14 #if defined(OSSL_OCSP_ENABLED)
16 #define WrapOCSPReq(klass, obj, req) do { \
17 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
18 (obj) = Data_Wrap_Struct((klass), 0, OCSP_REQUEST_free, (req)); \
20 #define GetOCSPReq(obj, req) do { \
21 Data_Get_Struct((obj), OCSP_REQUEST, (req)); \
22 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
24 #define SafeGetOCSPReq(obj, req) do { \
25 OSSL_Check_Kind((obj), cOCSPReq); \
26 GetOCSPReq((obj), (req)); \
29 #define WrapOCSPRes(klass, obj, res) do { \
30 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
31 (obj) = Data_Wrap_Struct((klass), 0, OCSP_RESPONSE_free, (res)); \
33 #define GetOCSPRes(obj, res) do { \
34 Data_Get_Struct((obj), OCSP_RESPONSE, (res)); \
35 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
37 #define SafeGetOCSPRes(obj, res) do { \
38 OSSL_Check_Kind((obj), cOCSPRes); \
39 GetOCSPRes((obj), (res)); \
42 #define WrapOCSPBasicRes(klass, obj, res) do { \
43 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
44 (obj) = Data_Wrap_Struct((klass), 0, OCSP_BASICRESP_free, (res)); \
46 #define GetOCSPBasicRes(obj, res) do { \
47 Data_Get_Struct((obj), OCSP_BASICRESP, (res)); \
48 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
50 #define SafeGetOCSPBasicRes(obj, res) do { \
51 OSSL_Check_Kind((obj), cOCSPBasicRes); \
52 GetOCSPBasicRes((obj), (res)); \
55 #define WrapOCSPCertId(klass, obj, cid) do { \
56 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
57 (obj) = Data_Wrap_Struct((klass), 0, OCSP_CERTID_free, (cid)); \
59 #define GetOCSPCertId(obj, cid) do { \
60 Data_Get_Struct((obj), OCSP_CERTID, (cid)); \
61 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
63 #define SafeGetOCSPCertId(obj, cid) do { \
64 OSSL_Check_Kind((obj), cOCSPCertId); \
65 GetOCSPCertId((obj), (cid)); \
79 ossl_ocspcertid_new(OCSP_CERTID *cid)
82 WrapOCSPCertId(cOCSPCertId, obj, cid);
90 ossl_ocspreq_alloc(
VALUE klass)
95 if (!(req = OCSP_REQUEST_new()))
97 WrapOCSPReq(klass, obj, req);
106 const unsigned char *
p;
110 OCSP_REQUEST *req =
DATA_PTR(
self), *x;
117 ossl_raise(eOCSPError,
"cannot load DER encoded request");
125 ossl_ocspreq_add_nonce(
int argc,
VALUE *argv,
VALUE self)
133 GetOCSPReq(
self, req);
134 ret = OCSP_request_add1_nonce(req,
NULL, -1);
138 GetOCSPReq(
self, req);
159 ossl_ocspreq_check_nonce(
VALUE self,
VALUE basic_resp)
165 GetOCSPReq(
self, req);
166 SafeGetOCSPBasicRes(basic_resp, bs);
167 res = OCSP_check_nonce(req, bs);
173 ossl_ocspreq_add_certid(
VALUE self,
VALUE certid)
178 GetOCSPReq(
self, req);
179 GetOCSPCertId(certid,
id);
180 if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(
id)))
187 ossl_ocspreq_get_certid(
VALUE self)
195 GetOCSPReq(
self, req);
