40 lines
1 KiB
Go
40 lines
1 KiB
Go
package crt
|
|
|
|
import (
|
|
"bytes"
|
|
"database/sql"
|
|
|
|
"github.com/jasinco/crtman/internal/store"
|
|
"golang.org/x/crypto/ocsp"
|
|
)
|
|
|
|
func CheckValid(req *ocsp.Request) sql.Null[ocsp.Response] {
|
|
var response ocsp.Response
|
|
response.Status = ocsp.Revoked
|
|
if !req.HashAlgorithm.Available() {
|
|
return sql.Null[ocsp.Response]{Valid: false}
|
|
}
|
|
|
|
leaf := store.GetLeafCert(req.SerialNumber)
|
|
if !leaf.Valid {
|
|
return sql.Null[ocsp.Response]{Valid: false}
|
|
}
|
|
|
|
hasher := req.HashAlgorithm.New()
|
|
valid_issuer_dn := bytes.Equal(hasher.Sum(leaf.V.Cert.RawIssuer), req.IssuerKeyHash)
|
|
hasher.Reset()
|
|
valid_issuer_key := bytes.Equal(hasher.Sum(leaf.V.Cert.RawSubjectPublicKeyInfo), req.IssuerKeyHash)
|
|
|
|
if !(valid_issuer_dn && valid_issuer_key) {
|
|
response.Status = ocsp.Unknown
|
|
}
|
|
response.SerialNumber = req.SerialNumber
|
|
|
|
if !leaf.V.RevokeAt.Valid {
|
|
response.Status = ocsp.Good
|
|
} else {
|
|
response.RevokedAt = leaf.V.RevokeAt.Time
|
|
response.RevocationReason = int(leaf.V.RevokeReason.Int16)
|
|
}
|
|
return sql.Null[ocsp.Response]{Valid: true, V: response}
|
|
}
|