Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNotFound indicates the request OCSP response was not found. It is used to // indicate that the responder should reply with unauthorizedErrorResponse. ErrNotFound = errors.New("Request OCSP Response not found") )
Functions ¶
Types ¶
type CLIHandler ¶
type CLIHandler struct{}
func (*CLIHandler) Auth ¶
func (h *CLIHandler) Auth(c *api.Client, m map[string]string, nonInteractive bool) (*api.Secret, error)
func (*CLIHandler) Help ¶
func (h *CLIHandler) Help() string
type CRLInfo ¶
type CRLInfo struct {
CDP *CDPInfo `json:"cdp" structs:"cdp" mapstructure:"cdp"`
Serials map[string]RevokedSerialInfo `json:"serials" structs:"serials" mapstructure:"serials"`
}
type CertEntry ¶
type CertEntry struct {
tokenutil.TokenParams
Name string
Certificate string
DisplayName string
Policies []string
TTL time.Duration
MaxTTL time.Duration
Period time.Duration
AllowedNames []string
AllowedCommonNames []string
AllowedDNSSANs []string
AllowedEmailSANs []string
AllowedURISANs []string
AllowedOrganizationalUnits []string
RequiredExtensions []string
AllowedMetadataExtensions []string
BoundCIDRs []*sockaddr.SockAddrMarshaler
OcspCaCertificates string
OcspEnabled bool
OcspServersOverride []string
OcspFailOpen bool
OcspQueryAllServers bool
}
type InMemorySource ¶
An InMemorySource is a map from serialNumber -> der(response)
type ParsedCert ¶
type ParsedCert struct {
Entry *CertEntry
Certificates []*x509.Certificate
}
ParsedCert is a certificate that has been configured as trusted
type Responder ¶
type Responder struct {
Source Source
// contains filtered or unexported fields
}
A Responder object provides the HTTP logic to expose a Source of OCSP responses.
func NewResponder ¶
NewResponder instantiates a Responder with the give Source.
func (*Responder) ServeHTTP ¶
func (rs *Responder) ServeHTTP(response http.ResponseWriter, request *http.Request)
A Responder can process both GET and POST requests. The mapping from an OCSP request to an OCSP response is done by the Source; the Responder simply decodes the request, and passes back whatever response is provided by the source. Note: The caller must use http.StripPrefix to strip any path components (including '/') on GET requests. Do not use this responder in conjunction with http.NewServeMux, because the default handler will try to canonicalize path components by changing any strings of repeated '/' into a single '/', which will break the base64 encoding.
type RevokedSerialInfo ¶
type RevokedSerialInfo struct{}
type Source ¶
Source represents the logical source of OCSP responses, i.e., the logic that actually chooses a response based on a request. In order to create an actual responder, wrap one of these in a Responder object and pass it to http.Handle. By default the Responder will set the headers Cache-Control to "max-age=(response.NextUpdate-now), public, no-transform, must-revalidate", Last-Modified to response.ThisUpdate, Expires to response.NextUpdate, ETag to the SHA256 hash of the response, and Content-Type to application/ocsp-response. If you want to override these headers, or set extra headers, your source should return a http.Header with the headers you wish to set. If you don'log want to set any extra headers you may return nil instead.
type Stats ¶
type Stats interface {
ResponseStatus(ocsp.ResponseStatus)
}
Stats is a basic interface that allows users to record information about returned responses
Source Files
Directories