extern std::string serialPath;
extern std::unordered_map<std::string, std::shared_ptr<CAConfig>> CAs;
+void checkCRLs( std::shared_ptr<Signer> sign ) {
+ std::cout << "Signing CRLs" << std::endl;
+
+ for( auto x : CAs ) {
+ std::cout << "Checking: " << x.first << std::endl;
+
+ if( !x.second->crlNeedsResign() ) {
+ std::cout << "Skipping Resigning CRL: " + x.second->name << std::endl;
+ continue;
+ }
+
+ std::cout << "Resigning CRL: " + x.second->name << std::endl;
+
+ try {
+ std::vector<std::string> serials;
+ std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( x.second, serials );
+ } catch( const char* c ) {
+ std::cout << "Exception: " << c << std::endl;
+ }
+ }
+}
+
int main( int argc, const char* argv[] ) {
( void ) argc;
( void ) argv;
std::shared_ptr<JobProvider> jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) );
std::shared_ptr<BIO> b = openSerial( serialPath );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
- ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
+ static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
+ time_t lastCRLCheck = 0;
+
while( true ) {
+ time_t current;
+ time( ¤t );
+
+ if( lastCRLCheck + 30 * 60 < current ) {
+ // todo set good log TODO FIXME
+ sign->setLog( std::shared_ptr<std::ostream>(
+ &std::cout,
+ []( std::ostream * o ) {
+ ( void ) o;
+ } ) );
+ checkCRLs( sign );
+ lastCRLCheck = current;
+ }
+
std::shared_ptr<Job> job = jp->fetchJob();
if( !job ) {
if( job->task == "sign" ) {
try {
std::shared_ptr<TBSCertificate> cert = jp->fetchTBSCert( job );
+ cert->wishFrom = job->from;
+ cert->wishTo = job->to;
log << "INFO: message digest: " << cert->md << std::endl;
log << "INFO: profile id: " << cert->profile << std::endl;
log << "FINE: CERTIFICATE LOG: " << res->log << std::endl;
log << "FINE: CERTIFICATE:" << std::endl << res->certificate << std::endl;
std::string fn = writeBackFile( job->target.c_str(), res->certificate, keyDir );
+ if( fn.empty() ) {
+ log << "ERROR: Writeback of the certificate failed." << std::endl;
+ jp->failJob( job );
+ continue;
+ }
+
res->crt_name = fn;
- jp->writeBack( job, res );
+ jp->writeBack( job, res ); //! \FIXME: Check return value
log << "FINE: signing done." << std::endl;
if( DAEMON ) {
continue;
} catch( const char* c ) {
log << "ERROR: " << c << std::endl;
- } catch( std::string c ) {
+ } catch( std::string& c ) {
log << "ERROR: " << c << std::endl;
}
jp->failJob( job );
} catch( const char* c ) {
log << "ERROR: " << c << std::endl;
- } catch( std::string c ) {
+ } catch( std::string& c ) {
log << "ERROR: " << c << std::endl;
}
} else if( job->task == "revoke" ) {
- std::cout << "Revoking!" << std::endl;
-
- for( auto& x : CAs ) {
- std::cout << " [" << x.first << ']' << std::endl;
- }
-
try {
auto data = jp->getRevocationInfo( job );
- sign->revoke( CAs.at( data.second ), data.first );
+ std::vector<std::string> serials;
+ serials.push_back( data.first );
+ std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), serials );
+ std::string date = rev.second;
+ const unsigned char* pos = ( const unsigned char* ) date.data();
+ std::shared_ptr<ASN1_TIME> time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free );
+
+ jp->writeBackRevocation( job, timeToString( time ) );
jp->finishJob( job );
} catch( const char* c ) {
std::cout << "Exception: " << c << std::endl;
projects / cassiopeia.git / blobdiff