search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* io.c (rb_open_file): encoding in mode string was ignored if perm is
[ruby-svn.git] / ext / openssl / ossl_ocsp.c
blob6c6b5e8c42bf116ae7412c993d126bca2a63ba24
1 /*
2 * $Id$
3 * 'OpenSSL for Ruby' project
4 * Copyright (C) 2003 Michal Rokos <m.rokos@sh.cvut.cz>
5 * Copyright (C) 2003 GOTOU Yuuzou <gotoyuzo@notwork.org>
6 * All rights reserved.
7 */
8 /*
9 * This program is licenced under the same licence as Ruby.
10 * (See the file 'LICENCE'.)
11 */
12 #include "ossl.h"
13
14 #if defined(OSSL_OCSP_ENABLED)
15
16 #define WrapOCSPReq(klass, obj, req) do { \
17 if(!req) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
18 obj = Data_Wrap_Struct(klass, 0, OCSP_REQUEST_free, req); \
19 } while (0)
20 #define GetOCSPReq(obj, req) do { \
21 Data_Get_Struct(obj, OCSP_REQUEST, req); \
22 if(!req) ossl_raise(rb_eRuntimeError, "Request wasn't initialized!"); \
23 } while (0)
24 #define SafeGetOCSPReq(obj, req) do { \
25 OSSL_Check_Kind(obj, cOCSPReq); \
26 GetOCSPReq(obj, req); \
27 } while (0)
28
29 #define WrapOCSPRes(klass, obj, res) do { \
30 if(!res) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
31 obj = Data_Wrap_Struct(klass, 0, OCSP_RESPONSE_free, res); \
32 } while (0)
33 #define GetOCSPRes(obj, res) do { \
34 Data_Get_Struct(obj, OCSP_RESPONSE, res); \
35 if(!res) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
36 } while (0)
37 #define SafeGetOCSPRes(obj, res) do { \
38 OSSL_Check_Kind(obj, cOCSPRes); \
39 GetOCSPRes(obj, res); \
40 } while (0)
41
42 #define WrapOCSPBasicRes(klass, obj, res) do { \
43 if(!res) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
44 obj = Data_Wrap_Struct(klass, 0, OCSP_BASICRESP_free, res); \
45 } while (0)
46 #define GetOCSPBasicRes(obj, res) do { \
47 Data_Get_Struct(obj, OCSP_BASICRESP, res); \
48 if(!res) ossl_raise(rb_eRuntimeError, "Response wasn't initialized!"); \
49 } while (0)
50 #define SafeGetOCSPBasicRes(obj, res) do { \
51 OSSL_Check_Kind(obj, cOCSPBasicRes); \
52 GetOCSPBasicRes(obj, res); \
53 } while (0)
54
55 #define WrapOCSPCertId(klass, obj, cid) do { \
56 if(!cid) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
57 obj = Data_Wrap_Struct(klass, 0, OCSP_CERTID_free, cid); \
58 } while (0)
59 #define GetOCSPCertId(obj, cid) do { \
60 Data_Get_Struct(obj, OCSP_CERTID, cid); \
61 if(!cid) ossl_raise(rb_eRuntimeError, "Cert ID wasn't initialized!"); \
62 } while (0)
63 #define SafeGetOCSPCertId(obj, cid) do { \
64 OSSL_Check_Kind(obj, cOCSPCertId); \
65 GetOCSPCertId(obj, cid); \
66 } while (0)
67
68 VALUE mOCSP;
69 VALUE eOCSPError;
70 VALUE cOCSPReq;
71 VALUE cOCSPRes;
72 VALUE cOCSPBasicRes;
73 VALUE cOCSPCertId;
74
75 /*
76 * Public
77 */
78 static VALUE
79 ossl_ocspcertid_new(OCSP_CERTID *cid)
80 {
81 VALUE obj;
82 WrapOCSPCertId(cOCSPCertId, obj, cid);
83 return obj;
84 }
85
86 /*
87 * OCSP::Resquest
88 */
89 static VALUE
90 ossl_ocspreq_alloc(VALUE klass)
91 {
92 OCSP_REQUEST *req;
93 VALUE obj;
94
95 if (!(req = OCSP_REQUEST_new()))
96 ossl_raise(eOCSPError, NULL);
97 WrapOCSPReq(klass, obj, req);
