Add CRL fields to Go shadow of Certificate.

2025-06-05 20:13:44 +02:00 · 2020-07-23 15:05:12 -07:00 · 2020-07-23 15:05:12 -07:00 · 0f04b5afc7
commit 0f04b5afc7
parent 189dea7c96
2 changed files with 24 additions and 3 deletions
--- a/cmd/zerotier/cli/help.go
+++ b/cmd/zerotier/cli/help.go
@ -76,9 +76,9 @@ Commands:
    sign <identity> <file>               Sign a file with an identity's key
    verify <identity> <file> <sig>       Verify a signature
  cert <command> [args]                - Certificate commands
-    newid                                Create a new unique subject ID
-    newcsr <subject json path>           Create a new CSR (signing request)
-    sign <csr path> <identity path>      Sign a CSR to create a certificate
+    newsubject <subject> <secret>        Create a new subject and secret
+    newcsr <subject> <secret>            Create a subject CSR
+    sign <csr> <identity> <certificate>  Sign a CSR to create a certificate
    verify <certificate>                 Verify a certificate
    show                                 List certificate for current node
    import <certificate> [<trust>]       Import certificate into this node
--- a/pkg/zerotier/certificate.go
+++ b/pkg/zerotier/certificate.go
@ -83,6 +83,7 @@ type Certificate struct {
 	IssuerName         CertificateName    `json:"issuerName"`
 	ExtendedAttributes []byte             `json:"extendedAttributes,omitempty"`
 	MaxPathLength      uint               `json:"maxPathLength,omitempty"`
+	CRL                [][]byte           `json:"crl,omitempty"`
 	Signature          []byte             `json:"signature,omitempty"`
 }

@ -258,6 +259,13 @@ func newCertificateFromCCertificate(ccptr unsafe.Pointer) *Certificate {

 	c.MaxPathLength = uint(cc.maxPathLength)

+	for i := 0; i < int(cc.crlCount); i++ {
+		csn := *((**[48]byte)(unsafe.Pointer(uintptr(unsafe.Pointer(cc.crl)) + (uintptr(i) * pointerSize))))
+		var tmp [48]byte
+		copy(tmp[:], csn[:])
+		c.CRL = append(c.CRL, tmp[:])
+	}
+
 	if cc.signatureSize > 0 {
 		c.Signature = C.GoBytes(unsafe.Pointer(cc.signature), C.int(cc.signatureSize))
 	}
@ -279,6 +287,7 @@ func (c *Certificate) cCertificate() unsafe.Pointer {
 	var subjectCertificates []uintptr
 	var subjectUpdateURLs []uintptr
 	var subjectUpdateURLsData [][]byte
+	var crl []uintptr

 	if len(c.SerialNo) == 48 {
 		copy((*[48]byte)(unsafe.Pointer(&cc.serialNo[0]))[:], c.SerialNo)
@ -387,6 +396,18 @@ func (c *Certificate) cCertificate() unsafe.Pointer {

 	cc.maxPathLength = C.uint(c.MaxPathLength)

+	if len(c.CRL) > 0 {
+		crl = make([]uintptr, len(c.CRL))
+		for i, cert := range c.CRL {
+			if len(cert) != 48 {
+				return nil
+			}
+			crl[i] = uintptr(unsafe.Pointer(&cert[0]))
+		}
+		cc.crl = (**C.uint8_t)(unsafe.Pointer(&crl[0]))
+		cc.crlCount = C.uint(len(crl))
+	}
+
 	if len(c.Signature) > 0 {
 		cc.signature = (*C.uint8_t)(unsafe.Pointer(&c.Signature[0]))
 		cc.signatureSize = C.uint(len(c.Signature))