// Handle responds to revocation requests. It attempts to revoke // a certificate with a given serial number func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error { body, err := ioutil.ReadAll(r.Body) if err != nil { return err } r.Body.Close() // Default the status to good so it matches the cli var req jsonRevokeRequest err = json.Unmarshal(body, &req) if err != nil { return errors.NewBadRequestString("Unable to parse revocation request") } if len(req.Serial) == 0 { return errors.NewBadRequestString("serial number is required but not provided") } var reasonCode int reasonCode, err = ocsp.ReasonStringToCode(req.Reason) if err != nil { return errors.NewBadRequestString("Invalid reason code") } err = certdb.RevokeCertificate(h.db, req.Serial, reasonCode) result := map[string]string{} return api.SendResponse(w, result) }
func revokeMain(args []string, c cli.Config) (err error) { if len(args) > 0 { return errors.New("argument is provided but not defined; please refer to the usage by flag -h") } if len(c.Serial) == 0 { return errors.New("serial number is required but not provided") } if c.DBConfigFile == "" { return errors.New("need DB config file (provide with -db-config)") } var db *sql.DB db, err = certdb.DBFromConfig(c.DBConfigFile) if err != nil { return err } var reasonCode int reasonCode, err = ocsp.ReasonStringToCode(c.Reason) if err != nil { log.Error("Invalid reason code: ", err) return } err = certdb.RevokeCertificate(db, c.Serial, reasonCode) return }
func TestOCSPRefreshMain(t *testing.T) { db := testdb.SQLiteDB("../../certdb/testdb/certstore_development.db") certPEM, err := ioutil.ReadFile("../../ocsp/testdata/cert.pem") if err != nil { t.Fatal(err) } expirationTime := time.Now().AddDate(1, 0, 0) var cert = &certdb.CertificateRecord{ Serial: "1333308112180215502", // from cert.pem Expiry: expirationTime, PEM: string(certPEM), Status: "good", } err = certdb.InsertCertificate(db, cert) if err != nil { t.Fatal(err) } err = ocsprefreshMain([]string{}, cli.Config{ CAFile: "../../ocsp/testdata/ca.pem", ResponderFile: "../../ocsp/testdata/server.crt", ResponderKeyFile: "../../ocsp/testdata/server.key", DBConfigFile: "../testdata/db-config.json", Interval: helpers.OneDay, }) if err != nil { t.Fatal(err) } var records []*certdb.OCSPRecord records, err = certdb.GetUnexpiredOCSPs(db) if err != nil { t.Fatal("Failed to get OCSP responses") } if len(records) != 1 { t.Fatal("Expected one OCSP response") } var resp *ocsp.Response resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil) if err != nil { t.Fatal("Failed to parse OCSP response") } if resp.Status != ocsp.Good { t.Fatal("Expected cert status 'good'") } err = certdb.RevokeCertificate(db, cert.Serial, ocsp.KeyCompromise) if err != nil { t.Fatal("Failed to revoke certificate") } err = ocsprefreshMain([]string{}, cli.Config{ CAFile: "../../ocsp/testdata/ca.pem", ResponderFile: "../../ocsp/testdata/server.crt", ResponderKeyFile: "../../ocsp/testdata/server.key", DBConfigFile: "../testdata/db-config.json", Interval: helpers.OneDay, }) if err != nil { t.Fatal(err) } records, err = certdb.GetUnexpiredOCSPs(db) if err != nil { t.Fatal("Failed to get OCSP responses") } if len(records) != 1 { t.Fatal("Expected one OCSP response") } resp, err = ocsp.ParseResponse([]byte(records[0].Body), nil) if err != nil { t.Fatal("Failed to parse OCSP response") } if resp.Status != ocsp.Revoked { t.Fatal("Expected cert status 'revoked'") } }