98
99 return obj;
100 }
101
102 static VALUE
103 ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self)
104 {
105 VALUE arg;
106 const unsigned char *p;
107
108 rb_scan_args(argc, argv, "01", &arg);
109 if(!NIL_P(arg)){
110 OCSP_REQUEST *req = DATA_PTR(self);
111 arg = ossl_to_der_if_possible(arg);
112 StringValue(arg);
113 p = (unsigned char*)RSTRING_PTR(arg);
114 if(!d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)) && (DATA_PTR(self) = req, 1)){
115 ossl_raise(eOCSPError, "cannot load DER encoded request");
116 }
117 }
118
119 return self;
120 }
121
122 static VALUE
123 ossl_ocspreq_add_nonce(int argc, VALUE *argv, VALUE self)
124 {
125 OCSP_REQUEST *req;
126 VALUE val;
127 int ret;
128
129 rb_scan_args(argc, argv, "01", &val);
130 if(NIL_P(val)) {
131 GetOCSPReq(self, req);
132 ret = OCSP_request_add1_nonce(req, NULL, -1);
133 }
134 else{
135 StringValue(val);
136 GetOCSPReq(self, req);
137 ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val));
138 }
139 if(!ret) ossl_raise(eOCSPError, NULL);
140
141 return self;
142 }
143
144 /* Check nonce validity in a request and response.
145 * Return value reflects result:
146 * 1: nonces present and equal.
147 * 2: nonces both absent.
148 * 3: nonce present in response only.
149 * 0: nonces both present and not equal.
150 * -1: nonce in request only.
151 *
152 * For most responders clients can check return > 0.
153 * If responder doesn't handle nonces return != 0 may be
154 * necessary. return == 0 is always an error.
155 */
156 static VALUE
157 ossl_ocspreq_check_nonce(VALUE self, VALUE basic_resp)
158 {
159 OCSP_REQUEST *req;
160 OCSP_BASICRESP *bs;
161 int res;
162
163 GetOCSPReq(self, req);
164 SafeGetOCSPBasicRes(basic_resp, bs);
165 res = OCSP_check_nonce(req, bs);
166
167 return INT2NUM(res);
168 }
169
170 static VALUE
171 ossl_ocspreq_add_certid(VALUE self, VALUE certid)
172 {
173 OCSP_REQUEST *req;
174 OCSP_CERTID *id;
175
176 GetOCSPReq(self, req);
177 GetOCSPCertId(certid, id);
178 if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id)))
179 ossl_raise(eOCSPError, NULL);
180
181 return self;
182 }
183
184 static VALUE
185 ossl_ocspreq_get_certid(VALUE self)
186 {
187 OCSP_REQUEST *req;
188 OCSP_ONEREQ *one;
189 OCSP_CERTID *id;
190 VALUE ary, tmp;
191 int i, count;
192
193 GetOCSPReq(self, req);
194 count = OCSP_request_onereq_count(req);
195 ary = (count > 0) ? rb_ary_new() : Qnil;
196 for(i = 0; i < count; i++){
197 one = OCSP_request_onereq_get0(req, i);
198 if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
199 ossl_raise(eOCSPError, NULL);
200 WrapOCSPCertId(cOCSPCertId, tmp, id);
201 rb_ary_push(ary, tmp);
202 }
203
204 return ary;
205 }
206
207 static VALUE
208 ossl_ocspreq_sign(int argc, VALUE *argv, VALUE self)
209 {
210 VALUE signer_cert, signer_key, certs, flags;
211 OCSP_REQUEST *req;
212 X509 *signer;
213 EVP_PKEY *key;
214 STACK_OF(X509) *x509s;
215 unsigned long flg;
216 int ret;
217
218 rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
219 signer = GetX509CertPtr(signer_cert);
220 key = GetPrivPKeyPtr(signer_key);
