#include <openssl/ssl.h>
#include <openssl/bn.h>
-RemoteSigner::RemoteSigner( std::shared_ptr<BIO> target, std::shared_ptr<SSL_CTX> ctx ) {
- this->target = target;
- this->ctx = ctx;
+RemoteSigner::RemoteSigner( std::shared_ptr<BIO> target, std::shared_ptr<SSL_CTX> ctx ) : target( target ), ctx( ctx ) {
}
RemoteSigner::~RemoteSigner() {
send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md );
send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
+ send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom );
+ send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo );
for( auto ava : cert->AVAs ) {
if( ava->name.find( "," ) != std::string::npos ) {
return result;
}
-std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_ptr<CAConfig> ca, std::string serial ) {
+std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_ptr<CAConfig> ca, std::vector<std::string> serials ) {
( void )BIO_reset( target.get() );
std::shared_ptr<SSL> ssl( SSL_new( ctx.get() ), SSL_free );
head.flags = 0;
head.sessid = 13;
- std::string payload = ca->name + std::string( "\0", 1 ) + serial;
+ for( std::string serial : serials ) {
+ send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial );
+ }
+
+ std::string payload = ca->name;
send( conn, head, RecordHeader::SignerCommand::REVOKE, payload );
std::vector<char> buffer( 2048 * 4 );
ASN1_TIME_free( time );
date = payload.substr( 0, pos - buffer2 );
std::string rest = payload.substr( pos - buffer2 );
- crl->revoke( serial, date );
+
+ for( std::string serial : serials ) {
+ crl->revoke( serial, date );
+ }
+
crl->setSignature( rest );
bool ok = crl->verify( ca );
projects / cassiopeia.git / blobdiff