Compare commits
No commits in common. "65c5bac2d909fe7bbfd7c88571d1685c84999d8e" and "f98840bf9e11deb5fe25d53c4ff3c82a5fb6f1fb" have entirely different histories.
65c5bac2d9
...
f98840bf9e
12 changed files with 75 additions and 1119 deletions
|
@ -85,7 +85,7 @@ func main() {
|
||||||
|
|
||||||
healthHandler := health.New(version, access)
|
healthHandler := health.New(version, access)
|
||||||
|
|
||||||
revokingRepositories, err := configureRepositories(caConfig, logger)
|
revokingRepositories, err := configureRepositories(caConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.WithError(err).Fatal("could not setup revoking repositories")
|
logger.WithError(err).Fatal("could not setup revoking repositories")
|
||||||
}
|
}
|
||||||
|
@ -117,21 +117,20 @@ func main() {
|
||||||
|
|
||||||
func configureRepositories(
|
func configureRepositories(
|
||||||
caConfig *config.SignerConfig,
|
caConfig *config.SignerConfig,
|
||||||
logger *logrus.Logger,
|
|
||||||
) (map[string]*revoking.X509Revoking, error) {
|
) (map[string]*revoking.X509Revoking, error) {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
result := make(map[string]*revoking.X509Revoking)
|
result := make(map[string]*revoking.X509Revoking)
|
||||||
|
|
||||||
for _, name := range caConfig.RootCAs() {
|
for _, name := range caConfig.RootCAs() {
|
||||||
result[fmt.Sprintf("root-%s", name)], err = buildX509Revoking(caConfig, name, logger)
|
result[fmt.Sprintf("root-%s", name)], err = buildX509Revoking(caConfig, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, name := range caConfig.SubordinateCAs() {
|
for _, name := range caConfig.SubordinateCAs() {
|
||||||
result[fmt.Sprintf("sub-%s", name)], err = buildX509Revoking(caConfig, name, logger)
|
result[fmt.Sprintf("sub-%s", name)], err = buildX509Revoking(caConfig, name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -140,11 +139,7 @@ func configureRepositories(
|
||||||
return result, nil
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func buildX509Revoking(
|
func buildX509Revoking(caConfig *config.SignerConfig, name string) (*revoking.X509Revoking, error) {
|
||||||
caConfig *config.SignerConfig,
|
|
||||||
name string,
|
|
||||||
logger *logrus.Logger,
|
|
||||||
) (*revoking.X509Revoking, error) {
|
|
||||||
caDef, err := caConfig.GetCADefinition(name)
|
caDef, err := caConfig.GetCADefinition(name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not get CA definition for %s: %w", name, err)
|
return nil, fmt.Errorf("could not get CA definition for %s: %w", name, err)
|
||||||
|
@ -160,7 +155,6 @@ func buildX509Revoking(
|
||||||
caDef.KeyInfo.CRLSignatureAlgorithm,
|
caDef.KeyInfo.CRLSignatureAlgorithm,
|
||||||
caDef.Certificate,
|
caDef.Certificate,
|
||||||
caDef.KeyPair,
|
caDef.KeyPair,
|
||||||
logger,
|
|
||||||
), nil
|
), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -16,8 +16,6 @@ require (
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/balacode/go-delta v0.1.0 // indirect
|
|
||||||
github.com/balacode/zr v1.0.0 // indirect
|
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/miekg/pkcs11 v1.1.1 // indirect
|
github.com/miekg/pkcs11 v1.1.1 // indirect
|
||||||
github.com/pkg/errors v0.9.1 // indirect
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
|
|
4
go.sum
4
go.sum
|
@ -1,9 +1,5 @@
|
||||||
github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E=
|
github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E=
|
||||||
github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE=
|
github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE=
|
||||||
github.com/balacode/go-delta v0.1.0 h1:pwz4CMn06P2bIaIfAx3GSabMPwJp/Ww4if+7SgPYa3I=
|
|
||||||
github.com/balacode/go-delta v0.1.0/go.mod h1:wLNrwTI3lHbPBvnLzqbHmA7HVVlm1u22XLvhbeA6t3o=
|
|
||||||
github.com/balacode/zr v1.0.0 h1:MCupkEoXvrnCljc4KddiDOhR04ZLUAACgtKuo3o+9vc=
|
|
||||||
github.com/balacode/zr v1.0.0/go.mod h1:pLeSAL3DhZ9L0JuiRkUtIX3mLOCtzBLnDhfmykbSmkE=
|
|
||||||
github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw=
|
github.com/dave/jennifer v1.4.1 h1:XyqG6cn5RQsTj3qlWQTKlRGAyrTcsk1kUmWdZBzRjDw=
|
||||||
github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA=
|
github.com/dave/jennifer v1.4.1/go.mod h1:7jEdnm+qBcxl8PC0zyp7vxcpSRnzXSt9r39tpTVGlwA=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
|
|
@ -31,8 +31,6 @@ import (
|
||||||
|
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
|
|
||||||
"git.cacert.org/cacert-gosigner/pkg/messages"
|
|
||||||
|
|
||||||
"git.cacert.org/cacert-gosigner/internal/x509/openssl"
|
"git.cacert.org/cacert-gosigner/internal/x509/openssl"
|
||||||
"git.cacert.org/cacert-gosigner/internal/x509/revoking"
|
"git.cacert.org/cacert-gosigner/internal/x509/revoking"
|
||||||
"git.cacert.org/cacert-gosigner/internal/x509/signing"
|
"git.cacert.org/cacert-gosigner/internal/x509/signing"
|
||||||
|
@ -542,7 +540,6 @@ type CaCertificateEntry struct {
|
||||||
KeyPair crypto.Signer
|
KeyPair crypto.Signer
|
||||||
Parent string
|
Parent string
|
||||||
Storage string
|
Storage string
|
||||||
Profiles []messages.CAProfile
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
|
func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
|
||||||
|
@ -554,10 +551,6 @@ func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
|
||||||
ExtKeyUsage []string `yaml:"ext-key-usages,omitempty"`
|
ExtKeyUsage []string `yaml:"ext-key-usages,omitempty"`
|
||||||
Parent string `yaml:"parent"`
|
Parent string `yaml:"parent"`
|
||||||
Storage string `yaml:"storage"`
|
Storage string `yaml:"storage"`
|
||||||
Profiles []struct {
|
|
||||||
Name string `yaml:"name"`
|
|
||||||
UseFor string `yaml:"use-for"`
|
|
||||||
} `yaml:"profiles"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err := value.Decode(&m)
|
err := value.Decode(&m)
|
||||||
|
@ -597,22 +590,6 @@ func (c *CaCertificateEntry) UnmarshalYAML(value *yaml.Node) error {
|
||||||
c.Storage = "default"
|
c.Storage = "default"
|
||||||
}
|
}
|
||||||
|
|
||||||
if m.Profiles != nil {
|
|
||||||
c.Profiles = make([]messages.CAProfile, len(m.Profiles))
|
|
||||||
|
|
||||||
for i, prof := range m.Profiles {
|
|
||||||
usage, err := messages.ParseUsage(prof.UseFor)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("config error: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Profiles[i] = messages.CAProfile{
|
|
||||||
Name: prof.Name,
|
|
||||||
UseFor: usage,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,6 @@ package handler
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
@ -243,31 +242,16 @@ func (m *MsgPackHandler) handleHealthCommand() (*messages.HealthResponse, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *MsgPackHandler) handleFetchCRLCommand(command *messages.FetchCRLCommand) (*messages.FetchCRLResponse, error) {
|
func (m *MsgPackHandler) handleFetchCRLCommand(command *messages.FetchCRLCommand) (*messages.FetchCRLResponse, error) {
|
||||||
var crlNumber *big.Int
|
res, err := m.fetchCRLHandler.FetchCRL(command.IssuerID)
|
||||||
|
|
||||||
if command.LastKnownID != nil {
|
|
||||||
crlNumber = new(big.Int).SetBytes(command.LastKnownID)
|
|
||||||
}
|
|
||||||
|
|
||||||
res, err := m.fetchCRLHandler.FetchCRL(command.IssuerID, crlNumber)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not fetch CRL: %w", err)