221 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
222 if(NIL_P(certs)){
223 x509s = sk_X509_new_null();
224 flags |= OCSP_NOCERTS;
225 }
226 else x509s = ossl_x509_ary2sk(certs);
227 GetOCSPReq(self, req);
228 ret = OCSP_request_sign(req, signer, key, EVP_sha1(), x509s, flg);
229 sk_X509_pop_free(x509s, X509_free);
230 if(!ret) ossl_raise(eOCSPError, NULL);
231
232 return self;
233 }
234
235 static VALUE
236 ossl_ocspreq_verify(int argc, VALUE *argv, VALUE self)
237 {
238 VALUE certs, store, flags;
239 OCSP_REQUEST *req;
240 STACK_OF(X509) *x509s;
241 X509_STORE *x509st;
242 int flg, result;
243
244 rb_scan_args(argc, argv, "21", &certs, &store, &flags);
245 x509st = GetX509StorePtr(store);
246 flg = NIL_P(flags) ? 0 : INT2NUM(flags);
247 x509s = ossl_x509_ary2sk(certs);
248 GetOCSPReq(self, req);
249 result = OCSP_request_verify(req, x509s, x509st, flg);
250 sk_X509_pop_free(x509s, X509_free);
251 if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
252
253 return result ? Qtrue : Qfalse;
254 }
255
256 static VALUE
257 ossl_ocspreq_to_der(VALUE self)
258 {
259 OCSP_REQUEST *req;
260 VALUE str;
261 unsigned char *p;
262 long len;
263
264 GetOCSPReq(self, req);
265 if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0)
266 ossl_raise(eOCSPError, NULL);
267 str = rb_str_new(0, len);
268 p = (unsigned char *)RSTRING_PTR(str);
269 if(i2d_OCSP_REQUEST(req, &p) <= 0)
270 ossl_raise(eOCSPError, NULL);
271 ossl_str_adjust(str, p);
272
273 return str;
274 }
275
276 /*
277 * OCSP::Response
278 */
279 static VALUE
280 ossl_ocspres_s_create(VALUE klass, VALUE status, VALUE basic_resp)
281 {
282 OCSP_BASICRESP *bs;
283 OCSP_RESPONSE *res;
284 VALUE obj;
285 int st = NUM2INT(status);
286
287 if(NIL_P(basic_resp)) bs = NULL;
288 else GetOCSPBasicRes(basic_resp, bs); /* NO NEED TO DUP */
289 if(!(res = OCSP_response_create(st, bs)))
290 ossl_raise(eOCSPError, NULL);
291 WrapOCSPRes(klass, obj, res);
292
293 return obj;
294 }
295
296 static VALUE
297 ossl_ocspres_alloc(VALUE klass)
298 {
299 OCSP_RESPONSE *res;
300 VALUE obj;
301
302 if(!(res = OCSP_RESPONSE_new()))
303 ossl_raise(eOCSPError, NULL);
304 WrapOCSPRes(klass, obj, res);
305
306 return obj;
307 }
308
309 static VALUE
310 ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self)
311 {
312 VALUE arg;
313 const unsigned char *p;
314
315 rb_scan_args(argc, argv, "01", &arg);
316 if(!NIL_P(arg)){
317 OCSP_RESPONSE *res = DATA_PTR(self);
318 arg = ossl_to_der_if_possible(arg);
319 StringValue(arg);
320 p = (unsigned char *)RSTRING_PTR(arg);
321 if(!d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg)) &&
322 (DATA_PTR(self) = res, 1)){
323 ossl_raise(eOCSPError, "cannot load DER encoded response");
324 }
325 }
326
327 return self;
328 }
329
330 static VALUE
331 ossl_ocspres_status(VALUE self)
332 {
333 OCSP_RESPONSE *res;
334 int st;
335
336 GetOCSPRes(self, res);
337 st = OCSP_response_status(res);
338
339 return INT2NUM(st);
340 }
341
342 static VALUE
343 ossl_ocspres_status_string(VALUE self)
344 {
345 OCSP_RESPONSE *res;
346 int st;
347
