Class: IControl::Management::OCSPResponder

Inherits:

Base

• Object
• Base
• IControl::Management::OCSPResponder

Defined in:

lib/icontrol/management/ocsp_responder.rb,
lib/icontrol/management.rb

Overview

The OCSPResponder interface enables you to manage OCSP responder configuration.

Defined Under Namespace

Classes: ResponderDefinition, ResponderDefinitionSequence, SignInformation, SignInformationSequence

Instance Method Summary

• #allow_additional_certificate_state ⇒ EnabledState

  Gets the states that that indicate whether to allow the addition of certificates to the OCSP request.

• #ca_file ⇒ String

  Gets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

• #ca_path ⇒ String

  Gets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

• #certificate_check_state ⇒ EnabledState

  Gets the states that indicate whether to perform any additional checks on the OCSP response signers certificate.

• #certificate_id_digest_method ⇒ OCSPDigestMethod

  Gets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

• #certificate_verification_state ⇒ EnabledState

  Gets the states that indicate whether to check the certificates in the OCSP responses.

• #chain_state ⇒ EnabledState

  Gets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

• #create ⇒ Object

  Creates this OCSP responder.

• #delete_all_responders ⇒ Object

  Deletes all OCSP responder.

• #delete_responder ⇒ Object

  Deletes this OCSP responder.

• #explicit_state ⇒ EnabledState

  Gets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing.

• #ignore_aia_state ⇒ EnabledState

  Gets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates’ authorityInfoAccess OCSP field.

• #intern_state ⇒ EnabledState

  Gets the states that that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate.

• #list ⇒ String

  Gets a list of all OCSP responder.

• #nonce_state ⇒ EnabledState

  Gets the state that indicates whether to send a nonce in the OCSP request.

• #other_certificate_file ⇒ String

  Gets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate.

• #set_allow_additional_certificate_state(opts) ⇒ Object

  Sets the states that indicate whether to allow the addition of certificates to the OCSP request.

• #set_ca_file(opts) ⇒ Object

  Sets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

• #set_ca_path(opts) ⇒ Object

  Sets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

• #set_certificate_check_state(opts) ⇒ Object

  Sets the states that indicate whether to perform any additional checks on the OCSP response signers certificate.

• #set_certificate_id_digest_method(opts) ⇒ Object

  Sets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

• #set_certificate_verification_state(opts) ⇒ Object

  Sets the states that indicate whether to check the certificates in the OCSP responses.

• #set_chain_state(opts) ⇒ Object

  Sets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

• #set_explicit_state(opts) ⇒ Object

  Sets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing.

• #set_ignore_aia_state(opts) ⇒ Object

  Sets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates’ authorityInfoAccess OCSP field.

• #set_intern_state(opts) ⇒ Object

  Sets the states that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate.

• #set_nonce_state(opts) ⇒ Object

  Sets the state that indicates whether to send a nonce in the OCSP request.

• #set_other_certificate_file(opts) ⇒ Object

  Sets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate.

• #set_signature_verification_state(opts) ⇒ Object

  Sets the states that indicate whether to check the signature on the OCSP response.

• #set_signing_information(opts) ⇒ Object

  Sets the signing information necessary to sign the OCSP requests.

• #set_status_age(opts) ⇒ Object

  Sets the status ages (sec) for the OCSP response.

• #set_trust_other_certificate_state(opts) ⇒ Object

  Sets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them.

• #set_url(opts) ⇒ Object

  Sets the URLs of the responder.

• #set_va_file(opts) ⇒ Object

  Sets the files containing explicitly trusted responder certificates.

• #set_validity_period(opts) ⇒ Object

  Sets the range of times, in seconds, which will be tolerated in an OCSP response.

• #set_verification_state(opts) ⇒ Object

  Sets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values.

• #signature_verification_state ⇒ EnabledState

  Gets the states that indicate whether to check the signature on the OCSP response.

• #signing_information ⇒ SignInformation

  Gets the signing information necessary to sign the OCSP requests.

• #status_age ⇒ long

  Gets the status ages (sec) for the OCSP response.

• #trust_other_certificate_state ⇒ EnabledState

  Gets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them.

• #url ⇒ String

  Gets the URL or hostnames of the responder.

• #va_file ⇒ String

  Gets the files containing explicitly trusted responder certificates.

• #validity_period ⇒ long

  Gets the range of times, in seconds, which will be tolerated in an OCSP response.

• #verification_state ⇒ EnabledState

  Gets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values.

• #version ⇒ String

  Gets the version information for this interface.

