OcspVerifier — Documentation by YARD 0.9.37 (original) (raw)

Class: Mongo::Socket::OcspVerifierPrivate

Inherits:

Object

Includes:

Loggable

Defined in:

lib/mongo/socket/ocsp_verifier.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

OCSP endpoint verifier.

After a TLS connection is established, this verifier inspects the certificate presented by the server, and if the certificate contains an OCSP URI, performs the OCSP status request to the specified URI (following up to 5 redirects) to verify the certificate status.

Constant Summary

Constants included from Loggable

Loggable::PREFIX

Instance Attribute Summary collapse

Instance Method Summarycollapse

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn, #logger

Constructor Details

#initialize(host_name, cert, ca_cert, cert_store, **opts) ⇒ OcspVerifier

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of OcspVerifier.

51 52 53 54 55 56 57 # File 'lib/mongo/socket/ocsp_verifier.rb', line 51 def initialize(host_name, cert, ca_cert, cert_store, **opts) @host_name = host_name @cert = cert @ca_cert = ca_cert @cert_store = cert_store @options = opts end

Instance Attribute Details

#ca_cert ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

61 62 63 # File 'lib/mongo/socket/ocsp_verifier.rb', line 61 def ca_cert @ca_cert end

#cert ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

60 61 62 # File 'lib/mongo/socket/ocsp_verifier.rb', line 60 def cert @cert end

#cert_store ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

62 63 64 # File 'lib/mongo/socket/ocsp_verifier.rb', line 62 def cert_store @cert_store end

#host_name ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

59 60 61 # File 'lib/mongo/socket/ocsp_verifier.rb', line 59 def host_name @host_name end

#options ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

63 64 65 # File 'lib/mongo/socket/ocsp_verifier.rb', line 63 def options @options end

Instance Method Details

#cert_id ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

| 91 92 93 94 95 96 97 | # File 'lib/mongo/socket/ocsp_verifier.rb', line 91 def cert_id @cert_id ||= OpenSSL::OCSP::CertificateId.new( cert, ca_cert, OpenSSL::Digest::SHA1.new, ) end | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |

#ocsp_uris ⇒ Array

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns OCSP URIs in the specified server certificate.

| 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | # File 'lib/mongo/socket/ocsp_verifier.rb', line 70 def ocsp_uris @ocsp_uris ||= begin ext = cert.extensions.detect do | ext| ext.oid == 'authorityInfoAccess' end if ext ext.value.split("\n").select do | line| line.start_with?('OCSP - URI:') end.map do | line| line.split(':', 2).last end else [] end end end | | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | ------------------------------------------------------------------------------------- |

#timeout ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

| 65 66 67 | # File 'lib/mongo/socket/ocsp_verifier.rb', line 65 def timeout options[:timeout] || 5 end | | -------- | ------------------------------------------------------------------------------------------------- |

#verify ⇒ true | false

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Whether the certificate was verified.

122 123 124 125 126 127 128 129 # File 'lib/mongo/socket/ocsp_verifier.rb', line 122 def verify handle_exceptions do return false if ocsp_uris.empty? resp, errors = do_verify return_ocsp_response(resp, errors) end end

#verify_with_cache ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 # File 'lib/mongo/socket/ocsp_verifier.rb', line 99 def verify_with_cache handle_exceptions do return false if ocsp_uris.empty? resp = OcspCache.get(cert_id) if resp return return_ocsp_response(resp) end resp, errors = do_verify if resp OcspCache.set(cert_id, resp) end return_ocsp_response(resp, errors) end end