Commit f21de813 authored by Vincent Pelletier's avatar Vincent Pelletier

ca: Do not rebuild CA certificate chain on each call.

The result only changes when CA certificates are reloaded, so prepare this
valuein _loadCAKeyPairList.
parent 4d0641ac
......@@ -200,17 +200,40 @@ class CertificateAuthority(object):
return list(self._digest_list)
def _loadCAKeyPairList(self):
digest = self._digest_list[0]
ca_key_pair_list = []
ca_certificate_chain = []
previous_crt = None
previous_crt_pem = None
previous_key = None
for pem_key_pair in self._storage.getCAKeyPairList():
utils.validateCertAndKey(
pem_key_pair['crt_pem'],
pem_key_pair['key_pem'],
)
crt_pem = pem_key_pair['crt_pem']
crt = utils.load_ca_certificate(pem_key_pair['crt_pem'])
key = utils.load_privatekey(pem_key_pair['key_pem'])
ca_key_pair_list.append({
'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
'key': utils.load_privatekey(pem_key_pair['key_pem']),
'crt': crt,
'key': key,
})
if previous_key is not None:
ca_certificate_chain.append(utils.wrap(
{
'old_pem': utils.toUnicode(previous_crt_pem),
'new_pem': utils.toUnicode(crt_pem),
},
previous_key,
digest,
))
previous_crt = crt
previous_crt_pem = crt_pem
previous_key = key
self._ca_key_pairs_list = ca_key_pair_list
self._ca_certificate_chain = tuple(
ca_certificate_chain
)
def getCertificateSigningRequest(self, csr_id):
"""
......@@ -636,24 +659,7 @@ class CertificateAuthority(object):
purposes.
"""
self._renewCAIfNeeded()
result = []
iter_key_pair = iter(self._ca_key_pairs_list)
first_key_pair = next(iter_key_pair)
previous_crt_pem = utils.dump_certificate(first_key_pair['crt'])
previous_key = first_key_pair['key']
for key_pair in iter_key_pair:
current_crt_pem = utils.dump_certificate(key_pair['crt'])
result.append(utils.wrap(
{
'old_pem': utils.toUnicode(previous_crt_pem),
'new_pem': utils.toUnicode(current_crt_pem),
},
previous_key,
self.digest_list[0],
))
previous_key = key_pair['key']
previous_crt_pem = current_crt_pem
return result
return self._ca_certificate_chain
def revoke(self, crt_pem):
"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment