OCSPServer Class
Properties Methods Events Configuration Settings Errors
The OCSPServer class provides the functionality of an HTTP-based OCSP server.
Syntax
class secureblackbox.OCSPServer
Remarks
Use this class to quickly set up a working HTTP-based OCSP server.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
active | Indicates whether the server is active and is listening to new connections. |
auth_basic | Enables or disables basic authentication. |
auth_digest | Enables or disables digest authentication. |
auth_digest_expire | Specifies digest expiration time for digest authentication. |
auth_realm | Specifies authentication realm for digest and NTLM authentication. |
bad_entry_count | The number of records in the BadEntry arrays. |
bad_entry_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
bound_port | Indicates the bound listening port. |
ca_cert_bytes | Returns raw certificate data in DER format. |
ca_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
endpoint | The virtual path that the server recognizes as the OCSP serving endpoint. |
error_origin | Indicates the endpoint where the error originates from. |
error_severity | The severity of the error that happened. |
external_crypto_custom_params | Custom parameters to be passed to the signing service (uninterpreted). |
external_crypto_data | Additional data to be included in the async state and mirrored back by the requestor. |
external_crypto_external_hash_calculation | Specifies whether the message hash is to be calculated at the external endpoint. |
external_crypto_hash_algorithm | Specifies the request's signature hash algorithm. |
external_crypto_key_id | The ID of the pre-shared key used for DC request authentication. |
external_crypto_key_secret | The pre-shared key used for DC request authentication. |
external_crypto_method | Specifies the asynchronous signing method. |
external_crypto_mode | Specifies the external cryptography mode. |
external_crypto_public_key_algorithm | Provide public key algorithm here if the certificate is not available on the pre-signing stage. |
good_entry_count | The number of records in the GoodEntry arrays. |
good_entry_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
host | The host to bind the listening port to. |
pinned_cert_count | The number of records in the PinnedCert arrays. |
pinned_cert_bytes | Returns raw certificate data in DER format. |
pinned_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
pinned_client_address | The client's IP address. |
pinned_client_chain_validation_details | The details of a certificate chain validation outcome. |
pinned_client_chain_validation_result | The outcome of a certificate chain validation routine. |
pinned_client_ciphersuite | The cipher suite employed by this connection. |
pinned_client_client_authenticated | Specifies whether client authentication was performed during this connection. |
pinned_client_digest_algorithm | The digest algorithm used in a TLS-enabled connection. |
pinned_client_encryption_algorithm | The symmetric encryption algorithm used in a TLS-enabled connection. |
pinned_client_id | The client connection's unique identifier. |
pinned_client_key_exchange_algorithm | The key exchange algorithm used in a TLS-enabled connection. |
pinned_client_key_exchange_key_bits | The length of the key exchange key of a TLS-enabled connection. |
pinned_client_named_ec_curve | The elliptic curve used in this connection. |
pinned_client_pfs_cipher | Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS). |
pinned_client_port | The remote port of the client connection. |
pinned_client_public_key_bits | The length of the public key. |
pinned_client_resumed_session | Indicates whether a TLS-enabled connection was spawned from another TLS connection. |
pinned_client_secure_connection | Indicates whether TLS or SSL is enabled for this connection. |
pinned_client_signature_algorithm | The signature algorithm used in a TLS handshake. |
pinned_client_symmetric_block_size | The block size of the symmetric algorithm used. |
pinned_client_symmetric_key_bits | The key length of the symmetric algorithm used. |
pinned_client_total_bytes_received | The total number of bytes received over this connection. |
pinned_client_total_bytes_sent | The total number of bytes sent over this connection. |
pinned_client_validation_log | Contains the server certificate's chain validation log. |
pinned_client_version | Indicates the version of SSL/TLS protocol negotiated during this connection. |
pinned_client_cert_count | The number of records in the PinnedClientCert arrays. |
pinned_client_cert_bytes | Returns raw certificate data in DER format. |
pinned_client_cert_ca_key_id | A unique identifier (fingerprint) of the CA certificate's private key. |
pinned_client_cert_fingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
pinned_client_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
pinned_client_cert_issuer | The common name of the certificate issuer (CA), typically a company name. |
pinned_client_cert_issuer_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
pinned_client_cert_key_algorithm | Specifies the public key algorithm of this certificate. |
pinned_client_cert_key_bits | Returns the length of the public key. |
pinned_client_cert_key_fingerprint | Returns a fingerprint of the public key contained in the certificate. |
pinned_client_cert_key_usage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
pinned_client_cert_public_key_bytes | Contains the certificate's public key in DER format. |
pinned_client_cert_self_signed | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
pinned_client_cert_serial_number | Returns the certificate's serial number. |
pinned_client_cert_sig_algorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
pinned_client_cert_subject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
pinned_client_cert_subject_key_id | Contains a unique identifier (fingerprint) of the certificate's private key. |
pinned_client_cert_subject_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
pinned_client_cert_valid_from | The time point at which the certificate becomes valid, in UTC. |
pinned_client_cert_valid_to | The time point at which the certificate expires, in UTC. |
