logger::note( "Signing CRLs" );
for( auto& x : CAs ) {
- logger::notef( "Checking: %s ...", x.first );
-
if( !x.second->crlNeedsResign() ) {
- logger::warnf( "Skipping Resigning CRL: %s ...", x.second->name );
continue;
}
return stat( name.c_str(), &buffer ) == 0;
}
+void signOCSP( std::shared_ptr<Signer> sign, std::string profileName, std::string req, std::string crtName, std::string failName ) {
+ auto cert = std::make_shared<TBSCertificate>();
+ cert->ocspCA = profileName;
+ cert->wishFrom = "now";
+ cert->wishTo = "1y";
+ cert->md = "sha512";
+
+ logger::note( "INFO: Message Digest: ", cert->md );
+
+ cert->csr_content = req;
+ cert->csr_type = "CSR";
+ auto nAVA = std::make_shared<AVA>();
+ nAVA->name = "CN";
+ nAVA->value = "OCSP Responder";
+ cert->AVAs.push_back( nAVA );
+
+ std::shared_ptr<SignedCertificate> res = sign->sign( cert );
+
+ if( !res ) {
+ writeFile( failName, "failed" );
+ logger::error( "OCSP Cert signing failed." );
+ return;
+ }
+
+ writeFile( crtName, res->certificate );
+ logger::notef( "Cert log: %s", res->log );
+}
+
void checkOCSP( std::shared_ptr<Signer> sign ) {
std::unique_ptr<DIR, std::function<void( DIR * )>> dp( opendir( "ca" ), []( DIR * d ) {
closedir( d );
continue;
}
+ std::string failName = "ca/" + profileName + "/ocsp.fail";
+
+ if( pathExists( failName ) ) {
+ continue;
+ }
+
logger::notef( "Discovered OCSP CSR that needs action: %s", csr );
std::string req = readFile( csr );
std::shared_ptr<X509Req> parsed = X509Req::parseCSR( req );
continue;
}
- auto cert = std::make_shared<TBSCertificate>();
- cert->ocspCA = profileName;
- cert->wishFrom = "now";
- cert->wishTo = "1y";
- cert->md = "sha512";
-
- logger::note( "INFO: Message Digest: ", cert->md );
-
- for( auto& SAN : cert->SANs ) {
- logger::notef( "INFO: SAN %s: %s", SAN->type, SAN->content );
- }
-
- for( auto& AVA : cert->AVAs ) {
- logger::notef( "INFO: AVA %s: %s", AVA->name, AVA->value );
- }
-
- cert->csr_content = req;
- cert->csr_type = "CSR";
- auto nAVA = std::make_shared<AVA>();
- nAVA->name = "CN";
- nAVA->value = "OCSP Responder";
- cert->AVAs.push_back( nAVA );
-
- std::shared_ptr<SignedCertificate> res = sign->sign( cert );
-
- if( !res ) {
- logger::error( "OCSP Cert signing failed." );
- continue;
- }
-
- writeFile( crtName, res->certificate );
- logger::notef( "Cert log: %s", res->log );
+ signOCSP( sign, profileName, req, crtName, failName );
}
}
logger::notef( "INFO: AVA %s: %s", AVA->name, AVA->value );
}
- logger::notef( "FINE: Found the CSR at '%s'", cert->csr );
- cert->csr_content = readFile( keyDir + "/../" + cert->csr );
logger::note( "FINE: CSR content:\n", cert->csr_content );
std::shared_ptr<SignedCertificate> res = sign->sign( cert );
logger::note( "FINE: CERTIFICATE LOG:\n", res->log,
"FINE: CERTIFICATE:\n", res->certificate );
- std::string fn = writeBackFile( job->target.c_str(), res->certificate, keyDir );
-
- if( fn.empty() ) {
- logger::error( "ERROR: Writeback of the certificate failed." );
- jp->failJob( job );
- continue;
- }
-
- res->crt_name = fn;
jp->writeBack( job, res ); //! \FIXME: Check return value
logger::note( "FINE: signing done." );
projects / cassiopeia.git / blobdiff