#include <iostream>
#include <fstream>
#include <streambuf>
-
-#include "database.h"
-#include "mysql.h"
-#include "simpleOpensslSigner.h"
+#include <unordered_map>
+
+#include "db/database.h"
+#include "db/mysql.h"
+#include "crypto/simpleOpensslSigner.h"
+#include "crypto/remoteSigner.h"
+#include "crypto/sslUtil.h"
+#include "log/logger.hpp"
#include "util.h"
-#include "bios.h"
-#include "slipBio.h"
-#include "remoteSigner.h"
-#include "sslUtil.h"
+#include "io/bios.h"
+#include "io/slipBio.h"
#include "config.h"
#ifdef NO_DAEMON
#endif
extern std::string keyDir;
-extern std::vector<Profile> profiles;
extern std::string sqlHost, sqlUser, sqlPass, sqlDB;
+extern std::string serialPath;
+extern std::unordered_map<std::string, std::shared_ptr<CAConfig>> CAs;
-std::string writeBackFile( uint32_t serial, std::string cert ) {
- std::string filename = "keys";
- mkdir( filename.c_str(), 0755 );
- filename += "/crt";
- mkdir( filename.c_str(), 0755 );
- filename += "/" + std::to_string( serial / 1000 );
- mkdir( filename.c_str(), 0755 );
- filename += "/" + std::to_string( serial ) + ".crt";
- writeFile( filename, cert );
- std::cout << "wrote to " << filename << std::endl;
- return filename;
-}
+void checkCRLs( std::shared_ptr<Signer> sign ) {
+
+ logger::note( "Signing CRLs" );
-int handlermain( int argc, const char* argv[] );
+ for( auto& x : CAs ) {
+ logger::notef( "Checking: %s ...", x.first );
+
+ if( !x.second->crlNeedsResign() ) {
+ logger::warnf( "Skipping Resigning CRL: %s ...", x.second->name );
+ continue;
+ }
+
+ logger::notef( "Resigning CRL: %s ...", x.second->name );
+
+ try {
+ std::vector<std::string> serials;
+ std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( x.second, serials );
+ } catch( const char* c ) {
+ logger::error( "Exception: ", c );
+ }
+ }
+}
int main( int argc, const char* argv[] ) {
- ( void ) argc;
- ( void ) argv;
bool once = false;
- if( argc == 2 && std::string( "--once" ) == std::string( argv[1] ) ) {
+ if( argc == 2 && std::string( "--once" ) == argv[1] ) {
once = true;
}
std::string path;
- if( DAEMON ) {
- path = "/etc/cacert/cassiopeia/cassiopeia.conf";
- } else {
- path = "config.txt";
- }
+#ifdef NDEBUG
+ path = "/etc/cacert/cassiopeia/cassiopeia.conf";
+#else
+ path = "config.txt";
+#endif
if( parseConfig( path ) != 0 ) {
+ logger::fatal( "Error: Could not parse the configuration file." );
return -1;
}
- if( argc == 0 ) {
- return handlermain( argc, argv );
+ if( serialPath == "" ) {
+ logger::fatal( "Error: no serial device is given!" );
+ return -1;
}
std::shared_ptr<JobProvider> jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) );
- std::shared_ptr<BIO> b = openSerial( "/dev/ttyUSB0" );
+ std::shared_ptr<BIO> b = openSerial( serialPath );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
- ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
+ static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
+ time_t lastCRLCheck = 0;
+
while( true ) {
+ time_t current;
+ time( ¤t );
+
+ if( lastCRLCheck + 30 * 60 < current ) {
+ // todo set good log TODO FIXME
+ sign->setLog( std::shared_ptr<std::ostream>(
+ &std::cout,
+ []( std::ostream * o ) {
+ ( void ) o;
+ } ) );
+ checkCRLs( sign );
+ lastCRLCheck = current;
+ }
+
std::shared_ptr<Job> job = jp->fetchJob();
if( !job ) {
- std::cout << "Nothing to work on" << std::endl;
+ logger::debug( "Nothing to work on." );
sleep( 5 );
continue;
}
+ std::shared_ptr<std::ofstream> logPtr = openLogfile( std::string( "logs/" ) + job->id + std::string( "_" ) + job->warning + std::string( ".log" ) );
