scanCRLDirectory starts the process of scanning FileWatcherOptions.CRLDirectory and updating in-memory storage of CRL structs, as defined in [gRFC A69]. It's called periodically (see FileWatcherOptions.RefreshDuration) by run goroutine. [gRFC A69]: https://github.com/grpc/proposal/pull/382
()
| 177 | // |
| 178 | // [gRFC A69]: https://github.com/grpc/proposal/pull/382 |
| 179 | func (p *FileWatcherCRLProvider) scanCRLDirectory() { |
| 180 | dir, err := os.Open(p.opts.CRLDirectory) |
| 181 | if err != nil { |
| 182 | grpclogLogger.Errorf("Can't open CRLDirectory %v", p.opts.CRLDirectory, err) |
| 183 | if p.opts.CRLReloadingFailedCallback != nil { |
| 184 | p.opts.CRLReloadingFailedCallback(err) |
| 185 | } |
| 186 | } |
| 187 | defer dir.Close() |
| 188 | |
| 189 | files, err := dir.ReadDir(0) |
| 190 | if err != nil { |
| 191 | grpclogLogger.Errorf("Can't access files under CRLDirectory %v", p.opts.CRLDirectory, err) |
| 192 | if p.opts.CRLReloadingFailedCallback != nil { |
| 193 | p.opts.CRLReloadingFailedCallback(err) |
| 194 | } |
| 195 | } |
| 196 | |
| 197 | tempCRLs := make(map[string]*CRL) |
| 198 | successCounter := 0 |
| 199 | failCounter := 0 |
| 200 | for _, file := range files { |
| 201 | filePath := fmt.Sprintf("%s/%s", p.opts.CRLDirectory, file.Name()) |
| 202 | crl, err := ReadCRLFile(filePath) |
| 203 | if err != nil { |
| 204 | failCounter++ |
| 205 | grpclogLogger.Warningf("Can't add CRL from file %v under CRLDirectory %v", filePath, p.opts.CRLDirectory, err) |
| 206 | if p.opts.CRLReloadingFailedCallback != nil { |
| 207 | p.opts.CRLReloadingFailedCallback(err) |
| 208 | } |
| 209 | continue |
| 210 | } |
| 211 | tempCRLs[crl.certList.Issuer.ToRDNSequence().String()] = crl |
| 212 | successCounter++ |
| 213 | } |
| 214 | // Only if all the files are processed successfully we can swap maps (there |
| 215 | // might be deletions of entries in this case). |
| 216 | if len(files) == successCounter { |
| 217 | p.mu.Lock() |
| 218 | defer p.mu.Unlock() |
| 219 | p.crls = tempCRLs |
| 220 | grpclogLogger.Infof("Scan of CRLDirectory %v completed, %v files found and processed successfully, in-memory CRL storage flushed and repopulated", p.opts.CRLDirectory, len(files)) |
| 221 | } else { |
| 222 | // Since some of the files failed we can only add/update entries in the map. |
| 223 | p.mu.Lock() |
| 224 | defer p.mu.Unlock() |
| 225 | for key, value := range tempCRLs { |
| 226 | p.crls[key] = value |
| 227 | } |
| 228 | grpclogLogger.Infof("Scan of CRLDirectory %v completed, %v files found, %v files processing failed, %v entries of in-memory CRL storage added/updated", p.opts.CRLDirectory, len(files), failCounter, successCounter) |
| 229 | } |
| 230 | } |
| 231 | |
| 232 | // CRL retrieves the CRL associated with the given certificate's issuer DN from |
| 233 | // in-memory if it was loaded during FileWatcherOptions.CRLDirectory scan before |