ocsp-responder: use preformed error responses (#4599)

Closes #4597. I replaced constants defined by Boulder's code with preformed error messages from x/crypto/ocsp in order to make code cleaner.
2019-12-06 10:00:20 +03:00 · 2019-12-06 10:00:20 +03:00 · 01a6a37eb9
parent c79542fa5a
commit 01a6a37eb9
2 changed files with 9 additions and 18 deletions
--- a/cmd/ocsp-responder/main_test.go
+++ b/cmd/ocsp-responder/main_test.go
@ -119,13 +119,12 @@ func TestDBHandler(t *testing.T) {
 	defer func() { resp.OCSPLastUpdated = time.Now() }()
 	w = httptest.NewRecorder()
 	r, _ = http.NewRequest("POST", "/", bytes.NewReader(req))
-	unauthorizedErrorResponse := []byte{0x30, 0x03, 0x0A, 0x01, 0x06}
 	h.ServeHTTP(w, r)
 	if w.Code != http.StatusOK {
 		t.Errorf("Code: want %d, got %d", http.StatusOK, w.Code)
 	}
-	if !bytes.Equal(w.Body.Bytes(), unauthorizedErrorResponse) {
-		t.Errorf("Mismatched body: want %#v, got %#v", unauthorizedErrorResponse, w.Body.Bytes())
+	if !bytes.Equal(w.Body.Bytes(), ocsp.UnauthorizedErrorResponse) {
+		t.Errorf("Mismatched body: want %#v, got %#v", ocsp.UnauthorizedErrorResponse, w.Body.Bytes())
 	}
 }

--- a/ocsp/responder.go
+++ b/ocsp/responder.go
@ -51,17 +51,9 @@ import (
 	blog "github.com/letsencrypt/boulder/log"
 )

-var (
-	malformedRequestErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x01}
-	internalErrorErrorResponse    = []byte{0x30, 0x03, 0x0A, 0x01, 0x02}
-	tryLaterErrorResponse         = []byte{0x30, 0x03, 0x0A, 0x01, 0x03}
-	sigRequredErrorResponse       = []byte{0x30, 0x03, 0x0A, 0x01, 0x05}
-	unauthorizedErrorResponse     = []byte{0x30, 0x03, 0x0A, 0x01, 0x06}
-
-	// ErrNotFound indicates the request OCSP response was not found. It is used to
-	// indicate that the responder should reply with unauthorizedErrorResponse.
-	ErrNotFound = errors.New("Request OCSP Response not found")
-)
+// ErrNotFound indicates the request OCSP response was not found. It is used to
+// indicate that the responder should reply with unauthorizedErrorResponse.
+var ErrNotFound = errors.New("Request OCSP Response not found")

 // Source represents the logical source of OCSP responses, i.e.,
 // the logic that actually chooses a response based on a request.  In
@ -303,7 +295,7 @@ func (rs Responder) ServeHTTP(response http.ResponseWriter, request *http.Reques
 	if err != nil {
 		log.Debugf("Error decoding request body: %s", b64Body)
 		response.WriteHeader(http.StatusBadRequest)
-		response.Write(malformedRequestErrorResponse)
+		response.Write(ocsp.MalformedRequestErrorResponse)
 		rs.responseTypes.With(prometheus.Labels{"type": responseTypeToString[ocsp.Malformed]}).Inc()
 		return
 	}
@ -318,14 +310,14 @@ func (rs Responder) ServeHTTP(response http.ResponseWriter, request *http.Reques
 		if err == ErrNotFound {
 			log.Infof("No response found for request: serial %x, request body %s",
 				ocspRequest.SerialNumber, b64Body)
-			response.Write(unauthorizedErrorResponse)
+			response.Write(ocsp.UnauthorizedErrorResponse)
 			rs.responseTypes.With(prometheus.Labels{"type": responseTypeToString[ocsp.Unauthorized]}).Inc()
 			return
 		}
 		log.Infof("Error retrieving response for request: serial %x, request body %s, error: %s",
 			ocspRequest.SerialNumber, b64Body, err)
 		response.WriteHeader(http.StatusInternalServerError)
-		response.Write(internalErrorErrorResponse)
+		response.Write(ocsp.InternalErrorErrorResponse)
 		rs.responseTypes.With(prometheus.Labels{"type": responseTypeToString[ocsp.InternalError]}).Inc()
 		return
 	}
@ -334,7 +326,7 @@ func (rs Responder) ServeHTTP(response http.ResponseWriter, request *http.Reques
 	if err != nil {
 		log.Errorf("Error parsing response for serial %x: %s",
 			ocspRequest.SerialNumber, err)
-		response.Write(internalErrorErrorResponse)
+		response.Write(ocsp.InternalErrorErrorResponse)
 		rs.responseTypes.With(prometheus.Labels{"type": responseTypeToString[ocsp.InternalError]}).Inc()
 		return
 	}