Refresh all CRLs

This commit is contained in:
Pierre HUBERT 2024-06-28 19:43:33 +02:00
parent 24f8f8f842
commit f4fde9bc46
2 changed files with 26 additions and 5 deletions

View File

@ -46,6 +46,24 @@ impl CertData {
crl: Some(AppConfig::get().root_ca_crl_path()),
})
}
/// Load web CA
fn load_web_ca() -> anyhow::Result<Self> {
Ok(Self {
cert: load_certificate_from_file(AppConfig::get().web_ca_cert_path())?,
key: load_priv_key_from_file(AppConfig::get().web_ca_priv_key_path())?,
crl: Some(AppConfig::get().web_ca_crl_path()),
})
}
/// Load devices CA
fn load_devices_ca() -> anyhow::Result<Self> {
Ok(Self {
cert: load_certificate_from_file(AppConfig::get().devices_ca_cert_path())?,
key: load_priv_key_from_file(AppConfig::get().devices_ca_priv_key_path())?,
crl: Some(AppConfig::get().devices_ca_crl_path()),
})
}
}
/// Generate private key
@ -259,7 +277,7 @@ fn refresh_crl(d: &CertData) -> anyhow::Result<()> {
if X509_CRL_set_version(crl, X509_CRL_VERSION_2) == 0 {
return Err(PKIError::GenCRLError("X509_CRL_set_version").into());
}
if X509_CRL_set_issuer_name(crl, d.cert.issuer_name().as_ptr()) == 0 {
if X509_CRL_set_issuer_name(crl, d.cert.subject_name().as_ptr()) == 0 {
return Err(PKIError::GenCRLError("X509_CRL_set_issuer_name").into());
}
@ -296,7 +314,10 @@ fn refresh_crl(d: &CertData) -> anyhow::Result<()> {
Ok(())
}
/// Initialize or refresh Root CA CRL, if needed
pub fn initialize_root_ca_crl() -> anyhow::Result<()> {
refresh_crl(&CertData::load_root_ca()?)
/// Refresh revocation lists
pub fn refresh_crls() -> anyhow::Result<()> {
refresh_crl(&CertData::load_root_ca()?)?;
refresh_crl(&CertData::load_web_ca()?)?;
refresh_crl(&CertData::load_devices_ca()?)?;
Ok(())
}

View File

@ -16,5 +16,5 @@ fn main() {
pki::initialize_web_ca().expect("Failed to initialize web CA!");
pki::initialize_devices_ca().expect("Failed to initialize devices CA!");
pki::initialize_root_ca_crl().expect("Failed to initialize Root CA!");
pki::refresh_crls().expect("Failed to initialize Root CA!");
}