Returns a status string for the response.
Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which the status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array of OpenSSL::X509::Extension to be included in the SingleResponse. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer or Time object. If they are Integer, it is treated as the relative seconds from the current time.
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec seconds of the current time.
Some responders don’t set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time.
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
In cases of failure this field may contain an array of strings further describing the origin of the failure.
Returns serial number of the timestamp token. This value shall never be the same for two timestamp tokens issued by a dedicated timestamp authority. If status is GRANTED or GRANTED_WITH_MODS, this is never nil.
Creates a Response with the help of an OpenSSL::PKey, an OpenSSL::X509::Certificate and a Request.
Mandatory parameters for timestamp creation that need to be set in the Request:
Mandatory parameters that need to be set in the Factory:
In addition one of either Request#policy_id or Factory#default_policy_id must be set.
Raises a TimestampError if creation fails, though successfully created error responses may be returned.