Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’
This adds a new ObjectId to the internal tables. Where object_id is the numerical form, short_name is the short name, and long_name is the long name.
Returns true if successful. Raises an OpenSSL::ASN1::ASN1Error if it fails.
key - the public key to be used for verifying the SPKI signature
Returns true if the signature is valid, false otherwise. To verify an SPKI, the public key contained within the SPKI should be used.
Returns the challenge string associated with this SPKI.
str - the challenge string to be set for this instance
Sets the challenge to be associated with the SPKI. May be used by the server, e.g. to prevent replay.
Verifies this request using the given certificates and store. certificates is an array of OpenSSL::X509::Certificate, store is an OpenSSL::X509::Store.
Note that false is returned if the request does not have a signature. Use signed? to check whether the request is signed or not.
Returns the status of the response.
Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 for good, 1 for revoked, 2 for unknown), the reason for the status, the revocation time, the time of this update, the time for the next update and a list of OpenSSL::X509::Extension.
This should be superseded by BasicResponse#responses and find_response that return SingleResponse.
Verifies the signature of the response using the given certificates and store. This works in the similar way as OpenSSL::OCSP::Request#verify.
Returns the serial number of the certificate for which status is being requested.
Returns a string describing the PKey object.
Verifies the signature for the data using a message digest algorithm digest and a public key pkey.
Returns true if the signature is successfully verified, false otherwise. The caller must check the return value.
See sign for the signing operation and an example.
See also the man page EVP_DigestVerify(3).
Derives a shared secret from pkey and peer_pkey. pkey must contain the private components, peer_pkey must contain the public components.
Returns one of GRANTED, GRANTED_WITH_MODS, REJECTION, WAITING, REVOCATION_WARNING or REVOCATION_NOTIFICATION. A timestamp token has been created only in case status is equal to GRANTED or GRANTED_WITH_MODS.
Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate and by checking conformance to a given Request. Mandatory parameters are the Request associated to this Response, and an OpenSSL::X509::Store of trusted roots.
Intermediate certificates can optionally be supplied for creating the certificate chain. These intermediate certificates must all be instances of OpenSSL::X509::Certificate.
If validation fails, several kinds of exceptions can be raised:
TypeError if types don’t fit
TimestampError if something is wrong with the timestamp token itself, if it is not conformant to the Request, or if validation of the timestamp certificate chain fails.
Returns the ‘short name’ of the object identifier representing the algorithm that was used to derive the message imprint digest. For valid timestamps, this is the same value that was already given in the Request. If status is GRANTED or GRANTED_WITH_MODS, this is never nil.
algo = token_info.algorithm puts algo -> "SHA1"
Allows to set the object identifier or the ‘short name’ of the algorithm that was used to create the message imprint digest.
request.algorithm = "SHA1"
Returns the ‘short name’ of the object identifier that represents the algorithm that was used to create the message imprint digest.
Performs a certificate verification on the OpenSSL::X509::Certificate cert.
chain can be an array of OpenSSL::X509::Certificate that is used to construct the certificate chain.
If a block is given, it overrides the callback set by verify_callback=.
After finishing the verification, the error information can be retrieved by error, error_string, and the resulting complete certificate chain can be retrieved by chain.