github.com/mdaxf/iac@v0.0.0-20240519030858-58a061660378/vendor_skip/go.mongodb.org/mongo-driver/x/mongo/driver/ocsp/config.go (about) 1 // Copyright (C) MongoDB, Inc. 2017-present. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); you may 4 // not use this file except in compliance with the License. You may obtain 5 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 6 7 package ocsp 8 9 import ( 10 "crypto/x509" 11 "errors" 12 "fmt" 13 "net/http" 14 15 "go.mongodb.org/mongo-driver/internal" 16 "golang.org/x/crypto/ocsp" 17 ) 18 19 type config struct { 20 serverCert, issuer *x509.Certificate 21 cache Cache 22 disableEndpointChecking bool 23 ocspRequest *ocsp.Request 24 ocspRequestBytes []byte 25 httpClient *http.Client 26 } 27 28 func newConfig(certChain []*x509.Certificate, opts *VerifyOptions) (config, error) { 29 cfg := config{ 30 cache: opts.Cache, 31 disableEndpointChecking: opts.DisableEndpointChecking, 32 httpClient: opts.HTTPClient, 33 } 34 35 if cfg.httpClient == nil { 36 cfg.httpClient = internal.DefaultHTTPClient 37 } 38 39 if len(certChain) == 0 { 40 return cfg, errors.New("verified certificate chain contained no certificates") 41 } 42 43 // In the case where the leaf certificate and CA are the same, the chain may only contain one certificate. 44 cfg.serverCert = certChain[0] 45 cfg.issuer = certChain[0] 46 if len(certChain) > 1 { 47 // If the chain has multiple certificates, the one directly after the leaf should be the issuer. Use 48 // CheckSignatureFrom to verify that it is the issuer. 49 cfg.issuer = certChain[1] 50 51 if err := cfg.serverCert.CheckSignatureFrom(cfg.issuer); err != nil { 52 errString := "error checking if server certificate is signed by the issuer in the verified chain: %v" 53 return cfg, fmt.Errorf(errString, err) 54 } 55 } 56 57 var err error 58 cfg.ocspRequestBytes, err = ocsp.CreateRequest(cfg.serverCert, cfg.issuer, nil) 59 if err != nil { 60 return cfg, fmt.Errorf("error creating OCSP request: %v", err) 61 } 62 cfg.ocspRequest, err = ocsp.ParseRequest(cfg.ocspRequestBytes) 63 if err != nil { 64 return cfg, fmt.Errorf("error parsing OCSP request bytes: %v", err) 65 } 66 67 return cfg, nil 68 }