Add revocation check to certservice
This commit is contained in:
parent
f20da8ed23
commit
feb76ff890
@ -10,9 +10,10 @@ import (
|
|||||||
"crypto/x509/pkix"
|
"crypto/x509/pkix"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"fmt"
|
"fmt"
|
||||||
"gitea.benny.dog/torjus/ezshare/store"
|
|
||||||
"math/big"
|
"math/big"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"gitea.benny.dog/torjus/ezshare/store"
|
||||||
)
|
)
|
||||||
|
|
||||||
type CertService struct {
|
type CertService struct {
|
||||||
@ -58,7 +59,7 @@ func NewCertService(s store.CertificateStore, certBytes, keyBytes []byte) (*Cert
|
|||||||
|
|
||||||
func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
|
func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
|
||||||
cert := &x509.Certificate{
|
cert := &x509.Certificate{
|
||||||
SerialNumber: big.NewInt(time.Now().Unix()),
|
SerialNumber: big.NewInt(time.Now().UnixMilli()),
|
||||||
Subject: pkix.Name{
|
Subject: pkix.Name{
|
||||||
CommonName: id,
|
CommonName: id,
|
||||||
Organization: []string{"ezshare"},
|
Organization: []string{"ezshare"},
|
||||||
@ -129,5 +130,13 @@ func (cs *CertService) VerifyClient(certBytes []byte) (string, error) {
|
|||||||
return "", fmt.Errorf("unable to verify: %w", err)
|
return "", fmt.Errorf("unable to verify: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
revoked, err := cs.store.IsRevoked(cert.SerialNumber.String())
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to check if revoked: %w", err)
|
||||||
|
}
|
||||||
|
if revoked {
|
||||||
|
return "", fmt.Errorf("certificate is revoked")
|
||||||
|
}
|
||||||
|
|
||||||
return cert.Subject.CommonName, nil
|
return cert.Subject.CommonName, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user