func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Reason, rac core.RegistrationAuthority, logger blog.Logger, tx *gorp.Transaction) (err error) { if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 { panic(fmt.Sprintf("Invalid reason code: %d", reasonCode)) } certObj, err := sa.SelectCertificate(tx, "WHERE serial = ?", serial) if err == sql.ErrNoRows { return core.NotFoundError(fmt.Sprintf("No certificate found for %s", serial)) } if err != nil { return err } cert, err := x509.ParseCertificate(certObj.DER) if err != nil { return } u, err := user.Current() err = rac.AdministrativelyRevokeCertificate(ctx, *cert, reasonCode, u.Username) if err != nil { return } logger.Info(fmt.Sprintf("Revoked certificate %s with reason '%s'", serial, revocation.ReasonToString[reasonCode])) return }
func (updater *OCSPUpdater) generateResponse(ctx context.Context, status core.CertificateStatus) (*core.CertificateStatus, error) { cert, err := sa.SelectCertificate( updater.dbMap, "WHERE serial = ?", status.Serial, ) if err != nil { return nil, err } _, err = x509.ParseCertificate(cert.DER) if err != nil { return nil, err } signRequest := core.OCSPSigningRequest{ CertDER: cert.DER, Reason: status.RevokedReason, Status: string(status.Status), RevokedAt: status.RevokedDate, } ocspResponse, err := updater.cac.GenerateOCSP(ctx, signRequest) if err != nil { return nil, err } status.OCSPLastUpdated = updater.clk.Now() status.OCSPResponse = ocspResponse // Purge OCSP response from CDN, gated on client having been initialized if updater.ccu != nil { go updater.sendPurge(cert.DER) } return &status, nil }