|
return nil, fmt.Errorf("could not fetch CRL: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
unchanged := crlNumber != nil && crlNumber.Cmp(res.Number) == 0
|
return &messages.FetchCRLResponse{
|
||||||
|
IsDelta: false,
|
||||||
response := &messages.FetchCRLResponse{
|
CRLNumber: res.Number,
|
||||||
IssuerID: command.IssuerID,
|
CRLData: res.CRLData,
|
||||||
IsDelta: res.IsDelta,
|
}, nil
|
||||||
UnChanged: unchanged,
|
|
||||||
CRLNumber: res.Number.Bytes(),
|
|
||||||
}
|
|
||||||
|
|
||||||
if !unchanged {
|
|
||||||
response.CRLData = res.CRLData
|
|
||||||
}
|
|
||||||
|
|
||||||
return response, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(logger *logrus.Logger, handlers ...RegisterHandler) (protocol.ServerHandler, error) {
|
func New(logger *logrus.Logger, handlers ...RegisterHandler) (protocol.ServerHandler, error) {
|
||||||
|
|
|
@ -37,8 +37,6 @@ import (
|
||||||
"github.com/ThalesIgnite/crypto11"
|
"github.com/ThalesIgnite/crypto11"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"git.cacert.org/cacert-gosigner/pkg/messages"
|
|
||||||
|
|
||||||
"git.cacert.org/cacert-gosigner/internal/config"
|
"git.cacert.org/cacert-gosigner/internal/config"
|
||||||
"git.cacert.org/cacert-gosigner/internal/health"
|
"git.cacert.org/cacert-gosigner/internal/health"
|
||||||
)
|
)
|
||||||
|
@ -70,7 +68,7 @@ func (a *Access) Healthy() (*health.Info, error) {
|
||||||
|
|
||||||
moreInfo := make(map[string]string)
|
moreInfo := make(map[string]string)
|
||||||
|
|
||||||
var checkFailed = messages.CertificateInfo{Status: "failed", Signing: false}.String()
|
const checkFailed = "failed"
|
||||||
|
|
||||||
for _, ca := range a.signerConfig.RootCAs() {
|
for _, ca := range a.signerConfig.RootCAs() {
|
||||||
infoKey := fmt.Sprintf("root-%s", ca)
|
infoKey := fmt.Sprintf("root-%s", ca)
|
||||||
|
@ -84,12 +82,7 @@ func (a *Access) Healthy() (*health.Info, error) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
moreInfo[infoKey] = messages.CertificateInfo{
|
moreInfo[infoKey] = fmt.Sprintf("ok, valid until %s", cert.NotAfter.UTC().Format(time.RFC3339))
|
||||||
Status: "ok",
|
|
||||||
Signing: false,
|
|
||||||
Profiles: []messages.CAProfile{},
|
|
||||||
ValidUntil: cert.NotAfter.UTC(),
|
|
||||||
}.String()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, ca := range a.signerConfig.SubordinateCAs() {
|
for _, ca := range a.signerConfig.SubordinateCAs() {
|
||||||
|
@ -122,12 +115,7 @@ func (a *Access) Healthy() (*health.Info, error) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
moreInfo[infoKey] = messages.CertificateInfo{
|
moreInfo[infoKey] = fmt.Sprintf("ok, valid until %s", cert.NotAfter.UTC().Format(time.RFC3339))
|
||||||
Status: "ok",
|
|
||||||
Signing: true,
|
|
||||||
Profiles: def.Profiles,
|
|
||||||
ValidUntil: cert.NotAfter.UTC(),
|
|
||||||
}.String()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return &health.Info{
|
return &health.Info{
|
||||||
|
|
|
@ -27,7 +27,6 @@ import (
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
@ -97,70 +96,6 @@ type Repository struct {
|
||||||
crlNumberFileName string
|
crlNumberFileName string
|
||||||
lock sync.Locker
|
lock sync.Locker
|
||||||
entries []indexEntry
|
entries []indexEntry
|
||||||
crlDirectory string
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Repository) CleanUp() {
|
|
||||||
panic("implement me")
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Repository) buildCRLFilename(b *big.Int) string {
|
|
||||||
number := fmt.Sprintf("%020x", b)
|
|
||||||
|
|
||||||
return path.Join(r.crlDirectory, number[:2], number[2:4], fmt.Sprintf("%s.crl", number[4:]))
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Repository) currentCRLLink() string {
|
|
||||||
return path.Join(r.crlDirectory, "current.crl")
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Repository) LoadCRL(b *big.Int) ([]byte, error) {
|
|
||||||
var crlFileName string
|
|
||||||
|
|
||||||
if b == nil {
|
|
||||||
crlFileName = r.currentCRLLink()
|
|
||||||
} else {
|
|
||||||
crlFileName = r.buildCRLFilename(b)
|
|
||||||
}
|
|
||||||
|
|
||||||
crlData, err := os.ReadFile(crlFileName)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("could not read CRL from %s: %w", crlFileName, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return crlData, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Repository) StoreCRL(b *big.Int, bytes []byte) error {
|
|
||||||
if b == nil {
|
|
||||||
return errors.New("crl number must not be nil")
|
|
||||||
}
|
|
||||||
|
|
||||||
crlFilename := r.buildCRLFilename(b)
|
|
||||||
|
|
||||||
err := os.MkdirAll(path.Dir(crlFilename), 0o700)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("could not create directory hierarchy for %s: %w", crlFilename, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
err = os.WriteFile(crlFilename, bytes, 0o600)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("could not write CRL to %s: %w", crlFilename, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
crlLink := r.currentCRLLink()
|
|
||||||
|
|
||||||
if err = os.Remove(crlLink); err != nil {
|
|
||||||
if !os.IsNotExist(err) {
|
|
||||||
return fmt.Errorf("could not remove CRL symlink %s: %w", crlLink, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = os.Symlink(crlFilename, crlLink); err != nil {
|
|
||||||
return fmt.Errorf("could not create CRL symlink from %s to %s: %w", crlFilename, crlLink, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Repository) NextCRLNumber() (*big.Int, error) {
|
func (r *Repository) NextCRLNumber() (*big.Int, error) {
|
||||||
|
@ -485,21 +420,15 @@ func NewFileRepository(baseDirectory string) (*Repository, error) {
|
||||||
return nil, fmt.Errorf("could not change to base directory %s: %w", baseDirectory, err)
|
return nil, fmt.Errorf("could not change to base directory %s: %w", baseDirectory, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = os.MkdirAll(baseDirectory, 0o750) //nolint:gomnd
|
err = os.MkdirAll(baseDirectory, 0750) //nolint:gomnd
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not create base directory %s: %w", baseDirectory, err)
|
return nil, fmt.Errorf("could not create base directory %s: %w", baseDirectory, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
baseDirectory, err = filepath.Abs(baseDirectory)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("could not get absolute name for %s: %w", baseDirectory, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return &Repository{
|
return &Repository{
|
||||||
indexFileName: path.Join(baseDirectory, "index.txt"),
|
indexFileName: path.Join(baseDirectory, "index.txt"),
|
||||||
crlNumberFileName: path.Join(baseDirectory, "crlnumber"),
|
crlNumberFileName: path.Join(baseDirectory, "crlnumber"),
|
||||||
crlDirectory: path.Join(baseDirectory, "crls"),
|
|
||||||
lock: &sync.Mutex{},
|
lock: &sync.Mutex{},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,9 +26,6 @@ import (
|
||||||
type Repository interface {
|
type Repository interface {
|
||||||
// StoreRevocation stores information about a revoked certificate.
|
// StoreRevocation stores information about a revoked certificate.
