WriteCertRepository: avoid serializing precerts twice

With pre-certs, Chain[0] is the pre-cert itself.
This commit is contained in:
Andrew Ayer 2016-02-07 14:47:05 -08:00
parent a79cc26570
commit 1dcbe91877
1 changed files with 7 additions and 5 deletions

View File

@ -249,9 +249,9 @@ func WriteCertRepository (repoPath string, entry *ct.LogEntry) (bool, string, er
fingerprint := sha256hex(getRaw(entry)) fingerprint := sha256hex(getRaw(entry))
prefixPath := filepath.Join(repoPath, fingerprint[0:2]) prefixPath := filepath.Join(repoPath, fingerprint[0:2])
var filenameSuffix string var filenameSuffix string
if entry.Precert != nil { if entry.Leaf.TimestampedEntry.EntryType == ct.PrecertLogEntryType {
filenameSuffix = ".precert.pem" filenameSuffix = ".precert.pem"
} else if entry.X509Cert != nil { } else if entry.Leaf.TimestampedEntry.EntryType == ct.X509LogEntryType {
filenameSuffix = ".cert.pem" filenameSuffix = ".cert.pem"
} }
if err := os.Mkdir(prefixPath, 0777); err != nil && !os.IsExist(err) { if err := os.Mkdir(prefixPath, 0777); err != nil && !os.IsExist(err) {
@ -266,9 +266,11 @@ func WriteCertRepository (repoPath string, entry *ct.LogEntry) (bool, string, er
return false, path, fmt.Errorf("Failed to open %s for writing: %s", path, err) return false, path, fmt.Errorf("Failed to open %s for writing: %s", path, err)
} }
} }
if err := pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: getRaw(entry)}); err != nil { if entry.Leaf.TimestampedEntry.EntryType == ct.X509LogEntryType {
file.Close() if err := pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: entry.Leaf.TimestampedEntry.X509Entry}); err != nil {
return false, path, fmt.Errorf("Error writing to %s: %s", path, err) file.Close()
return false, path, fmt.Errorf("Error writing to %s: %s", path, err)
}
} }
for _, chainCert := range entry.Chain { for _, chainCert := range entry.Chain {
if err := pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: chainCert}); err != nil { if err := pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: chainCert}); err != nil {