diff --git a/configparser.go b/configparser.go index 111274f..9a7fca7 100644 --- a/configparser.go +++ b/configparser.go @@ -5,7 +5,7 @@ import ( "encoding/pem" "fmt" "github.com/gr33nbl00d/caddy-revocation-validator/config" - "io/ioutil" + "os" "time" ) @@ -164,7 +164,7 @@ func parseTrustedCrlSignerCerts(crlConfig *config.CRLConfig) error { } func parseCertFromFile(certFile string) (*x509.Certificate, error) { - certBytes, err := ioutil.ReadFile(certFile) + certBytes, err := os.ReadFile(certFile) if err != nil { return nil, err } @@ -174,7 +174,7 @@ func parseCertFromFile(certFile string) (*x509.Certificate, error) { } certificate, err := x509.ParseCertificate(block.Bytes) if err != nil { - return nil, err + return nil, fmt.Errorf("could not parse certificate from file #{certFile}", err) } return certificate, nil } diff --git a/crl/crlrepository/crlrepository.go b/crl/crlrepository/crlrepository.go index d659c5a..22d7a7d 100644 --- a/crl/crlrepository/crlrepository.go +++ b/crl/crlrepository/crlrepository.go @@ -274,6 +274,7 @@ func (R *Repository) updateCRL(identifier string) error { } func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateChains) (err error) { + R.logger.Info("updating crl " + entry.CRLLoader.GetDescription()) var store crlstore.CRLStore tempFileName, err := R.createTempFile() if err != nil { @@ -291,6 +292,7 @@ func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateCha defer os.Remove(tempFileName) var chains = newChains + points, storedChains, err := R.getCrlUpdateInformation(entry, err) if err != nil { return err @@ -302,6 +304,7 @@ func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateCha if err != nil { return err } + R.logger.Info("loading crl " + entry.CRLLoader.GetDescription()) err = loader.LoadCRL(tempFileName) if err != nil { return err @@ -316,7 +319,7 @@ func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateCha } var processor = crlstore.CRLPersisterProcessor{CRLStore: store} - + R.logger.Info("parsing crl loaded from " + entry.CRLLoader.GetDescription()) err = processor.UpdateCRLLocations(points) if err != nil { return err @@ -326,6 +329,7 @@ func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateCha if err != nil { return err } + R.logger.Info("verify crl signature of crl " + entry.CRLLoader.GetDescription()) signatureCert, err := verifyCRLSignature(result, chains) if err != nil { R.setLastSignatureVerifyFailed(entry, result) @@ -344,6 +348,7 @@ func (R *Repository) updateCrlEntry(entry *Entry, newChains *core.CertificateCha R.deleteEntrySync(identifier) return err } + R.logger.Info("finished updating crl " + entry.CRLLoader.GetDescription()) return nil } diff --git a/crl/crlrevocationchecker.go b/crl/crlrevocationchecker.go index 4822e33..8e0f245 100644 --- a/crl/crlrevocationchecker.go +++ b/crl/crlrevocationchecker.go @@ -65,10 +65,12 @@ func (c *CRLRevocationChecker) Provision(crlConfig *config.CRLConfig, logger *za logger.Info("creating crl certificate chains") chains := core.NewCertificateChains(nil, crlConfig.TrustedSignatureCerts) + logger.Info("adding crl entries from crl_urls config") err = c.addCrlUrlsFromConfig(chains) if err != nil { return err } + logger.Info("adding crl entries from crl_files config") err = c.addCrlFilesFromConfig(chains) if err != nil { return err @@ -101,6 +103,7 @@ func (c *CRLRevocationChecker) addCrlUrlsFromConfig(chains *core.CertificateChai return err } //update in case chains have changed + c.logger.Info("Updating crl from location " + crlUrl) err = c.crlRepository.UpdateCRL(&crlLocations, chains) if err != nil { return err @@ -119,6 +122,7 @@ func (c *CRLRevocationChecker) addCrlFilesFromConfig(chains *core.CertificateCha return err } //update in case chains have changed + c.logger.Info("Updating crl from location " + crlFile) err = c.crlRepository.UpdateCRL(&crlLocations, chains) if err != nil { return err