Improve CRL fetching
- improve client data structures - do not fetch CRLs for root CA certificates
This commit is contained in:
parent
4d9d826e8b
commit
792675c8c5
2 changed files with 17 additions and 7 deletions
|
@ -48,10 +48,15 @@ type Profile struct {
|
||||||
UseFor string
|
UseFor string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type CertInfo struct {
|
||||||
|
Name string
|
||||||
|
FetchCRL bool
|
||||||
|
}
|
||||||
|
|
||||||
type SignerInfo struct {
|
type SignerInfo struct {
|
||||||
SignerHealth bool
|
SignerHealth bool
|
||||||
SignerVersion string
|
SignerVersion string
|
||||||
CACertificates []string
|
CACertificates []CertInfo
|
||||||
UsableProfiles map[string][]Profile
|
UsableProfiles map[string][]Profile
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -237,12 +242,14 @@ func (c *Client) buildCRLInfo() []CRLInfo {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
infos := make([]CRLInfo, len(c.signerInfo.CACertificates))
|
infos := make([]CRLInfo, 0)
|
||||||
|
|
||||||
for i, caName := range c.signerInfo.CACertificates {
|
for _, caInfo := range c.signerInfo.CACertificates {
|
||||||
lastKnown := c.lastKnownCRL(caName)
|
if caInfo.FetchCRL {
|
||||||
|
lastKnown := c.lastKnownCRL(caInfo.Name)
|
||||||
|
|
||||||
infos[i] = CRLInfo{Name: caName, LastKnown: lastKnown}
|
infos = append(infos, CRLInfo{Name: caInfo.Name, LastKnown: lastKnown})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return infos
|
return infos
|
||||||
|
|
|
@ -160,7 +160,7 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
|
||||||
|
|
||||||
switch item.Source {
|
switch item.Source {
|
||||||
case "HSM":
|
case "HSM":
|
||||||
signerInfo.CACertificates = make([]string, 0)
|
signerInfo.CACertificates = make([]client.CertInfo, 0)
|
||||||
signerInfo.UsableProfiles = make(map[string][]client.Profile)
|
signerInfo.UsableProfiles = make(map[string][]client.Profile)
|
||||||
|
|
||||||
for certName, value := range item.MoreInfo {
|
for certName, value := range item.MoreInfo {
|
||||||
|
@ -179,7 +179,10 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
|
||||||
"valid-until": certInfo.ValidUntil,
|
"valid-until": certInfo.ValidUntil,
|
||||||
}).Trace("certificate info")
|
}).Trace("certificate info")
|
||||||
|
|
||||||
signerInfo.CACertificates = append(signerInfo.CACertificates, certName)
|
signerInfo.CACertificates = append(
|
||||||
|
signerInfo.CACertificates,
|
||||||
|
client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},
|
||||||
|
)
|
||||||
|
|
||||||
if certInfo.Signing {
|
if certInfo.Signing {
|
||||||
for _, profile := range certInfo.Profiles {
|
for _, profile := range certInfo.Profiles {
|
||||||
|
|
Loading…
Reference in a new issue