fix lint errors
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
parent
04ab8e72f6
commit
a3d0cf5ddf
1 changed files with 15 additions and 7 deletions
|
|
@ -15,9 +15,10 @@
|
|||
package common
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
|
|
@ -25,7 +26,6 @@ import (
|
|||
"os"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/drakkan/sftpgo/v2/internal/logger"
|
||||
"github.com/drakkan/sftpgo/v2/internal/util"
|
||||
|
|
@ -34,10 +34,12 @@ import (
|
|||
const (
|
||||
// DefaultTLSKeyPaidID defines the id to use for non-binding specific key pairs
|
||||
DefaultTLSKeyPaidID = "default"
|
||||
pemCRLType = "X509 CRL"
|
||||
)
|
||||
|
||||
var (
|
||||
certAutoReload bool
|
||||
pemCRLPrefix = []byte("-----BEGIN X509 CRL")
|
||||
)
|
||||
|
||||
// SetCertAutoReloadMode sets if the certificate must be monitored for changes and
|
||||
|
|
@ -66,7 +68,7 @@ type CertManager struct {
|
|||
certs map[string]*tls.Certificate
|
||||
certsInfo map[string]fs.FileInfo
|
||||
rootCAs *x509.CertPool
|
||||
crls []*pkix.CertificateList
|
||||
crls []*x509.RevocationList
|
||||
}
|
||||
|
||||
// Reload tries to reload certificate and CRLs
|
||||
|
|
@ -139,8 +141,8 @@ func (m *CertManager) IsRevoked(crt *x509.Certificate, caCrt *x509.Certificate)
|
|||
}
|
||||
|
||||
for _, crl := range m.crls {
|
||||
if !crl.HasExpired(time.Now()) && caCrt.CheckCRLSignature(crl) == nil { //nolint:staticcheck
|
||||
for _, rc := range crl.TBSCertList.RevokedCertificates {
|
||||
if crl.CheckSignatureFrom(caCrt) == nil {
|
||||
for _, rc := range crl.RevokedCertificates {
|
||||
if rc.SerialNumber.Cmp(crt.SerialNumber) == 0 {
|
||||
return true
|
||||
}
|
||||
|
|
@ -157,7 +159,7 @@ func (m *CertManager) LoadCRLs() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
var crls []*pkix.CertificateList
|
||||
var crls []*x509.RevocationList
|
||||
|
||||
for _, revocationList := range m.caRevocationLists {
|
||||
if !util.IsFileInputValid(revocationList) {
|
||||
|
|
@ -171,7 +173,13 @@ func (m *CertManager) LoadCRLs() error {
|
|||
logger.Warn(m.logSender, "", "unable to read revocation list %q", revocationList)
|
||||
return err
|
||||
}
|
||||
crl, err := x509.ParseCRL(crlBytes) //nolint:staticcheck
|
||||
if bytes.HasPrefix(crlBytes, pemCRLPrefix) {
|
||||
block, _ := pem.Decode(crlBytes)
|
||||
if block != nil && block.Type == pemCRLType {
|
||||
crlBytes = block.Bytes
|
||||
}
|
||||
}
|
||||
crl, err := x509.ParseRevocationList(crlBytes)
|
||||
if err != nil {
|
||||
logger.Warn(m.logSender, "", "unable to parse revocation list %q", revocationList)
|
||||
return err
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue