responder

package
v0.0.0-...-d6e163c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: MPL-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package responder implements an OCSP HTTP responder based on a generic storage backend.

Index

Constants

This section is empty.

Variables

View Source
var ErrNotFound = errors.New("request OCSP Response not found")

ErrNotFound indicates the request OCSP response was not found. It is used to indicate that the responder should reply with unauthorizedErrorResponse.

Functions

func NewFilterSource

func NewFilterSource(issuerCerts []*issuance.Certificate, serialPrefixes []string, wrapped Source, stats prometheus.Registerer, log blog.Logger, clk clock.Clock) (*filterSource, error)

NewFilterSource returns a filterSource which performs various checks on the OCSP requests sent to the wrapped Source, and the OCSP responses returned by it.

func NewMemorySource

func NewMemorySource(responses map[string]*Response, logger blog.Logger) (*inMemorySource, error)

NewMemorySource returns an initialized InMemorySource which simply looks up responses from an in-memory map based on the serial number in the request.

func NewMemorySourceFromFile

func NewMemorySourceFromFile(responseFile string, logger blog.Logger) (*inMemorySource, error)

NewMemorySourceFromFile reads the named file into an InMemorySource. The file read by this function must contain whitespace-separated OCSP responses. Each OCSP response must be in base64-encoded DER form (i.e., PEM without headers or whitespace). Invalid responses are ignored. This function pulls the entire file into an InMemorySource.

func SampledError

func SampledError(log blog.Logger, sampleRate int, format string, a ...interface{})

Types

type Responder

type Responder struct {
	Source Source
	// contains filtered or unexported fields
}

A Responder object provides an HTTP wrapper around a Source.

func NewResponder

func NewResponder(source Source, timeout time.Duration, stats prometheus.Registerer, logger blog.Logger, sampleRate int) *Responder

NewResponder instantiates a Responder with the give Source.

func (Responder) ServeHTTP

func (rs Responder) ServeHTTP(response http.ResponseWriter, request *http.Request)

ServeHTTP is a Responder that can process both GET and POST requests. The mapping from an OCSP request to an OCSP response is done by the Source; the Responder simply decodes the request, and passes back whatever response is provided by the source. The Responder will set these headers:

Cache-Control: "max-age=(response.NextUpdate-now), public, no-transform, must-revalidate",
Last-Modified: response.ThisUpdate,
Expires: response.NextUpdate,
ETag: the SHA256 hash of the response, and
Content-Type: application/ocsp-response.

Note: The caller must use http.StripPrefix to strip any path components (including '/') on GET requests. Do not use this responder in conjunction with http.NewServeMux, because the default handler will try to canonicalize path components by changing any strings of repeated '/' into a single '/', which will break the base64 encoding.

type Response

type Response struct {
	*ocsp.Response
	Raw []byte
}

Response is a wrapper around the standard library's *ocsp.Response, but it also carries with it the raw bytes of the encoded response.

type Source

type Source interface {
	Response(context.Context, *ocsp.Request) (*Response, error)
}

Source represents the logical source of OCSP responses, i.e., the logic that actually chooses a response based on a request.

Directories

Path Synopsis
Package redis provides a Redis-based OCSP responder.
Package redis provides a Redis-based OCSP responder.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL