Improve CRL fetching

- improve client data structures
- do not fetch CRLs for root CA certificates
This commit is contained in:
Jan Dittberner 2022-11-30 20:21:51 +01:00
parent 4d9d826e8b
commit 792675c8c5
2 changed files with 17 additions and 7 deletions

View file

@ -48,10 +48,15 @@ type Profile struct {
UseFor string
}
type CertInfo struct {
Name string
FetchCRL bool
}
type SignerInfo struct {
SignerHealth bool
SignerVersion string
CACertificates []string
CACertificates []CertInfo
UsableProfiles map[string][]Profile
}
@ -237,12 +242,14 @@ func (c *Client) buildCRLInfo() []CRLInfo {
return nil
}
infos := make([]CRLInfo, len(c.signerInfo.CACertificates))
infos := make([]CRLInfo, 0)
for i, caName := range c.signerInfo.CACertificates {
lastKnown := c.lastKnownCRL(caName)
for _, caInfo := range c.signerInfo.CACertificates {
if caInfo.FetchCRL {
lastKnown := c.lastKnownCRL(caInfo.Name)
infos[i] = CRLInfo{Name: caName, LastKnown: lastKnown}
infos = append(infos, CRLInfo{Name: caInfo.Name, LastKnown: lastKnown})
}
}
return infos

View file

@ -160,7 +160,7 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
switch item.Source {
case "HSM":
signerInfo.CACertificates = make([]string, 0)
signerInfo.CACertificates = make([]client.CertInfo, 0)
signerInfo.UsableProfiles = make(map[string][]client.Profile)
for certName, value := range item.MoreInfo {
@ -179,7 +179,10 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
"valid-until": certInfo.ValidUntil,
}).Trace("certificate info")
signerInfo.CACertificates = append(signerInfo.CACertificates, certName)
signerInfo.CACertificates = append(
signerInfo.CACertificates,
client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},
)
if certInfo.Signing {
for _, profile := range certInfo.Profiles {