13 #if !defined(OPENSSL_NO_OCSP)
15 #define NewOCSPReq(klass) \
16 TypedData_Wrap_Struct((klass), &ossl_ocsp_request_type, 0)
17 #define SetOCSPReq(obj, req) do { \
18 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
19 RTYPEDDATA_DATA(obj) = (req); \
21 #define GetOCSPReq(obj, req) do { \
22 TypedData_Get_Struct((obj), OCSP_REQUEST, &ossl_ocsp_request_type, (req)); \
23 if(!(req)) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
26 #define NewOCSPRes(klass) \
27 TypedData_Wrap_Struct((klass), &ossl_ocsp_response_type, 0)
28 #define SetOCSPRes(obj, res) do { \
29 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
30 RTYPEDDATA_DATA(obj) = (res); \
32 #define GetOCSPRes(obj, res) do { \
33 TypedData_Get_Struct((obj), OCSP_RESPONSE, &ossl_ocsp_response_type, (res)); \
34 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
37 #define NewOCSPBasicRes(klass) \
38 TypedData_Wrap_Struct((klass), &ossl_ocsp_basicresp_type, 0)
39 #define SetOCSPBasicRes(obj, res) do { \
40 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
41 RTYPEDDATA_DATA(obj) = (res); \
43 #define GetOCSPBasicRes(obj, res) do { \
44 TypedData_Get_Struct((obj), OCSP_BASICRESP, &ossl_ocsp_basicresp_type, (res)); \
45 if(!(res)) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
48 #define NewOCSPSingleRes(klass) \
49 TypedData_Wrap_Struct((klass), &ossl_ocsp_singleresp_type, 0)
50 #define SetOCSPSingleRes(obj, res) do { \
51 if(!(res)) ossl_raise(rb_eRuntimeError, "SingleResponse wasn't initialized!"); \
52 RTYPEDDATA_DATA(obj) = (res); \
54 #define GetOCSPSingleRes(obj, res) do { \
55 TypedData_Get_Struct((obj), OCSP_SINGLERESP, &ossl_ocsp_singleresp_type, (res)); \
56 if(!(res)) ossl_raise(rb_eRuntimeError, "SingleResponse wasn't initialized!"); \
59 #define NewOCSPCertId(klass) \
60 TypedData_Wrap_Struct((klass), &ossl_ocsp_certid_type, 0)
61 #define SetOCSPCertId(obj, cid) do { \
62 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
63 RTYPEDDATA_DATA(obj) = (cid); \
65 #define GetOCSPCertId(obj, cid) do { \
66 TypedData_Get_Struct((obj), OCSP_CERTID, &ossl_ocsp_certid_type, (cid)); \
67 if(!(cid)) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
79 ossl_ocsp_request_free(
void *
ptr)
81 OCSP_REQUEST_free(
ptr);
85 "OpenSSL/OCSP/REQUEST",
87 0, ossl_ocsp_request_free,
93 ossl_ocsp_response_free(
void *
ptr)
95 OCSP_RESPONSE_free(
ptr);
99 "OpenSSL/OCSP/RESPONSE",
101 0, ossl_ocsp_response_free,
107 ossl_ocsp_basicresp_free(
void *
ptr)
109 OCSP_BASICRESP_free(
ptr);
113 "OpenSSL/OCSP/BASICRESP",
115 0, ossl_ocsp_basicresp_free,
121 ossl_ocsp_singleresp_free(
void *
ptr)
123 OCSP_SINGLERESP_free(
ptr);
127 "OpenSSL/OCSP/SINGLERESP",
129 0, ossl_ocsp_singleresp_free,
135 ossl_ocsp_certid_free(
void *
ptr)
137 OCSP_CERTID_free(
ptr);
141 "OpenSSL/OCSP/CERTID",
143 0, ossl_ocsp_certid_free,
152 ossl_ocspcertid_new(OCSP_CERTID *cid)
169 if (!(req = OCSP_REQUEST_new()))
177 ossl_ocspreq_initialize_copy(
VALUE self,
VALUE other)
