add: signing of OCSP certificates

[cassiopeia.git] / src / crypto / remoteSigner.cpp

diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index c52936b8bc2afe26e78f0341a0fbfd2ce7276819..c06af91bc3a48700300c6cd89fdb774d1e1289cb 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -44,11 +44,17 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
     }
 
     send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md );
-    send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
+
+    if( !cert->ocspCA.empty() ) {
+        send( conn, head, RecordHeader::SignerCommand::SET_OCSP_TARGET_CA, cert->ocspCA );
+    } else {
+        send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
+    }
+
     send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom );
     send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo );
 
-    for( auto &ava : cert->AVAs ) {
+    for( auto& ava : cert->AVAs ) {
         if( ava->name.find( "," ) != std::string::npos ) {
             // invalid ava
             return nullptr;
@@ -57,7 +63,7 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
         send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value );
     }
 
-    for( auto &san : cert->SANs ) {
+    for( auto& san : cert->SANs ) {
         if( san->type.find( "," ) != std::string::npos ) {
             // invalid ava
             return nullptr;
@@ -100,7 +106,7 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
 
     if( result ) {
         std::shared_ptr<BIO> bios( BIO_new( BIO_s_mem() ), BIO_free );
-        const char* buf = result->certificate.data();
+        const char *buf = result->certificate.data();
         unsigned int len = result->certificate.size();
 
         while( len > 0 ) {
@@ -121,11 +127,10 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
         }
 
         std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber( pem.get() ), NULL ), BN_free );
-        std::shared_ptr<char> serStr(
-            BN_bn2hex( ser.get() ),
-            []( char* p ) {
-                OPENSSL_free( p );
-            } ); // OPENSSL_free is a macro...
+        auto freeMem = []( char *p ) {
+            OPENSSL_free( p );
+        }; // OPENSSL_free is a macro...
+        std::shared_ptr<char> serStr( BN_bn2hex( ser.get() ), freeMem );
 
         extractTimes( pem, result );
 
@@ -157,7 +162,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     head.flags = 0;
     head.sessid = 13;
 
-    for( auto &serial : serials ) {
+    for( auto& serial : serials ) {
         send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial );
     }
 
@@ -174,14 +179,14 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
         throw std::runtime_error( "Protocol violation" );
     }
 
-    const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
-    const unsigned char* pos = buffer2;
-    ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+    const unsigned char *buffer2 = reinterpret_cast<const unsigned char *>( payload.data() );
+    const unsigned char *pos = buffer2;
+    ASN1_TIME *time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
     ASN1_TIME_free( time );
     date = payload.substr( 0, pos - buffer2 );
     std::string rest = payload.substr( pos - buffer2 );
 
-    for( std::string &serial : serials ) {
+    for( std::string& serial : serials ) {
         crl->revoke( serial, date );
     }