chore: increase perfomance

Only load CRL by URL when is necessary

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Handler/CertificateEngine/AEngineHandler.php

@@ -16,6 +16,7 @@
 use OCA\Libresign\Helper\MagicGetterSetterTrait;
 use OCA\Libresign\Service\CaIdentifierService;
 use OCA\Libresign\Service\CertificatePolicyService;
+use OCA\Libresign\Service\CrlService;
 use OCP\Files\AppData\IAppDataFactory;
 use OCP\Files\IAppData;
 use OCP\Files\SimpleFS\ISimpleFolder;
@@ -680,9 +681,14 @@ private function validateCrlFromUrls(array $crlUrls, string $certPem): string {
 
 	private function downloadAndValidateCrl(string $crlUrl, string $certPem): string {
 		try {
-			$crlContent = $this->downloadCrlContent($crlUrl);
+			if ($this->isLocalCrlUrl($crlUrl)) {
+				$crlContent = $this->generateLocalCrl($crlUrl);
+			} else {
+				$crlContent = $this->downloadCrlContent($crlUrl);
+			}
+
 			if (!$crlContent) {
-				throw new \Exception('Failed to download CRL');
+				throw new \Exception('Failed to get CRL content');
 			}
 
 			return $this->checkCertificateInCrl($certPem, $crlContent);
@@ -692,6 +698,54 @@ private function downloadAndValidateCrl(string $crlUrl, string $certPem): string
 		}
 	}
 
+	private function isLocalCrlUrl(string $url): bool {
+		$host = parse_url($url, PHP_URL_HOST);
+		if (!$host) {
+			return false;
+		}
+
+		$trustedDomains = $this->config->getSystemValue('trusted_domains', []);
+
+		return in_array($host, $trustedDomains, true);
+	}
+
+	private function generateLocalCrl(string $crlUrl): ?string {
+		try {
+			$templateUrl = $this->urlGenerator->linkToRouteAbsolute('libresign.crl.getRevocationList', [
+				'instanceId' => 'INSTANCEID',
+				'generation' => 999999,
+				'engineType' => 'ENGINETYPE',
+			]);
+
+			$patternUrl = str_replace('INSTANCEID', '([^/_]+)', $templateUrl);
+			$patternUrl = str_replace('999999', '(\d+)', $patternUrl);
+			$patternUrl = str_replace('ENGINETYPE', '([^/_]+)', $patternUrl);
+
+			$escapedPattern = str_replace([':', '/', '.'], ['\:', '\/', '\.'], $patternUrl);
+			$pattern = '/^' . $escapedPattern . '$/';
+
+			if (preg_match($pattern, $crlUrl, $matches)) {
+				$instanceId = $matches[1];
+				$generation = (int)$matches[2];
+				$engineType = $matches[3];
+
+				/** @var CrlService */
+				$crlService = \OC::$server->get(CrlService::class);
+
+				$crlData = $crlService->generateCrlDer($instanceId, $generation, $engineType);
+
+				return $crlData;
+			}
+
+			$this->logger->debug('CRL URL does not match expected pattern', ['url' => $crlUrl, 'pattern' => $pattern]);
+			return null;
+
+		} catch (\Exception $e) {
+			$this->logger->warning('Failed to generate local CRL: ' . $e->getMessage());
+			return null;
+		}
+	}
+
 	private function downloadCrlContent(string $url): ?string {
 		if (!filter_var($url, FILTER_VALIDATE_URL) || !in_array(parse_url($url, PHP_URL_SCHEME), ['http', 'https'])) {
 			return null;
@@ -706,7 +760,6 @@ private function downloadCrlContent(string $url): ?string {
 			]
 		]);
 
-		$url = str_replace('localhost', 'nginx', $url);
 		$content = @file_get_contents($url, false, $context);
 		return $content !== false ? $content : null;
 	}