/
main.go
112 lines (93 loc) · 2.53 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package main
import (
"bytes"
"crypto"
"crypto/x509"
"encoding/pem"
"fmt"
"io"
"log"
"net/http"
"os"
"golang.org/x/crypto/ocsp"
)
func readCertificate(file string) (*x509.Certificate, error) {
// Read the certificate file content
fc, err := os.ReadFile(file)
if err != nil {
return nil, err
}
// Decode the PEM file
block, _ := pem.Decode(fc)
if block == nil {
return nil, fmt.Errorf("failed to decode certificate data")
}
// Parse the certificate data
return x509.ParseCertificate(block.Bytes)
}
func main() {
// Parse the certificate data
cert, err := readCertificate("spring.io.pem")
if err != nil {
log.Printf("Failed to read end entity certificate: %s", err)
return
}
// Now read the issuer certificate content.
issuerCert, err := readCertificate("DigiCert TLS RSA SHA256 2020 CA1.pem")
if err != nil {
log.Printf("Failed to read issuer certificate: %s\n", err)
return
}
// Create the OCSP request.
ocspReq, err := ocsp.CreateRequest(cert, issuerCert, &ocsp.RequestOptions{Hash: crypto.SHA256})
if err != nil {
log.Printf("Failed to create OCSP request: %s\n", err)
return
}
// Send the OCSP request.
ocspURLs := cert.OCSPServer
for _, ocspURL := range ocspURLs {
log.Printf("Checking OCSP against %s\n", ocspURL)
// Build the OCSP request.
ocspHTTPReq, err := http.NewRequest(http.MethodPost, ocspURL, bytes.NewBuffer(ocspReq))
if err != nil {
log.Printf("Failed to build OCSP HTTP request: %s\n", err)
continue
}
// Add the necessary headers.
ocspHTTPReq.Header.Add("Content-Type", "application/ocsp-request")
ocspHTTPReq.Header.Add("Accept", "application/ocsp-response")
// Send the OCSP request.
ocspHTTPResp, err := http.DefaultClient.Do(ocspHTTPReq)
if err != nil {
log.Printf("Failed to send OCSP request: %s\n", err)
continue
}
defer ocspHTTPResp.Body.Close()
if ocspHTTPResp.StatusCode != http.StatusOK {
log.Printf("Received HTTP code: %d\n", ocspHTTPResp.StatusCode)
continue
}
// Read the OCSP response.
ocspResp, err := io.ReadAll(ocspHTTPResp.Body)
if err != nil {
log.Printf("Failed to read OCSP response: %s\n", err)
continue
}
// Parse the OCSP response.
resp, err := ocsp.ParseResponse(ocspResp, issuerCert)
if err != nil {
log.Printf("Failed to parse OCSP response: %s\n", err)
continue
}
switch resp.Status {
case ocsp.Good:
log.Println("Certificate status: GOOD")
case ocsp.Revoked:
log.Println("Certificate status: REVOKED")
case ocsp.Unknown:
log.Println("Certificate status: UNKNOWN")
}
return
}
}