Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which the status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array of OpenSSL::X509::Extension to be included in the SingleResponse. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer or Time object. If they are Integer, it is treated as the relative seconds from the current time.
Returns a SingleResponse whose CertId matches with certificate_id, or nil if this BasicResponse does not contain it.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time.
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
Verifies the signature for the data using a public key pkey. Unlike verify, this method will not hash data with digest automatically.
Returns true if the signature is successfully verified, false otherwise. The caller must check the return value.
See sign_raw for the signing operation and an example code.
Added in version 3.0. See also the man page EVP_PKEY_verify(3).
signature
A String containing the signature to be verified.
Recovers the signed data from signature using a public key pkey. Not all signature algorithms support this operation.
Added in version 3.0. See also the man page EVP_PKEY_verify_recover(3).
signature
A String containing the signature to be verified.
In cases no timestamp token has been created, this field contains further info about the reason why response creation failed. The method returns either nil (the request was successful and a timestamp token was created) or one of the following:
:BAD_ALG - Indicates that the timestamp server rejects the message imprint algorithm used in the Request
:BAD_REQUEST - Indicates that the timestamp server was not able to process the Request properly
:BAD_DATA_FORMAT - Indicates that the timestamp server was not able to parse certain data in the Request
:TIME_NOT_AVAILABLE - Indicates that the server could not access its time source
:UNACCEPTED_POLICY - Indicates that the requested policy identifier is not recognized or supported by the timestamp server
:UNACCEPTED_EXTENSIION - Indicates that an extension in the Request is not supported by the timestamp server
:ADD_INFO_NOT_AVAILABLE -Indicates that additional information requested is either not understood or currently not available
:SYSTEM_FAILURE - Timestamp creation failed due to an internal error that occurred on the timestamp server
In cases of failure this field may contain an array of strings further describing the origin of the failure.
Get the response’s token info if present.
Returns serial number of the timestamp token. This value shall never be the same for two timestamp tokens issued by a dedicated timestamp authority. If status is GRANTED or GRANTED_WITH_MODS, this is never nil.
Specify whether the response shall contain the timestamp authority’s certificate or not. The default value is true.
Indicates whether the response shall contain the timestamp authority’s certificate or not.
Creates a Response with the help of an OpenSSL::PKey, an OpenSSL::X509::Certificate and a Request.
Mandatory parameters for timestamp creation that need to be set in the Request:
Mandatory parameters that need to be set in the Factory:
In addition one of either Request#policy_id or Factory#default_policy_id must be set.
Raises a TimestampError if creation fails, though successfully created error responses may be returned.
General callback for OpenSSL verify