|
||||||
StoreRevocation(*pkix.RevokedCertificate) error
|
StoreRevocation(*pkix.RevokedCertificate) error
|
||||||
LoadCRL(*big.Int) ([]byte, error)
|
|
||||||
StoreCRL(*big.Int, []byte) error
|
|
||||||
RevokedCertificates() ([]pkix.RevokedCertificate, error)
|
RevokedCertificates() ([]pkix.RevokedCertificate, error)
|
||||||
NextCRLNumber() (*big.Int, error)
|
NextCRLNumber() (*big.Int, error)
|
||||||
CleanUp()
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,9 +28,6 @@ import (
|
||||||
"math/big"
|
"math/big"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/balacode/go-delta"
|
|
||||||
"github.com/sirupsen/logrus"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var OidCRLReason = asn1.ObjectIdentifier{2, 5, 29, 21}
|
var OidCRLReason = asn1.ObjectIdentifier{2, 5, 29, 21}
|
||||||
|
@ -96,7 +93,6 @@ type X509Revoking struct {
|
||||||
crlAlgorithm x509.SignatureAlgorithm
|
crlAlgorithm x509.SignatureAlgorithm
|
||||||
crlIssuer *x509.Certificate
|
crlIssuer *x509.Certificate
|
||||||
signer crypto.Signer
|
signer crypto.Signer
|
||||||
logger *logrus.Logger
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type RevokeCertificate struct {
|
type RevokeCertificate struct {
|
||||||
|
@ -112,9 +108,8 @@ func NewRevokeCertificate(serialNumber *big.Int, reason CRLReason) *RevokeCertif
|
||||||
}
|
}
|
||||||
|
|
||||||
type CRLInformation struct {
|
type CRLInformation struct {
|
||||||
CRL []byte // DER encoded CRL
|
CRL []byte // DER encoded CRL
|
||||||
Number *big.Int
|
Number *big.Int
|
||||||
NextUpdate time.Time
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *X509Revoking) Revoke(revokeCertificate *RevokeCertificate) (*pkix.RevokedCertificate, error) {
|
func (r *X509Revoking) Revoke(revokeCertificate *RevokeCertificate) (*pkix.RevokedCertificate, error) {
|
||||||
|
@ -131,7 +126,7 @@ func (r *X509Revoking) Revoke(revokeCertificate *RevokeCertificate) (*pkix.Revok
|
||||||
return revoked, nil
|
return revoked, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *X509Revoking) createCRL() (*CRLInformation, error) {
|
func (r *X509Revoking) CreateCRL() (*CRLInformation, error) {
|
||||||
revoked, err := r.repository.RevokedCertificates()
|
revoked, err := r.repository.RevokedCertificates()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not get revocation information: %w", err)
|
return nil, fmt.Errorf("could not get revocation information: %w", err)
|
||||||
|
@ -142,63 +137,17 @@ func (r *X509Revoking) createCRL() (*CRLInformation, error) {
|
||||||
return nil, fmt.Errorf("could not get next CRL number: %w", err)
|
return nil, fmt.Errorf("could not get next CRL number: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
nextUpdate := time.Now().UTC().Add(defaultCRLValidity)
|
|
||||||
|
|
||||||
list, err := x509.CreateRevocationList(rand.Reader, &x509.RevocationList{
|
list, err := x509.CreateRevocationList(rand.Reader, &x509.RevocationList{
|
||||||
SignatureAlgorithm: r.crlAlgorithm,
|
SignatureAlgorithm: r.crlAlgorithm,
|
||||||
RevokedCertificates: revoked,
|
RevokedCertificates: revoked,
|
||||||
Number: nextNumber,
|
Number: nextNumber,
|
||||||
ThisUpdate: time.Now().UTC(),
|
NextUpdate: time.Now().UTC().Add(defaultCRLValidity),
|
||||||
NextUpdate: nextUpdate,
|
|
||||||
}, r.crlIssuer, r.signer)
|
}, r.crlIssuer, r.signer)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not sign revocation list: %w", err)
|
return nil, fmt.Errorf("could not sign revocation list: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = r.repository.StoreCRL(nextNumber, list)
|
return &CRLInformation{CRL: list, Number: nextNumber}, nil
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("could not store new CRL: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return &CRLInformation{CRL: list, Number: nextNumber, NextUpdate: nextUpdate}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *X509Revoking) GetCurrentCRL() (*CRLInformation, error) {
|
|
||||||
return r.GetCRL(nil)
|
|
||||||
}
|
|
||||||
|
|
||||||
const maximumCRLLifetime = 6 * time.Hour
|
|
||||||
|
|
||||||
func (r *X509Revoking) GetCRL(number *big.Int) (*CRLInformation, error) {
|
|
||||||
var (
|
|
||||||
crl []byte
|
|
||||||
err error
|
|
||||||
list *x509.RevocationList
|
|
||||||
)
|
|
||||||
|
|
||||||
crl, err = r.repository.LoadCRL(number)
|
|
||||||
if err != nil {
|
|
||||||
r.logger.WithError(err).Warn("could not load CRL")
|
|
||||||
|
|
||||||
if number != nil {
|
|
||||||
return nil, fmt.Errorf("could not load crl number 0x%0x", number)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if crl != nil {
|
|
||||||
list, err = x509.ParseRevocationList(crl)
|
|
||||||
if err != nil {
|
|
||||||
r.logger.WithError(err).Warn("could not parse CRL")
|
|
||||||
}
|
|
||||||
|
|
||||||
stillValid := list.ThisUpdate.Add(maximumCRLLifetime).After(time.Now().UTC())
|
|
||||||
|
|
||||||
if number != nil || stillValid {
|
|
||||||
return &CRLInformation{CRL: crl, Number: list.Number, NextUpdate: list.NextUpdate}, nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return r.createCRL()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewX509Revoking(
|
func NewX509Revoking(
|
||||||
|
@ -206,20 +155,12 @@ func NewX509Revoking(
|
||||||
crlAlgorithm x509.SignatureAlgorithm,
|
crlAlgorithm x509.SignatureAlgorithm,
|
||||||
issuer *x509.Certificate,
|
issuer *x509.Certificate,
|
||||||
signer crypto.Signer,
|
signer crypto.Signer,
|
||||||
logger *logrus.Logger,
|
|
||||||
) *X509Revoking {
|
) *X509Revoking {
|
||||||
return &X509Revoking{
|
return &X509Revoking{repository: repo, crlAlgorithm: crlAlgorithm, crlIssuer: issuer, signer: signer}
|
||||||
repository: repo,
|
|
||||||
crlAlgorithm: crlAlgorithm,
|
|
||||||
crlIssuer: issuer,
|
|
||||||
signer: signer,
|
|
||||||
logger: logger,
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Result struct {
|
type Result struct {
|
||||||
CRLData []byte
|
CRLData []byte
|
||||||
IsDelta bool
|
|
||||||
Number *big.Int
|
Number *big.Int
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -231,45 +172,16 @@ func NewFetchCRLHandler(repositories map[string]*X509Revoking) *FetchCRLHandler
|
||||||
return &FetchCRLHandler{repositories: repositories}
|
return &FetchCRLHandler{repositories: repositories}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *FetchCRLHandler) FetchCRL(issuerID string, crlNumber *big.Int) (*Result, error) {
|
func (h *FetchCRLHandler) FetchCRL(issuerID string) (*Result, error) {
|
||||||
var (
|
|
||||||
currentCRL, oldCRL *CRLInformation
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
|
|
||||||
repo, ok := h.repositories[issuerID]
|
repo, ok := h.repositories[issuerID]
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("unknown issuer ID %s", issuerID)
|
return nil, fmt.Errorf("unknown issuer ID %s", issuerID)
|
||||||
}
|
}
|
||||||
|
|
||||||
if repo.signer == nil {
|
currentCRL, err := repo.CreateCRL()
|
||||||
return nil, fmt.Errorf("key for issuer ID %s is not available", issuerID)
|
|
||||||
}
|
|
||||||
|
|
||||||
currentCRL, err = repo.GetCurrentCRL()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not get CRL for issuer ID %s: %w", issuerID, err)
|
return nil, fmt.Errorf("could not create CRL for issuer ID %s: %w", issuerID, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if crlNumber == nil {
|
return &Result{CRLData: currentCRL.CRL, Number: currentCRL.Number}, nil
|
||||||
return &Result{CRLData: currentCRL.CRL, Number: currentCRL.Number, IsDelta: false}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if crlNumber.Cmp(currentCRL.Number) == 0 {
|
|
||||||
return &Result{CRLData: nil, Number: currentCRL.Number, IsDelta: false}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
oldCRL, err = repo.GetCRL(crlNumber)
|
|
||||||
if err != nil {
|
|
||||||
return &Result{CRLData: currentCRL.CRL, Number: currentCRL.Number, IsDelta: false}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
diff := delta.Make(oldCRL.CRL, currentCRL.CRL)
|
|
||||||
patchBytes := diff.Bytes()
|
|
||||||
|
|
||||||
if len(patchBytes) > len(currentCRL.CRL) {
|
|
||||||
return &Result{CRLData: currentCRL.CRL, Number: currentCRL.Number, IsDelta: false}, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
return &Result{CRLData: patchBytes, Number: currentCRL.Number, IsDelta: true}, nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,6 @@ limitations under the License.
