static VALUE
ossl_ocspreq_add_certid(VALUE self, VALUE certid)
{
OCSP_REQUEST *req;
OCSP_CERTID *id;
GetOCSPReq(self, req);
GetOCSPCertId(certid, id);
if(!OCSP_request_add0_id(req, OCSP_CERTID_dup(id)))
ossl_raise(eOCSPError, NULL);
return self;
}
static VALUE
ossl_ocspbres_get_status(VALUE self)
{
OCSP_BASICRESP *bs;
OCSP_SINGLERESP *single;
OCSP_CERTID *cid;
ASN1_TIME *revtime, *thisupd, *nextupd;
int status, reason;
X509_EXTENSION *x509ext;
VALUE ret, ary, ext;
int count, ext_count, i, j;
GetOCSPBasicRes(self, bs);
ret = rb_ary_new();
count = OCSP_resp_count(bs);
for(i = 0; i < count; i++) {
single = OCSP_resp_get0(bs, i);
if(!single) continue;
revtime = thisupd = nextupd = NULL;
status = OCSP_single_get0_status(single, &reason, &revtime,
&thisupd, &nextupd);
if(status < 0) continue;
if(!(cid = OCSP_CERTID_dup(single->certId)))
ossl_raise(eOCSPError, NULL);
ary = rb_ary_new();
rb_ary_push(ary, ossl_ocspcertid_new(cid));
rb_ary_push(ary, INT2NUM(status));
rb_ary_push(ary, INT2NUM(reason));
rb_ary_push(ary, revtime ? asn1time_to_time(revtime) : Qnil);
rb_ary_push(ary, thisupd ? asn1time_to_time(thisupd) : Qnil);
rb_ary_push(ary, nextupd ? asn1time_to_time(nextupd) : Qnil);
ext = rb_ary_new();
ext_count = OCSP_SINGLERESP_get_ext_count(single);
for(j = 0; j < ext_count; j++) {
x509ext = OCSP_SINGLERESP_get_ext(single, j);
rb_ary_push(ext, ossl_x509ext_new(x509ext));
}
rb_ary_push(ary, ext);
rb_ary_push(ret, ary);
}
return ret;
}
static VALUE
ossl_ocspreq_get_certid(VALUE self)
{
OCSP_REQUEST *req;
OCSP_ONEREQ *one;
OCSP_CERTID *id;
VALUE ary, tmp;
int i, count;
GetOCSPReq(self, req);
count = OCSP_request_onereq_count(req);
ary = (count > 0) ? rb_ary_new() : Qnil;
for(i = 0; i < count; i++) {
one = OCSP_request_onereq_get0(req, i);
if(!(id = OCSP_CERTID_dup(OCSP_onereq_get0_id(one))))
ossl_raise(eOCSPError, NULL);
WrapOCSPCertId(cOCSPCertId, tmp, id);
rb_ary_push(ary, tmp);
}
return ary;
}
int SslOcspStapling::getRequestData(unsigned char *pReqData)
{
int len = -1;
OCSP_REQUEST *ocsp;
OCSP_CERTID *id;
if (m_pCertId == NULL)
return LS_FAIL;
ocsp = OCSP_REQUEST_new();
if (ocsp == NULL)
return LS_FAIL;
id = OCSP_CERTID_dup(m_pCertId);
if (OCSP_request_add0_id(ocsp, id) != NULL)
{
len = i2d_OCSP_REQUEST(ocsp, &pReqData);
if (len > 0)
*pReqData = 0;
}
OCSP_REQUEST_free(ocsp);
return len;
}
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
OCSP_CERTID *cid,
int status, int reason,
ASN1_TIME *revtime,
ASN1_TIME *thisupd, ASN1_TIME *nextupd)
{
OCSP_SINGLERESP *single = NULL;
OCSP_CERTSTATUS *cs;
OCSP_REVOKEDINFO *ri;
if(!rsp->tbsResponseData->responses &&
!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
goto err;
if (!(single = OCSP_SINGLERESP_new()))
goto err;
if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
goto err;
if (nextupd &&
!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
goto err;
OCSP_CERTID_free(single->certId);
if(!(single->certId = OCSP_CERTID_dup(cid)))
goto err;
cs = single->certStatus;
switch(cs->type = status)
{
case V_OCSP_CERTSTATUS_REVOKED:
if (!revtime)
{
OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
goto err;
}
if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
goto err;
if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
{
if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
goto err;
if (!(ASN1_ENUMERATED_set(ri->revocationReason,
reason)))
goto err;
}
break;
case V_OCSP_CERTSTATUS_GOOD:
cs->value.good = ASN1_NULL_new();
break;
case V_OCSP_CERTSTATUS_UNKNOWN:
cs->value.unknown = ASN1_NULL_new();
break;
default:
goto err;
}
if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
goto err;
return single;
err:
OCSP_SINGLERESP_free(single);
return NULL;
}
const char* bud_context_get_ocsp_req(bud_context_t* context,
size_t* size,
char** ocsp_request,
size_t* ocsp_request_len) {
STACK_OF(OPENSSL_STRING)* urls;
OCSP_REQUEST* req;
OCSP_CERTID* id;
char* encoded;
unsigned char* pencoded;
size_t encoded_len;
urls = NULL;
id = NULL;
encoded = NULL;
/* Cached url */
if (context->ocsp_url != NULL)
goto has_url;
urls = X509_get1_ocsp(context->cert);
if (urls == NULL)
goto done;
context->ocsp_url = sk_OPENSSL_STRING_pop(urls);
context->ocsp_url_len = strlen(context->ocsp_url);
has_url:
if (context->ocsp_url == NULL)
goto done;
id = OCSP_CERTID_dup(context->ocsp_id);
if (id == NULL)
goto done;
/* Create request */
req = OCSP_REQUEST_new();
if (req == NULL)
goto done;
if (!OCSP_request_add0_id(req, id))
goto done;
id = NULL;
encoded_len = i2d_OCSP_REQUEST(req, NULL);
encoded = malloc(encoded_len);
if (encoded == NULL)
goto done;
pencoded = (unsigned char*) encoded;
i2d_OCSP_REQUEST(req, &pencoded);
OCSP_REQUEST_free(req);
*ocsp_request = encoded;
*ocsp_request_len = encoded_len;
encoded = NULL;
done:
if (id != NULL)
OCSP_CERTID_free(id);
if (urls != NULL)
X509_email_free(urls);
if (encoded != NULL)
free(encoded);
*size = context->ocsp_url_len;
return context->ocsp_url;
}
