From fb757d96a6724f199d9d194148c331ba51c8145a Mon Sep 17 00:00:00 2001 From: Liang Zhu Date: Wed, 15 Jul 2015 10:39:46 -0700 Subject: [PATCH] clean up ocsp/main.bro --- scripts/base/files/ocsp/main.bro | 110 ++++++++++++++----------------- 1 file changed, 50 insertions(+), 60 deletions(-) diff --git a/scripts/base/files/ocsp/main.bro b/scripts/base/files/ocsp/main.bro index f567b7fb8a..6c23bb2de9 100644 --- a/scripts/base/files/ocsp/main.bro +++ b/scripts/base/files/ocsp/main.bro @@ -214,6 +214,48 @@ event ocsp_request(f: fa_file, req_ref: opaque of ocsp_req, req: OCSP::Request) enq_request(f$http, req, f$id, network_time()); } +function remove_first_slash(s: string): string + { + local s_len = |s|; + if (s[0] == "/") + return s[1:s_len]; + else + return s; + } + +function get_uri_prefix(s: string): string + { + s = remove_first_slash(s); + local w = split_string(s, /\//); + if (|w| > 1) + return w[0]; + else + return ""; + } + +function check_ocsp_request_uri(http: HTTP::Info): OCSP::Request + { + local parsed_req: OCSP::Request; + if ( ! http?$original_uri ) + return parsed_req;; + + local uri: string = remove_first_slash(http$uri); + local uri_prefix: string = get_uri_prefix(http$original_uri); + local ocsp_req_str: string; + + if ( |uri_prefix| == 0 ) + { + ocsp_req_str = uri; + } + else if (|uri_prefix| > 0) + { + uri_prefix += "/"; + ocsp_req_str = uri[|uri_prefix|:]; + } + parsed_req = ocsp_parse_request(decode_base64(ocsp_req_str)); + return parsed_req; + } + event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Response) &priority = 5 { if ( ! f?$http ) @@ -273,6 +315,14 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo info_rec$method = f$http$method; Log::write(LOG, info_rec); } + + # check if there is a OCSP GET request + if ( f$http?$method && f$http$method == "GET" && ! f$http$checked_get ) + { + f$http$checked_get = T; + local req_get: OCSP::Request = check_ocsp_request_uri(f$http); + enq_request(f$http, req_get, "", f$http$ts); + } } function log_unmatched_reqs_queue(q: Queue::Queue) @@ -299,48 +349,6 @@ function log_unmatched_reqs(reqs: PendingQueue) clear_table(reqs); } -function remove_first_slash(s: string): string - { - local s_len = |s|; - if (s[0] == "/") - return s[1:s_len]; - else - return s; - } - -function get_uri_prefix(s: string): string - { - s = remove_first_slash(s); - local w = split_string(s, /\//); - if (|w| > 1) - return w[0]; - else - return ""; - } - -function check_ocsp_request_uri(http: HTTP::Info): OCSP::Request - { - local parsed_req: OCSP::Request; - if ( ! http?$original_uri ) - return parsed_req;; - - local uri: string = remove_first_slash(http$uri); - local uri_prefix: string = get_uri_prefix(http$original_uri); - local ocsp_req_str: string; - - if ( |uri_prefix| == 0 ) - { - ocsp_req_str = uri; - } - else if (|uri_prefix| > 0) - { - uri_prefix += "/"; - ocsp_req_str = uri[|uri_prefix|:]; - } - parsed_req = ocsp_parse_request(decode_base64(ocsp_req_str)); - return parsed_req; - } - function start_log_ocsp(http: HTTP::Info) { if ( ! http?$ocsp_requests && ! http?$ocsp_responses ) @@ -374,24 +382,6 @@ function start_log_ocsp(http: HTTP::Info) if (Queue::len(http$ocsp_requests[cert_id]) == 0) delete http$ocsp_requests[cert_id]; } - else - { - if ( http?$method && http$method == "GET" && ! http$checked_get ) - { - http$checked_get = T; - local req_get: OCSP::Request = check_ocsp_request_uri(http); - enq_request(http, req_get, "", http$ts); - if ( http?$ocsp_requests && cert_id in http$ocsp_requests ) - { - # find a match - local req_rec_tmp: Info_req = Queue::get(http$ocsp_requests[cert_id]); - info_rec$req = req_rec_tmp; - info_rec$ts = req_rec_tmp$ts; - if (Queue::len(http$ocsp_requests[cert_id]) == 0) - delete http$ocsp_requests[cert_id]; - } - } - } if ( http?$method ) info_rec$method = http$method; Log::write(LOG, info_rec);