|
||||||
package revoking_test
|
package revoking_test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/rsa"
|
"crypto/rsa"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
@ -29,7 +28,6 @@ import (
|
||||||
"math/big"
|
"math/big"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/sirupsen/logrus"
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
@ -51,36 +49,9 @@ func randomSerial(t *testing.T) *big.Int {
|
||||||
|
|
||||||
type testRepo struct {
|
type testRepo struct {
|
||||||
crlNumber *big.Int
|
crlNumber *big.Int
|
||||||
crls map[string][]byte
|
|
||||||
current string
|
|
||||||
revoked []pkix.RevokedCertificate
|
revoked []pkix.RevokedCertificate
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *testRepo) LoadCRL(b *big.Int) ([]byte, error) {
|
|
||||||
var key string
|
|
||||||
|
|
||||||
if b == nil {
|
|
||||||
key = t.current
|
|
||||||
} else {
|
|
||||||
key = b.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
crl, ok := t.crls[key]
|
|
||||||
if !ok {
|
|
||||||
return nil, errors.New("no CRL for you")
|
|
||||||
}
|
|
||||||
|
|
||||||
return crl, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *testRepo) StoreCRL(b *big.Int, crl []byte) error {
|
|
||||||
t.crls[b.String()] = crl
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *testRepo) CleanUp() {}
|
|
||||||
|
|
||||||
func (t *testRepo) NextCRLNumber() (*big.Int, error) {
|
func (t *testRepo) NextCRLNumber() (*big.Int, error) {
|
||||||
newNumber := new(big.Int).Add(t.crlNumber, big.NewInt(1))
|
newNumber := new(big.Int).Add(t.crlNumber, big.NewInt(1))
|
||||||
|
|
||||||
|
@ -103,9 +74,7 @@ func (t *testRepo) StoreRevocation(revoked *pkix.RevokedCertificate) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type brokenRepo struct {
|
type brokenRepo struct{}
|
||||||
noStoreRepo
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *brokenRepo) NextCRLNumber() (*big.Int, error) {
|
func (r *brokenRepo) NextCRLNumber() (*big.Int, error) {
|
||||||
return nil, errors.New("don't know")
|
return nil, errors.New("don't know")
|
||||||
|
@ -119,28 +88,14 @@ func (*brokenRepo) StoreRevocation(_ *pkix.RevokedCertificate) error {
|
||||||
return errors.New("cannot store")
|
return errors.New("cannot store")
|
||||||
}
|
}
|
||||||
|
|
||||||
type noStoreRepo struct{}
|
|
||||||
|
|
||||||
func (r noStoreRepo) StoreRevocation(_ *pkix.RevokedCertificate) error {
|
|
||||||
// do nothing
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type brokenRepoNoCrlNumber struct {
|
type brokenRepoNoCrlNumber struct {
|
||||||
noStoreRepo
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r noStoreRepo) LoadCRL(_ *big.Int) ([]byte, error) {
|
func (b brokenRepoNoCrlNumber) StoreRevocation(_ *pkix.RevokedCertificate) error {
|
||||||
return nil, errors.New("no CRL")
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r noStoreRepo) StoreCRL(_ *big.Int, _ []byte) error {
|
|
||||||
// do nothing
|
// do nothing
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r noStoreRepo) CleanUp() {}
|
|
||||||
|
|
||||||
func (b brokenRepoNoCrlNumber) RevokedCertificates() ([]pkix.RevokedCertificate, error) {
|
func (b brokenRepoNoCrlNumber) RevokedCertificates() ([]pkix.RevokedCertificate, error) {
|
||||||
return make([]pkix.RevokedCertificate, 0), nil
|
return make([]pkix.RevokedCertificate, 0), nil
|
||||||
}
|
}
|
||||||
|
@ -150,7 +105,11 @@ func (b brokenRepoNoCrlNumber) NextCRLNumber() (*big.Int, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type brokenRepoNoRevocations struct {
|
type brokenRepoNoRevocations struct {
|
||||||
noStoreRepo
|
}
|
||||||
|
|
||||||
|
func (b brokenRepoNoRevocations) StoreRevocation(_ *pkix.RevokedCertificate) error {
|
||||||
|
// do nothing
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b brokenRepoNoRevocations) RevokedCertificates() ([]pkix.RevokedCertificate, error) {
|
func (b brokenRepoNoRevocations) RevokedCertificates() ([]pkix.RevokedCertificate, error) {
|
||||||
|
@ -162,18 +121,11 @@ func (b brokenRepoNoRevocations) NextCRLNumber() (*big.Int, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestX509Revoking_Revoke(t *testing.T) {
|
func TestX509Revoking_Revoke(t *testing.T) {
|
||||||
testRepository := testRepo{
|
testRepository := testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0)}
|
||||||
revoked: make([]pkix.RevokedCertificate, 0),
|
|
||||||
crlNumber: big.NewInt(0),
|
|
||||||
crls: map[string][]byte{},
|
|
||||||
}
|
|
||||||
|
|
||||||
caKey, caCertificate := prepareTestCA(t)
|
caKey, caCertificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
r := revoking.NewX509Revoking(&testRepository, x509.ECDSAWithSHA256, caCertificate, caKey)
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(&testRepository, x509.ECDSAWithSHA256, caCertificate, caKey, logger)
|
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
|
||||||
|
@ -197,10 +149,7 @@ func TestX509Revoking_Revoke(t *testing.T) {
|
||||||
func TestX509Revoking_Revoke_BrokenRepo(t *testing.T) {
|
func TestX509Revoking_Revoke_BrokenRepo(t *testing.T) {
|
||||||
caKey, caCertificate := prepareTestCA(t)
|
caKey, caCertificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
r := revoking.NewX509Revoking(&brokenRepo{}, x509.SHA256WithRSA, caCertificate, caKey)
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(&brokenRepo{}, x509.SHA256WithRSA, caCertificate, caKey, logger)
|
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
|
||||||
|
@ -214,12 +163,11 @@ func TestX509Revoking_Revoke_BrokenRepo(t *testing.T) {
|
||||||
func TestX509Revoking_CreateCRL(t *testing.T) {
|
func TestX509Revoking_CreateCRL(t *testing.T) {
|
||||||
key, certificate := prepareTestCA(t)
|
key, certificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(
|
r := revoking.NewX509Revoking(
|
||||||
&testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0), crls: map[string][]byte{}},
|
&testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0)},
|
||||||
x509.SHA256WithRSA, certificate, key, logger,
|
x509.SHA256WithRSA,
|
||||||
|
certificate,
|
||||||
|
key,
|
||||||
)
|
)
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
@ -227,7 +175,7 @@ func TestX509Revoking_CreateCRL(t *testing.T) {
|
||||||
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
crl, err := r.GetCRL(nil)
|
crl, err := r.CreateCRL()
|
||||||
|
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.NotNil(t, crl)
|
assert.NotNil(t, crl)
|
||||||
|
@ -252,55 +200,48 @@ func TestX509Revoking_CreateCRL(t *testing.T) {
|
||||||
assert.True(t, found)
|
assert.True(t, found)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestX509Revoking_GetCRL_BrokenRepoNoRevocations(t *testing.T) {
|
func TestX509Revoking_CreateCRL_BrokenRepoNoRevocations(t *testing.T) {
|
||||||
caKey, caCertificate := prepareTestCA(t)
|
caKey, caCertificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
r := revoking.NewX509Revoking(&brokenRepoNoRevocations{}, x509.SHA256WithRSA, caCertificate, caKey)
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(&brokenRepoNoRevocations{}, x509.SHA256WithRSA, caCertificate, caKey, logger)
|
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
|
||||||
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
crl, err := r.GetCRL(nil)
|
crl, err := r.CreateCRL()
|
||||||
|
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.ErrorContains(t, err, "could not get revocation information")
|
assert.ErrorContains(t, err, "could not get revocation information")
|
||||||
assert.Nil(t, crl)
|
assert.Nil(t, crl)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestX509Revoking_GetCRL_BrokenRepoNoCRLNumber(t *testing.T) {
|
func TestX509Revoking_CreateCRL_BrokenRepoNoCRLNumber(t *testing.T) {
|
||||||
caKey, caCertificate := prepareTestCA(t)
