Merge pull request #4 from kairoaraujo/fix_bug#3

Fix issue #3: CRL and crl is empty when CA loaded

Author: kairoaraujo

ca.go

@@ -168,12 +168,12 @@ func (c *CA) loadCA(commonName string) error {
 	caData := CAData{}
 
 	var (
-		caDir string = "/" + commonName + "/ca"
-		//caCertsDir      string = folderPath + "/certs"
+		caDir           string = "/" + commonName + "/ca"
 		keyString       []byte
 		publicKeyString []byte
 		csrString       []byte
 		certString      []byte
+		crlString       []byte
 		loadErr         error
 	)
 
@@ -223,6 +223,16 @@ func (c *CA) loadCA(commonName string) error {
 		caData.certificate = cert
 	}
 
+	var crlFile string = caDir + "/" + c.CommonName + crlExtension
+	if crlString, loadErr = storage.LoadFile(crlFile); loadErr == nil {
+		crl, err := cert.LoadCRL(crlString)
+		if err != nil {
+			return err
+		}
+		caData.CRL = string(crlString)
+		caData.crl = crl
+	}
+
 	c.Data = caData
 
 	return nil

cert/cert.go

@@ -125,6 +125,16 @@ func LoadCSR(csrString []byte) (*x509.CertificateRequest, error) {
 	return csr, nil
 }
 
+// LoadCRL loads a Certificate Revocation List from a read file.
+//
+// Using ioutil.ReadFile() satisfyies the read file.
+func LoadCRL(crlString []byte) (*pkix.CertificateList, error) {
+	block, _ := pem.Decode([]byte(string(crlString)))
+	crl, _ := x509.ParseCRL(block.Bytes)
+
+	return crl, nil
+}
+
 // CreateRootCert creates a Root CA Certificate (self signed)
 func CreateRootCert(CACommonName, commonName, country, province, locality, organization, organizationalUnit, emailAddresses string, valid int, dnsNames []string, priv *rsa.PrivateKey, pub *rsa.PublicKey, creationType storage.CreationType) (cert []byte, err error) {
 

goca.go

@@ -26,9 +26,8 @@ import (
 
 // CA represents the basic CA data
 type CA struct {
-	CommonName string   // Certificate Authority Common Name
-	Identity   Identity // Certificate Authority Identity (Identity{})
-	Data       CAData   // Certificate Authority Data (CAData{})
+	CommonName string // Certificate Authority Common Name
+	Data       CAData // Certificate Authority Data (CAData{})
 }
 
 // Certificate represents a Certificate data

goca_test.go

@@ -49,7 +49,7 @@ func TestFunctionalRootCACreation(t *testing.T) {
 func TestFunctionalIntermediateCACration(t *testing.T) {
 	os.Setenv("CAPATH", CaTestFolder)
 
-	rootCAIdentity := Identity{
+	intermediateCAIdentity := Identity{
 		Organization:       "Intermediate CA Company Inc.",
 		OrganizationalUnit: "Intermediate Certificates Management",
 		Country:            "NL",
@@ -58,7 +58,7 @@ func TestFunctionalIntermediateCACration(t *testing.T) {
 		Intermediate:       true,
 	}
 
-	IntermediateCA, err := New("go-itermediate.ca", rootCAIdentity)
+	IntermediateCA, err := New("go-itermediate.ca", intermediateCAIdentity)
 	if err != nil {
 		t.Log(err)
 		t.Errorf("Failing to create the CA")
@@ -93,6 +93,10 @@ func TestFunctionalRootCASignsIntermediateCA(t *testing.T) {
 		t.Errorf("Failed to load Root CA")
 	}
 
+	if RootCA.GetCRL() == "" {
+		t.Error("Empty CRL")
+	}
+
 	t.Log(RootCA.GoCertificate().DNSNames)
 
 	if RootCA.IsIntermediate() {
@@ -168,7 +172,11 @@ func TestFunctionalRootCALoadCertificates(t *testing.T) {
 		t.Errorf("Failed to load Root CA")
 	}
 
-	intranetCert, _ := RootCA.LoadCertificate("intranet.go-root.ca")
+	intranetCert, err := RootCA.LoadCertificate("intranet.go-root.ca")
+	if err != nil {
+		fmt.Println(err)
+		t.Log(err)
+	}
 
 	if intranetCert.GetCACertificate() != "" {
 		t.Log("Failed to load intranet")
@@ -187,8 +195,8 @@ func TestFunctionalRevokeCertificate(t *testing.T) {
 	RootCA, _ := Load("go-root.ca")
 	intermediateCert, _ := RootCA.LoadCertificate("go-itermediate.ca")
 
-	if RootCA.Data.crl != nil {
-		t.Error("CRL is not nil")
+	if RootCA.Data.crl == nil {
+		t.Error("CRL is nil")
 	}
 
 	err := RootCA.RevokeCertificate("go-itermediate.ca")