cryptobyte-ocsp.go

type ocspRequest struct {
	TBSRequest tbsRequest
}

type certID struct {
	HashAlgorithm pkix.AlgorithmIdentifier
	NameHash      []byte
	IssuerKeyHash []byte
	SerialNumber  *big.Int
}

type request struct {
	Cert certID
}

type tbsRequest struct {
	Version       int              `asn1:"explicit,tag:0,default:0,optional"`
	RequestorName pkix.RDNSequence `asn1:"explicit,tag:1,optional"`
	RequestList   []request
}

// OCSPRequest     ::=     SEQUENCE {
// 	tbsRequest                  TBSRequest,
// 	optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
//
// TBSRequest      ::=     SEQUENCE {
// 	version             [0]     EXPLICIT Version DEFAULT v1,
// 	requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
// 	requestList                 SEQUENCE OF Request,
// 	requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
//
// Request         ::=     SEQUENCE {
// 	reqCert                     CertID,
// 	singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
//
// CertID          ::=     SEQUENCE {
// 	hashAlgorithm       AlgorithmIdentifier,
// 	issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
// 	issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
// 	serialNumber        CertificateSerialNumber }

func parseWithCryptobyte(in []byte) (*ocspRequest, error) {
	var req ocspRequest
	input := cryptobyte.String(in)
	var ocspReq cryptobyte.String
	if !input.ReadASN1(&ocspReq, cryptobyte_asn1.SEQUENCE) {
		panic("bad tbsRequest")
	}
	var tbsReq cryptobyte.String
	if !ocspReq.ReadASN1(&tbsReq, cryptobyte_asn1.SEQUENCE) {
		panic("bad tbsRequest")
	}
	var versionBytes cryptobyte.String
	var haveVersion bool
	if !tbsReq.ReadOptionalASN1(&versionBytes, &haveVersion, cryptobyte_asn1.Tag(0).Constructed().ContextSpecific()) {
		panic("bad version")
	}
	if haveVersion && !versionBytes.ReadASN1Integer(&req.TBSRequest.Version) {
		panic("bad version inner")
	}
	if !tbsReq.SkipOptionalASN1(cryptobyte_asn1.Tag(1).Constructed().ContextSpecific()) {
		panic("bad requestorName")
	}
	var reqList cryptobyte.String
	if !tbsReq.ReadASN1(&reqList, cryptobyte_asn1.SEQUENCE) {
		panic("bad sequence of")
	}
	for !reqList.Empty() {
		var innerReq cryptobyte.String
		if !reqList.ReadASN1(&innerReq, cryptobyte_asn1.SEQUENCE) {
			panic("bad request in list")
		}
		var certID cryptobyte.String
		if !innerReq.ReadASN1(&certID, cryptobyte_asn1.SEQUENCE) {
			panic("bad certID")
		}
		var singleReq request
		var algID cryptobyte.String
		if !certID.ReadASN1(&algID, cryptobyte_asn1.SEQUENCE) {
			panic("bad hashAlgorithm")
		}
		var identifier pkix.AlgorithmIdentifier
		if !algID.ReadASN1ObjectIdentifier(&identifier.Algorithm) {
			panic("bad alg id oid")
		}
		singleReq.Cert.HashAlgorithm = identifier

		var nameHash, keyHash cryptobyte.String
		if !certID.ReadASN1(&nameHash, cryptobyte_asn1.OCTET_STRING) {
			panic("bad issuer name hash")
		}
		if !certID.ReadASN1(&keyHash, cryptobyte_asn1.OCTET_STRING) {
			panic("bad issuer key hash")
		}
		singleReq.Cert.NameHash = nameHash
		singleReq.Cert.IssuerKeyHash = keyHash
		var serial big.Int
		if !certID.ReadASN1Integer(&serial) {
			panic("bad serial number")
		}
		singleReq.Cert.SerialNumber = &serial
		req.TBSRequest.RequestList = append(req.TBSRequest.RequestList, singleReq)
	}
	return &req, nil
}