|
caKey, caCertificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
r := revoking.NewX509Revoking(&brokenRepoNoCrlNumber{}, x509.SHA256WithRSA, caCertificate, caKey)
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(&brokenRepoNoCrlNumber{}, x509.SHA256WithRSA, caCertificate, caKey, logger)
|
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
|
||||||
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
crl, err := r.GetCRL(nil)
|
crl, err := r.CreateCRL()
|
||||||
|
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.ErrorContains(t, err, "could not get next CRL number")
|
assert.ErrorContains(t, err, "could not get next CRL number")
|
||||||
assert.Nil(t, crl)
|
assert.Nil(t, crl)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestX509Revoking_GetCRL_WrongAlgorithm(t *testing.T) {
|
func TestX509Revoking_CreateCRL_WrongAlgorithm(t *testing.T) {
|
||||||
key, certificate := prepareTestCA(t)
|
key, certificate := prepareTestCA(t)
|
||||||
|
|
||||||
logger := logrus.New()
|
|
||||||
logger.SetOutput(&bytes.Buffer{})
|
|
||||||
|
|
||||||
r := revoking.NewX509Revoking(
|
r := revoking.NewX509Revoking(
|
||||||
&testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0), crls: map[string][]byte{}},
|
&testRepo{revoked: make([]pkix.RevokedCertificate, 0), crlNumber: big.NewInt(0)},
|
||||||
x509.ECDSAWithSHA256, certificate, key, logger,
|
x509.ECDSAWithSHA256,
|
||||||
|
certificate,
|
||||||
|
key,
|
||||||
)
|
)
|
||||||
|
|
||||||
serial := randomSerial(t)
|
serial := randomSerial(t)
|
||||||
|
@ -308,7 +249,7 @@ func TestX509Revoking_GetCRL_WrongAlgorithm(t *testing.T) {
|
||||||
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
_, err := r.Revoke(revoking.NewRevokeCertificate(serial, revoking.CRLReasonKeyCompromise))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
crl, err := r.GetCRL(nil)
|
crl, err := r.CreateCRL()
|
||||||
|
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.ErrorContains(t, err, "could not sign revocation list")
|
assert.ErrorContains(t, err, "could not sign revocation list")
|
||||||
|
|
|
@ -22,7 +22,6 @@ package messages
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/json"
|
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
@ -102,8 +101,8 @@ func (r *ResponseAnnounce) String() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
type FetchCRLCommand struct {
|
type FetchCRLCommand struct {
|
||||||
IssuerID string `msgpack:"issuer_id"`
|
IssuerID string `msgpack:"issuer_id"`
|
||||||
LastKnownID []byte `msgpack:"last_known_id"`
|
LastKnownID *big.Int `msgpack:"last_known_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *FetchCRLCommand) String() string {
|
func (f *FetchCRLCommand) String() string {
|
||||||
|
@ -112,7 +111,7 @@ func (f *FetchCRLCommand) String() string {
|
||||||
_, _ = fmt.Fprintf(builder, "issuerId='%s'", f.IssuerID)
|
_, _ = fmt.Fprintf(builder, "issuerId='%s'", f.IssuerID)
|
||||||
|
|
||||||
if f.LastKnownID != nil {
|
if f.LastKnownID != nil {
|
||||||
_, _ = fmt.Fprintf(builder, ", lastKnownId=0x%s", new(big.Int).SetBytes(f.LastKnownID).Text(16))
|
_, _ = fmt.Fprintf(builder, ", lastKnownId=%s", f.LastKnownID.Text(16))
|
||||||
}
|
}
|
||||||
|
|
||||||
return builder.String()
|
return builder.String()
|
||||||
|
@ -145,66 +144,6 @@ func (i *HealthInfo) String() string {
|
||||||
return builder.String()
|
return builder.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
type ProfileUsage string
|
|
||||||
|
|
||||||
const (
|
|
||||||
UsageOcsp ProfileUsage = "ocsp"
|
|
||||||
UsagePerson ProfileUsage = "person"
|
|
||||||
UsageClient ProfileUsage = "client"
|
|
||||||
UsageCode ProfileUsage = "code"
|
|
||||||
UsageServer ProfileUsage = "server"
|
|
||||||
)
|
|
||||||
|
|
||||||
var validProfileUsages = map[string]ProfileUsage{
|
|
||||||
"ocsp": UsageOcsp,
|
|
||||||
"person": UsagePerson,
|
|
||||||
"client": UsageClient,
|
|
||||||
"code": UsageCode,
|
|
||||||
"server": UsageServer,
|
|
||||||
}
|
|
||||||
|
|
||||||
func ParseUsage(u string) (ProfileUsage, error) {
|
|
||||||
usage, ok := validProfileUsages[u]
|
|
||||||
if !ok {
|
|
||||||
return "", fmt.Errorf("unsupported profile usage: %s", u)
|
|
||||||
}
|
|
||||||
|
|
||||||
return usage, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type CAProfile struct {
|
|
||||||
Name string `json:"name"`
|
|
||||||
UseFor ProfileUsage `json:"use-for"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p CAProfile) String() string {
|
|
||||||
return fmt.Sprintf("profile['%s': '%s']", p.Name, p.UseFor)
|
|
||||||
}
|
|
||||||
|
|
||||||
type CertificateInfo struct {
|
|
||||||
Status string `json:"status"`
|
|
||||||
Signing bool `json:"signing"`
|
|
||||||
Profiles []CAProfile `json:"profiles"`
|
|
||||||
ValidUntil time.Time `json:"valid-until"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func (i CertificateInfo) String() string {
|
|
||||||
marshal, _ := json.Marshal(i)
|
|
||||||
|
|
||||||
return string(marshal)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (i *HealthInfo) ParseCertificateInfo(info string) (*CertificateInfo, error) {
|
|
||||||
certInfo := CertificateInfo{}
|
|
||||||
|
|
||||||
err := json.Unmarshal([]byte(info), &certInfo)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("could not parse certificate information: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return &certInfo, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
type HealthResponse struct {
|
type HealthResponse struct {
|
||||||
Version string `msgpack:"version"`
|
Version string `msgpack:"version"`
|
||||||
Healthy bool `msgpack:"healthy"`
|
Healthy bool `msgpack:"healthy"`
|
||||||
|
@ -226,54 +165,38 @@ func (h *HealthResponse) String() string {
|
||||||
type FetchCRLResponse struct {
|
type FetchCRLResponse struct {
|
||||||
IssuerID string `msgpack:"issuer_id"`
|
IssuerID string `msgpack:"issuer_id"`
|
||||||
IsDelta bool `msgpack:"is_delta"`
|
IsDelta bool `msgpack:"is_delta"`
|
||||||
UnChanged bool `msgpack:"unchanged"`
|
|
||||||
CRLData []byte `msgpack:"crl_data"`
|
CRLData []byte `msgpack:"crl_data"`
|
||||||
CRLNumber []byte `msgpack:"crl_number"`
|
CRLNumber *big.Int
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *FetchCRLResponse) String() string {
|
func (r *FetchCRLResponse) String() string {
|
||||||
builder := &strings.Builder{}
|
builder := &strings.Builder{}
|
||||||
|
|
||||||
_, _ = fmt.Fprintf(
|
_, _ = fmt.Fprintf(builder, "issuer id=%s, delta CRL data=%v", r.IssuerID, r.IsDelta)
|
||||||
builder,
|
|
||||||
"issuer id=%s, delta CRL data=%t, unchanged=%t, CRL number=0x%s",
|
|
||||||
r.IssuerID,
|
|
||||||
r.IsDelta,
|
|
||||||
r.UnChanged,
|
|
||||||
new(big.Int).SetBytes(r.CRLNumber).Text(16),
|
|
||||||
)
|
|
||||||
|
|
||||||
if r.UnChanged {
|
|
||||||
return builder.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
if r.IsDelta {
|
if r.IsDelta {
|
||||||
_, _ = fmt.Fprint(builder, ", delta CRL data not shown")
|
_, _ = fmt.Fprint(builder, ", delta CRL data not shown")
|
||||||
|
} else {
|
||||||
return builder.String()
|
revocationList, err := x509.ParseRevocationList(r.CRLData)
|
||||||
|
if err != nil {
|
||||||
|
_, _ = fmt.Fprintf(builder, ", could not parse CRL: %s", err.Error())
|
||||||
|
} else {
|
||||||
|
_, _ = fmt.Fprintf(
|
||||||
|
builder,
|
||||||
|
", CRL info: issuer=%s, number=%s, next update=%s, revoked certificates=%d",
|
||||||
|
revocationList.Issuer,
|
||||||
|
revocationList.Number,
|
||||||
|
revocationList.NextUpdate,
|
||||||
|
len(revocationList.RevokedCertificates),
|
||||||
|
)
|
||||||
|
_, _ = builder.WriteString(", CRL data:\n")
|
||||||
|
_ = pem.Encode(builder, &pem.Block{
|
||||||
|
Type: "CERTIFICATE REVOCATION LIST",
|
||||||
|
Bytes: r.CRLData,
|
||||||
|
