func (updater *OCSPUpdater) generateRevokedResponse(status core.CertificateStatus) (*core.CertificateStatus, error) {
cert, err := updater.sac.GetCertificate(status.Serial)
if err != nil {
return nil, err
}
signRequest := core.OCSPSigningRequest{
CertDER: cert.DER,
Status: string(core.OCSPStatusRevoked),
Reason: status.RevokedReason,
RevokedAt: status.RevokedDate,
}
ocspResponse, err := updater.cac.GenerateOCSP(signRequest)
if err != nil {
return nil, err
}
now := updater.clk.Now()
status.OCSPLastUpdated = now
status.OCSPResponse = ocspResponse
// Purge OCSP response from CDN, gated on client having been initialized
if updater.ccu != nil {
go updater.sendPurge(cert.DER)
}
return &status, nil
}
func (updater *OCSPUpdater) generateResponse(status core.CertificateStatus) (*core.CertificateStatus, error) {
var cert core.Certificate
err := updater.dbMap.SelectOne(
&cert,
"SELECT * FROM certificates WHERE serial = :serial",
map[string]interface{}{"serial": status.Serial},
)
if err != nil {
return nil, err
}
_, err = x509.ParseCertificate(cert.DER)
if err != nil {
return nil, err
}
signRequest := core.OCSPSigningRequest{
CertDER: cert.DER,
Reason: status.RevokedReason,
Status: string(status.Status),
RevokedAt: status.RevokedDate,
}
ocspResponse, err := updater.cac.GenerateOCSP(signRequest)
if err != nil {
return nil, err
}
status.OCSPLastUpdated = updater.clk.Now()
status.OCSPResponse = ocspResponse
return &status, nil
}
func (updater *OCSPUpdater) generateResponse(ctx context.Context, status core.CertificateStatus) (*core.CertificateStatus, error) {
var cert core.Certificate
err := updater.dbMap.SelectOne(
&cert,
"SELECT * FROM certificates WHERE serial = :serial",
map[string]interface{}{"serial": status.Serial},
)
if err != nil {
return nil, err
}
_, err = x509.ParseCertificate(cert.DER)
if err != nil {
return nil, err
}
signRequest := core.OCSPSigningRequest{
CertDER: cert.DER,
Reason: status.RevokedReason,
Status: string(status.Status),
RevokedAt: status.RevokedDate,
}
ocspResponse, err := updater.cac.GenerateOCSP(ctx, signRequest)
if err != nil {
return nil, err
}
status.OCSPLastUpdated = updater.clk.Now()
status.OCSPResponse = ocspResponse
// Purge OCSP response from CDN, gated on client having been initialized
if updater.ccu != nil {
go updater.sendPurge(cert.DER)
}
return &status, nil
}
func (updater *OCSPUpdater) generateRevokedResponse(status core.CertificateStatus) (*core.CertificateStatus, error) {
cert, err := updater.sac.GetCertificate(status.Serial)
if err != nil {
return nil, err
}
signRequest := core.OCSPSigningRequest{
CertDER: cert.DER,
Status: string(core.OCSPStatusRevoked),
Reason: status.RevokedReason,
RevokedAt: status.RevokedDate,
}
ocspResponse, err := updater.cac.GenerateOCSP(signRequest)
if err != nil {
return nil, err
}
now := updater.clk.Now()
status.OCSPLastUpdated = now
status.OCSPResponse = ocspResponse
return &status, nil
}