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class IControl::Base

Instance Method Details

#allow_additional_certificate_state ⇒ EnabledState

Gets the states that that indicate whether to allow the addition of certificates to the OCSP request. This option should normally only be used for testing purposes.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 49

def allow_additional_certificate_state
  super
end

#ca_file ⇒ String

Gets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 61

def ca_file
  super
end

#ca_path ⇒ String

Gets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 73

def ca_path
  super
end

#certificate_check_state ⇒ EnabledState

Gets the states that indicate whether to perform any additional checks on the OCSP response signers certificate. If false, do not make any checks to see if the signers certificate is authorized to provide the necessary status information: as a result this option should only be used for testing purposes.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 87

def certificate_check_state
  super
end

#certificate_id_digest_method ⇒ OCSPDigestMethod

Gets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

Returns:

• (OCSPDigestMethod)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 99

def certificate_id_digest_method
  super
end

#certificate_verification_state ⇒ EnabledState

Gets the states that indicate whether to check the certificates in the OCSP responses.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 110

def certificate_verification_state
  super
end

#chain_state ⇒ EnabledState

Gets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 122

def chain_state
  super
end

#create ⇒ Object

Creates this OCSP responder.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 17

def create
  super
end

#delete_all_responders ⇒ Object

Deletes all OCSP responder.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 27

def delete_all_responders
  super
end

#delete_responder ⇒ Object

Deletes this OCSP responder.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 37

def delete_responder
  super
end

#explicit_state ⇒ EnabledState

Gets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing. Specifying this option causes a response to be untrusted if the signers certificate does not contain the "OCSPSigning“ extension.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 136

def explicit_state
  super
end

#ignore_aia_state ⇒ EnabledState

Gets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates’ authorityInfoAccess OCSP field. If this option is not set (the default) AND the client certificate has a valid AIA OCSP field set, then first attempt to connect to the responder in the client’s AIA OCSP field, and fall back to the URL in the responder definition if that server is not available. See RFC2560 for more detail of the authorityInfoAccess x509 extension and its intended usage.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 153

def ignore_aia_state
  super
end

#intern_state ⇒ EnabledState

Gets the states that that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_certs or -VAfile options.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 166

def intern_state
  super
end

#list ⇒ String

Gets a list of all OCSP responder.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 177

def list
  super
end

#nonce_state ⇒ EnabledState

Gets the state that indicates whether to send a nonce in the OCSP request.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 188

def nonce_state
  super
end

#other_certificate_file ⇒ String

Gets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responder omit the actual signer’s certificates from the response: this option can be used to supply the necessary certificates in such cases.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 202

def other_certificate_file
  super
end

#set_allow_additional_certificate_state(opts) ⇒ Object

Sets the states that indicate whether to allow the addition of certificates to the OCSP request. This option should normally only be used for testing purposes.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 330

def set_allow_additional_certificate_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_ca_file(opts) ⇒ Object

Sets the names of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Parameters:

• opts (Hash)

Options Hash (opts):

• :ca_files (String) —

  The CA file names used by the responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 344

def set_ca_file(opts)
  opts = check_params(opts,[:ca_files])
  super(opts)
end

#set_ca_path(opts) ⇒ Object

Sets the paths of the trusted CA certificates used by the responder to verify the signature on the OCSP response.

Parameters:

• opts (Hash)

Options Hash (opts):

• :ca_paths (String) —

  The CA paths used by the responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 358

def set_ca_path(opts)
  opts = check_params(opts,[:ca_paths])
  super(opts)
end

#set_certificate_check_state(opts) ⇒ Object

Sets the states that indicate whether to perform any additional checks on the OCSP response signers certificate. If false, do not make any checks to see if the signers certificate is authorized to provide the necessary status information: as a result this option should only be used for testing purposes.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 374

def set_certificate_check_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_certificate_id_digest_method(opts) ⇒ Object

Sets the digest algorithm for hashing the certificate information used to create the certificate ID that is sent to the responder.

Parameters:

• opts (Hash)

Options Hash (opts):

• :digest_methods (IControl::Management::OCSPDigestMethod) —

  The signing information to sign the OCSP requests.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 388

def set_certificate_id_digest_method(opts)
  opts = check_params(opts,[:digest_methods])
  super(opts)
end

#set_certificate_verification_state(opts) ⇒ Object

Sets the states that indicate whether to check the certificates in the OCSP responses.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 401

def set_certificate_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_chain_state(opts) ⇒ Object

Sets the states that indicate whether to use certificates in the response as additional untrusted CA certificates.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 415

def set_chain_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_explicit_state(opts) ⇒ Object

Sets the states that indicate whether to explicitly trust the OCSP response signers certificate as authorized for OCSP response signing. Specifying this option causes a response to be untrusted if the signers certificate does not contain the "OCSPSigning“ extension.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 431

def set_explicit_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_ignore_aia_state(opts) ⇒ Object

Sets the states that if true, then always use the URL specified in the configuration file, and ignore any URL contained in the client certificates’ authorityInfoAccess OCSP field. If this option is not set (the default) AND the client certificate has a valid AIA OCSP field set, then first attempt to connect to the responder in the client’s AIA OCSP field, and fall back to the URL in the responder definition if that server is not available. See RFC2560 for more detail of the authorityInfoAccess x509 extension and its intended usage.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 450

def set_ignore_aia_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_intern_state(opts) ⇒ Object

Sets the states that indicate whether to ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the -verify_certs or -VAfile options.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 465

def set_intern_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_nonce_state(opts) ⇒ Object

Sets the state that indicates whether to send a nonce in the OCSP request.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 478

def set_nonce_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_other_certificate_file(opts) ⇒ Object

Sets the files containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responder omit the actual signer’s certificates from the response: this option can be used to supply the necessary certificates in such cases.

