)
VALUE asn1time_to_time(ASN1_TIME *time)
X509_EXTENSION * DupX509ExtPtr(VALUE)
X509 * GetX509CertPtr(VALUE)
VALUE ossl_to_der_if_possible(VALUE obj)
RUBY_EXTERN VALUE rb_cObject
const EVP_MD * GetDigestPtr(VALUE obj)
VALUE ossl_x509ext_new(X509_EXTENSION *)
int rb_scan_args(int argc, const VALUE *argv, const char *fmt,...)
void rb_jump_tag(int tag)
X509_STORE * GetX509StorePtr(VALUE)
VALUE rb_define_module_under(VALUE outer, const char *name)
#define OSSL_Check_Kind(obj, klass)
void ossl_raise(VALUE exc, const char *fmt,...)
#define RSTRING_LENINT(str)
VALUE asn1integer_to_num(ASN1_INTEGER *ai)
void rb_define_method(VALUE klass, const char *name, VALUE(*func)(ANYARGS), int argc)
void rb_warn(const char *fmt,...)
VALUE rb_str_new(const char *, long)