Improve CRL fetching
- improve client data structures - do not fetch CRLs for root CA certificates
This commit is contained in:
parent
4d9d826e8b
commit
792675c8c5
2 changed files with 17 additions and 7 deletions
|
@ -48,10 +48,15 @@ type Profile struct {
|
|||
UseFor string
|
||||
}
|
||||
|
||||
type CertInfo struct {
|
||||
Name string
|
||||
FetchCRL bool
|
||||
}
|
||||
|
||||
type SignerInfo struct {
|
||||
SignerHealth bool
|
||||
SignerVersion string
|
||||
CACertificates []string
|
||||
CACertificates []CertInfo
|
||||
UsableProfiles map[string][]Profile
|
||||
}
|
||||
|
||||
|
@ -237,12 +242,14 @@ func (c *Client) buildCRLInfo() []CRLInfo {
|
|||
return nil
|
||||
}
|
||||
|
||||
infos := make([]CRLInfo, len(c.signerInfo.CACertificates))
|
||||
infos := make([]CRLInfo, 0)
|
||||
|
||||
for i, caName := range c.signerInfo.CACertificates {
|
||||
lastKnown := c.lastKnownCRL(caName)
|
||||
for _, caInfo := range c.signerInfo.CACertificates {
|
||||
if caInfo.FetchCRL {
|
||||
lastKnown := c.lastKnownCRL(caInfo.Name)
|
||||
|
||||
infos[i] = CRLInfo{Name: caName, LastKnown: lastKnown}
|
||||
infos = append(infos, CRLInfo{Name: caInfo.Name, LastKnown: lastKnown})
|
||||
}
|
||||
}
|
||||
|
||||
return infos
|
||||
|
|
|
@ -160,7 +160,7 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
|
|||
|
||||
switch item.Source {
|
||||
case "HSM":
|
||||
signerInfo.CACertificates = make([]string, 0)
|
||||
signerInfo.CACertificates = make([]client.CertInfo, 0)
|
||||
signerInfo.UsableProfiles = make(map[string][]client.Profile)
|
||||
|
||||
for certName, value := range item.MoreInfo {
|
||||
|
@ -179,7 +179,10 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
|
|||
"valid-until": certInfo.ValidUntil,
|
||||
}).Trace("certificate info")
|
||||
|
||||
signerInfo.CACertificates = append(signerInfo.CACertificates, certName)
|
||||
signerInfo.CACertificates = append(
|
||||
signerInfo.CACertificates,
|
||||
client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},
|
||||
)
|
||||
|
||||
if certInfo.Signing {
|
||||
for _, profile := range certInfo.Profiles {
|
||||
|
|
Loading…
Reference in a new issue