Add revocation check to certservice

2021-12-06 17:42:09 +01:00 · 2021-12-06 17:42:09 +01:00 · feb76ff890
commit feb76ff890
parent f20da8ed23
1 changed files with 11 additions and 2 deletions
--- a/certs/certservice.go
+++ b/certs/certservice.go
@ -10,9 +10,10 @@ import (
 	"crypto/x509/pkix"
 	"encoding/pem"
 	"fmt"
-	"gitea.benny.dog/torjus/ezshare/store"
 	"math/big"
 	"time"
+
+	"gitea.benny.dog/torjus/ezshare/store"
 )

 type CertService struct {
@ -58,7 +59,7 @@ func NewCertService(s store.CertificateStore, certBytes, keyBytes []byte) (*Cert

 func (cs *CertService) NewClient(id string) ([]byte, []byte, error) {
 	cert := &x509.Certificate{
-		SerialNumber: big.NewInt(time.Now().Unix()),
+		SerialNumber: big.NewInt(time.Now().UnixMilli()),
 		Subject: pkix.Name{
 			CommonName:   id,
 			Organization: []string{"ezshare"},
@ -129,5 +130,13 @@ func (cs *CertService) VerifyClient(certBytes []byte) (string, error) {
 		return "", fmt.Errorf("unable to verify: %w", err)
 	}

+	revoked, err := cs.store.IsRevoked(cert.SerialNumber.String())
+	if err != nil {
+		return "", fmt.Errorf("unable to check if revoked: %w", err)
+	}
+	if revoked {
+		return "", fmt.Errorf("certificate is revoked")
+	}
+
 	return cert.Subject.CommonName, nil
 }