response.go

Documentation: github.com/letsencrypt/boulder/ocsp/test

     1  package ocsp_test
     2  
     3  import (
     4  	"crypto/ecdsa"
     5  	"crypto/elliptic"
     6  	"crypto/rand"
     7  	"crypto/x509"
     8  	"crypto/x509/pkix"
     9  	"math/big"
    10  
    11  	"golang.org/x/crypto/ocsp"
    12  )
    13  
    14  // FakeResponse signs and then parses an OCSP response, using fields from the input
    15  // template. To do so, it generates a new signing key and makes an issuer certificate.
    16  func FakeResponse(template ocsp.Response) (*ocsp.Response, *x509.Certificate, error) {
    17  	// Make a fake CA to sign OCSP with
    18  	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
    19  	if err != nil {
    20  		return nil, nil, err
    21  	}
    22  	certTemplate := &x509.Certificate{
    23  		SerialNumber:          big.NewInt(1337),
    24  		BasicConstraintsValid: true,
    25  		IsCA:                  true,
    26  		Subject:               pkix.Name{CommonName: "test CA"},
    27  	}
    28  	issuerBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &key.PublicKey, key)
    29  	if err != nil {
    30  		return nil, nil, err
    31  	}
    32  
    33  	issuer, err := x509.ParseCertificate(issuerBytes)
    34  	if err != nil {
    35  		return nil, nil, err
    36  	}
    37  
    38  	respBytes, err := ocsp.CreateResponse(issuer, issuer, template, key)
    39  	if err != nil {
    40  		return nil, nil, err
    41  	}
    42  
    43  	response, err := ocsp.ParseResponse(respBytes, issuer)
    44  	if err != nil {
    45  		return nil, nil, err
    46  	}
    47  	return response, issuer, nil
    48  }
    49
View as plain text