Module: Mongo::Socket::OcspCache Private
- Defined in:
- build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb
Overview
This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.
This module caches OCSP responses for their indicated validity time.
The key is the CertificateId used for the OCSP request. The value is the SingleResponse.
Class Method Summary collapse
-
.clear ⇒ Object
private
Clears the driver’s OCSP response cache.
- .delete(cert_id) ⇒ Object private
-
.get(cert_id) ⇒ OpenSSL::OCSP::SingleResponse
private
Retrieves a cached SingleResponse for the specified CertificateId.
- .responses ⇒ Object private
- .set(cert_id, response) ⇒ Object private
Class Method Details
.clear ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Use Mongo.clear_ocsp_cache from applications instead of invoking this method directly.
Clears the driver’s OCSP response cache.
84 85 86 |
# File 'build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb', line 84 module_function def clear responses.replace([]) end |
.delete(cert_id) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
74 75 76 77 78 |
# File 'build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb', line 74 module_function def delete(cert_id) responses.delete_if do |resp| resp.certid.cmp(cert_id) end end |
.get(cert_id) ⇒ OpenSSL::OCSP::SingleResponse
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Retrieves a cached SingleResponse for the specified CertificateId.
This method may return expired responses if they are revoked. Such responses were valid when they were first received.
This method may also return responses that are valid but that may expire by the time caller uses them. The caller should not perform update time checks on the returned response.
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb', line 44 module_function def get(cert_id) resp = responses.detect do |resp| resp.certid.cmp(cert_id) end if resp # Only expire responses with good status. # Once a certificate is revoked, it should stay revoked forever, # hence we should be able to cache revoked responses indefinitely. if resp.cert_status == OpenSSL::OCSP::V_CERTSTATUS_GOOD && resp.next_update < Time.now then responses.delete(resp) resp = nil end end # If we have connected to a server and cached the OCSP response for it, # and then never connect to that server again, the cached OCSP response # is going to remain in memory indefinitely. Periodically remove all # expired OCSP responses, not just the ones matching the certificate id # we are querying by. if rand < 0.01 responses.delete_if do |resp| resp.next_update < Time.now end end resp end |
.responses ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
92 93 94 95 96 |
# File 'build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb', line 92 module_function def responses LOCK.synchronize do @responses ||= [] end end |
.set(cert_id, response) ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
28 29 30 31 |
# File 'build/ruby-driver-v2.19/lib/mongo/socket/ocsp_cache.rb', line 28 module_function def set(cert_id, response) delete(cert_id) responses << response end |