send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
auto result = std::make_shared<SignedCertificate>();
- std::vector<char> buffer( 2048 * 4 );
for( int i = 0; i < 3; i++ ) {
try {
- int length = conn->read( buffer.data(), buffer.size() );
-
- if( length <= 0 ) {
- logger::error( "Error, no response data" );
- result = nullptr;
- break;
- }
-
RecordHeader head;
- std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
+ std::string payload = parseCommandChunked( head, conn );
switch( static_cast<RecordHeader::SignerResult>( head.command )) {
case RecordHeader::SignerResult::CERTIFICATE:
result->serial = std::string( serStr.get() );
}
+ logger::note( "Closing SSL connection" );
if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
logger::warn( "SSL shutdown failed" );
}
+ logger::note( "SSL connection closed" );
return result;
}
std::string payload = ca->name;
send( conn, head, RecordHeader::SignerCommand::REVOKE, payload );
- std::vector<char> buffer( 2048 * 4 );
- int length = conn->read( buffer.data(), buffer.size() );
-
- if( length <= 0 ) {
- throw "Error, no response data";
- }
+ payload = parseCommandChunked( head, conn );
- payload = parseCommand( head, std::string( buffer.data(), length ) );
-
- auto crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl" ) );
+ std::string tgtName = ca->path + std::string( "/ca.crl" );
+ auto crl = std::make_shared<CRL>( tgtName );
std::string date;
if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
if( ok ) {
logger::note( "CRL verificated successfully" );
- writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+ writeFile( tgtName, crl->toString() );
} else {
logger::warn( "CRL is broken, trying to recover" );
send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
- length = conn->read( buffer.data(), buffer.size() );
-
- if( length <= 0 ) {
- throw "Error, no response data";
- }
- payload = parseCommand( head, std::string( buffer.data(), length ) );
+ payload = parseCommandChunked( head, conn );
if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
throw "Protocol violation";
}
- writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
- crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl.bak" ) );
+ std::string name_bak = ca->path + std::string( "/ca.crl.bak" );
+ writeFile( name_bak, payload );
+ crl = std::make_shared<CRL>( name_bak );
if( crl->verify( ca ) ) {
- writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+ writeFile( tgtName, crl->toString() );
+ if( remove( name_bak.c_str() ) != 0 ){
+ logger::warn( "Removing old CRL failed" );
+ }
logger::note( "CRL is now valid again" );
} else {
logger::warn( "CRL is still broken... Please, help me" );
}
}
- logger::debug( "CRL:\n", crl->toString() );
-
+ logger::note( "Closing SSL connection" );
if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
logger::warn( "SSL shutdown failed" );
}
+ logger::note( "SSL connection closed" );
return { crl, date };
}