ocsp-server/ca.go

package main

import (
	"crypto/x509"
	"sync"

	"ocspcrl/internal/metrics"
	"ocspcrl/internal/ocsp_source"
)

type caInstance struct {
	name          string
	crlPath       string
	caCertificate *x509.Certificate
	source        *ocsp_source.CrlSource

	crlMutex sync.RWMutex
	crl      *x509.RevocationList
}

func (c *caInstance) reloadCrl() error {
	crl, loadError := loadCrlFromFile(c.crlPath)
	if loadError != nil {
		return loadError
	}
	c.crlMutex.Lock()
	c.crl = crl
	c.crlMutex.Unlock()
	metrics.CrlEntries.WithLabelValues(c.name).Set(float64(len(crl.RevokedCertificateEntries)))
	c.source.UseCrl(*crl)
	return nil
}

func (c *caInstance) currentCrl() *x509.RevocationList {
	c.crlMutex.RLock()
	defer c.crlMutex.RUnlock()
	return c.crl
}