49 lines
1.2 KiB
Go
49 lines
1.2 KiB
Go
package ocsp_test
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"math/big"
|
|
|
|
"golang.org/x/crypto/ocsp"
|
|
)
|
|
|
|
// FakeResponse signs and then parses an OCSP response, using fields from the input
|
|
// template. To do so, it generates a new signing key and makes an issuer certificate.
|
|
func FakeResponse(template ocsp.Response) (*ocsp.Response, *x509.Certificate, error) {
|
|
// Make a fake CA to sign OCSP with
|
|
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
certTemplate := &x509.Certificate{
|
|
SerialNumber: big.NewInt(1337),
|
|
BasicConstraintsValid: true,
|
|
IsCA: true,
|
|
Subject: pkix.Name{CommonName: "test CA"},
|
|
}
|
|
issuerBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &key.PublicKey, key)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
issuer, err := x509.ParseCertificate(issuerBytes)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
respBytes, err := ocsp.CreateResponse(issuer, issuer, template, key)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
response, err := ocsp.ParseResponse(respBytes, issuer)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return response, issuer, nil
|
|
}
|