196 count = OCSP_request_onereq_count(req);
198 for(i = 0; i <
count; i++){
199 one = OCSP_request_onereq_get0(req, i);
200 if(!(
id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
202 WrapOCSPCertId(cOCSPCertId, tmp,
id);
210 ossl_ocspreq_sign(
int argc,
VALUE *argv,
VALUE self)
212 VALUE signer_cert, signer_key, certs, flags;
220 rb_scan_args(argc, argv,
"22", &signer_cert, &signer_key, &certs, &flags);
225 x509s = sk_X509_new_null();
226 flags |= OCSP_NOCERTS;
228 else x509s = ossl_x509_ary2sk(certs);
229 GetOCSPReq(
self, req);
230 ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
231 sk_X509_pop_free(x509s, X509_free);
238 ossl_ocspreq_verify(
int argc,
VALUE *argv,
VALUE self)
240 VALUE certs, store, flags;
249 x509s = ossl_x509_ary2sk(certs);
250 GetOCSPReq(
self, req);
251 result = OCSP_request_verify(req, x509s, x509st, flg);
252 sk_X509_pop_free(x509s, X509_free);
253 if(!result)
rb_warn(
"%s", ERR_error_string(ERR_peek_error(),
NULL));
259 ossl_ocspreq_to_der(
VALUE self)
266 GetOCSPReq(
self, req);
267 if((len = i2d_OCSP_REQUEST(req,
NULL)) <= 0)
271 if(i2d_OCSP_REQUEST(req, &p) <= 0)
290 else GetOCSPBasicRes(basic_resp, bs);
291 if(!(res = OCSP_response_create(st, bs)))
293 WrapOCSPRes(klass, obj, res);
299 ossl_ocspres_alloc(
VALUE klass)
304 if(!(res = OCSP_RESPONSE_new()))
306 WrapOCSPRes(klass, obj, res);
312 ossl_ocspres_initialize(
int argc,
VALUE *argv,
VALUE self)
315 const unsigned char *
p;
319 OCSP_RESPONSE *res =
DATA_PTR(
self), *x;
326 ossl_raise(eOCSPError,
"cannot load DER encoded response");
334 ossl_ocspres_status(
VALUE self)
339 GetOCSPRes(
self, res);
340 st = OCSP_response_status(res);
346 ossl_ocspres_status_string(
VALUE self)
351 GetOCSPRes(
self, res);
352 st = OCSP_response_status(res);
358 ossl_ocspres_get_basic(
VALUE self)
364 GetOCSPRes(
self, res);
365 if(!(bs = OCSP_response_get1_basic(res)))
367 WrapOCSPBasicRes(cOCSPBasicRes, ret, bs);
373 ossl_ocspres_to_der(
VALUE self)
380 GetOCSPRes(
self, res);
381 if((len = i2d_OCSP_RESPONSE(res,
NULL)) <= 0)
385 if(i2d_OCSP_RESPONSE(res, &p) <= 0)
396 ossl_ocspbres_alloc(
VALUE klass)
401 if(!(bs = OCSP_BASICRESP_new()))
403 WrapOCSPBasicRes(klass, obj, bs);
409 ossl_ocspbres_initialize(
int argc,
VALUE *argv,
VALUE self)
415 ossl_ocspbres_copy_nonce(
VALUE self,
VALUE request)
421 GetOCSPBasicRes(
self, bs);
422 SafeGetOCSPReq(request, req);
423 ret = OCSP_copy_nonce(bs, req);
429 ossl_ocspbres_add_nonce(
int argc,
VALUE *argv,
VALUE self)
437 GetOCSPBasicRes(
self, bs);
438 ret = OCSP_basic_add1_nonce(bs,
NULL, -1);
442 GetOCSPBasicRes(
self, bs);
456 OCSP_SINGLERESP *single;
459 ASN1_TIME *ths, *nxt, *rev;
460 int error,
i, rstatus = 0;
473 ths = nxt = rev =
NULL;
476 if(rstatus)
goto err;
480 if(rstatus)
