In Files
- openssl/ossl.c
Namespace
Class/Module Index
![[+]](../images/find.png "show/hide quicksearch")
- IO
- IO::WaitReadable
- IO::WaitWritable
- Integer
- OpenSSL
- OpenSSL::ASN1
- OpenSSL::ASN1::ASN1Data
- OpenSSL::ASN1::ASN1Error
- OpenSSL::ASN1::Constructive
- OpenSSL::ASN1::ObjectId
- OpenSSL::ASN1::Primitive
- OpenSSL::BN
- OpenSSL::BNError
- OpenSSL::Buffering
- OpenSSL::Buffering::Buffer
- OpenSSL::Cipher
- OpenSSL::Cipher::Cipher
- OpenSSL::Cipher::CipherError
- OpenSSL::Config
- OpenSSL::ConfigError
- OpenSSL::Digest
- OpenSSL::Digest::DigestError
- OpenSSL::Engine
- OpenSSL::Engine::EngineError
- OpenSSL::ExtConfig
- OpenSSL::HMAC
- OpenSSL::HMACError
- OpenSSL::KDF
- OpenSSL::KDF::KDFError
- OpenSSL::Netscape
- OpenSSL::Netscape::SPKI
- OpenSSL::Netscape::SPKIError
- OpenSSL::OCSP
- OpenSSL::OCSP::BasicResponse
- OpenSSL::OCSP::CertificateId
- OpenSSL::OCSP::OCSPError
- OpenSSL::OCSP::Request
- OpenSSL::OCSP::Response
- OpenSSL::OCSP::SingleResponse
- OpenSSL::OpenSSLError
- OpenSSL::PKCS12
- OpenSSL::PKCS12::PKCS12Error
- OpenSSL::PKCS5
- OpenSSL::PKCS7
- OpenSSL::PKCS7::PKCS7Error
- OpenSSL::PKCS7::RecipientInfo
- OpenSSL::PKCS7::SignerInfo
- OpenSSL::PKey
- OpenSSL::PKey::DH
- OpenSSL::PKey::DHError
- OpenSSL::PKey::DSA
- OpenSSL::PKey::DSAError
- OpenSSL::PKey::EC
- OpenSSL::PKey::EC::Group
- OpenSSL::PKey::EC::Group::Error
- OpenSSL::PKey::EC::Point
- OpenSSL::PKey::EC::Point::Error
- OpenSSL::PKey::ECError
- OpenSSL::PKey::PKey
- OpenSSL::PKey::PKeyError
- OpenSSL::PKey::RSA
- OpenSSL::PKey::RSAError
- OpenSSL::Random
- OpenSSL::Random::RandomError
- OpenSSL::SSL
- OpenSSL::SSL::SSLContext
- OpenSSL::SSL::SSLError
- OpenSSL::SSL::SSLErrorWaitReadable
- OpenSSL::SSL::SSLErrorWaitWritable
- OpenSSL::SSL::SSLServer
- OpenSSL::SSL::SSLSocket
- OpenSSL::SSL::Session
- OpenSSL::SSL::Session::SessionError
- OpenSSL::SSL::SocketForwarder
- OpenSSL::Timestamp
- OpenSSL::Timestamp::Factory
- OpenSSL::Timestamp::Request
- OpenSSL::Timestamp::Response
- OpenSSL::Timestamp::TimestampError
- OpenSSL::Timestamp::TokenInfo
- OpenSSL::X509
- OpenSSL::X509::Attribute
- OpenSSL::X509::AttributeError
- OpenSSL::X509::CRL
- OpenSSL::X509::CRLError
- OpenSSL::X509::Certificate
- OpenSSL::X509::CertificateError
- OpenSSL::X509::Extension
- OpenSSL::X509::Extension::AuthorityInfoAccess
- OpenSSL::X509::Extension::AuthorityKeyIdentifier
- OpenSSL::X509::Extension::CRLDistributionPoints
- OpenSSL::X509::Extension::Helpers
- OpenSSL::X509::Extension::SubjectKeyIdentifier
- OpenSSL::X509::ExtensionError
- OpenSSL::X509::ExtensionFactory
- OpenSSL::X509::Marshal
- OpenSSL::X509::Marshal::ClassMethods
- OpenSSL::X509::Name
- OpenSSL::X509::Name::RFC2253DN
- OpenSSL::X509::NameError
- OpenSSL::X509::Request
- OpenSSL::X509::RequestError
- OpenSSL::X509::Revoked
- OpenSSL::X509::RevokedError
- OpenSSL::X509::Store
- OpenSSL::X509::StoreContext
- OpenSSL::X509::StoreError
- unknown
OpenSSL::Timestamp
Provides classes and methods to request, create and validate RFC3161-compliant timestamps. Request may be used to either create requests from scratch or to parse existing requests that again can be used to request timestamps from a timestamp server, e.g. via the net/http. The resulting timestamp response may be parsed using Response.
Please note that Response is read-only and immutable. To create a Response, an instance of Factory as well as a valid Request are needed.
Create a Response:¶ ↑
#Assumes ts.p12 is a PKCS#12-compatible file with a private key #and a certificate that has an extended key usage of 'timeStamping' p12 = OpenSSL::PKCS12.new(File.open('ts.p12', 'rb'), 'pwd') md = OpenSSL::Digest::SHA1.new hash = md.digest(data) #some binary data to be timestamped req = OpenSSL::Timestamp::Request.new req.algorithm = 'SHA1' req.message_imprint = hash req.policy_id = "1.2.3.4.5" req.nonce = 42 fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 timestamp = fac.create_timestamp(p12.key, p12.certificate, req)
Verify a timestamp response:¶ ↑
#Assume we have a timestamp token in a file called ts.der
ts = OpenSSL::Timestamp::Response.new(File.open('ts.der', 'rb')
#Assume we have the Request for this token in a file called req.der
req = OpenSSL::Timestamp::Request.new(File.open('req.der', 'rb')
# Assume the associated root CA certificate is contained in a
# DER-encoded file named root.cer
root = OpenSSL::X509::Certificate.new(File.open('root.cer', 'rb')
# get the necessary intermediate certificates, available in
# DER-encoded form in inter1.cer and inter2.cer
inter1 = OpenSSL::X509::Certificate.new(File.open('inter1.cer', 'rb')
inter2 = OpenSSL::X509::Certificate.new(File.open('inter2.cer', 'rb')
ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails