ca: Do not rebuild CA certificate chain on each call.

The result only changes when CA certificates are reloaded, so prepare this valuein _loadCAKeyPairList.

ca: Do not rebuild CA certificate chain on each call.
The result only changes when CA certificates are reloaded, so prepare this valuein _loadCAKeyPairList.
f21de813 · Vincent Pelletier · 4d0641ac · f21de813
Commit f21de813 authored Nov 25, 2020 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 20 deletions

caucase/ca.py caucase/ca.py +26 -20

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -200,17 +200,40 @@ class CertificateAuthority(object):
    return list(self._digest_list)
  def _loadCAKeyPairList(self):
+    digest = self._digest_list[0]
    ca_key_pair_list = []
+    ca_certificate_chain = []
+    previous_crt = None
+    previous_crt_pem = None
+    previous_key = None
    for pem_key_pair in self._storage.getCAKeyPairList():
      utils.validateCertAndKey(
        pem_key_pair['crt_pem'],
        pem_key_pair['key_pem'],
      )
+      crt_pem = pem_key_pair['crt_pem']
+      crt = utils.load_ca_certificate(pem_key_pair['crt_pem'])
+      key = utils.load_privatekey(pem_key_pair['key_pem'])
      ca_key_pair_list.append({
-        'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
+        'crt': crt,
-        'key': utils.load_privatekey(pem_key_pair['key_pem']),
+        'key': key,
      })
+      if previous_key is not None:
+        ca_certificate_chain.append(utils.wrap(
+          {
+            'old_pem': utils.toUnicode(previous_crt_pem),
+            'new_pem': utils.toUnicode(crt_pem),
+          },
+          previous_key,
+          digest,
+        ))
+      previous_crt = crt
+      previous_crt_pem = crt_pem
+      previous_key = key
    self._ca_key_pairs_list = ca_key_pair_list
+    self._ca_certificate_chain = tuple(
+      ca_certificate_chain
+    )
  def getCertificateSigningRequest(self, csr_id):
    """
@@ -636,24 +659,7 @@ class CertificateAuthority(object):
    purposes.
    """
    self._renewCAIfNeeded()
-    result = []
+    return self._ca_certificate_chain
-    iter_key_pair = iter(self._ca_key_pairs_list)
-    first_key_pair = next(iter_key_pair)
-    previous_crt_pem = utils.dump_certificate(first_key_pair['crt'])
-    previous_key = first_key_pair['key']
-    for key_pair in iter_key_pair:
-      current_crt_pem = utils.dump_certificate(key_pair['crt'])
-      result.append(utils.wrap(
-        {
-          'old_pem': utils.toUnicode(previous_crt_pem),
-          'new_pem': utils.toUnicode(current_crt_pem),
-        },
-        previous_key,
-        self.digest_list[0],
-      ))
-      previous_key = key_pair['key']
-      previous_crt_pem = current_crt_pem
-    return result
  def revoke(self, crt_pem):
    """