goto err;
483 if(rstatus)
goto err;
486 GetOCSPBasicRes(
self, bs);
487 SafeGetOCSPCertId(cid,
id);
488 if(!(single = OCSP_basic_add1_status(bs,
id, st, rsn, rev, ths, nxt))){
494 X509_EXTENSION *x509ext;
495 sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
496 single->singleExtensions =
NULL;
499 if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
500 X509_EXTENSION_free(x509ext);
504 X509_EXTENSION_free(x509ext);
519 ossl_ocspbres_get_status(
VALUE self)
522 OCSP_SINGLERESP *single;
524 ASN1_TIME *revtime, *thisupd, *nextupd;
526 X509_EXTENSION *x509ext;
528 int count, ext_count,
i, j;
530 GetOCSPBasicRes(
self, bs);
532 count = OCSP_resp_count(bs);
533 for(i = 0; i <
count; i++){
534 single = OCSP_resp_get0(bs, i);
535 if(!single)
continue;
537 revtime = thisupd = nextupd =
NULL;
538 status = OCSP_single_get0_status(single, &reason, &revtime,
540 if(status < 0)
continue;
541 if(!(cid = OCSP_CERTID_dup(single->certId)))
551 ext_count = OCSP_SINGLERESP_get_ext_count(single);
552 for(j = 0; j < ext_count; j++){
553 x509ext = OCSP_SINGLERESP_get_ext(single, j);
564 ossl_ocspbres_sign(
int argc,
VALUE *argv,
VALUE self)
566 VALUE signer_cert, signer_key, certs, flags;
574 rb_scan_args(argc, argv,
"22", &signer_cert, &signer_key, &certs, &flags);
579 x509s = sk_X509_new_null();
583 x509s = ossl_x509_ary2sk(certs);
585 GetOCSPBasicRes(
self, bs);
586 ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
587 sk_X509_pop_free(x509s, X509_free);
594 ossl_ocspbres_verify(
int argc,
VALUE *argv,
VALUE self)
605 x509s = ossl_x509_ary2sk(certs);
606 GetOCSPBasicRes(
self, bs);
607 result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ?
Qtrue :
Qfalse;
608 sk_X509_pop_free(x509s, X509_free);
609 if(!result)
rb_warn(
"%s", ERR_error_string(ERR_peek_error(),
NULL));
618 ossl_ocspcid_alloc(
VALUE klass)
623 if(!(
id = OCSP_CERTID_new()))
625 WrapOCSPCertId(klass, obj,
id);
631 ossl_ocspcid_initialize(
int argc,
VALUE *argv,
VALUE self)
633 OCSP_CERTID *
id, *newid;
635 VALUE subject, issuer, digest;
638 if (
rb_scan_args(argc, argv,
"21", &subject, &issuer, &digest) == 0) {
645 if (!
NIL_P(digest)) {
647 newid = OCSP_cert_to_id(md, x509s, x509i);
649 newid = OCSP_cert_to_id(
NULL, x509s, x509i);
653 GetOCSPCertId(
self,
id);
654 OCSP_CERTID_free(
id);
655 RDATA(
self)->data = newid;
663 OCSP_CERTID *
id, *id2;
666 GetOCSPCertId(
self,
id);
667 SafeGetOCSPCertId(other, id2);
668 result = OCSP_id_cmp(
id, id2);
674 ossl_ocspcid_cmp_issuer(
VALUE self,
VALUE other)
676 OCSP_CERTID *
id, *id2;
679 GetOCSPCertId(
self,
id);
680 SafeGetOCSPCertId(other, id2);
681 result = OCSP_id_issuer_cmp(
id, id2);
687 ossl_ocspcid_get_serial(
VALUE self)
691 GetOCSPCertId(
self,
id);
725 rb_define_method(cOCSPBasicRes,
