// Check that there is a valid CRL in the DB right now. If it doesnt exist
// or is expired, generated one now
crlDB,ok:=a.db.(db.CertificateRevocationListDB)
if!ok{
returnerrors.Errorf("CRL Generation requested, but database does not support CRL generation")
}
crlInfo,err:=crlDB.GetCRL()
iferr!=nil{
returnerrors.Wrap(err,"could not retrieve CRL from database")
}
ifcrlInfo==nil{
log.Println("No CRL exists in the DB, generating one now")
err=a.GenerateCertificateRevocationList()
iferr!=nil{
returnerrors.Wrap(err,"could not generate a CRL")
}
}
ifcrlInfo.ExpiresAt.Before(time.Now().UTC()){
log.Printf("Existing CRL has expired (at %v), generating a new one",crlInfo.ExpiresAt)
err=a.GenerateCertificateRevocationList()
iferr!=nil{
returnerrors.Wrap(err,"could not generate a CRL")
}
}
log.Printf("CRL will be auto-generated every %v",a.config.CRL.CacheDuration)
tickerDuration:=a.config.CRL.CacheDuration.Duration-time.Minute// generate the new CRL 1 minute before it expires
iftickerDuration<=0{
log.Printf("WARNING: Addition of jitter to CRL generation time %v creates a negative duration (%v). Using 1 minute cacheDuration",a.config.CRL.CacheDuration,tickerDuration)
tickerDuration=time.Minute
}
crlTicker:=time.NewTicker(tickerDuration)
gofunc(){
for{
select{
case<-crlTicker.C:
log.Println("Regenerating CRL")
err:=a.GenerateCertificateRevocationList()
iferr!=nil{
// TODO: log or panic here?
panic(errors.Wrap(err,"authority.crlGenerator encountered an error"))
returnnil,errs.Wrap(http.StatusInternalServerError,errors.Errorf("Certificate Revocation Lists are not enabled"),"authority.GetCertificateRevocationList")
}
// check for an existing CRL in the database, and return that if its valid
crlInfo,err:=a.db.GetCRL()
crlDB,ok:=a.db.(db.CertificateRevocationListDB)
if!ok{
returnnil,errs.Wrap(http.StatusInternalServerError,errors.Errorf("Database does not support Certificate Revocation Lists"),"authority.GetCertificateRevocationList")