/
certpool_delete.go
69 lines (59 loc) · 1.42 KB
/
certpool_delete.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package certpool
import (
"container/list"
"context"
"crypto/x509"
"io/fs"
"darvaza.org/core"
)
// Delete removes a certificate by name
func (s *CertPool) Delete(_ context.Context, name string) error {
if name != "" {
s.mu.Lock()
defer s.mu.Unlock()
hashes := s.getAllHashByName(name)
if len(hashes) > 0 {
for _, hash := range hashes {
_ = s.deleteHash(hash)
}
return nil
}
}
return fs.ErrNotExist
}
// DeleteCert removes a given certificate
func (s *CertPool) DeleteCert(_ context.Context, cert *x509.Certificate) error {
s.mu.Lock()
defer s.mu.Unlock()
return s.deleteHash(HashCert(cert))
}
func (s *CertPool) deleteHash(hash [HashSize]byte) error {
if p, ok := s.hashed[hash]; ok {
s.cached = nil // invalidate cache
deleteHashFromNames(s.names, hash, p.names...)
deleteHashFromNames(s.patterns, hash, p.patterns...)
if skid := string(p.cert.SubjectKeyId); len(skid) > 0 {
deleteHashFromNames(s.subjects, hash, skid)
}
delete(s.hashed, hash)
return nil
}
return fs.ErrNotExist
}
func deleteHashFromNames(m map[string]*list.List, hash Hash, names ...string) {
for _, name := range names {
if l, ok := m[name]; ok {
deleteHashFromList(l, hash)
}
}
}
func deleteHashFromList(l *list.List, hash Hash) {
core.ListForEachElement(l, func(e *list.Element) bool {
if p, ok := e.Value.(*certPoolEntry); ok {
if p.hash == hash {
l.Remove(e)
}
}
return false // continue
})
}