Class: OCSPResponse
Represents an OCSP response described in RFC6960 Section 4.2
Example
The following example demonstrates how to verify OCSP response
const asnOcspResp = asn1js.fromBER(ocspRespRaw);
const ocspResp = new pkijs.OCSPResponse({ schema: asnOcspResp.result });
if (!ocspResp.responseBytes) {
throw new Error("No \"ResponseBytes\" in the OCSP Response - nothing to verify");
}
const asnOcspRespBasic = asn1js.fromBER(ocspResp.responseBytes.response.valueBlock.valueHex);
const ocspBasicResp = new pkijs.BasicOCSPResponse({ schema: asnOcspRespBasic.result });
const ok = await ocspBasicResp.verify({ trustedCerts: [cert] });
Example
The following example demonstrates how to create OCSP response
const ocspBasicResp = new pkijs.BasicOCSPResponse();
// Create specific TST info structure to sign
ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
ocspBasicResp.tbsResponseData.producedAt = new Date();
const certID = new pkijs.CertID();
await certID.createForCertificate(cert, {
hashAlgorithm: "SHA-256",
issuerCertificate: issuerCert,
});
const response = new pkijs.SingleResponse({
certID,
});
response.certStatus = new asn1js.Primitive({
idBlock: {
tagClass: 3, // CONTEXT-SPECIFIC
tagNumber: 0 // [0]
},
lenBlockLength: 1 // The length contains one byte 0x00
}); // status - success
response.thisUpdate = new Date();
ocspBasicResp.tbsResponseData.responses.push(response);
// Add certificates for chain OCSP response validation
ocspBasicResp.certs = [issuerCert];
await ocspBasicResp.sign(keys.privateKey, "SHA-256");
// Finally create completed OCSP response structure
const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
const ocspResp = new pkijs.OCSPResponse({
responseStatus: new asn1js.Enumerated({ value: 0 }), // success
responseBytes: new pkijs.ResponseBytes({
responseType: pkijs.id_PKIX_OCSP_Basic,
response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
}),
});
const ocspRespRaw = ocspResp.toSchema().toBER();
Hierarchy
-
↳
OCSPResponse
Implements
Constructors
constructor
��• new OCSPResponse(parameters?): OCSPResponse
Initializes a new instance of the OCSPResponse class
Parameters
| Name | Type | Description |
|---|---|---|
parameters | OCSPResponseParameters | Initialization parameters |
Returns
Overrides
Properties
responseBytes
• Optional responseBytes: ResponseBytes
Implementation of
responseStatus
• responseStatus: Enumerated
Implementation of
CLASS_NAME
▪ Static CLASS_NAME: string = "OCSPResponse"
Name of the class
Overrides
Accessors
className
• get className(): string
Returns
string
Inherited from
PkiObject.className
Methods
fromSchema
▸ fromSchema(schema): void
Converts parsed ASN.1 object into current class
Parameters
| Name | Type | Description |
|---|---|---|
schema | any | ASN.1 schema |
Returns
void
Overrides
getCertificateStatus
▸ getCertificateStatus(certificate, issuerCertificate, crypto?): Promise<CertificateStatus>
Get OCSP response status for specific certificate
Parameters
| Name | Type | Description |
|---|---|---|
certificate | Certificate | |
issuerCertificate | Certificate | |
crypto | ICryptoEngine | Crypto engine |
Returns
Promise<CertificateStatus>
sign
▸ sign(privateKey, hashAlgorithm?, crypto?): Promise<void>
Make a signature for current OCSP Response
Parameters
| Name | Type | Description |
|---|---|---|
privateKey | CryptoKey | Private key for "subjectPublicKeyInfo" structure |
hashAlgorithm? | string | Hashing algorithm. Default SHA-1 |
crypto | ICryptoEngine | - |
Returns
Promise<void>
toJSON
▸ toJSON(): OCSPResponseJson
Converts the class to JSON object
Returns
JSON object
Overrides
toSchema
▸ toSchema(): Sequence
Converts current object to ASN.1 object and sets correct values
Returns
Sequence
ASN.1 object
Overrides
toString
▸ toString(encoding?): string
Parameters
| Name | Type | Default value |
|---|---|---|
encoding | "base64" | "base64url" | "hex" | "hex" |
Returns
string
Inherited from
verify
▸ verify(issuerCertificate?, crypto?): Promise<boolean>
Verify current OCSP Response
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
issuerCertificate | null | Certificate | null | In order to decrease size of resp issuer cert could be omitted. In such case you need manually provide it. |
crypto | ICryptoEngine | undefined | Crypto engine |
Returns
Promise<boolean>
blockName
▸ blockName(): string
Returns block name
Returns
string
Returns string block name
Inherited from
compareWithDefault
▸ compareWithDefault(memberName, memberValue): boolean
Compare values with default values for all class members
Parameters
| Name | Type | Description |
|---|---|---|
memberName | string | String name for a class member |
memberValue | any | Value to compare with default value |
Returns
boolean
defaultValues
▸ defaultValues(memberName): Enumerated
Returns default values for all class members
Parameters
| Name | Type | Description |
|---|---|---|
memberName | "responseStatus" | String name for a class member |
Returns
Enumerated
Default value
Overrides
▸ defaultValues(memberName): ResponseBytes
Parameters
| Name | Type |
|---|---|
memberName | "responseBytes" |
Returns
Overrides
PkiObject.defaultValues
fromBER
▸ fromBER<T>(this, raw): T
Creates PKI object from the raw data
Type parameters
| Name | Type |
|---|---|
T | extends PkiObject |
Parameters
| Name | Type | Description |
|---|---|---|
this | PkiObjectConstructor<T> | - |
raw | BufferSource | ASN.1 encoded raw data |
Returns
T
Initialized and filled current class object
Inherited from
schema
▸ schema(parameters?): any
Returns value of pre-defined ASN.1 schema for current class
Parameters
| Name | Type | Description |
|---|---|---|
parameters | SchemaParameters<{ responseBytes?: ResponseBytesSchema ; responseStatus?: string }> | Input parameters for the schema |
Returns
any
ASN.1 schema object