179 OCSP_REQUEST *req, *req_old, *req_new;
185 req_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_REQUEST), req);
190 OCSP_REQUEST_free(req_old);
208 OCSP_REQUEST *req, *req_new;
209 const unsigned char *p;
221 OCSP_REQUEST_free(req);
248 ret = OCSP_request_add1_nonce(req,
NULL, -1);
280 ossl_ocspreq_check_nonce(
VALUE self,
VALUE basic_resp)
288 res = OCSP_check_nonce(req, bs);
301 ossl_ocspreq_add_certid(
VALUE self,
VALUE certid)
304 OCSP_CERTID *
id, *id_new;
309 if (!(id_new = OCSP_CERTID_dup(
id)))
311 if (!OCSP_request_add0_id(req, id_new)) {
312 OCSP_CERTID_free(id_new);
327 ossl_ocspreq_get_certid(
VALUE self)
336 count = OCSP_request_onereq_count(req);
339 one = OCSP_request_onereq_get0(req,
i);
341 if(!(
id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
369 VALUE signer_cert, signer_key, certs, flags, digest;
374 unsigned long flg = 0;
391 x509s = ossl_x509_ary2sk(certs);
393 ret = OCSP_request_sign(req, signer,
key, md, x509s, flg);
394 sk_X509_pop_free(x509s, X509_free);
415 VALUE certs, store, flags;
425 x509s = ossl_x509_ary2sk(certs);
426 result = OCSP_request_verify(req, x509s, x509st, flg);
427 sk_X509_pop_free(x509s, X509_free);
439 ossl_ocspreq_to_der(
VALUE self)
447 if((
len = i2d_OCSP_REQUEST(req,
NULL)) <= 0)
451 if(i2d_OCSP_REQUEST(req, &p) <= 0)
466 ossl_ocspreq_signed_p(
VALUE self)
471 return OCSP_request_is_signed(req) ?
Qtrue :
Qfalse;
495 if(!(res = OCSP_response_create(
st, bs)))
509 if(!(res = OCSP_RESPONSE_new()))
517 ossl_ocspres_initialize_copy(
VALUE self,
VALUE other)
519 OCSP_RESPONSE *res, *res_old, *res_new;
525 res_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_RESPONSE), res);
530 OCSP_RESPONSE_free(res_old);
548 OCSP_RESPONSE *res, *res_new;
549 const unsigned char *p;
561 OCSP_RESPONSE_free(res);
575 ossl_ocspres_status(
VALUE self)
581 st = OCSP_response_status(res);
594 ossl_ocspres_status_string(
VALUE self)
600 st = OCSP_response_status(res);
613 ossl_ocspres_get_basic(
VALUE self)
621 if(!(bs = OCSP_response_get1_basic(res)))
636 ossl_ocspres_to_der(
VALUE self)
644 if((
len = i2d_OCSP_RESPONSE(res,
NULL)) <= 0)
648 if(i2d_OCSP_RESPONSE(res, &p) <= 0)
665 if(!(bs = OCSP_BASICRESP_new()))
673 ossl_ocspbres_initialize_copy(
VALUE self,
VALUE other)
675 OCSP_BASICRESP *bs, *bs_old, *bs_new;
681 bs_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
686 OCSP_BASICRESP_free(bs_old);
703 OCSP_BASICRESP *res, *res_new;
704 const unsigned char *p;
716 OCSP_BASICRESP_free(res);
731 ossl_ocspbres_copy_nonce(
VALUE self,
VALUE request)
739 ret = OCSP_copy_nonce(bs, req);
762 ret = OCSP_basic_add1_nonce(bs,
NULL, -1);
823 OCSP_SINGLERESP *single;
826 int st, rsn = 0,
error = 0, rstatus = 0;
839 if (
st == V_OCSP_CERTSTATUS_REVOKED) {
841 tmp =
rb_protect(add_status_convert_time, revtime, &rstatus);
842 if (rstatus)
goto err;
843 rev = (ASN1_TIME *)tmp;
846 tmp =
rb_protect(add_status_convert_time, thisupd, &rstatus);
847 if (rstatus)
goto err;
848 ths = (ASN1_TIME *)tmp;
850 if (!
