From feb76ff890b37c38818f05540b8b1968b3a93c57 Mon Sep 17 00:00:00 2001
From: = <torjus@usit.uio.no>
Date: Mon, 6 Dec 2021 17:42:09 +0100
Subject: [PATCH] Add revocation check to certservice

---
 certs/certservice.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/certs/certservice.go b/certs/certservice.go
index 5a2e1fa..4624504 100644
--- a/certs/certservice.go
+++ b/certs/certservice.go
@@ -10,9 +10,10 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"gitea.benny.dog/torjus/ezshare/store"
 	"math/big"
 	"time"
+
+	"gitea.benny.dog/torjus/ezshare/store"
 )
 
 type CertService struct {
@@ -58,7 +59,7 @@ func NewCertService(s store.CertificateStore, certBytes, keyBytes []byte) (*Cert
 
 func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
 	cert := &x509.Certificate{
-		SerialNumber: big.NewInt(time.Now().Unix()),
+		SerialNumber: big.NewInt(time.Now().UnixMilli()),
 		Subject: pkix.Name{
 			CommonName:   id,
 			Organization: []string{"ezshare"},
@@ -129,5 +130,13 @@ func (cs *CertService) VerifyClient(certBytes []byte) (string, error) {
 		return "", fmt.Errorf("unable to verify: %w", err)
 	}
 
+	revoked, err := cs.store.IsRevoked(cert.SerialNumber.String())
+	if err != nil {
+		return "", fmt.Errorf("unable to check if revoked: %w", err)
+	}
+	if revoked {
+		return "", fmt.Errorf("certificate is revoked")
+	}
+
 	return cert.Subject.CommonName, nil
 }