responder

package
v0.0.0-...-0e5e1e9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2024 License: MPL-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package responder implements an OCSP HTTP responder based on a generic storage backend.

Index

Constants

This section is empty.

Variables

View Source 
var ErrNotFound = errors.New("request OCSP Response not found")

ErrNotFound indicates the request OCSP response was not found. It is used to indicate that the responder should reply with unauthorizedErrorResponse.

Functions

func NewFilterSource 

func NewFilterSource(issuerCerts []*issuance.Certificate, serialPrefixes []string, wrapped Source, stats prometheus.Registerer, log blog.Logger, clk clock.Clock) (*filterSource, error)

NewFilterSource returns a filterSource which performs various checks on the OCSP requests sent to the wrapped Source, and the OCSP responses returned by it.

func NewMemorySource 

func NewMemorySource(responses map[string]*Response, logger blog.Logger) (*inMemorySource, error)

NewMemorySource returns an initialized InMemorySource which simply looks up responses from an in-memory map based on the serial number in the request.

func NewMemorySourceFromFile 

func NewMemorySourceFromFile(responseFile string, logger blog.Logger) (*inMemorySource, error)

NewMemorySourceFromFile reads the named file into an InMemorySource. The file read by this function must contain whitespace-separated OCSP responses. Each OCSP response must be in base64-encoded DER form (i.e., PEM without headers or whitespace). Invalid responses are ignored. This function pulls the entire file into an InMemorySource.

func SampledError 

func SampledError(log blog.Logger, sampleRate int, format string, a ...interface{})

Types

type Responder 

type Responder struct {
	Source Source
	// contains filtered or unexported fields
}

A Responder object provides an HTTP wrapper around a Source.

func NewResponder 

func NewResponder(source Source, timeout time.Duration, stats prometheus.Registerer, logger blog.Logger, sampleRate int) *Responder

NewResponder instantiates a Responder with the give Source.

func (Responder) ServeHTTP 

func (rs Responder) ServeHTTP(response http.ResponseWriter, request *http.Request)

ServeHTTP is a Responder that can process both GET and POST requests. The mapping from an OCSP request to an OCSP response is done by the Source; the Responder simply decodes the request, and passes back whatever response is provided by the source. The Responder will set these headers: 

Cache-Control: "max-age=(response.NextUpdate-now), public, no-transform, must-revalidate",
Last-Modified: response.ThisUpdate,
Expires: response.NextUpdate,
ETag: the SHA256 hash of the response, and
Content-Type: application/ocsp-response.

Note: The caller must use http.StripPrefix to strip any path components (including '/') on GET requests. Do not use this responder in conjunction with http.NewServeMux, because the default handler will try to canonicalize path components by changing any strings of repeated '/' into a single '/', which will break the base64 encoding.

type Response 

type Response struct {
	*ocsp.Response
	Raw []byte
}

Response is a wrapper around the standard library's *ocsp.Response, but it also carries with it the raw bytes of the encoded response.

type Source 

type Source interface {
	Response(context.Context, *ocsp.Request) (*Response, error)
}

Source represents the logical source of OCSP responses, i.e., the logic that actually chooses a response based on a request.

Source Files

View all Source files

Directories

Path Synopsis
Package redis provides a Redis-based OCSP responder.
 Package redis provides a Redis-based OCSP responder.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.