// refreshResponse fetches and verifies a response and replaces
// the current response if it is valid and newer
func (e *Entry) refreshResponse(ctx context.Context, stableBackings []scache.Cache, client *http.Client) error {
if !e.timeToUpdate() {
return nil
}
resp, respBytes, eTag, maxAge, err := stapledOCSP.Fetch(
ctx,
e.log,
e.responders,
client,
e.request,
e.eTag,
e.issuer,
)
if err != nil {
return err
}
e.mu.RLock()
if resp == nil || bytes.Compare(respBytes, e.response) == 0 {
e.mu.RUnlock()
e.info("Response hasn't changed since last sync")
e.updateResponse(eTag, maxAge, nil, nil, stableBackings)
return nil
}
e.mu.RUnlock()
err = stapledOCSP.VerifyResponse(e.clk.Now(), e.serial, resp)
if err != nil {
return err
}
e.updateResponse(eTag, maxAge, resp, respBytes, stableBackings)
e.info("Response has been refreshed")
return nil
}
// Read reads a OCSP response from disk
func (dc *DiskCache) Read(name string, serial *big.Int, issuer *x509.Certificate) (*ocsp.Response, []byte) {
name = path.Join(dc.path, name) + ".resp"
response, err := ioutil.ReadFile(name)
if err != nil && !os.IsNotExist(err) {
dc.failer.Fail(dc.logger, fmt.Sprintf("[disk-cache] Failed to read response from '%s': %s", name, err))
return nil, nil
} else if err != nil {
return nil, nil // no file exists yet
}
parsed, err := ocsp.ParseResponse(response, issuer)
if err != nil {
dc.failer.Fail(dc.logger, fmt.Sprintf("[disk-cache] Failed to parse response from '%s': %s", name, err))
return nil, nil
}
err = stapledOCSP.VerifyResponse(dc.clk.Now(), serial, parsed)
if err != nil {
dc.failer.Fail(dc.logger, fmt.Sprintf("[disk-cache] Failed to verify response from '%s': %s", name, err))
return nil, nil
}
dc.logger.Info("[disk-cache] Loaded valid response from '%s'", name)
return parsed, response
}