forked from spacemonkeygo/openssl
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcrl.go
78 lines (61 loc) · 1.4 KB
/
crl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package openssl
// #include "shim.h"
import "C"
import (
"errors"
"io/ioutil"
"time"
"unsafe"
)
type CRL struct {
x *C.X509_CRL
}
func NewCrl(data []byte) (*CRL, error) {
if len(data) == 0 {
return nil, errors.New("empty data")
}
bio := C.BIO_new_mem_buf(unsafe.Pointer(&data[0]), C.int(len(data)))
if bio == nil {
return nil, errors.New("failed creating bio")
}
defer C.BIO_free(bio)
crl_file := C.d2i_X509_CRL_bio(bio, nil)
if crl_file == nil {
return nil, errors.New("failed to decode CRL file")
}
return &CRL{x: crl_file}, nil
}
const (
asn1TimeFormat = "Jan _2 15:04:05 2006 GMT"
)
func (c *CRL) GetNextUpdateTime() (time.Time, error) {
bio := C.BIO_new(C.BIO_s_mem())
defer C.BIO_free(bio)
t := C.X_X509_CRL_get_nextUpdate(c.x)
if int(C.ASN1_TIME_print(bio, t)) != 1 {
return time.Time{}, errors.New("failed to convert crl next time")
}
data, err := ioutil.ReadAll(asAnyBio(bio))
if err != nil {
return time.Time{}, errors.New("failed to read time from bio")
}
return time.Parse(asn1TimeFormat, string(data))
}
func (c *CRL) Free() {
C.X509_CRL_free(c.x)
}
func VerifyCRL(crl *CRL, store *CertificateStoreCtx) bool {
issuer := C.X_get_issuer(store.ctx)
if issuer == nil {
return true
}
ikey := C.X509_get_pubkey(issuer)
if ikey == nil {
return false
}
defer C.EVP_PKEY_free(ikey)
if int(C.X509_CRL_verify(crl.x, ikey)) != 1 {
return false
}
return true
}