Merge "add: documentation of the signing protocol"

[cassiopeia.git] / src / crypto / remoteSigner.cpp
diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp

index 4b1e630ad21e511a1229bce1b78b61c3c8b918a2..c52936b8bc2afe26e78f0341a0fbfd2ce7276819 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -75,7 +75,7 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
              RecordHeader head;
              std::string payload = parseCommandChunked( head, conn );
  
-            switch( static_cast<RecordHeader::SignerResult>( head.command )) {
+            switch( static_cast<RecordHeader::SignerResult>( head.command ) ) {
              case RecordHeader::SignerResult::CERTIFICATE:
                  result->certificate = payload;
                  break;
@@ -92,8 +92,8 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
                  logger::error( "Invalid Message" );
                  break;
              }
-        } catch( const char* msg ) {
-            logger::error( msg );
+        } catch( const std::exception& msg ) {
+            logger::error( msg.what() );
              return std::shared_ptr<SignedCertificate>();
          }
      }
@@ -107,20 +107,20 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
              int dlen = BIO_write( bios.get(), buf, len );
  
              if( dlen <= 0 ) {
-                throw "Memory error.";
+                throw std::runtime_error( "Memory error." );
              }
  
              len -= dlen;
              buf += dlen;
          }
  
-        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) );
+        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ), X509_free );
  
          if( !pem ) {
-            throw "Pem was not readable";
+            throw std::runtime_error( "Pem was not readable" );
          }
  
-        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free );
+        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber( pem.get() ), NULL ), BN_free );
          std::shared_ptr<char> serStr(
              BN_bn2hex( ser.get() ),
              []( char* p ) {
@@ -133,9 +133,11 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
      }
  
      logger::note( "Closing SSL connection" );
+
      if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
          logger::warn( "SSL shutdown failed" );
      }
+
      logger::note( "SSL connection closed" );
  
      return result;
@@ -169,7 +171,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
      std::string date;
  
      if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
-        throw "Protocol violation";
+        throw std::runtime_error( "Protocol violation" );
      }
  
      const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
@@ -196,7 +198,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
          payload = parseCommandChunked( head, conn );
  
          if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
-            throw "Protocol violation";
+            throw std::runtime_error( "Protocol violation" );
          }
  
          std::string name_bak = ca->path + std::string( "/ca.crl.bak" );
@@ -204,10 +206,10 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
          crl = std::make_shared<CRL>( name_bak );
  
          if( crl->verify( ca ) ) {
-            writeFile( tgtName, crl->toString() );
-            if( remove( name_bak.c_str() ) != 0 ){
-                logger::warn( "Removing old CRL failed" );
+            if( rename( name_bak.c_str(), tgtName.c_str() ) != 0 ) {
+                logger::warn( "Moving new CRL over old CRL failed" );
              }
+
              logger::note( "CRL is now valid again" );
          } else {
              logger::warn( "CRL is still broken... Please, help me" );
@@ -215,9 +217,11 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
      }
  
      logger::note( "Closing SSL connection" );
+
      if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
          logger::warn( "SSL shutdown failed" );
      }
+
      logger::note( "SSL connection closed" );
  
      return { crl, date };