-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhighlevel.go
73 lines (69 loc) · 3.16 KB
/
highlevel.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// Copyright (C) 2022 Opsmate, Inc.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the "Software"),
// to deal in the Software without restriction, including without limitation
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
// and/or sell copies of the Software, and to permit persons to whom the
// Software is furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
// THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
// OTHER DEALINGS IN THE SOFTWARE.
//
// Except as contained in this notice, the name(s) of the above copyright
// holders shall not be used in advertising or otherwise to promote the
// sale, use or other dealings in this Software without prior written
// authorization.
package ocsputil
import (
"context"
"crypto/x509"
)
// Given a certificate and its issuer, perform an OCSP check for the certificate and
// return if the certificate was revoked.
//
// cert can be a precertificate, but issuerCert must be the final certificate's issuer,
// not the precertificate's issuer.
//
// If config is nil, a zero-value [Config] is used, which provides
// sensible defaults.
//
// This function is a wrapper around [CreateRequest], [Query], and [CheckResponse].
// See those functions' documentation for details about the behavior.
func CheckCert(ctx context.Context, cert *x509.Certificate, issuerCert *x509.Certificate, config *Config) (revoked bool, info RevocationInfo, err error) {
serverURL, requestBytes, err := CreateRequest(cert, issuerCert)
if err != nil {
return
}
responseBytes, err := Query(ctx, serverURL, requestBytes, config)
if err != nil {
return
}
return CheckResponse(cert, issuerCert, responseBytes)
}
// Given a certificate, its issuer's subject, and its issuer's public key, perform
// an OCSP check for the certificate and return if the certificate was revoked.
//
// cert can be a precertificate, but issuerSubject and issuerPubkeyBytes must be
// from the final certificate's issuer, not the precertificate's issuer.
//
// If config is nil, a zero-value [Config] is used, which provides
// sensible defaults.
//
// This function is a wrapper around [ParseCertificate], [CreateRequest], [Query], and
// [CheckResponse]. See those functions' documentation for details about the behavior.
func CheckRawCert(ctx context.Context, certData []byte, issuerSubject []byte, issuerPubkeyBytes []byte, config *Config) (revoked bool, info RevocationInfo, err error) {
cert, issuerCert, err := ParseCertificate(certData, issuerSubject, issuerPubkeyBytes)
if err != nil {
return
}
return CheckCert(ctx, cert, issuerCert, config)
}