})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
revocationList, err := x509.ParseRevocationList(r.CRLData)
|
|
||||||
if err != nil {
|
|
||||||
_, _ = fmt.Fprintf(builder, ", could not parse CRL: %s", err.Error())
|
|
||||||
|
|
||||||
return builder.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
_, _ = fmt.Fprintf(
|
|
||||||
builder,
|
|
||||||
", CRL info: issuer=%s, number=0x%s, next update=%s, revoked certificates=%d",
|
|
||||||
revocationList.Issuer,
|
|
||||||
revocationList.Number.Text(16),
|
|
||||||
revocationList.NextUpdate,
|
|
||||||
len(revocationList.RevokedCertificates),
|
|
||||||
)
|
|
||||||
_, _ = builder.WriteString(", CRL data:\n")
|
|
||||||
_ = pem.Encode(builder, &pem.Block{
|
|
||||||
Type: "CERTIFICATE REVOCATION LIST",
|
|
||||||
Bytes: r.CRLData,
|
|
||||||
})
|
|
||||||
|
|
||||||
return builder.String()
|
return builder.String()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,36 +26,6 @@ func ___encode(i interface{}) ([]byte, error) {
|
||||||
// encodeAsArray
|
// encodeAsArray
|
||||||
func ___encodeAsArray(i interface{}) ([]byte, error) {
|
func ___encodeAsArray(i interface{}) ([]byte, error) {
|
||||||
switch v := i.(type) {
|
switch v := i.(type) {
|
||||||
case FetchCRLCommand:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcArraySizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLCommand", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case *FetchCRLCommand:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcArraySizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLCommand", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case HealthCommand:
|
case HealthCommand:
|
||||||
encoder := enc.NewEncoder()
|
encoder := enc.NewEncoder()
|
||||||
size, err := ___calcArraySizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
size, err := ___calcArraySizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
||||||
|
@ -146,36 +116,6 @@ func ___encodeAsArray(i interface{}) ([]byte, error) {
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "HealthResponse", size, offset)
|
return nil, fmt.Errorf("%s size / offset different %d : %d", "HealthResponse", size, offset)
|
||||||
}
|
}
|
||||||
return b, err
|
return b, err
|
||||||
case FetchCRLResponse:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcArraySizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLResponse", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case *FetchCRLResponse:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcArraySizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLResponse", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case ErrorResponse:
|
case ErrorResponse:
|
||||||
encoder := enc.NewEncoder()
|
encoder := enc.NewEncoder()
|
||||||
size, err := ___calcArraySizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
size, err := ___calcArraySizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
||||||
|
@ -213,36 +153,6 @@ func ___encodeAsArray(i interface{}) ([]byte, error) {
|
||||||
// encodeAsMap
|
// encodeAsMap
|
||||||
func ___encodeAsMap(i interface{}) ([]byte, error) {
|
func ___encodeAsMap(i interface{}) ([]byte, error) {
|
||||||
switch v := i.(type) {
|
switch v := i.(type) {
|
||||||
case FetchCRLCommand:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcMapSizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLCommand", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case *FetchCRLCommand:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcMapSizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLCommand", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case HealthCommand:
|
case HealthCommand:
|
||||||
encoder := enc.NewEncoder()
|
encoder := enc.NewEncoder()
|
||||||
size, err := ___calcMapSizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
size, err := ___calcMapSizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
||||||
|
@ -333,36 +243,6 @@ func ___encodeAsMap(i interface{}) ([]byte, error) {
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "HealthResponse", size, offset)
|
return nil, fmt.Errorf("%s size / offset different %d : %d", "HealthResponse", size, offset)
|
||||||
}
|
}
|
||||||
return b, err
|
return b, err
|
||||||
case FetchCRLResponse:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcMapSizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLResponse", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case *FetchCRLResponse:
|
|
||||||
encoder := enc.NewEncoder()
|
|
||||||
size, err := ___calcMapSizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
encoder.MakeBytes(size)
|
|
||||||
b, offset, err := ___encodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, encoder, 0)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if size != offset {
|
|
||||||
return nil, fmt.Errorf("%s size / offset different %d : %d", "FetchCRLResponse", size, offset)
|
|
||||||
}
|
|
||||||
return b, err
|
|
||||||
case ErrorResponse:
|
case ErrorResponse:
|
||||||
encoder := enc.NewEncoder()
|
encoder := enc.NewEncoder()
|
||||||
size, err := ___calcMapSizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
size, err := ___calcMapSizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, encoder)
|
||||||
|
@ -409,20 +289,6 @@ func ___decode(data []byte, i interface{}) (bool, error) {
|
||||||
// decodeAsArray
|
// decodeAsArray
|
||||||
func ___decodeAsArray(data []byte, i interface{}) (bool, error) {
|
func ___decodeAsArray(data []byte, i interface{}) (bool, error) {
|
||||||
switch v := i.(type) {
|
switch v := i.(type) {
|
||||||
case *FetchCRLCommand:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case **FetchCRLCommand:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case *HealthCommand:
|
case *HealthCommand:
|
||||||
decoder := dec.NewDecoder(data)
|
decoder := dec.NewDecoder(data)
|
||||||
offset, err := ___decodeArrayHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
offset, err := ___decodeArrayHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
||||||
|
@ -465,20 +331,6 @@ func ___decodeAsArray(data []byte, i interface{}) (bool, error) {
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
||||||
}
|
}
|
||||||
return true, err
|
return true, err
|
||||||
case *FetchCRLResponse:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case **FetchCRLResponse:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case *ErrorResponse:
|
case *ErrorResponse:
|
||||||
decoder := dec.NewDecoder(data)
|
decoder := dec.NewDecoder(data)
|
||||||
offset, err := ___decodeArrayErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
offset, err := ___decodeArrayErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
||||||
|
@ -500,20 +352,6 @@ func ___decodeAsArray(data []byte, i interface{}) (bool, error) {
|
||||||
// decodeAsMap
|
// decodeAsMap
|
||||||
func ___decodeAsMap(data []byte, i interface{}) (bool, error) {
|
func ___decodeAsMap(data []byte, i interface{}) (bool, error) {
|
||||||
switch v := i.(type) {
|
switch v := i.(type) {
|
||||||
case *FetchCRLCommand:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case **FetchCRLCommand:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case *HealthCommand:
|
case *HealthCommand:
|
||||||
decoder := dec.NewDecoder(data)
|
decoder := dec.NewDecoder(data)
|
||||||
offset, err := ___decodeMapHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
offset, err := ___decodeMapHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
||||||
|
@ -556,20 +394,6 @@ func ___decodeAsMap(data []byte, i interface{}) (bool, error) {
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
||||||
}
|
}
|
||||||
return true, err
|
return true, err
|
||||||
case *FetchCRLResponse:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case **FetchCRLResponse:
