func newCRL()

in capi/lib/revocation/crl/crl.go [78:124]

• 47 lines of code
• 9 McCabe index (conditional complexity)

func newCRL(serialNumber *big.Int, distributionPoint string) (crl CRL) {
	crl.Endpoint = distributionPoint
	if strings.HasPrefix(distributionPoint, "ldap") {
		crl.Status = Unchecked
		return
	}
	req, err := http.NewRequest("GET", distributionPoint, nil)
	req.Header.Add("X-Automated-Tool", "https://github.com/mozilla/CCADB-Tools/capi CCADB test website verification tool")
	client := http.Client{}
	client.Timeout = time.Duration(20 * time.Second)
	raw, err := client.Do(req)
	if err != nil {
		crl.Error = errors.Wrapf(err, "failed to retrieve CRL from distribution point %v", distributionPoint).Error()
		crl.Status = BadResponse
		return
	}
	defer raw.Body.Close()
	if raw.StatusCode != http.StatusOK {
		crl.Error = errors.New(fmt.Sprintf("wanted 200 response, got %d", raw.StatusCode)).Error()
		crl.Status = BadResponse
		return
	}
	b, err := ioutil.ReadAll(raw.Body)
	if err != nil {
		crl.Error = errors.Wrapf(err, "failed to read response from CRL distribution point %v", distributionPoint).Error()
		crl.Status = BadResponse
		return
	}
	c, err := x509.ParseCRL(b)
	if err != nil {
		crl.Error = errors.Wrapf(err, "failed to parse provided CRL\n%v", raw).Error()
		crl.Status = BadResponse
		return
	}
	if c.TBSCertList.RevokedCertificates == nil {
		crl.Status = Good
		return
	}
	for _, revoked := range c.TBSCertList.RevokedCertificates {
		if revoked.SerialNumber.Cmp(serialNumber) == 0 {
			crl.Status = Revoked
			return
		}
	}
	crl.Status = Good
	return
}