348 GetOCSPRes(self, res);
349 st = OCSP_response_status(res);
350
351 return rb_str_new2(OCSP_response_status_str(st));
352 }
353
354 static VALUE
355 ossl_ocspres_get_basic(VALUE self)
356 {
357 OCSP_RESPONSE *res;
358 OCSP_BASICRESP *bs;
359 VALUE ret;
360
361 GetOCSPRes(self, res);
362 if(!(bs = OCSP_response_get1_basic(res)))
363 return Qnil;
364 WrapOCSPBasicRes(cOCSPBasicRes, ret, bs);
365
366 return ret;
367 }
368
369 static VALUE
370 ossl_ocspres_to_der(VALUE self)
371 {
372 OCSP_RESPONSE *res;
373 VALUE str;
374 long len;
375 unsigned char *p;
376
377 GetOCSPRes(self, res);
378 if((len = i2d_OCSP_RESPONSE(res, NULL)) <= 0)
379 ossl_raise(eOCSPError, NULL);
380 str = rb_str_new(0, len);
381 p = (unsigned char *)RSTRING_PTR(str);
382 if(i2d_OCSP_RESPONSE(res, NULL) <= 0)
383 ossl_raise(eOCSPError, NULL);
384 ossl_str_adjust(str, p);
385
386 return str;
387 }
388
389 /*
390 * OCSP::BasicResponse
391 */
392 static VALUE
393 ossl_ocspbres_alloc(VALUE klass)
394 {
395 OCSP_BASICRESP *bs;
396 VALUE obj;
397
398 if(!(bs = OCSP_BASICRESP_new()))
399 ossl_raise(eOCSPError, NULL);
400 WrapOCSPBasicRes(klass, obj, bs);
401
402 return obj;
403 }
404
405 static VALUE
406 ossl_ocspbres_initialize(int argc, VALUE *argv, VALUE self)
407 {
408 return self;
409 }
410
411 static VALUE
412 ossl_ocspbres_copy_nonce(VALUE self, VALUE request)
413 {
414 OCSP_BASICRESP *bs;
415 OCSP_REQUEST *req;
416 int ret;
417
418 GetOCSPBasicRes(self, bs);
419 SafeGetOCSPReq(request, req);
420 ret = OCSP_copy_nonce(bs, req);
421
422 return INT2NUM(ret);
423 }
424
425 static VALUE
426 ossl_ocspbres_add_nonce(int argc, VALUE *argv, VALUE self)
427 {
428 OCSP_BASICRESP *bs;
429 VALUE val;
430 int ret;
431
432 rb_scan_args(argc, argv, "01", &val);
433 if(NIL_P(val)) {
434 GetOCSPBasicRes(self, bs);
435 ret = OCSP_basic_add1_nonce(bs, NULL, -1);
436 }
437 else{
438 StringValue(val);
439 GetOCSPBasicRes(self, bs);
440 ret = OCSP_basic_add1_nonce(bs, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val));
441 }
442 if(!ret) ossl_raise(eOCSPError, NULL);
443
444 return self;
445 }
446
447 static VALUE
448 ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
449 VALUE reason, VALUE revtime,
450 VALUE thisupd, VALUE nextupd, VALUE ext)
451 {
452 OCSP_BASICRESP *bs;
453 OCSP_SINGLERESP *single;
454 OCSP_CERTID *id;
455 int st, rsn;
456 ASN1_TIME *ths, *nxt, *rev;
457 int error, i, rstatus = 0;
458 VALUE tmp;
459
460 st = NUM2INT(status);
461 rsn = NIL_P(status) ? 0 : NUM2INT(reason);
462 if(!NIL_P(ext)){
463 /* All ary's members should be X509Extension */
464 Check_Type(ext, T_ARRAY);
465 for (i = 0; i < RARRAY_LEN(ext); i++)
466 OSSL_Check_Kind(RARRAY_PTR(ext)[i], cX509Ext);
467 }
468
469 error = 0;
470 ths = nxt = rev = NULL;
471 if(!NIL_P(revtime)){
472 tmp = rb_protect(rb_Integer, revtime, &rstatus);
473 if(rstatus) goto err;
474 rev = X509_gmtime_adj(NULL, NUM2INT(tmp));
475 }
476 tmp = rb_protect(rb_Integer, thisupd, &rstatus);
477 if(rstatus) goto err;
478 ths = X509_gmtime_adj(NULL, NUM2INT(tmp));
479 tmp = rb_protect(rb_Integer, nextupd, &rstatus);
