Merge pull request #1 from kairoaraujo/ca_crl_methods

kairoaraujo · web-flow · commit eec98f3e707e · 2020-12-28T20:10:03.000+01:00
Added the methods to CA and CRL
diff --git a/ca.go b/ca.go
@@ -20,6 +20,7 @@ import (
 const (
 	certExtension string = ".crt"
 	csrExtension  string = ".csr"
+	crlExtension  string = ".crl"
 )
 
 // A Identity represents the Certificate Authority Identity Information
@@ -43,6 +44,7 @@ type CAData struct {
 	PublicKey   string
 	CSR         string
 	Certificate string
+	CRL         string
 	privateKey  rsa.PrivateKey
 	certificate *x509.Certificate
 	publicKey   rsa.PublicKey
@@ -77,6 +79,7 @@ func (c *CA) create(commonName string, id Identity) error {
 		publicKeyString []byte
 		csrString       []byte
 		certString      []byte
+		crlString       []byte
 	)
 
 	if id.Organization == "" || id.OrganizationalUnit == "" || id.Country == "" || id.Locality == "" || id.Province == "" {
@@ -125,6 +128,7 @@ func (c *CA) create(commonName string, id Identity) error {
 
 		caData.certificate = certificate
 		caData.Certificate = string(certString)
+
 		crlBytes, err := cert.RevokeCertificate(c.CommonName, []pkix.RevokedCertificate{}, certificate, privKey)
 		if err != nil {
 			crl, err := x509.ParseCRL(crlBytes)
@@ -133,6 +137,12 @@ func (c *CA) create(commonName string, id Identity) error {
 			}
 		}
 
+		if crlString, err = storage.LoadFile(caDir + "/" + commonName + crlExtension); err != nil {
+			crlString = []byte{}
+		}
+
+		c.Data.CRL = string(crlString)
+
 	} else {
 		csrBytes, err := cert.CreateCSR(commonName, commonName, id.Country, id.Province, id.Locality, id.Organization, id.OrganizationalUnit, id.EmailAddresses, id.DNSNames, privKey, storage.CreationTypeCA)
 		if err != nil {
@@ -373,6 +383,8 @@ func (c *CA) loadCertificate(commonName string) (certificate Certificate, err er
 func (c *CA) revokeCertificate(certificate *x509.Certificate) error {
 
 	var revokedCerts []pkix.RevokedCertificate
+	var caDir string = "/" + c.CommonName + "/ca"
+	var crlString []byte
 
 	if c.Data.crl != nil {
 		revokedCerts = c.Data.crl.TBSCertList.RevokedCertificates
@@ -396,5 +408,12 @@ func (c *CA) revokeCertificate(certificate *x509.Certificate) error {
 	}
 	c.Data.crl = crl
 
+	var crlFile string = caDir + "/" + c.CommonName + crlExtension
+	if crlString, err = storage.LoadFile(crlFile); err != nil {
+		crlString = []byte{}
+	}
+
+	c.Data.CRL = string(crlString)
+
 	return nil
 }
diff --git a/goca.go b/goca.go
@@ -19,6 +19,7 @@ package goca
 import (
 	"crypto/rsa"
 	"crypto/x509"
+	"crypto/x509/pkix"
 
 	storage "github.com/kairoaraujo/goca/_storage"
 )
@@ -118,14 +119,20 @@ func (c *CA) GoCertificate() *x509.Certificate {
 	return c.Data.certificate
 }
 
+// GetCRL returns Certificate Revocation List as x509 CRL string
+func (c *CA) GetCRL() string {
+	return c.Data.CRL
+}
+
+// GoCRL returns Certificate Revocation List as Go bytes *pkix.CertificateList
+func (c *CA) GoCRL() *pkix.CertificateList {
+	return c.Data.crl
+}
+
 // IsIntermediate returns if the CA is Intermediate CA (true)
 func (c *CA) IsIntermediate() bool {
-	if c.Data.CSR == "" {
-		return false
+	return c.Data.CSR != ""
 
-	} else {
-		return true
-	}
 }
 
 // ListCertificates returns all certificates in the CA
diff --git a/goca_test.go b/goca_test.go
@@ -213,4 +213,7 @@ func TestFunctionalRevokeCertificate(t *testing.T) {
 	}
 	t.Logf("Test appending revoked certificates")
 
+	if RootCA.GetCRL() == "" {
+		t.Error("CRL X509 file is empty!")
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -213,4 +213,7 @@ func TestFunctionalRevokeCertificate(t *testing.T) {`
`213`	`213`	`}`
`214`	`214`	`t.Logf("Test appending revoked certificates")`
`215`	`215`
	`216`	`+ if RootCA.GetCRL() == "" {`
	`217`	`+ t.Error("CRL X509 file is empty!")`
	`218`	`+ }`
`216`	`219`	`}`