Parameters:

• opts (Hash)

Options Hash (opts):

• :other_files (String) —

  The files containing other certificates used by the responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 494

def set_other_certificate_file(opts)
  opts = check_params(opts,[:other_files])
  super(opts)
end

#set_signature_verification_state(opts) ⇒ Object

Sets the states that indicate whether to check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 509

def set_signature_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_signing_information(opts) ⇒ Object

Sets the signing information necessary to sign the OCSP requests.

Parameters:

• opts (Hash)

Options Hash (opts):

• :signers (IControl::Management::OCSPResponder::SignInformation) —

  The signing information to sign the OCSP requests.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 522

def set_signing_information(opts)
  opts = check_params(opts,[:signers])
  super(opts)
end

#set_status_age(opts) ⇒ Object

Sets the status ages (sec) for the OCSP response. If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed when -status_age is not specified.

Parameters:

• opts (Hash)

Options Hash (opts):

• :ages (long) —

  The status ages for OCSP responses for the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 539

def set_status_age(opts)
  opts = check_params(opts,[:ages])
  super(opts)
end

#set_trust_other_certificate_state(opts) ⇒ Object

Sets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 555

def set_trust_other_certificate_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_url(opts) ⇒ Object

Sets the URLs of the responder.

Parameters:

• opts (Hash)

Options Hash (opts):

• :urls (String) —

  The URLs used by the responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 568

def set_url(opts)
  opts = check_params(opts,[:urls])
  super(opts)
end

#set_va_file(opts) ⇒ Object

Sets the files containing explicitly trusted responder certificates. This functionality is equivalent to having the other certificates specified via set_other_certificate_file, and setting the state via set_trust_other_certificate_state.

Parameters:

• opts (Hash)

Options Hash (opts):

• :va_files (String) —

  The files containing explicitly trusted responder certificates.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 583

def set_va_file(opts)
  opts = check_params(opts,[:va_files])
  super(opts)
end

#set_validity_period(opts) ⇒ Object

Sets the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronized and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 300 seconds.

Parameters:

• opts (Hash)

Options Hash (opts):

• :ranges (long) —

  The validity range of times for OCSP responses for the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 602

def set_validity_period(opts)
  opts = check_params(opts,[:ranges])
  super(opts)
end

#set_verification_state(opts) ⇒ Object

Sets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responder certificate.

Parameters:

• opts (Hash)

Options Hash (opts):

• :states (IControl::Common::EnabledState) —

  The states of the specified responders.

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 617

def set_verification_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#signature_verification_state ⇒ EnabledState

Gets the states that indicate whether to check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 215

def signature_verification_state
  super
end

#signing_information ⇒ SignInformation

Gets the signing information necessary to sign the OCSP requests.

Returns:

• (SignInformation)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 226

def signing_information
  super
end

#status_age ⇒ long

Gets the status ages (sec) for the OCSP response. If the notAfter time is omitted from a response then this means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default this additional check is not performed when -status_age is not specified.

Returns:

• (long)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 241

def status_age
  super
end

#trust_other_certificate_state ⇒ EnabledState

Gets the states indicating whether to be explicitly trust the other certificates specified via set_other_certificate_file and no additional checks will be performed on them. This is useful when the complete responder certificate chain is not available or trusting a root CA is not appropriate.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 255

def trust_other_certificate_state
  super
end

#url ⇒ String

Gets the URL or hostnames of the responder.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 266

def url
  super
end

#va_file ⇒ String

Gets the files containing explicitly trusted responder certificates. This functionality is equivalent to having the other certificates specified via set_other_certificate_file, and setting the state via set_trust_other_certificate_state.

Returns:

• (String)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 279

def va_file
  super
end

#validity_period ⇒ long

Gets the range of times, in seconds, which will be tolerated in an OCSP response. Each certificate status response includes a notBefore time and an optional notAfter time. The current time should fall between these two values, but the interval between the two times may be only a few seconds. In practice the OCSP responder and clients clocks may not be precisely synchronized and so such a check may fail. To avoid this the -validity_period option can be used to specify an acceptable error range in seconds, the default value is 300 seconds.

Returns:

• (long)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 296

def validity_period
  super
end

#verification_state ⇒ EnabledState

Gets the states that indicate whether to attempt to verify the OCSP response signature or the nonce values. This option will normally only be used for debugging since it disables all verification of the responder certificate.

Returns:

• (EnabledState)

Raises:

• (IControl::IControl::Common::AccessDenied) —

  raised if the client credentials are not valid.

• (IControl::IControl::Common::InvalidArgument) —

  raised if one of the arguments is invalid.

• (IControl::IControl::Common::OperationFailed) —

  raised if an operation error occurs.

# File 'lib/icontrol/management/ocsp_responder.rb', line 309

def verification_state
  super
end

#version ⇒ String

Gets the version information for this interface.

Returns:

• (String)

# File 'lib/icontrol/management/ocsp_responder.rb', line 317

def version
  super
end