1#@!#!123s

: / proc / self / root / opt / alt / ruby34 / share / ri / system / OpenSSL / Timestamp / Factory /
Filename : cdesc-Factory.ri
back
U:RDoc::NormalClass[iI"Factory:ETI" OpenSSL::Timestamp::Factory;TI"Object;To:RDoc::Markup::Document:@parts[o;;[0o:RDoc::Markup::Paragraph;[I".Used to generate a Response from scratch.;To:RDoc::Markup::BlankLine�o;	;[I"NPlease bear in mind that the implementation will always apply and prefer ;TI"Othe policy object identifier given in the request over the default policy ;TI"Mid specified in the Factory. As a consequence, +default_policy_id+ will ;TI"Lonly be applied if no Request#policy_id was given. But this also means ;TI"Kthat one needs to check the policy identifier in the request manually ;TI"Jbefore creating the Response, e.g. to check whether it complies to a ;TI")specific set of acceptable policies.;T@o;	;[I"IThere exists also the possibility to add certificates (instances of ;TI"FOpenSSL::X509::Certificate) besides the timestamping certificate ;TI"?that will be included in the resulting timestamp token if ;TI"LRequest#cert_requested? is +true+. Ideally, one would also include any ;TI"Jintermediate certificates (the root certificate can be left out - in ;TI"Morder to trust it any verifying party will have to be in its possession ;TI"Fanyway). This simplifies validation of the timestamp since these ;TI"Mintermediate certificates are "already there" and need not be passed as ;TI"Nexternal parameters to Response#verify anymore, thus minimizing external ;TI"'resources needed for verification.;T@S:RDoc::Markup::Heading:
leveli:	textI"@Example: Inclusion of (untrusted) intermediate certificates;T@o;	;[I"NAssume we received a timestamp request that has set Request#policy_id to ;TI"J+nil+ and Request#cert_requested? to true. The raw request bytes are ;TI"Istored in a variable called +req_raw+. We'd still like to integrate ;TI"Bthe necessary intermediate certificates (in +inter1.cer+ and ;TI"N+inter2.cer+) to simplify validation of the resulting Response. +ts.p12+ ;TI"Dis a PKCS#12-compatible file including the private key and the ;TI"timestamping certificate.;T@o:RDoc::Markup::Verbatim;[I"6req = OpenSSL::Timestamp::Request.new(raw_bytes)
;TI">p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
;TI"Iinter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
;TI"Iinter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
;TI"+fac = OpenSSL::Timestamp::Factory.new
;TI"fac.gen_time = Time.now
;TI"fac.serial_number = 1
;TI":fac.allowed_digests = ["sha256", "sha384", "sha512"]
;TI"@#needed because the Request contained no policy identifier
;TI")fac.default_policy_id = '1.2.3.4.5'
;TI"6fac.additional_certificates = [ inter1, inter2 ]
;TI"Etimestamp = fac.create_timestamp(p12.key, p12.certificate, req)
;T:@format0S;;i;
I"Attributes;T@S;;i;
I"default_policy_id;T@o;	;[	I"LRequest#policy_id will always be preferred over this if present in the ;TI"LRequest, only if Request#policy_id is nil default_policy will be used. ;TI"MIf none of both is present, a TimestampError will be raised when trying ;TI"to create a Response.;T@o;	;[I"call-seq:;To;;[I"4factory.default_policy_id = "string" -> string
;TI";factory.default_policy_id            -> string or nil
;T;0S;;i;
I"serial_number;T@o;	;[I"LSets or retrieves the serial number to be used for timestamp creation. ;TI",Must be present for timestamp creation.;T@o;	;[I"call-seq:;To;;[I".factory.serial_number = number -> number
;TI"5factory.serial_number          -> number or nil
;T;0S;;i;
I"
gen_time;T@o;	;[I"JSets or retrieves the Time value to be used in the Response. Must be ;TI"$present for timestamp creation.;T@o;	;[I"call-seq:;To;;[I"%factory.gen_time = Time -> Time
;TI",factory.gen_time        -> Time or nil
;T;0S;;i;
I"additional_certs;T@o;	;[I"HSets or retrieves additional certificates apart from the timestamp ;TI"Ocertificate (e.g. intermediate certificates) to be added to the Response. ;TI"4Must be an Array of OpenSSL::X509::Certificate.;T@o;	;[I"call-seq:;To;;[I"Cfactory.additional_certs = [cert1, cert2] -> [ cert1, cert2 ]
;TI"?factory.additional_certs                  -> array or nil
;T;0S;;i;
I"allowed_digests;T@o;	;[	I"ISets or retrieves the digest algorithms that the factory is allowed ;TI"Ncreate timestamps for. Known vulnerable or weak algorithms should not be ;TI"allowed where possible. ;TI"FMust be an Array of String or OpenSSL::Digest subclass instances.;T@o;	;[I"call-seq:;To;;[I"kfactory.allowed_digests = ["sha1", OpenSSL::Digest.new('SHA256').new] -> [ "sha1", OpenSSL::Digest) ]
;TI"Zfactory.allowed_digests                                               -> array or nil;T;0:
@fileI"ext/openssl/ossl_ts.c;T:0@omit_headings_from_table_of_contents_below0;0;0[
[
I"additional_certs;TI"RW;T:publicFI"ext/openssl/ossl_ts.c;T[
I"allowed_digests;T@�;F@�[
I"default_policy_id;T@�;F@�[
I"
gen_time;T@�;F@�[
I"serial_number;T@�;F@�[�[�[[I"
class;T[[;[�[:protected[�[:private[�[I"
instance;T[[;[[I"create_timestamp;T@�[;[�[;[�[�[U:RDoc::Context::Section[i�0o;;[�;0;0[@�I"OpenSSL::Timestamp;TcRDoc::NormalModule