forked from letsencrypt/boulder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathecdsa_allow_list.go
45 lines (37 loc) · 1.19 KB
/
ecdsa_allow_list.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package ca
import (
"os"
"github.com/letsencrypt/boulder/strictyaml"
)
// ECDSAAllowList acts as a container for a map of Registration IDs.
type ECDSAAllowList struct {
regIDsMap map[int64]bool
}
// permitted checks if ECDSA issuance is permitted for the specified
// Registration ID.
func (e *ECDSAAllowList) permitted(regID int64) bool {
return e.regIDsMap[regID]
}
func makeRegIDsMap(regIDs []int64) map[int64]bool {
regIDsMap := make(map[int64]bool)
for _, regID := range regIDs {
regIDsMap[regID] = true
}
return regIDsMap
}
// NewECDSAAllowListFromFile is exported to allow `boulder-ca` to construct a
// new `ECDSAAllowList` object. It returns the ECDSAAllowList, the size of allow
// list after attempting to load it (for CA logging purposes so inner fields don't need to be exported), or an error.
func NewECDSAAllowListFromFile(filename string) (*ECDSAAllowList, int, error) {
configBytes, err := os.ReadFile(filename)
if err != nil {
return nil, 0, err
}
var regIDs []int64
err = strictyaml.Unmarshal(configBytes, ®IDs)
if err != nil {
return nil, 0, err
}
allowList := &ECDSAAllowList{regIDsMap: makeRegIDsMap(regIDs)}
return allowList, len(allowList.regIDsMap), nil
}