NIL_P(nextupd)) {
851 tmp =
rb_protect(add_status_convert_time, nextupd, &rstatus);
852 if (rstatus)
goto err;
853 nxt = (ASN1_TIME *)tmp;
856 if(!(single = OCSP_basic_add1_status(bs,
id,
st, rsn, rev, ths, nxt))){
862 X509_EXTENSION *x509ext;
866 if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
896 ossl_ocspbres_get_status(
VALUE self)
899 OCSP_SINGLERESP *single;
901 ASN1_TIME *revtime, *thisupd, *nextupd;
903 X509_EXTENSION *x509ext;
905 int count, ext_count,
i, j;
909 count = OCSP_resp_count(bs);
911 single = OCSP_resp_get0(bs,
i);
912 if(!single)
continue;
914 revtime = thisupd = nextupd =
NULL;
915 status = OCSP_single_get0_status(single, &reason, &revtime,
917 if(status < 0)
continue;
928 ext_count = OCSP_SINGLERESP_get_ext_count(single);
929 for(j = 0; j < ext_count; j++){
930 x509ext = OCSP_SINGLERESP_get_ext(single, j);
940 static VALUE ossl_ocspsres_new(OCSP_SINGLERESP *);
950 ossl_ocspbres_get_responses(
VALUE self)
957 count = OCSP_resp_count(bs);
961 OCSP_SINGLERESP *sres, *sres_new;
963 sres = OCSP_resp_get0(bs,
i);
964 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
983 ossl_ocspbres_find_response(
VALUE self,
VALUE target)
986 OCSP_SINGLERESP *sres, *sres_new;
993 if ((
n = OCSP_resp_find(bs,
id, -1)) == -1)
996 sres = OCSP_resp_get0(bs,
n);
997 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
1001 return ossl_ocspsres_new(sres_new);
1020 VALUE signer_cert, signer_key, certs, flags, digest;
1025 unsigned long flg = 0;
1040 flg |= OCSP_NOCERTS;
1042 x509s = ossl_x509_ary2sk(certs);
1044 ret = OCSP_basic_sign(bs, signer,
key, md, x509s, flg);
1045 sk_X509_pop_free(x509s, X509_free);
1061 VALUE certs, store, flags;
1071 x509s = ossl_x509_ary2sk(certs);
1072 #if (OPENSSL_VERSION_NUMBER < 0x1000202fL) || defined(LIBRESSL_VERSION_NUMBER)
1095 if (!(flg & (OCSP_NOCHAIN | OCSP_NOVERIFY)) &&
1096 sk_X509_num(x509s) && sk_X509_num(bs->certs)) {
1099 bs = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_BASICRESP), bs);
1101 sk_X509_pop_free(x509s, X509_free);
1105 for (
i = 0;
i < sk_X509_num(x509s);
i++) {
1106 if (!OCSP_basic_add1_cert(bs, sk_X509_value(x509s,
i))) {
1107 sk_X509_pop_free(x509s, X509_free);
1108 OCSP_BASICRESP_free(bs);
1112 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1113 OCSP_BASICRESP_free(bs);
1116 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1119 result = OCSP_basic_verify(bs, x509s, x509st, flg);
1121 sk_X509_pop_free(x509s, X509_free);
1135 ossl_ocspbres_to_der(
VALUE self)
1137 OCSP_BASICRESP *res;
1143 if ((
len = i2d_OCSP_BASICRESP(res,
NULL)) <= 0)
1147 if (i2d_OCSP_BASICRESP(res, &p) <= 0)
1158 ossl_ocspsres_new(OCSP_SINGLERESP *sres)
1171 OCSP_SINGLERESP *sres;
1175 if (!(sres = OCSP_SINGLERESP_new()))
1191 OCSP_SINGLERESP *res, *res_new;
1192 const unsigned char *p;
