release 1.0.2

swedenconnect · Jan 3, 2023 · 44e074b · 44e074b
1 parent f94dc9e
commit 44e074b
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM openjdk:11-jre
 
-ADD target/signservice-ca-1.0.1.jar /app.jar
+ADD target/signservice-ca-1.0.2.jar /app.jar
 ENTRYPOINT ["java","-jar","/app.jar"]
 
 # Main web port

diff --git a/Dockerfile-debug b/Dockerfile-debug
@@ -1,6 +1,6 @@
 FROM openjdk:17-jdk-slim
 
-ADD target/signservice-ca-1.0.1.jar /app.jar
+ADD target/signservice-ca-1.0.2.jar /app.jar
 
 # This ENTRYPOINT enables attachement of a debugger on port 8000. This port is automtically exposed on the docker container.
 ENTRYPOINT ["java","-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000","-jar","/app.jar"]

diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 
   <groupId>se.swedenconnect.ca</groupId>
   <artifactId>signservice-ca</artifactId>
-  <version>1.0.1</version>
+  <version>1.0.2</version>
 
   <name>Sign service CA</name>
   <description>CA adapted to provide certificates to a high volume sign service with CMC as the only admin API</description>

diff --git a/src/main/java/se/swedenconnect/ca/signservice/ca/StorageOnlyCARepository.java b/src/main/java/se/swedenconnect/ca/signservice/ca/StorageOnlyCARepository.java
@@ -151,6 +151,23 @@ public X509CRLHolder getCurrentCrl() {
         .build();
     }
 
+    /**
+     * We have a current CRL. Now we must compare the number of revoked CRL:s with the number of listed revoked CRL:s
+     * in the file system. This may have been updated and such update will go unnoticed unless we check it here.
+     */
+    int actualNumberOfRevokedCerts = getRevokedCertificates().size();
+    if (currentCrl.getRevokedCertificates().size() != actualNumberOfRevokedCerts) {
+      log.debug("There is a difference between recorded revoked certificates in the CA repository and the latest CRL "
+        + "- Update metadata to enforce CRL renewal");
+      return CRLMetadata.builder()
+        .crlNumber(crlNumber.add(BigInteger.ONE))
+        .issueTime(Instant.ofEpochMilli(0L))
+        .nextUpdate(Instant.ofEpochMilli(0L))
+        .revokedCertCount(actualNumberOfRevokedCerts)
+        .build();
+
+    }
+
     log.debug("Returning CRL metadata from current CRL");
     return CRLMetadata.builder()
       .crlNumber(crlNumber)

diff --git a/src/main/resources/cfg/banner.txt b/src/main/resources/cfg/banner.txt
@@ -5,5 +5,5 @@
  |____/  |_|  \__, | |_| |_|   |____/   \___| |_|      \_/   |_|  \___|  \___|    \____| /_/   \_\
               |___/
 
-Version 1.0.1
+Version 1.0.2
 Powered by Spring Boot ${spring-boot.version}