MCPcopy
hub / github.com/grpc/grpc-go / scanCRLDirectory

Method scanCRLDirectory

security/advancedtls/crl_provider.go:179–230  ·  view source on GitHub ↗

scanCRLDirectory starts the process of scanning FileWatcherOptions.CRLDirectory and updating in-memory storage of CRL structs, as defined in [gRFC A69]. It's called periodically (see FileWatcherOptions.RefreshDuration) by run goroutine. [gRFC A69]: https://github.com/grpc/proposal/pull/382

()

Source from the content-addressed store, hash-verified

177//
178// [gRFC A69]: https://github.com/grpc/proposal/pull/382
179func (p *FileWatcherCRLProvider) scanCRLDirectory() {
180 dir, err := os.Open(p.opts.CRLDirectory)
181 if err != nil {
182 grpclogLogger.Errorf("Can't open CRLDirectory %v", p.opts.CRLDirectory, err)
183 if p.opts.CRLReloadingFailedCallback != nil {
184 p.opts.CRLReloadingFailedCallback(err)
185 }
186 }
187 defer dir.Close()
188
189 files, err := dir.ReadDir(0)
190 if err != nil {
191 grpclogLogger.Errorf("Can't access files under CRLDirectory %v", p.opts.CRLDirectory, err)
192 if p.opts.CRLReloadingFailedCallback != nil {
193 p.opts.CRLReloadingFailedCallback(err)
194 }
195 }
196
197 tempCRLs := make(map[string]*CRL)
198 successCounter := 0
199 failCounter := 0
200 for _, file := range files {
201 filePath := fmt.Sprintf("%s/%s", p.opts.CRLDirectory, file.Name())
202 crl, err := ReadCRLFile(filePath)
203 if err != nil {
204 failCounter++
205 grpclogLogger.Warningf("Can't add CRL from file %v under CRLDirectory %v", filePath, p.opts.CRLDirectory, err)
206 if p.opts.CRLReloadingFailedCallback != nil {
207 p.opts.CRLReloadingFailedCallback(err)
208 }
209 continue
210 }
211 tempCRLs[crl.certList.Issuer.ToRDNSequence().String()] = crl
212 successCounter++
213 }
214 // Only if all the files are processed successfully we can swap maps (there
215 // might be deletions of entries in this case).
216 if len(files) == successCounter {
217 p.mu.Lock()
218 defer p.mu.Unlock()
219 p.crls = tempCRLs
220 grpclogLogger.Infof("Scan of CRLDirectory %v completed, %v files found and processed successfully, in-memory CRL storage flushed and repopulated", p.opts.CRLDirectory, len(files))
221 } else {
222 // Since some of the files failed we can only add/update entries in the map.
223 p.mu.Lock()
224 defer p.mu.Unlock()
225 for key, value := range tempCRLs {
226 p.crls[key] = value
227 }
228 grpclogLogger.Infof("Scan of CRLDirectory %v completed, %v files found, %v files processing failed, %v entries of in-memory CRL storage added/updated", p.opts.CRLDirectory, len(files), failCounter, successCounter)
229 }
230}
231
232// CRL retrieves the CRL associated with the given certificate's issuer DN from
233// in-memory if it was loaded during FileWatcherOptions.CRLDirectory scan before

Callers 3

runMethod · 0.95

Calls 10

ReadCRLFileFunction · 0.85
OpenMethod · 0.80
ErrorfMethod · 0.65
CloseMethod · 0.65
NameMethod · 0.65
WarningfMethod · 0.65
StringMethod · 0.65
InfofMethod · 0.65
LockMethod · 0.45
UnlockMethod · 0.45