480 if(rstatus) goto err;
481 nxt = X509_gmtime_adj(NULL, NUM2INT(tmp));
482
483 GetOCSPBasicRes(self, bs);
484 SafeGetOCSPCertId(cid, id);
485 if(!(single = OCSP_basic_add1_status(bs, id, st, rsn, rev, ths, nxt))){
486 error = 1;
487 goto err;
488 }
489
490 if(!NIL_P(ext)){
491 X509_EXTENSION *x509ext;
492 sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
493 single->singleExtensions = NULL;
494 for(i = 0; i < RARRAY_LEN(ext); i++){
495 x509ext = DupX509ExtPtr(RARRAY_PTR(ext)[i]);
496 if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
497 X509_EXTENSION_free(x509ext);
498 error = 1;
499 goto err;
500 }
501 X509_EXTENSION_free(x509ext);
502 }
503 }
504
505 err:
506 ASN1_TIME_free(ths);
507 ASN1_TIME_free(nxt);
508 ASN1_TIME_free(rev);
509 if(error) ossl_raise(eOCSPError, NULL);
510 if(rstatus) rb_jump_tag(rstatus);
511
512 return self;
513 }
514
515 static VALUE
516 ossl_ocspbres_get_status(VALUE self)
517 {
518 OCSP_BASICRESP *bs;
519 OCSP_SINGLERESP *single;
520 OCSP_CERTID *cid;
521 ASN1_TIME *revtime, *thisupd, *nextupd;
522 int status, reason;
523 X509_EXTENSION *x509ext;
524 VALUE ret, ary, ext;
525 int count, ext_count, i, j;
526
527 GetOCSPBasicRes(self, bs);
528 ret = rb_ary_new();
529 count = OCSP_resp_count(bs);
530 for(i = 0; i < count; i++){
531 single = OCSP_resp_get0(bs, i);
532 if(!single) continue;
533
534 revtime = thisupd = nextupd = NULL;
535 status = OCSP_single_get0_status(single, &reason, &revtime,
536 &thisupd, &nextupd);
537 if(status < 0) continue;
538 if(!(cid = OCSP_CERTID_dup(single->certId)))
539 ossl_raise(eOCSPError, NULL);
540 ary = rb_ary_new();
541 rb_ary_push(ary, ossl_ocspcertid_new(cid));
542 rb_ary_push(ary, INT2NUM(status));
543 rb_ary_push(ary, INT2NUM(reason));
544 rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil);
545 rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil);
546 rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil);
547 ext = rb_ary_new();
548 ext_count = OCSP_SINGLERESP_get_ext_count(single);
549 for(j = 0; j < ext_count; j++){
550 x509ext = OCSP_SINGLERESP_get_ext(single, j);
551 rb_ary_push(ext, ossl_x509ext_new(x509ext));
552 }
553 rb_ary_push(ary, ext);
554 rb_ary_push(ret, ary);
555 }
556
557 return ret;
558 }
559
560 static VALUE
561 ossl_ocspbres_sign(int argc, VALUE *argv, VALUE self)
562 {
563 VALUE signer_cert, signer_key, certs, flags;
564 OCSP_BASICRESP *bs;
565 X509 *signer;
566 EVP_PKEY *key;
567 STACK_OF(X509) *x509s;
568 unsigned long flg;
569 int ret;
570
571 rb_scan_args(argc, argv, "22", &signer_cert, &signer_key, &certs, &flags);
572 signer = GetX509CertPtr(signer_cert);
573 key = GetPrivPKeyPtr(signer_key);
574 flg = NIL_P(flags) ? 0 : NUM2INT(flags);
575 if(NIL_P(certs)){
576 x509s = sk_X509_new_null();
577 flg |= OCSP_NOCERTS;
578 }
579 else{
580 x509s = ossl_x509_ary2sk(certs);
581 }
582 GetOCSPBasicRes(self, bs);
583 ret = OCSP_basic_sign(bs, signer, key, EVP_sha1(), x509s, flg);
584 sk_X509_pop_free(x509s, X509_free);
585 if(!ret) ossl_raise(eOCSPError, NULL);
586
587 return self;
588 }
589
590 static VALUE
