Improve CRL fetching

- improve client data structures - do not fetch CRLs for root CA certificates
Update cacert-gosigner dependency
4 changed files with 20 additions and 10 deletions
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,7 @@ module git.cacert.org/cacert-gosignerclient
 go 1.19

 require (
-	git.cacert.org/cacert-gosigner v0.0.0-20221130175146-fffc65a540d5
+	git.cacert.org/cacert-gosigner v0.0.0-20221130191226-de7e716a8274
 	github.com/balacode/go-delta v0.1.0
 	github.com/shamaton/msgpackgen v0.3.0
 	github.com/sirupsen/logrus v1.9.0
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,5 @@
-git.cacert.org/cacert-gosigner v0.0.0-20221130175146-fffc65a540d5 h1:ot7ENgYQj4xcqodTe1V2aIjvGLn+NVVhPu9+6XMuMTk=
-git.cacert.org/cacert-gosigner v0.0.0-20221130175146-fffc65a540d5/go.mod h1:mb8oBdxQ26GI3xT4b8B7hXYWGED9vvjPGxehmbicyc4=
+git.cacert.org/cacert-gosigner v0.0.0-20221130191226-de7e716a8274 h1:lGaIVUyXCtmDZ3ZhCYE44rpbvDF/JMDA/zrPgCZKMvc=
+git.cacert.org/cacert-gosigner v0.0.0-20221130191226-de7e716a8274/go.mod h1:mb8oBdxQ26GI3xT4b8B7hXYWGED9vvjPGxehmbicyc4=
 github.com/balacode/go-delta v0.1.0 h1:pwz4CMn06P2bIaIfAx3GSabMPwJp/Ww4if+7SgPYa3I=
 github.com/balacode/go-delta v0.1.0/go.mod h1:wLNrwTI3lHbPBvnLzqbHmA7HVVlm1u22XLvhbeA6t3o=
 github.com/balacode/zr v1.0.0 h1:MCupkEoXvrnCljc4KddiDOhR04ZLUAACgtKuo3o+9vc=
--- a/internal/client/client.go
+++ b/internal/client/client.go
@ -48,10 +48,15 @@ type Profile struct {
 	UseFor string
 }

+type CertInfo struct {
+	Name     string
+	FetchCRL bool
+}
+
 type SignerInfo struct {
 	SignerHealth   bool
 	SignerVersion  string
-	CACertificates []string
+	CACertificates []CertInfo
 	UsableProfiles map[string][]Profile
 }

@ -237,12 +242,14 @@ func (c *Client) buildCRLInfo() []CRLInfo {
 		return nil
 	}

-	infos := make([]CRLInfo, len(c.signerInfo.CACertificates))
+	infos := make([]CRLInfo, 0)

-	for i, caName := range c.signerInfo.CACertificates {
-		lastKnown := c.lastKnownCRL(caName)
+	for _, caInfo := range c.signerInfo.CACertificates {
+		if caInfo.FetchCRL {
+			lastKnown := c.lastKnownCRL(caInfo.Name)

-		infos[i] = CRLInfo{Name: caName, LastKnown: lastKnown}
+			infos = append(infos, CRLInfo{Name: caInfo.Name, LastKnown: lastKnown})
+		}
 	}

 	return infos
--- a/internal/handler/handler.go
+++ b/internal/handler/handler.go
@ -160,7 +160,7 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {

 		switch item.Source {
 		case "HSM":
-			signerInfo.CACertificates = make([]string, 0)
+			signerInfo.CACertificates = make([]client.CertInfo, 0)
 			signerInfo.UsableProfiles = make(map[string][]client.Profile)

 			for certName, value := range item.MoreInfo {
@ -179,7 +179,10 @@ func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
 					"valid-until": certInfo.ValidUntil,
 				}).Trace("certificate info")

-				signerInfo.CACertificates = append(signerInfo.CACertificates, certName)
+				signerInfo.CACertificates = append(
+					signerInfo.CACertificates,
+					client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},
+				)

 				if certInfo.Signing {
 					for _, profile := range certInfo.Profiles {
Author	SHA1	Message	Date
Jan Dittberner	792675c8c5	Improve CRL fetching - improve client data structures - do not fetch CRLs for root CA certificates	1 year ago
Jan Dittberner	4d9d826e8b	Update cacert-gosigner dependency	1 year ago