56 lines
1.1 KiB
Go
56 lines
1.1 KiB
Go
package web
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"io"
|
|
"log"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/jasinco/crtman/internal/crt"
|
|
"github.com/jasinco/crtman/internal/store"
|
|
"golang.org/x/crypto/ocsp"
|
|
)
|
|
|
|
// comply to https://datatracker.ietf.org/doc/html/rfc6960#appendix-A
|
|
func ocsp_handling(c *gin.Context) {
|
|
var req_bin []byte
|
|
var err error
|
|
if c.Request.Method == "GET" {
|
|
b64_req := c.Param("req")
|
|
req_bin, err = base64.RawURLEncoding.DecodeString(b64_req)
|
|
if err != nil {
|
|
c.Status(400)
|
|
return
|
|
}
|
|
} else {
|
|
req_bin, err = io.ReadAll(c.Request.Body)
|
|
if err != nil {
|
|
c.Status(400)
|
|
return
|
|
}
|
|
}
|
|
req, err := ocsp.ParseRequest(req_bin)
|
|
if err != nil {
|
|
c.Status(400)
|
|
return
|
|
}
|
|
result := crt.CheckValid(req)
|
|
if !result.Valid {
|
|
c.Status(400)
|
|
return
|
|
}
|
|
ca, err := x509.ParseCertificate(store.RootCA)
|
|
if err != nil {
|
|
log.Println(err)
|
|
c.Status(500)
|
|
return
|
|
}
|
|
response, err := ocsp.CreateResponse(ca, ca, result.V, store.RootCAKey)
|
|
if err != nil {
|
|
log.Println(err)
|
|
c.Status(500)
|
|
return
|
|
}
|
|
c.Data(200, "application/ocsp-response", response)
|
|
}
|