* Add initial scan as a part of FWCP creation
* Add comment about default value for RefreshDuration
* Promote Close() to the interface level
* Revert "Promote Close() to the interface level"
This reverts commit 465ebacc5c.
* rename certificateListExt to CRL
* CRLProvider file
* Add CRLProvider to RevocationConfig
* Beginning refactor of CRL handling
* Shell of StaticCRLProvider
* basic static crl provider test
* use loadCRL helper
* refactor of CRL loading
* Table tests
* Table tests
* Add tests with Static CRL provider
* New certs to be used for CRL tests. Added test for passing and failing connections based on CRL check outcomes
* Main functionality of File Watcher (Directory) CRL provider
* Refactor async go routine, validate() func, add unit tests
* Custom error callback, related unit tests
* Error callback test improvement
* Comments for StaticCRLProvider
* Comments for public API
* go mod tidy
* Comments for tests
* Fix vet errors
* Change Static provider behavior to match C Core, address other PR comments
* Data race fix
* Test helper fn change
* Address PR comments
* Address PR comments (part 2)
* Migration from context to channel for controlling crl reloading goroutine
* Align in-memory CRL updates during directory scan to C++ behavior
* Improve comments for ScanCRLDirectory
* Base test case for Scan CRL Directory file manipulations
* full set of cases for CRL directory content manipulation
* Add comment for table test structure
* Fix for go.mod and go.sum
* Empty directoru workaround
* Delete deprecated crl functionality
* Restoring deprecated crl files
* Fit to grpctest.Tester pattern
* Update readme for crl provider tests
* Address PR comments
* Revert "Restoring deprecated crl files"
This reverts commit 56437603a4.
* Revert "Resolve conflicts with upstream - deletion of deprecated crl"
This reverts commit e0130640c46efd9a43649bf409c6e762ae66e225, reversing
changes made to 21f430135c.
Revert deletion
* Update link for gRFC proposal
* Address PR comments
* Address PR comments part 1
* Address PR comments part 2
* Address PR comments part 3
* Fix for go.mod and go.sum
* Fix comment typo
* Fix for gRFC tag
* Add more details to CRL api godoc comments.
* Address PR comments
* Address PR comments
* Delete crl_deprecated.go and crl_deprecated_test.go
* Delete testdate/crl/provider/filewatcher directory and .gitignore under it
* Race test fix
* Address PR comments
* Address PR comments
* Refactor directory reloader test from checking size of crl map to querying individual entries approach
* Add extra case for RefreshDuration config test
* Update cpmment for table test structure
* Unexport scan scanCRLDirectory, drop related mutex, update the comments
* Update API comments, clear tmp dir after the tests
---------
Co-authored-by: Gregory Cooke <gregorycooke@google.com>
Swap from deprecated pkix.CertificateList to x509.RevocationList
pkix.CertificateList is deprecated.
We have an internal wrapper around this for representing CRLs. This PR updates that wrapper to use the preferred x509.RevocationList.
This also replaces x509.ParseCRL (deprecated) with x509.ParseRevocationList. The former supported PEM input, while the latter requires DER, so I added a utility function parseRevocationList that does the PEM -> DER conversion if needed, taken from the x509.ParseCRL implementation.
The one issue here is that x509.RevocationList was introduced in golang 1.19. We are still supporting 1.18. To solve this, I've put build restrictions on crl.go and crl_test.go to only build on 1.19+. Also, I also added the files crl_deprecated.go and crl_deprecated_test.go, which are identical copies to the crl.go and crl_test.go files before this PR. They have the build restriction of <go1.19, so they will be used in the 1.18 build. This change is luckily very isolated and these are the only 2 files that needed the build restrictions.
The short test timeout was causing the DialContext to return an error
even if it was non-blocking when a large number of tests are executed
simultaneously. The way I think we should do with is to stick with the
normal time out but cancel the context promptly, instead of deferring it
at the end to release resources.
Gregory Cooke