redirect.go 1.49 KB
Newer Older
Heiko Reese's avatar
 
Heiko Reese committed
1
2
3
package websearch

import (
Heiko Reese's avatar
../..    
Heiko Reese committed
4
	"errors"
Heiko Reese's avatar
Heiko Reese committed
5
	"fmt"
Heiko Reese's avatar
../..    
Heiko Reese committed
6
	"math/big"
Heiko Reese's avatar
 
Heiko Reese committed
7
8
9
)

var (
Heiko Reese's avatar
Heiko Reese committed
10
11
12
13
14
15
16
17
	serialG2Start      big.Int
	serialG1Cutoff     big.Int
	errorCannotConvert = errors.New("Unable to convert serial number to bigint")
	errorUnknownCA     = errors.New("Unable to determine CA generation")
	RedirTemplates     = map[string]string{
		"getcert":     "https://pki.pca.dfn.de/%s/cgi-bin/pub/pki?cmd=send_email_cert&type=email&dataType=CERTIFICATE&key=%s",
		"installcert": "https://pki.pca.dfn.de/%s/cgi-bin/pub/pki?cmd=getcert&type=CERTIFICATE&key=%s",
	}
Heiko Reese's avatar
 
Heiko Reese committed
18
19
20
21
22
23
24
25
)

func init() {
	serialG2Start.SetString("8926168349745120614054526923", 10)
	serialG1Cutoff.SetString("99000000000000000000000000000", 10) // TODO: anpassen sobald bekannt

}

Heiko Reese's avatar
Heiko Reese committed
26
func GetIssuer(serial string, ccache *CertCache) (string, error) {
Heiko Reese's avatar
 
Heiko Reese committed
27
28
29
30
	// convert to integer
	var sernum big.Int
	_, ok := sernum.SetString(serial, 10)
	if !ok {
Heiko Reese's avatar
Heiko Reese committed
31
		return "", errorCannotConvert
Heiko Reese's avatar
 
Heiko Reese committed
32
	}
Heiko Reese's avatar
Heiko Reese committed
33
	/* das erlaubt dann nicht-legale seriennummern an den gesicherten enden
Heiko Reese's avatar
 
Heiko Reese committed
34
35
36
37
38
39
40
41
	// alte CA (kurze nummern, serial kleiner als erstes g2)
	if len(serial) == 8 || len(serial) == 14 || sernum.Cmp(&serialG2Start) < 1 {
		return kitcag1, nil
	}
	// neue CA (seriennummer größer als letztes g1)
	if sernum.Cmp(&serialG1Cutoff) == 1 {
		return kitcag2, nil
	}
Heiko Reese's avatar
Heiko Reese committed
42
43
44
45
46
47
48
49
	*/
	// check certificate cache
	fromcache := ccache.Get(serial)
	if fromcache == nil {
		return "", errorUnknownCA
	}
	return *fromcache.CAGeneration, nil
}
Heiko Reese's avatar
 
Heiko Reese committed
50

Heiko Reese's avatar
Heiko Reese committed
51
52
func BuildCertificateLink(template, ca, serial string) string {
	return fmt.Sprintf(template, ca, serial)
Heiko Reese's avatar
 
Heiko Reese committed
53
}