591 ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
592 {
593 VALUE certs, store, flags;
594 OCSP_BASICRESP *bs;
595 STACK_OF(X509) *x509s;
596 X509_STORE *x509st;
597 int flg, result;
598
599 rb_scan_args(argc, argv, "21", &certs, &store, &flags);
600 x509st = GetX509StorePtr(store);
601 flg = NIL_P(flags) ? 0 : INT2NUM(flags);
602 x509s = ossl_x509_ary2sk(certs);
603 GetOCSPBasicRes(self, bs);
604 result = OCSP_basic_verify(bs, x509s, x509st, flg);
605 sk_X509_pop_free(x509s, X509_free);
606 if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
607
608 return result ? Qtrue : Qfalse;
609 }
610
611 /*
612 * OCSP::CertificateId
613 */
614 static VALUE
615 ossl_ocspcid_alloc(VALUE klass)
616 {
617 OCSP_CERTID *id;
618 VALUE obj;
619
620 if(!(id = OCSP_CERTID_new()))
621 ossl_raise(eOCSPError, NULL);
622 WrapOCSPCertId(klass, obj, id);
623
624 return obj;
625 }
626
627 static VALUE
628 ossl_ocspcid_initialize(VALUE self, VALUE subject, VALUE issuer)
629 {
630 OCSP_CERTID *id, *newid;
631 X509 *x509s, *x509i;
632
633 x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
634 x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
635 if(!(newid = OCSP_cert_to_id(NULL, x509s, x509i)))
636 ossl_raise(eOCSPError, NULL);
637 GetOCSPCertId(self, id);
638 OCSP_CERTID_free(id);
639 RDATA(self)->data = newid;
640
641 return self;
642 }
643
644 static VALUE
645 ossl_ocspcid_cmp(VALUE self, VALUE other)
646 {
647 OCSP_CERTID *id, *id2;
648 int result;
649
650 GetOCSPCertId(self, id);
651 SafeGetOCSPCertId(other, id2);
652 result = OCSP_id_cmp(id, id2);
653
654 return (result == 0) ? Qtrue : Qfalse;
655 }
656
657 static VALUE
658 ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
659 {
660 OCSP_CERTID *id, *id2;
661 int result;
662
663 GetOCSPCertId(self, id);
664 SafeGetOCSPCertId(other, id2);
665 result = OCSP_id_issuer_cmp(id, id2);
666
667 return (result == 0) ? Qtrue : Qfalse;
668 }
669
670 static VALUE
671 ossl_ocspcid_get_serial(VALUE self)
672 {
673 OCSP_CERTID *id;
674
675 GetOCSPCertId(self, id);
676
677 return asn1integer_to_num(id->serialNumber);
678 }
679
680 void
681 Init_ossl_ocsp()
682 {
683 mOCSP = rb_define_module_under(mOSSL, "OCSP");
684
685 eOCSPError = rb_define_class_under(mOCSP, "OCSPError", eOSSLError);
686
687 cOCSPReq = rb_define_class_under(mOCSP, "Request", rb_cObject);
688 rb_define_alloc_func(cOCSPReq, ossl_ocspreq_alloc);
689 rb_define_method(cOCSPReq, "initialize", ossl_ocspreq_initialize, -1);
690 rb_define_method(cOCSPReq, "add_nonce", ossl_ocspreq_add_nonce, -1);
691 rb_define_method(cOCSPReq, "check_nonce", ossl_ocspreq_check_nonce, 1);
692 rb_define_method(cOCSPReq, "add_certid", ossl_ocspreq_add_certid, 1);
693 rb_define_method(cOCSPReq, "certid", ossl_ocspreq_get_certid, 0);
694 rb_define_method(cOCSPReq, "sign", ossl_ocspreq_sign, -1);
695 rb_define_method(cOCSPReq, "verify", ossl_ocspreq_verify, -1);
696 rb_define_method(cOCSPReq, "to_der", ossl_ocspreq_to_der, 0);
697
698 cOCSPRes = rb_define_class_under(mOCSP, "Response", rb_cObject);
699 rb_define_singleton_method(cOCSPRes, "create", ossl_ocspres_s_create, 2);
