本文整理汇总了Golang中golang.org/x/crypto/ocsp.Response类的典型用法代码示例。如果您正苦于以下问题:Golang Response类的具体用法?Golang Response怎么用?Golang Response使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Response类的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: Verify
func (tcc *TLSClientConfig) Verify(conn *tls.Conn) (*TLSState, error) {
var ocsprep *ocsp.Response
var der []byte
var err error
res := new(TLSState)
cstate := conn.ConnectionState()
res.SNIExist = (tcc.SNI != "")
res.PKPExist = (tcc.PKPs != nil && len(tcc.PKPs) > 0)
if cstate.OCSPResponse != nil {
ocsprep, err = ocsp.ParseResponse(cstate.OCSPResponse, nil)
if err != nil {
return nil, err
}
res.OCSPExist = true
res.OCSPValid = (ocsprep.Status == ocsp.Good)
res.OCSPUnknown = (ocsprep.Status == ocsp.Unknown)
}
for _, peercert := range cstate.PeerCertificates {
der, err = x509.MarshalPKIXPublicKey(peercert.PublicKey)
if err != nil {
return nil, err
}
if res.SNIExist && !res.SNIValid && peercert.VerifyHostname(tcc.SNI) == nil {
res.SNIValid = true
}
if res.OCSPValid && !res.OCSPChecked && ocsprep.CheckSignatureFrom(peercert) == nil {
res.OCSPChecked = true
}
rawhash := sha256.Sum256(der)
hash := base64.StdEncoding.EncodeToString(rawhash[:])
if res.PKPExist {
res.PKPCerts++
valid, ok := tcc.PKPs[hash]
switch {
case ok && valid:
res.PKPValid++
case ok && !valid:
res.PKPInvalid++
}
}
}
return res, nil
}
开发者ID:nathanaelle,项目名称:pasnet,代码行数:52,代码来源:tls.go
示例2: Sign
// Sign is used with an OCSP signer to request the issuance of
// an OCSP response.
func (s StandardSigner) Sign(req SignRequest) ([]byte, error) {
if req.Certificate == nil {
return nil, cferr.New(cferr.OCSPError, cferr.ReadFailed)
}
// Verify that req.Certificate is issued under s.issuer
if bytes.Compare(req.Certificate.RawIssuer, s.issuer.RawSubject) != 0 {
return nil, cferr.New(cferr.OCSPError, cferr.IssuerMismatch)
}
if req.Certificate.CheckSignatureFrom(s.issuer) != nil {
return nil, cferr.New(cferr.OCSPError, cferr.IssuerMismatch)
}
// Round thisUpdate times down to the nearest hour
thisUpdate := time.Now().Truncate(time.Hour)
nextUpdate := thisUpdate.Add(s.interval)
status, ok := StatusCode[req.Status]
if !ok {
return nil, cferr.New(cferr.OCSPError, cferr.InvalidStatus)
}
// If the OCSP responder is the same as the issuer, there is no need to
// include any certificate in the OCSP response, which decreases the byte size
// of OCSP responses dramatically.
certificate := s.responder
if s.issuer == s.responder || bytes.Equal(s.issuer.Raw, s.responder.Raw) {
certificate = nil
}
template := ocsp.Response{
Status: status,
SerialNumber: req.Certificate.SerialNumber,
ThisUpdate: thisUpdate,
NextUpdate: nextUpdate,
Certificate: certificate,
ExtraExtensions: req.Extensions,
IssuerHash: req.IssuerHash,
}
if status == ocsp.Revoked {
template.RevokedAt = req.RevokedAt
template.RevocationReason = req.Reason
}
return ocsp.CreateResponse(s.issuer, s.responder, template, s.key)
}
开发者ID:jfrazelle,项目名称:cfssl,代码行数:49,代码来源:ocsp.go
示例3: Sign
// Sign is used with an OCSP signer to request the issuance of
// an OCSP response.
func (s StandardSigner) Sign(req SignRequest) ([]byte, error) {
if req.Certificate == nil {
return nil, cferr.New(cferr.OCSPError, cferr.ReadFailed)
}
// Verify that req.Certificate is issued under s.issuer
if bytes.Compare(req.Certificate.RawIssuer, s.issuer.RawSubject) != 0 {
return nil, cferr.New(cferr.OCSPError, cferr.IssuerMismatch)
}
if req.Certificate.CheckSignatureFrom(s.issuer) != nil {
return nil, cferr.New(cferr.OCSPError, cferr.IssuerMismatch)
}
// Round thisUpdate times down to the nearest hour
thisUpdate := time.Now().Truncate(time.Hour)
nextUpdate := thisUpdate.Add(s.interval)
status, ok := statusCode[req.Status]
if !ok {
return nil, cferr.New(cferr.OCSPError, cferr.InvalidStatus)
}
template := ocsp.Response{
Status: status,
SerialNumber: req.Certificate.SerialNumber,
ThisUpdate: thisUpdate,
NextUpdate: nextUpdate,
Certificate: s.responder,
}
if status == ocsp.Revoked {
template.RevokedAt = req.RevokedAt
template.RevocationReason = req.Reason
}
return ocsp.CreateResponse(s.issuer, s.responder, template, s.key)
}
开发者ID:BugRoger,项目名称:cfssl,代码行数:39,代码来源:ocsp.go
示例4: DialerTLS
// TODO Security Issue : this code was audited 0 time
func (db *HTTPDB) DialerTLS(network, addr string) (conn net.Conn, err error) {
var ocsprep *ocsp.Response
certok := false
hostok := false
ocspok := false
c, err := tls.Dial(network, addr, db.tlsconfig)
if err != nil {
return c, err
}
cstate := c.ConnectionState()
if cstate.OCSPResponse != nil {
ocsprep, err = ocsp.ParseResponse(cstate.OCSPResponse, nil)
if err != nil {
return nil, err
}
switch ocsprep.Status {
case ocsp.Good, ocsp.Unknown:
default:
return nil, errors.New(fmt.Sprintf("invalid OCSP"))
}
}
for _, peercert := range cstate.PeerCertificates {
der, err := x509.MarshalPKIXPublicKey(peercert.PublicKey)
if err != nil {
return nil, err
}
if !hostok && peercert.VerifyHostname(db.sni) == nil {
hostok = true
}
if ocsprep != nil && !ocspok && ocsprep.CheckSignatureFrom(peercert) == nil {
ocspok = true
}
rawhash := sha256.Sum256(der)
hash := base64.StdEncoding.EncodeToString(rawhash[:])
if valid, ok := db.hpkp[hash]; !certok && ok && valid {
certok = true
}
}
if len(db.hpkp) > 0 && !certok {
return nil, errors.New(fmt.Sprintf("invalid HPKP"))
}
if !hostok {
return nil, errors.New(fmt.Sprintf("invalid SNI"))
}
if ocsprep != nil && !ocspok {
return nil, errors.New(fmt.Sprintf("invalid OCSP"))
}
return c, nil
}
开发者ID:nathanaelle,项目名称:shitenno,代码行数:64,代码来源:backend_api.go
注:本文中的golang.org/x/crypto/ocsp.Response类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论