pierre/SolarEnergy
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Refresh all CRLs

Browse Source
This commit is contained in:
Pierre HUBERT 2024-06-28 19:43:33 +02:00
parent 24f8f8f842
commit f4fde9bc46
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
central_backend/src/crypto/pki.rs
View File

@ -46,6 +46,24 @@ impl CertData {
crl: Some(AppConfig::get().root_ca_crl_path()), crl: Some(AppConfig::get().root_ca_crl_path()),
}) })
} }
/// Load web CA
fn load_web_ca() -> anyhow::Result<Self> {
Ok(Self {
cert: load_certificate_from_file(AppConfig::get().web_ca_cert_path())?,
key: load_priv_key_from_file(AppConfig::get().web_ca_priv_key_path())?,
crl: Some(AppConfig::get().web_ca_crl_path()),
})
}
/// Load devices CA
fn load_devices_ca() -> anyhow::Result<Self> {
Ok(Self {
cert: load_certificate_from_file(AppConfig::get().devices_ca_cert_path())?,
key: load_priv_key_from_file(AppConfig::get().devices_ca_priv_key_path())?,
crl: Some(AppConfig::get().devices_ca_crl_path()),
})
}
} }
/// Generate private key /// Generate private key
@ -259,7 +277,7 @@ fn refresh_crl(d: &CertData) -> anyhow::Result<()> {
if X509_CRL_set_version(crl, X509_CRL_VERSION_2) == 0 { if X509_CRL_set_version(crl, X509_CRL_VERSION_2) == 0 {
return Err(PKIError::GenCRLError("X509_CRL_set_version").into()); return Err(PKIError::GenCRLError("X509_CRL_set_version").into());
} }
if X509_CRL_set_issuer_name(crl, d.cert.issuer_name().as_ptr()) == 0 { if X509_CRL_set_issuer_name(crl, d.cert.subject_name().as_ptr()) == 0 {
return Err(PKIError::GenCRLError("X509_CRL_set_issuer_name").into()); return Err(PKIError::GenCRLError("X509_CRL_set_issuer_name").into());
} }
@ -296,7 +314,10 @@ fn refresh_crl(d: &CertData) -> anyhow::Result<()> {
Ok(()) Ok(())
} }
/// Initialize or refresh Root CA CRL, if needed /// Refresh revocation lists
pub fn initialize_root_ca_crl() -> anyhow::Result<()> { pub fn refresh_crls() -> anyhow::Result<()> {
refresh_crl(&CertData::load_root_ca()?) refresh_crl(&CertData::load_root_ca()?)?;
refresh_crl(&CertData::load_web_ca()?)?;
refresh_crl(&CertData::load_devices_ca()?)?;
Ok(())
} }

2
central_backend/src/main.rs
View File

@ -16,5 +16,5 @@ fn main() {
pki::initialize_web_ca().expect("Failed to initialize web CA!"); pki::initialize_web_ca().expect("Failed to initialize web CA!");
pki::initialize_devices_ca().expect("Failed to initialize devices CA!"); pki::initialize_devices_ca().expect("Failed to initialize devices CA!");
pki::initialize_root_ca_crl().expect("Failed to initialize Root CA!"); pki::refresh_crls().expect("Failed to initialize Root CA!");
} }