700 rb_define_alloc_func(cOCSPRes, ossl_ocspres_alloc);
701 rb_define_method(cOCSPRes, "initialize", ossl_ocspres_initialize, -1);
702 rb_define_method(cOCSPRes, "status", ossl_ocspres_status, 0);
703 rb_define_method(cOCSPRes, "status_string", ossl_ocspres_status_string, 0);
704 rb_define_method(cOCSPRes, "basic", ossl_ocspres_get_basic, 0);
705 rb_define_method(cOCSPRes, "to_der", ossl_ocspres_to_der, 0);
706
707 cOCSPBasicRes = rb_define_class_under(mOCSP, "BasicResponse", rb_cObject);
708 rb_define_alloc_func(cOCSPBasicRes, ossl_ocspbres_alloc);
709 rb_define_method(cOCSPBasicRes, "initialize", ossl_ocspbres_initialize, -1);
710 rb_define_method(cOCSPBasicRes, "copy_nonce", ossl_ocspbres_copy_nonce, 1);
711 rb_define_method(cOCSPBasicRes, "add_nonce", ossl_ocspbres_add_nonce, -1);
712 rb_define_method(cOCSPBasicRes, "add_status", ossl_ocspbres_add_status, 7);
713 rb_define_method(cOCSPBasicRes, "status", ossl_ocspbres_get_status, 0);
714 rb_define_method(cOCSPBasicRes, "sign", ossl_ocspbres_sign, -1);
715 rb_define_method(cOCSPBasicRes, "verify", ossl_ocspbres_verify, -1);
716
717 cOCSPCertId = rb_define_class_under(mOCSP, "CertificateId", rb_cObject);
718 rb_define_alloc_func(cOCSPCertId, ossl_ocspcid_alloc);
719 rb_define_method(cOCSPCertId, "initialize", ossl_ocspcid_initialize, 2);
720 rb_define_method(cOCSPCertId, "cmp", ossl_ocspcid_cmp, 1);
721 rb_define_method(cOCSPCertId, "cmp_issuer", ossl_ocspcid_cmp_issuer, 1);
722 rb_define_method(cOCSPCertId, "serial", ossl_ocspcid_get_serial, 0);
723
724 #define DefOCSPConst(x) rb_define_const(mOCSP, #x, INT2NUM(OCSP_##x))
725
726 DefOCSPConst(RESPONSE_STATUS_SUCCESSFUL);
727 DefOCSPConst(RESPONSE_STATUS_MALFORMEDREQUEST);
728 DefOCSPConst(RESPONSE_STATUS_INTERNALERROR);
729 DefOCSPConst(RESPONSE_STATUS_TRYLATER);
730 DefOCSPConst(RESPONSE_STATUS_SIGREQUIRED);
731 DefOCSPConst(RESPONSE_STATUS_UNAUTHORIZED);
732
733 DefOCSPConst(REVOKED_STATUS_NOSTATUS);
734 DefOCSPConst(REVOKED_STATUS_UNSPECIFIED);
735 DefOCSPConst(REVOKED_STATUS_KEYCOMPROMISE);
736 DefOCSPConst(REVOKED_STATUS_CACOMPROMISE);
737 DefOCSPConst(REVOKED_STATUS_AFFILIATIONCHANGED);
738 DefOCSPConst(REVOKED_STATUS_SUPERSEDED);
739 DefOCSPConst(REVOKED_STATUS_CESSATIONOFOPERATION);
740 DefOCSPConst(REVOKED_STATUS_CERTIFICATEHOLD);
741 DefOCSPConst(REVOKED_STATUS_REMOVEFROMCRL);
742
743 DefOCSPConst(NOCERTS);
744 DefOCSPConst(NOINTERN);
745 DefOCSPConst(NOSIGS);
746 DefOCSPConst(NOCHAIN);
747 DefOCSPConst(NOVERIFY);
748 DefOCSPConst(NOEXPLICIT);
749 DefOCSPConst(NOCASIGN);
750 DefOCSPConst(NODELEGATED);
751 DefOCSPConst(NOCHECKS);
752 DefOCSPConst(TRUSTOTHER);
753 DefOCSPConst(RESPID_KEY);
754 DefOCSPConst(NOTIME);
755
756 #define DefOCSPVConst(x) rb_define_const(mOCSP, "V_" #x, INT2NUM(V_OCSP_##x))
757
758 DefOCSPVConst(CERTSTATUS_GOOD);
759 DefOCSPVConst(CERTSTATUS_REVOKED);
760 DefOCSPVConst(CERTSTATUS_UNKNOWN);
761 DefOCSPVConst(RESPID_NAME);
762 DefOCSPVConst(RESPID_KEY);
763 }
764
765 #else /* ! OSSL_OCSP_ENABLED */
766 void
767 Init_ossl_ocsp()
768 {
769 }
770 #endif
ruby svn mirror