+
+ std::ofstream& log = *( logPtr.get() );
+
+ sign->setLog( logPtr );
+ logger::note( "TASK ID: ", job->id );
+ logger::note( "TRY: ", job->warning );
+ logger::note( "TARGET: ", job->target );
+ logger::note( "TASK: ", job->task );
+
if( job->task == "sign" ) {
try {
std::shared_ptr<TBSCertificate> cert = jp->fetchTBSCert( job );
+ cert->wishFrom = job->from;
+ cert->wishTo = job->to;
+ logger::note( "INFO: Message Digest: ", cert->md );
+ logger::note( "INFO: Profile ID: ", cert->profile );
+
+ for( auto& SAN : cert->SANs ) {
+ logger::notef( "INFO: SAN %s: %s", SAN->type, SAN->content );
+ }
+
+ for( auto& AVA : cert->AVAs ) {
+ logger::notef( "INFO: AVA %s: %s", AVA->name, AVA->value );
+ }
if( !cert ) {
- std::cout << "wasn't able to load CSR" << std::endl;
- return 2;
+ logger::error( "Unable to load CSR" );
+ jp->failJob( job );
+ continue;
}
- std::cout << "Found a CSR at '" << cert->csr << "' signing" << std::endl;
- cert->csr_content = readFile( cert->csr );
- std::cout << cert->csr_content << " content " << std::endl;
+ logger::notef( "FINE: Found the CSR at '%s'", cert->csr );
+ cert->csr_content = readFile( keyDir + "/../" + cert->csr );
+ logger::note( "FINE: CSR content:\n", cert->csr_content );
std::shared_ptr<SignedCertificate> res = sign->sign( cert );
- std::cout << "did it!" << res->certificate << std::endl;
- std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate );
+
+ if( !res ) {
+ logger::error( "ERROR: The signer failed. No certificate was returned." );
+ jp->failJob( job );
+ continue;
+ }
+
+ logger::note( "FINE: CERTIFICATE LOG:\n", res->log );
+ logger::note( "FINE: CERTIFICATE:\n", res->certificate );
+ std::string fn = writeBackFile( job->target.c_str(), res->certificate, keyDir );
+
+ if( fn.empty() ) {
+ logger::error( "ERROR: Writeback of the certificate failed." );
+ jp->failJob( job );
+ continue;
+ }
+
res->crt_name = fn;
- jp->writeBack( job, res );
- std::cout << "wrote back" << std::endl;
+ jp->writeBack( job, res ); //! \FIXME: Check return value
+ logger::note( "FINE: signing done." );
+
+ if( DAEMON ) {
+ jp->finishJob( job );
+ }
+
+ continue;
} catch( const char* c ) {
- std::cerr << "ERROR: " << c << std::endl;
- return 2;
- } catch( std::string c ) {
- std::cerr << "ERROR: " << c << std::endl;
- return 2;
+ logger::error( "ERROR: ", c );
+ } catch( std::string& c ) {
+ logger::error( "ERROR: ", c );
}
- } else {
- std::cout << "Unknown job type" << job->task << std::endl;
- }
- if( DAEMON && !jp->finishJob( job ) ) {
- return 1;
+ try {
+ jp->failJob( job );
+ } catch( const char* c ) {
+ logger::error( "ERROR: ", c );
+ } catch( std::string& c ) {
+ logger::error( "ERROR: ", c );
+ }
+ } else if( job->task == "revoke" ) {
+ try {
+ auto data = jp->getRevocationInfo( job );
+ std::vector<std::string> serials;
+ serials.push_back( data.first );
+ std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), serials );
+ std::string date = rev.second;
+ const unsigned char* pos = ( const unsigned char* ) date.data();
+ std::shared_ptr<ASN1_TIME> time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free );
+
+ jp->writeBackRevocation( job, timeToString( time ) );
+ jp->finishJob( job );
+ } catch( const char* c ) {
+ logger::error( "Exception: ", c );
+ } catch( const std::string& c ) {
+ logger::error( "Exception: ", c );
+ }
+ } else {
+ logger::errorf( "Unknown job type (\"%s\")", job->task );
+ jp->failJob( job );
}
if( !DAEMON || once ) {
projects / cassiopeia.git / blobdiff