extern std::string serialPath;
extern std::unordered_map<std::string, std::shared_ptr<CAConfig>> CAs;
+void checkCRLs( std::shared_ptr<Signer> sign ) {
+ std::cout << "Signing CRLs" << std::endl;
+
+ for( auto x : CAs ) {
+ std::cout << "Checking: " << x.first << std::endl;
+
+ if( !x.second->crlNeedsResign() ) {
+ std::cout << "Skipping Resigning CRL: " + x.second->name << std::endl;
+ continue;
+ }
+
+ std::cout << "Resigning CRL: " + x.second->name << std::endl;
+
+ try {
+ std::vector<std::string> serials;
+ std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( x.second, serials );
+ } catch( const char* c ) {
+ std::cout << "Exception: " << c << std::endl;
+ }
+ }
+}
+
int main( int argc, const char* argv[] ) {
( void ) argc;
( void ) argv;
std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
+ time_t lastCRLCheck = 0;
+
while( true ) {
+ time_t current;
+ time( ¤t );
+
+ if( lastCRLCheck + 30 * 60 < current ) {
+ // todo set good log TODO FIXME
+ sign->setLog( std::shared_ptr<std::ostream>(
+ &std::cout,
+ []( std::ostream * o ) {
+ ( void ) o;
+ } ) );
+ checkCRLs( sign );
+ lastCRLCheck = current;
+ }
+
std::shared_ptr<Job> job = jp->fetchJob();
if( !job ) {
d2i_ASN1_TIME( &crl->crl->lastUpdate, &buffer, signature.size() + data - buffer );
d2i_ASN1_TIME( &crl->crl->nextUpdate, &buffer, signature.size() + data - buffer );
}
+
+bool CRL::needsResign() {
+ time_t current;
+ time( ¤t );
+ current += 60 * 60;// 1 hour
+ auto time = X509_CRL_get_nextUpdate( crl.get() );
+
+ if( !time ) {
+ return true;
+ }
+
+ int cmp = X509_cmp_time( time, ¤t );
+ return cmp < 0;
+}
#include <sys/types.h>
#include <termios.h>
#include <unistd.h>
+
#include <iostream>
+#include "crypto/CRL.h"
+
std::shared_ptr<int> ssl_lib_ref(
new int( SSL_library_init() ),
[]( int* ref ) {
cert->before = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notBefore( target.get() ), ASN1_TIME_free ) );
cert->after = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notAfter( target.get() ), ASN1_TIME_free ) );
}
+
+bool CAConfig::crlNeedsResign() {
+ std::shared_ptr<CRL> crl( new CRL( path + "/ca.crl" ) );
+ return crl->needsResign();
+}