Ruby Timestamp模块用法及代码示例

提供类和方法来请求、创建和验证RFC3161-compliant 时间戳。 Request 可用于从头开始创建请求或解析现有请求，这些请求可再次用于从时间戳服务器请求时间戳，例如通过网络/http。可以使用 Response 解析生成的时间戳响应。

请注意， Response 是只读且不可变的。要创建 Response ，需要 Factory 的实例以及有效的 Request 。

创建响应：

#Assumes ts.p12 is a PKCS#12-compatible file with a private key
#and a certificate that has an extended key usage of 'timeStamping'
p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd')
md = OpenSSL::Digest.new('SHA1')
hash = md.digest(data) #some binary data to be timestamped
req = OpenSSL::Timestamp::Request.new
req.algorithm = 'SHA1'
req.message_imprint = hash
req.policy_id = "1.2.3.4.5"
req.nonce = 42
fac = OpenSSL::Timestamp::Factory.new
fac.gen_time = Time.now
fac.serial_number = 1
timestamp = fac.create_timestamp(p12.key, p12.certificate, req)

验证时间戳响应：

#Assume we have a timestamp token in a file called ts.der
ts = OpenSSL::Timestamp::Response.new(File.binread('ts.der'))
#Assume we have the Request for this token in a file called req.der
req = OpenSSL::Timestamp::Request.new(File.binread('req.der'))
# Assume the associated root CA certificate is contained in a
# DER-encoded file named root.cer
root = OpenSSL::X509::Certificate.new(File.binread('root.cer'))
# get the necessary intermediate certificates, available in
# DER-encoded form in inter1.cer and inter2.cer
inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer'))
inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer'))
ts.verify(req, root, inter1, inter2) -> ts or raises an exception if validation fails