port | Specifies the port number to listen for connections on. |
port_range_from | Specifies the lower limit of the listening port range for incoming connections. |
port_range_to | Specifies the upper limit of the listening port range for incoming connections. |
server_cert_count | The number of records in the ServerCert arrays. |
server_cert_bytes | Returns raw certificate data in DER format. |
server_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
signing_cert_bytes | Returns raw certificate data in DER format. |
signing_cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
socket_incoming_speed_limit | The maximum number of bytes to read from the socket, per second. |
socket_local_address | The local network interface to bind the socket to. |
socket_local_port | The local port number to bind the socket to. |
socket_outgoing_speed_limit | The maximum number of bytes to write to the socket, per second. |
socket_timeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
socket_use_i_pv6 | Enables or disables IP protocol version 6. |
tls_auto_validate_certificates | Specifies whether server-side TLS certificates should be validated automatically using internal validation rules. |
tls_base_configuration | Selects the base configuration for the TLS settings. |
tls_ciphersuites | A list of ciphersuites separated with commas or semicolons. |
tlsec_curves | Defines the elliptic curves to enable. |
tls_force_resume_if_destination_changes | Whether to force TLS session resumption when the destination address changes. |
tls_pre_shared_identity | Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated. |
tls_pre_shared_key | Contains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16. |
tls_pre_shared_key_ciphersuite | Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation. |
tls_renegotiation_attack_prevention_mode | Selects renegotiation attack prevention mechanism. |
tls_revocation_check | Specifies the kind(s) of revocation check to perform. |
tlsssl_options | Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size. |
tlstls_mode | Specifies the TLS mode to use. |
tls_use_extended_master_secret | Enables Extended Master Secret Extension, as defined in RFC 7627. |
tls_use_session_resumption | Enables or disables TLS session resumption capability. |
tls_versions | Th SSL/TLS versions to enable by default. |
update_period | The server's information update period. |
user_count | The number of records in the User arrays. |
user_associated_data | Contains the user's Associated Data when SSH AEAD (Authenticated Encryption with Associated Data) algorithm is used. |
user_base_path | Base path for this user in the server's file system. |
user_cert | Contains the user's certificate. |
user_data | Contains uninterpreted user-defined data that should be associated with the user account, such as comments or custom settings. |
user_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
user_hash_algorithm | Specifies the hash algorithm used to generate TOTP (Time-based One-Time Passwords) passwords for this user. |
user_incoming_speed_limit | Specifies the incoming speed limit for this user. |
user_outgoing_speed_limit | Specifies the outgoing speed limit for this user. |
user_password | The user's authentication password. |
user_shared_secret | Contains the user's secret key, which is essentially a shared secret between the client and server. |
user_username | The registered name (login) of the user. |
use_tls | Enables or disables the TLS requirement. |
website_name | Specifies the web site name to use in the certificate. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
config | Sets or retrieves a configuration setting. |
drop_client | Terminates a client connection. |
get_request_bytes | Returns the contents of the client's HTTP request. |
get_request_header | Returns a request header value. |
get_request_username | Returns the username for a connection. |
import_bad_certificates | Imports revoked certificates. |
import_good_certificates | Imports good certificates. |
list_clients | Enumerates the connected clients. |
pin_client | Takes a snapshot of the connection's properties. |
process_generic_request | Processes a generic OCSP status request. |
start | Starts the server. |
stop | Stops the server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
on_accept | Reports an incoming connection. |
on_auth_attempt | Fires when a connected client makes an authentication attempt. |
on_certificate_validate | Fires when a client certificate needs to be validated. |
on_connect | Reports an accepted connection. |
on_disconnect | Fires to report a disconnected client. |
on_error | Information about errors during data delivery. |
on_external_sign | Handles remote or external signing initiated by the server protocol. |
on_notification | This event notifies the application about an underlying control flow event. |
on_status_request | Requests a certificate status from the application. |
on_tls_established | Reports the setup of a TLS session. |
on_tlspsk | Requests a pre-shared key for TLS-PSK. |
on_tls_shutdown | Reports closure of a TLS session. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
AllowOptionsResponseWithoutAuth | Enables unauthenticated responses to OPTIONS requests. |
ClientAuth | Enables or disables certificate-based client authentication. |
DualStack | Allows the use of ip4 and ip6 simultaneously. |
HomePage | Specifies the home page resource name. |
Host | The host to bind to. |
RequestFilter | The request string modifier. |
ServerSSLDHKeyLength | Sets the size of the TLS DHE key exchange group. |
TLSExtensions | Provides access to TLS extensions. |
WebsiteName | The website name for the TLS certificate. |
CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
LogDestination | Specifies the debug log destination. |
LogDetails | Specifies the debug log details to dump. |
LogFile | Specifies the debug log filename. |
LogFilters | Specifies the debug log filters. |
LogFlushMode | Specifies the log flush mode. |
LogLevel | Specifies the debug log level. |
LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
LogRotationMode | Specifies the log rotation mode. |
MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
UseSystemRandom | Enables or disables the use of the OS PRNG. |