Verifies the signature
for the data
using a message digest algorithm digest
and a public key pkey
.
Returns true
if the signature is successfully verified, false
otherwise. The caller must check the return value.
See sign
for the signing operation and an example.
See also the man page EVP_DigestVerify(3).
Derives a shared secret from pkey and peer_pkey. pkey must contain the private components, peer_pkey must contain the public components.
Returns one of GRANTED
, GRANTED_WITH_MODS
, REJECTION
, WAITING
, REVOCATION_WARNING
or REVOCATION_NOTIFICATION
. A timestamp token has been created only in case status
is equal to GRANTED
or GRANTED_WITH_MODS
.
Verifies a timestamp token by checking the signature, validating the certificate chain implied by tsa_certificate
and by checking conformance to a given Request
. Mandatory parameters are the Request
associated to this Response
, and an OpenSSL::X509::Store
of trusted roots.
Intermediate certificates can optionally be supplied for creating the certificate chain. These intermediate certificates must all be instances of OpenSSL::X509::Certificate
.
If validation fails, several kinds of exceptions can be raised:
TypeError
if types don’t fit
TimestampError
if something is wrong with the timestamp token itself, if it is not conformant to the Request
, or if validation of the timestamp certificate chain fails.
Returns the ‘short name’ of the object identifier representing the algorithm that was used to derive the message imprint digest. For valid timestamps, this is the same value that was already given in the Request
. If status is GRANTED or GRANTED_WITH_MODS, this is never nil
.
algo = token_info.algorithm puts algo -> "SHA1"
If the ordering field is missing, or if the ordering field is present and set to false, then the genTime field only indicates the time at which the time-stamp token has been created by the TSA. In such a case, the ordering of time-stamp tokens issued by the same TSA or different TSAs is only possible when the difference between the genTime of the first time-stamp token and the genTime of the second time-stamp token is greater than the sum of the accuracies of the genTime for each time-stamp token.
If the ordering field is present and set to true, every time-stamp token from the same TSA can always be ordered based on the genTime field, regardless of the genTime accuracy.
Allows to set the object identifier or the ‘short name’ of the algorithm that was used to create the message imprint digest.
request.algorithm = "SHA1"
Returns the ‘short name’ of the object identifier that represents the algorithm that was used to create the message imprint digest.
Performs a certificate verification on the OpenSSL::X509::Certificate
cert.
chain can be an array of OpenSSL::X509::Certificate
that is used to construct the certificate chain.
If a block is given, it overrides the callback set by verify_callback=
.
After finishing the verification, the error information can be retrieved by error
, error_string
, and the resulting complete certificate chain can be retrieved by chain
.
Restore session state from the session’s FileStore
file.
Returns the session state as a hash.
Restore (empty) session state.
Restore session state from the session’s PStore
file.
Returns the session state as a hash.
The state of the lexer when this token was produced.
Provide a human-readable description of the directive.
Provide a human-readable description of the format.
Translate the given parse result and filepath into the seattlerb/ruby_parser gem’s Sexp format.