类 OpenSSL::OCSP::CertificateId

一个 OpenSSL::OCSP::CertificateId 用于标识证书,以便 CA 可以执行状态检查。

公共类方法

OpenSSL::OCSP::CertificateId.new(subject, issuer, digest = nil) → certificate_id 点击切换源代码
OpenSSL::OCSP::CertificateId.new(der_string) → certificate_id
OpenSSL::OCSP::CertificateId.new(obj) → certificate_id

为给定的 subjectissuer X509 证书创建一个新的 OpenSSL::OCSP::CertificateIddigest 是用于计算哈希值的摘要算法。默认值为 SHA-1。

如果只给出一个参数,则将其解码为证书 ID 的 DER 表示形式,或从响应 to_der 方法的对象生成证书 ID。

static VALUE
ossl_ocspcid_initialize(int argc, VALUE *argv, VALUE self)
{
    OCSP_CERTID *id, *newid;
    VALUE subject, issuer, digest;

    GetOCSPCertId(self, id);
    if (rb_scan_args(argc, argv, "12", &subject, &issuer, &digest) == 1) {
        VALUE arg;
        const unsigned char *p;

        arg = ossl_to_der_if_possible(subject);
        StringValue(arg);
        p = (unsigned char *)RSTRING_PTR(arg);
        newid = d2i_OCSP_CERTID(NULL, &p, RSTRING_LEN(arg));
        if (!newid)
            ossl_raise(eOCSPError, "d2i_OCSP_CERTID");
    }
    else {
        X509 *x509s, *x509i;
        const EVP_MD *md;

        x509s = GetX509CertPtr(subject); /* NO NEED TO DUP */
        x509i = GetX509CertPtr(issuer); /* NO NEED TO DUP */
        md = !NIL_P(digest) ? ossl_evp_get_digestbyname(digest) : NULL;

        newid = OCSP_cert_to_id(md, x509s, x509i);
        if (!newid)
            ossl_raise(eOCSPError, "OCSP_cert_to_id");
    }

    SetOCSPCertId(self, newid);
    OCSP_CERTID_free(id);

    return self;
}

公共实例方法

cmp(other) → true 或 false 点击切换源代码

将此证书 ID 与 other 进行比较,如果它们相同,则返回 true

static VALUE
ossl_ocspcid_cmp(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}
cmp_issuer(other) → true 或 false 点击切换源代码

将此证书 ID 的颁发者与 other 进行比较,如果它们相同,则返回 true

static VALUE
ossl_ocspcid_cmp_issuer(VALUE self, VALUE other)
{
    OCSP_CERTID *id, *id2;
    int result;

    GetOCSPCertId(self, id);
    GetOCSPCertId(other, id2);
    result = OCSP_id_issuer_cmp(id, id2);

    return (result == 0) ? Qtrue : Qfalse;
}
hash_algorithm → String 点击切换源代码

返回用于生成 issuerNameHash 和 issuerKeyHash 值的哈希算法的 ln(长名称)。

static VALUE
ossl_ocspcid_get_hash_algorithm(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OBJECT *oid;
    BIO *out;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, &oid, NULL, NULL, id);

    if (!(out = BIO_new(BIO_s_mem())))
        ossl_raise(eOCSPError, "BIO_new");

    if (!i2a_ASN1_OBJECT(out, oid)) {
        BIO_free(out);
        ossl_raise(eOCSPError, "i2a_ASN1_OBJECT");
    }
    return ossl_membio2str(out);
}
initialize_copy(p1) 点击切换源代码
static VALUE
ossl_ocspcid_initialize_copy(VALUE self, VALUE other)
{
    OCSP_CERTID *cid, *cid_old, *cid_new;

    rb_check_frozen(self);
    GetOCSPCertId(self, cid_old);
    GetOCSPCertId(other, cid);

    cid_new = OCSP_CERTID_dup(cid);
    if (!cid_new)
        ossl_raise(eOCSPError, "OCSP_CERTID_dup");

    SetOCSPCertId(self, cid_new);
    OCSP_CERTID_free(cid_old);

    return self;
}
issuer_key_hash → String 点击切换源代码

返回此证书 ID 的 issuerKeyHash,即颁发者公钥的哈希值。

static VALUE
ossl_ocspcid_get_issuer_key_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *key_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, &key_hash, NULL, id);

    ret = rb_str_new(NULL, key_hash->length * 2);
    ossl_bin2hex(key_hash->data, RSTRING_PTR(ret), key_hash->length);

    return ret;
}
issuer_name_hash → String 点击切换源代码

返回此证书 ID 的 issuerNameHash,即使用 hashAlgorithm 计算的颁发者可分辨名称的哈希值。

static VALUE
ossl_ocspcid_get_issuer_name_hash(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_OCTET_STRING *name_hash;
    VALUE ret;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(&name_hash, NULL, NULL, NULL, id);

    ret = rb_str_new(NULL, name_hash->length * 2);
    ossl_bin2hex(name_hash->data, RSTRING_PTR(ret), name_hash->length);

    return ret;
}
serial → Integer 点击切换源代码

返回正在请求状态的证书的序列号。

static VALUE
ossl_ocspcid_get_serial(VALUE self)
{
    OCSP_CERTID *id;
    ASN1_INTEGER *serial;

    GetOCSPCertId(self, id);
    OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);

    return asn1integer_to_num(serial);
}
to_der → String 点击切换源代码

将此证书标识符编码为 DER 编码的字符串。

static VALUE
ossl_ocspcid_to_der(VALUE self)
{
    OCSP_CERTID *id;
    VALUE str;
    long len;
    unsigned char *p;

    GetOCSPCertId(self, id);
    if ((len = i2d_OCSP_CERTID(id, NULL)) <= 0)
        ossl_raise(eOCSPError, NULL);
    str = rb_str_new(0, len);
    p = (unsigned char *)RSTRING_PTR(str);
    if (i2d_OCSP_CERTID(id, &p) <= 0)
        ossl_raise(eOCSPError, NULL);
    ossl_str_adjust(str, p);

    return str;
}