1203 OCSP_SINGLERESP_free(res);
1209 ossl_ocspsres_initialize_copy(
VALUE self,
VALUE other)
1211 OCSP_SINGLERESP *sres, *sres_old, *sres_new;
1217 sres_new = ASN1_item_dup(ASN1_ITEM_rptr(OCSP_SINGLERESP), sres);
1222 OCSP_SINGLERESP_free(sres_old);
1246 OCSP_SINGLERESP *sres;
1247 ASN1_GENERALIZEDTIME *this_update, *next_update;
1248 VALUE nsec_v, maxsec_v;
1249 int nsec, maxsec, status, ret;
1256 status = OCSP_single_get0_status(sres,
NULL,
NULL, &this_update, &next_update);
1260 ret = OCSP_check_validity(this_update, next_update, nsec, maxsec);
1277 ossl_ocspsres_get_certid(
VALUE self)
1279 OCSP_SINGLERESP *sres;
1285 return ossl_ocspcertid_new(
id);
1303 ossl_ocspsres_get_cert_status(
VALUE self)
1305 OCSP_SINGLERESP *sres;
1321 ossl_ocspsres_get_this_update(
VALUE self)
1323 OCSP_SINGLERESP *sres;
1325 ASN1_GENERALIZEDTIME *
time;
1342 ossl_ocspsres_get_next_update(
VALUE self)
1344 OCSP_SINGLERESP *sres;
1346 ASN1_GENERALIZEDTIME *
time;
1363 ossl_ocspsres_get_revocation_time(
VALUE self)
1365 OCSP_SINGLERESP *sres;
1367 ASN1_GENERALIZEDTIME *
time;
1373 if (status != V_OCSP_CERTSTATUS_REVOKED)
1386 ossl_ocspsres_get_revocation_reason(
VALUE self)
1388 OCSP_SINGLERESP *sres;
1392 status = OCSP_single_get0_status(sres, &reason,
NULL,
NULL,
NULL);
1395 if (status != V_OCSP_CERTSTATUS_REVOKED)
1406 ossl_ocspsres_get_extensions(
VALUE self)
1408 OCSP_SINGLERESP *sres;
1409 X509_EXTENSION *ext;
1415 count = OCSP_SINGLERESP_get_ext_count(sres);
1418 ext = OCSP_SINGLERESP_get_ext(sres,
i);
1432 ossl_ocspsres_to_der(
VALUE self)
1434 OCSP_SINGLERESP *sres;
1440 if ((
len = i2d_OCSP_SINGLERESP(sres,
NULL)) <= 0)
1444 if (i2d_OCSP_SINGLERESP(sres, &p) <= 0)
1462 if(!(
id = OCSP_CERTID_new()))
1470 ossl_ocspcid_initialize_copy(
VALUE self,
VALUE other)
1472 OCSP_CERTID *cid, *cid_old, *cid_new;
1478 cid_new = OCSP_CERTID_dup(cid);
1483 OCSP_CERTID_free(cid_old);
1503 OCSP_CERTID *
id, *newid;
1504 VALUE subject, issuer, digest;
1509 const unsigned char *p;
1519 X509 *x509s, *x509i;
1526 newid = OCSP_cert_to_id(md, x509s, x509i);
1532 OCSP_CERTID_free(
id);
1547 OCSP_CERTID *
id, *id2;
1552 result = OCSP_id_cmp(
id, id2);
1566 ossl_ocspcid_cmp_issuer(
VALUE self,
VALUE other)
1568 OCSP_CERTID *
id, *id2;
1573 result = OCSP_id_issuer_cmp(
id, id2);
1586 ossl_ocspcid_get_serial(
VALUE self)
1589 ASN1_INTEGER *serial;
1605 ossl_ocspcid_get_issuer_name_hash(
VALUE self)
1608 ASN1_OCTET_STRING *name_hash;
1628 ossl_ocspcid_get_issuer_key_hash(
VALUE self)
1631 ASN1_OCTET_STRING *key_hash;
1651 ossl_ocspcid_get_hash_algorithm(
VALUE self)
1660 if (!(out = BIO_new(BIO_s_mem())))
1663 if (!i2a_ASN1_OBJECT(out, oid)) {
1677 ossl_ocspcid_to_der(
VALUE self)
1685 if ((
len = i2d_OCSP_CERTID(
id,
NULL)) <= 0)
1689 if (i2d_OCSP_CERTID(
id, &p) <= 0)