|
|
||||||
decoder := dec.NewDecoder(data)
|
|
||||||
offset, err := ___decodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(*v, decoder, 0)
|
|
||||||
if err == nil && offset != decoder.Len() {
|
|
||||||
return true, fmt.Errorf("read length is different [%d] [%d] ", offset, decoder.Len())
|
|
||||||
}
|
|
||||||
return true, err
|
|
||||||
case *ErrorResponse:
|
case *ErrorResponse:
|
||||||
decoder := dec.NewDecoder(data)
|
decoder := dec.NewDecoder(data)
|
||||||
offset, err := ___decodeMapErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
offset, err := ___decodeMapErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v, decoder, 0)
|
||||||
|
@ -588,192 +412,6 @@ func ___decodeAsMap(data []byte, i interface{}) (bool, error) {
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___calcArraySizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLCommand, encoder *enc.Encoder) (int, error) {
|
|
||||||
size := 0
|
|
||||||
size += encoder.CalcStructHeaderFix(2)
|
|
||||||
size += encoder.CalcString(v.IssuerID)
|
|
||||||
if v.LastKnownID != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.LastKnownID), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.LastKnownID {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
return size, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___calcMapSizeFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLCommand, encoder *enc.Encoder) (int, error) {
|
|
||||||
size := 0
|
|
||||||
size += encoder.CalcStructHeaderFix(2)
|
|
||||||
size += encoder.CalcStringFix(9)
|
|
||||||
size += encoder.CalcString(v.IssuerID)
|
|
||||||
size += encoder.CalcStringFix(13)
|
|
||||||
if v.LastKnownID != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.LastKnownID), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.LastKnownID {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
return size, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// encode from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___encodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLCommand, encoder *enc.Encoder, offset int) ([]byte, int, error) {
|
|
||||||
var err error
|
|
||||||
offset = encoder.WriteStructHeaderFixAsArray(2, offset)
|
|
||||||
offset = encoder.WriteString(v.IssuerID, offset)
|
|
||||||
if v.LastKnownID != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.LastKnownID), offset, true)
|
|
||||||
for _, vv := range v.LastKnownID {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
return encoder.EncodedBytes(), offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// encode from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___encodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLCommand, encoder *enc.Encoder, offset int) ([]byte, int, error) {
|
|
||||||
var err error
|
|
||||||
offset = encoder.WriteStructHeaderFixAsMap(2, offset)
|
|
||||||
offset = encoder.WriteStringFix("issuer_id", 9, offset)
|
|
||||||
offset = encoder.WriteString(v.IssuerID, offset)
|
|
||||||
offset = encoder.WriteStringFix("last_known_id", 13, offset)
|
|
||||||
if v.LastKnownID != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.LastKnownID), offset, true)
|
|
||||||
for _, vv := range v.LastKnownID {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
return encoder.EncodedBytes(), offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// decode to git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___decodeArrayFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v *FetchCRLCommand, decoder *dec.Decoder, offset int) (int, error) {
|
|
||||||
offset, err := decoder.CheckStructHeader(2, offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
{
|
|
||||||
var vv string
|
|
||||||
vv, offset, err = decoder.AsString(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IssuerID = vv
|
|
||||||
}
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.LastKnownID = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
return offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// decode to git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLCommand
|
|
||||||
func ___decodeMapFetchCRLCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v *FetchCRLCommand, decoder *dec.Decoder, offset int) (int, error) {
|
|
||||||
keys := [][]byte{
|
|
||||||
{uint8(0x69), uint8(0x73), uint8(0x73), uint8(0x75), uint8(0x65), uint8(0x72), uint8(0x5f), uint8(0x69), uint8(0x64)}, // issuer_id
|
|
||||||
{uint8(0x6c), uint8(0x61), uint8(0x73), uint8(0x74), uint8(0x5f), uint8(0x6b), uint8(0x6e), uint8(0x6f), uint8(0x77), uint8(0x6e), uint8(0x5f), uint8(0x69), uint8(0x64)}, // last_known_id
|
|
||||||
}
|
|
||||||
offset, err := decoder.CheckStructHeader(2, offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
count := 0
|
|
||||||
for count < 2 {
|
|
||||||
var dataKey []byte
|
|
||||||
dataKey, offset, err = decoder.AsStringBytes(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
fieldIndex := -1
|
|
||||||
for i, key := range keys {
|
|
||||||
if len(dataKey) != len(key) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
fieldIndex = i
|
|
||||||
for dataKeyIndex := range dataKey {
|
|
||||||
if dataKey[dataKeyIndex] != key[dataKeyIndex] {
|
|
||||||
fieldIndex = -1
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if fieldIndex >= 0 {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
switch fieldIndex {
|
|
||||||
case 0:
|
|
||||||
{
|
|
||||||
var vv string
|
|
||||||
vv, offset, err = decoder.AsString(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IssuerID = vv
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
case 1:
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.LastKnownID = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
default:
|
|
||||||
return 0, fmt.Errorf("unknown key[%s] found", string(dataKey))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.HealthCommand
|
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.HealthCommand
|
||||||
func ___calcArraySizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v HealthCommand, encoder *enc.Encoder) (int, error) {
|
func ___calcArraySizeHealthCommand_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v HealthCommand, encoder *enc.Encoder) (int, error) {
|
||||||
size := 0
|
size := 0
|
||||||
|
@ -1331,327 +969,6 @@ func ___decodeMapHealthResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f
|
||||||
return offset, err
|
return offset, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___calcArraySizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLResponse, encoder *enc.Encoder) (int, error) {
|
|
||||||
size := 0
|
|
||||||
size += encoder.CalcStructHeaderFix(5)
|
|
||||||
size += encoder.CalcString(v.IssuerID)
|
|
||||||
size += encoder.CalcBool(v.IsDelta)
|
|
||||||
size += encoder.CalcBool(v.UnChanged)
|
|
||||||
if v.CRLData != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.CRLData), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.CRLData {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
if v.CRLNumber != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.CRLNumber), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.CRLNumber {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
return size, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___calcMapSizeFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLResponse, encoder *enc.Encoder) (int, error) {
|
|
||||||
size := 0
|
|
||||||
size += encoder.CalcStructHeaderFix(5)
|
|
||||||
size += encoder.CalcStringFix(9)
|
|
||||||
size += encoder.CalcString(v.IssuerID)
|
|
||||||
size += encoder.CalcStringFix(8)
|
|
||||||
size += encoder.CalcBool(v.IsDelta)
|
|
||||||
size += encoder.CalcStringFix(9)
|
|
||||||
size += encoder.CalcBool(v.UnChanged)
|
|
||||||