"initialize", ossl_ocspbres_initialize, -1);
740 #define DefOCSPConst(x) rb_define_const(mOCSP, #x, INT2NUM(OCSP_##x))
742 DefOCSPConst(RESPONSE_STATUS_SUCCESSFUL);
743 DefOCSPConst(RESPONSE_STATUS_MALFORMEDREQUEST);
744 DefOCSPConst(RESPONSE_STATUS_INTERNALERROR);
745 DefOCSPConst(RESPONSE_STATUS_TRYLATER);
746 DefOCSPConst(RESPONSE_STATUS_SIGREQUIRED);
747 DefOCSPConst(RESPONSE_STATUS_UNAUTHORIZED);
749 DefOCSPConst(REVOKED_STATUS_NOSTATUS);
750 DefOCSPConst(REVOKED_STATUS_UNSPECIFIED);
751 DefOCSPConst(REVOKED_STATUS_KEYCOMPROMISE);
752 DefOCSPConst(REVOKED_STATUS_CACOMPROMISE);
753 DefOCSPConst(REVOKED_STATUS_AFFILIATIONCHANGED);
754 DefOCSPConst(REVOKED_STATUS_SUPERSEDED);
755 DefOCSPConst(REVOKED_STATUS_CESSATIONOFOPERATION);
756 DefOCSPConst(REVOKED_STATUS_CERTIFICATEHOLD);
757 DefOCSPConst(REVOKED_STATUS_REMOVEFROMCRL);
759 DefOCSPConst(NOCERTS);
760 DefOCSPConst(NOINTERN);
761 DefOCSPConst(NOSIGS);
762 DefOCSPConst(NOCHAIN);
763 DefOCSPConst(NOVERIFY);
764 DefOCSPConst(NOEXPLICIT);
765 DefOCSPConst(NOCASIGN);
766 DefOCSPConst(NODELEGATED);
767 DefOCSPConst(NOCHECKS);
768 DefOCSPConst(TRUSTOTHER);
769 DefOCSPConst(RESPID_KEY);
770 DefOCSPConst(NOTIME);
772 #define DefOCSPVConst(x) rb_define_const(mOCSP, "V_" #x, INT2NUM(V_OCSP_##x))
774 DefOCSPVConst(CERTSTATUS_GOOD);
775 DefOCSPVConst(CERTSTATUS_REVOKED);
776 DefOCSPVConst(CERTSTATUS_UNKNOWN);
777 DefOCSPVConst(RESPID_NAME);
778 DefOCSPVConst(RESPID_KEY);
void rb_define_singleton_method(VALUE obj, const char *name, VALUE(*func)(ANYARGS), int argc)
Defines a singleton method for obj.
EVP_PKEY * GetPrivPKeyPtr(VALUE obj)
#define ossl_str_adjust(str, p)
VALUE rb_ary_push(VALUE ary, VALUE item)
VALUE rb_protect(VALUE(*proc)(VALUE), VALUE data, int *state)
VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)
Defines a class under the namespace of outer.
void rb_define_alloc_func(VALUE, rb_alloc_func_t)
VALUE asn1time_to_time(ASN1_TIME *time)
X509_EXTENSION * DupX509ExtPtr(VALUE)
STACK_OF(X509)*ossl_x509_ary2sk0(VALUE)
X509 * GetX509CertPtr(VALUE)
VALUE ossl_to_der_if_possible(VALUE obj)
RUBY_EXTERN VALUE rb_cObject
const EVP_MD * GetDigestPtr(VALUE obj)
VALUE ossl_x509ext_new(X509_EXTENSION *)
int rb_scan_args(int argc, const VALUE *argv, const char *fmt,...)
void rb_jump_tag(int tag)
X509_STORE * GetX509StorePtr(VALUE)
VALUE rb_define_module_under(VALUE outer, const char *name)
#define OSSL_Check_Kind(obj, klass)
void ossl_raise(VALUE exc, const char *fmt,...)
#define RSTRING_LENINT(str)
VALUE asn1integer_to_num(ASN1_INTEGER *ai)
void rb_define_method(VALUE klass, const char *name, VALUE(*func)(ANYARGS), int argc)
VALUE rb_str_new2(const char *)
void rb_warn(const char *fmt,...)
VALUE rb_str_new(const char *, long)