Options
All
  • Public
  • Public/Protected
  • All
Menu

Class OCSPResponse

Represents an OCSP response described in RFC6960 Section 4.2

example

The following example demonstrates how to verify OCSP response

const asnOcspResp = asn1js.fromBER(ocspRespRaw);
const ocspResp = new pkijs.OCSPResponse({ schema: asnOcspResp.result });

if (!ocspResp.responseBytes) {
throw new Error("No \"ResponseBytes\" in the OCSP Response - nothing to verify");
}

const asnOcspRespBasic = asn1js.fromBER(ocspResp.responseBytes.response.valueBlock.valueHex);
const ocspBasicResp = new pkijs.BasicOCSPResponse({ schema: asnOcspRespBasic.result });
const ok = await ocspBasicResp.verify({ trustedCerts: [cert] });
example

The following example demonstrates how to create OCSP response

const ocspBasicResp = new pkijs.BasicOCSPResponse();

// Create specific TST info structure to sign
ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
ocspBasicResp.tbsResponseData.producedAt = new Date();

const certID = new pkijs.CertID();
await certID.createForCertificate(cert, {
hashAlgorithm: "SHA-256",
issuerCertificate: issuerCert,
});
const response = new pkijs.SingleResponse({
certID,
});
response.certStatus = new asn1js.Primitive({
idBlock: {
tagClass: 3, // CONTEXT-SPECIFIC
tagNumber: 0 // [0]
},
lenBlockLength: 1 // The length contains one byte 0x00
}); // status - success
response.thisUpdate = new Date();

ocspBasicResp.tbsResponseData.responses.push(response);

// Add certificates for chain OCSP response validation
ocspBasicResp.certs = [issuerCert];

await ocspBasicResp.sign(keys.privateKey, "SHA-256");

// Finally create completed OCSP response structure
const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);

const ocspResp = new pkijs.OCSPResponse({
responseStatus: new asn1js.Enumerated({ value: 0 }), // success
responseBytes: new pkijs.ResponseBytes({
responseType: pkijs.id_PKIX_OCSP_Basic,
response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
}),
});

const ocspRespRaw = ocspResp.toSchema().toBER();

Hierarchy

Implements

Index

Constructors

Properties

responseBytes?: ResponseBytes
responseStatus: Enumerated
CLASS_NAME: string = "OCSPResponse"

Name of the class

Accessors

  • get className(): string

Methods

  • fromSchema(schema: any): void
  • sign(privateKey: CryptoKey, hashAlgorithm?: string, crypto?: ICryptoEngine): Promise<void>
  • Make a signature for current OCSP Response

    Parameters

    • privateKey: CryptoKey

      Private key for "subjectPublicKeyInfo" structure

    • Optional hashAlgorithm: string

      Hashing algorithm. Default SHA-1

    • crypto: ICryptoEngine = ...

    Returns Promise<void>

  • toSchema(): Sequence
  • toString(encoding?: "base64" | "base64url" | "hex"): string
  • Verify current OCSP Response

    Parameters

    • issuerCertificate: null | Certificate = null

      In order to decrease size of resp issuer cert could be omitted. In such case you need manually provide it.

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<boolean>

  • blockName(): string
  • compareWithDefault(memberName: string, memberValue: any): boolean
  • Compare values with default values for all class members

    Parameters

    • memberName: string

      String name for a class member

    • memberValue: any

      Value to compare with default value

    Returns boolean

  • defaultValues(memberName: "responseStatus"): Enumerated
  • defaultValues(memberName: "responseBytes"): ResponseBytes
  • fromBER<T>(this: PkiObjectConstructor<T>, raw: BufferSource): T
  • Creates PKI object from the raw data

    Type Parameters

    Parameters

    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

    Initialized and filled current class object

  • Returns value of pre-defined ASN.1 schema for current class

    asn

    ASN.1 schema

    OCSPResponse ::= SEQUENCE {
       responseStatus         OCSPResponseStatus,
       responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
    
    OCSPResponseStatus ::= ENUMERATED {
       successful            (0),  -- Response has valid confirmations
       malformedRequest      (1),  -- Illegal confirmation request
       internalError         (2),  -- Internal error in issuer
       tryLater              (3),  -- Try again later
       -- (4) is not used
       sigRequired           (5),  -- Must sign the request
       unauthorized          (6)   -- Request unauthorized
    }
    

    Parameters

    Returns any

    ASN.1 schema object

Generated using TypeDoc