-
-
Notifications
You must be signed in to change notification settings - Fork 586
/
inmem_source.go
78 lines (68 loc) · 2.39 KB
/
inmem_source.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package responder
import (
"context"
"encoding/base64"
"os"
"regexp"
blog "github.com/letsencrypt/boulder/log"
"golang.org/x/crypto/ocsp"
)
// inMemorySource wraps a map from serialNumber to Response and just looks up
// Responses from that map with no safety checks. Useful for testing.
type inMemorySource struct {
responses map[string]*Response
log blog.Logger
}
// NewMemorySource returns an initialized InMemorySource which simply looks up
// responses from an in-memory map based on the serial number in the request.
func NewMemorySource(responses map[string]*Response, logger blog.Logger) (*inMemorySource, error) {
return &inMemorySource{
responses: responses,
log: logger,
}, nil
}
// NewMemorySourceFromFile reads the named file into an InMemorySource.
// The file read by this function must contain whitespace-separated OCSP
// responses. Each OCSP response must be in base64-encoded DER form (i.e.,
// PEM without headers or whitespace). Invalid responses are ignored.
// This function pulls the entire file into an InMemorySource.
func NewMemorySourceFromFile(responseFile string, logger blog.Logger) (*inMemorySource, error) {
fileContents, err := os.ReadFile(responseFile)
if err != nil {
return nil, err
}
responsesB64 := regexp.MustCompile(`\s`).Split(string(fileContents), -1)
responses := make(map[string]*Response, len(responsesB64))
for _, b64 := range responsesB64 {
// if the line/space is empty just skip
if b64 == "" {
continue
}
der, tmpErr := base64.StdEncoding.DecodeString(b64)
if tmpErr != nil {
logger.Errf("Base64 decode error %s on: %s", tmpErr, b64)
continue
}
response, tmpErr := ocsp.ParseResponse(der, nil)
if tmpErr != nil {
logger.Errf("OCSP decode error %s on: %s", tmpErr, b64)
continue
}
responses[response.SerialNumber.String()] = &Response{
Response: response,
Raw: der,
}
}
logger.Infof("Read %d OCSP responses", len(responses))
return NewMemorySource(responses, logger)
}
// Response looks up an OCSP response to provide for a given request.
// InMemorySource looks up a response purely based on serial number,
// without regard to what issuer the request is asking for.
func (src inMemorySource) Response(_ context.Context, request *ocsp.Request) (*Response, error) {
response, present := src.responses[request.SerialNumber.String()]
if !present {
return nil, ErrNotFound
}
return response, nil
}