size += encoder.CalcStringFix(8)
|
|
||||||
if v.CRLData != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.CRLData), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.CRLData {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
size += encoder.CalcStringFix(10)
|
|
||||||
if v.CRLNumber != nil {
|
|
||||||
s, err := encoder.CalcSliceLength(len(v.CRLNumber), true)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
size += s
|
|
||||||
for _, vv := range v.CRLNumber {
|
|
||||||
size += encoder.CalcByte(vv)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
size += encoder.CalcNil()
|
|
||||||
}
|
|
||||||
return size, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// encode from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___encodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLResponse, encoder *enc.Encoder, offset int) ([]byte, int, error) {
|
|
||||||
var err error
|
|
||||||
offset = encoder.WriteStructHeaderFixAsArray(5, offset)
|
|
||||||
offset = encoder.WriteString(v.IssuerID, offset)
|
|
||||||
offset = encoder.WriteBool(v.IsDelta, offset)
|
|
||||||
offset = encoder.WriteBool(v.UnChanged, offset)
|
|
||||||
if v.CRLData != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.CRLData), offset, true)
|
|
||||||
for _, vv := range v.CRLData {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
if v.CRLNumber != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.CRLNumber), offset, true)
|
|
||||||
for _, vv := range v.CRLNumber {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
return encoder.EncodedBytes(), offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// encode from git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___encodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v FetchCRLResponse, encoder *enc.Encoder, offset int) ([]byte, int, error) {
|
|
||||||
var err error
|
|
||||||
offset = encoder.WriteStructHeaderFixAsMap(5, offset)
|
|
||||||
offset = encoder.WriteStringFix("issuer_id", 9, offset)
|
|
||||||
offset = encoder.WriteString(v.IssuerID, offset)
|
|
||||||
offset = encoder.WriteStringFix("is_delta", 8, offset)
|
|
||||||
offset = encoder.WriteBool(v.IsDelta, offset)
|
|
||||||
offset = encoder.WriteStringFix("unchanged", 9, offset)
|
|
||||||
offset = encoder.WriteBool(v.UnChanged, offset)
|
|
||||||
offset = encoder.WriteStringFix("crl_data", 8, offset)
|
|
||||||
if v.CRLData != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.CRLData), offset, true)
|
|
||||||
for _, vv := range v.CRLData {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
offset = encoder.WriteStringFix("crl_number", 10, offset)
|
|
||||||
if v.CRLNumber != nil {
|
|
||||||
offset = encoder.WriteSliceLength(len(v.CRLNumber), offset, true)
|
|
||||||
for _, vv := range v.CRLNumber {
|
|
||||||
offset = encoder.WriteByte(vv, offset)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
offset = encoder.WriteNil(offset)
|
|
||||||
}
|
|
||||||
return encoder.EncodedBytes(), offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// decode to git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___decodeArrayFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v *FetchCRLResponse, decoder *dec.Decoder, offset int) (int, error) {
|
|
||||||
offset, err := decoder.CheckStructHeader(5, offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
{
|
|
||||||
var vv string
|
|
||||||
vv, offset, err = decoder.AsString(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IssuerID = vv
|
|
||||||
}
|
|
||||||
{
|
|
||||||
var vv bool
|
|
||||||
vv, offset, err = decoder.AsBool(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IsDelta = vv
|
|
||||||
}
|
|
||||||
{
|
|
||||||
var vv bool
|
|
||||||
vv, offset, err = decoder.AsBool(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.UnChanged = vv
|
|
||||||
}
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.CRLData = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.CRLNumber = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
return offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// decode to git.cacert.org/cacert-gosigner/pkg/messages.FetchCRLResponse
|
|
||||||
func ___decodeMapFetchCRLResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v *FetchCRLResponse, decoder *dec.Decoder, offset int) (int, error) {
|
|
||||||
keys := [][]byte{
|
|
||||||
{uint8(0x69), uint8(0x73), uint8(0x73), uint8(0x75), uint8(0x65), uint8(0x72), uint8(0x5f), uint8(0x69), uint8(0x64)}, // issuer_id
|
|
||||||
{uint8(0x69), uint8(0x73), uint8(0x5f), uint8(0x64), uint8(0x65), uint8(0x6c), uint8(0x74), uint8(0x61)}, // is_delta
|
|
||||||
{uint8(0x75), uint8(0x6e), uint8(0x63), uint8(0x68), uint8(0x61), uint8(0x6e), uint8(0x67), uint8(0x65), uint8(0x64)}, // unchanged
|
|
||||||
{uint8(0x63), uint8(0x72), uint8(0x6c), uint8(0x5f), uint8(0x64), uint8(0x61), uint8(0x74), uint8(0x61)}, // crl_data
|
|
||||||
{uint8(0x63), uint8(0x72), uint8(0x6c), uint8(0x5f), uint8(0x6e), uint8(0x75), uint8(0x6d), uint8(0x62), uint8(0x65), uint8(0x72)}, // crl_number
|
|
||||||
}
|
|
||||||
offset, err := decoder.CheckStructHeader(5, offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
count := 0
|
|
||||||
for count < 5 {
|
|
||||||
var dataKey []byte
|
|
||||||
dataKey, offset, err = decoder.AsStringBytes(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
fieldIndex := -1
|
|
||||||
for i, key := range keys {
|
|
||||||
if len(dataKey) != len(key) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
fieldIndex = i
|
|
||||||
for dataKeyIndex := range dataKey {
|
|
||||||
if dataKey[dataKeyIndex] != key[dataKeyIndex] {
|
|
||||||
fieldIndex = -1
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if fieldIndex >= 0 {
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
switch fieldIndex {
|
|
||||||
case 0:
|
|
||||||
{
|
|
||||||
var vv string
|
|
||||||
vv, offset, err = decoder.AsString(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IssuerID = vv
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
case 1:
|
|
||||||
{
|
|
||||||
var vv bool
|
|
||||||
vv, offset, err = decoder.AsBool(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.IsDelta = vv
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
case 2:
|
|
||||||
{
|
|
||||||
var vv bool
|
|
||||||
vv, offset, err = decoder.AsBool(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
v.UnChanged = vv
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
case 3:
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.CRLData = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
case 4:
|
|
||||||
if !decoder.IsCodeNil(offset) {
|
|
||||||
var vv []byte
|
|
||||||
var vvl int
|
|
||||||
vvl, offset, err = decoder.SliceLength(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv = make([]byte, vvl)
|
|
||||||
for vvi := range vv {
|
|
||||||
var vvv byte
|
|
||||||
vvv, offset, err = decoder.AsByte(offset)
|
|
||||||
if err != nil {
|
|
||||||
return 0, err
|
|
||||||
}
|
|
||||||
vv[vvi] = vvv
|
|
||||||
}
|
|
||||||
v.CRLNumber = vv
|
|
||||||
} else {
|
|
||||||
offset++
|
|
||||||
}
|
|
||||||
count++
|
|
||||||
default:
|
|
||||||
return 0, fmt.Errorf("unknown key[%s] found", string(dataKey))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return offset, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.ErrorResponse
|
// calculate size from git.cacert.org/cacert-gosigner/pkg/messages.ErrorResponse
|
||||||
func ___calcArraySizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v ErrorResponse, encoder *enc.Encoder) (int, error) {
|
func ___calcArraySizeErrorResponse_e587a81c7cb163b35488bdef0f58c292f99f4bd65a81377f81e5b18c3d86855d(v ErrorResponse, encoder *enc.Encoder) (int, error) {
|
||||||
size := 0
|
size := 0
|
||||||
|
|
Loading…
Reference in a new issue