cln: Simplified revoking code

[cassiopeia.git] / src / crypto / remoteSigner.cpp

diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index 6259710f8868773a9d037d5fb6a8e163df1bb0ae..eaeede065c6e50c98bbb2eba9203f49d679732c1 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -165,8 +165,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     int length = conn->read( buffer.data(), buffer.size() );
 
     if( length <= 0 ) {
-        std::cout << "Error, no response data" << std::endl;
-        return std::pair<std::shared_ptr<CRL>, std::string>( std::shared_ptr<CRL>(), "" );
+        throw "Error, no response data";
     }
 
     payload = parseCommand( head, std::string( buffer.data(), length ), log );
@@ -174,52 +173,51 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     std::shared_ptr<CRL> crl( new CRL( ca->path + std::string( "/ca.crl" ) ) );
     std::string date;
 
-    switch( ( RecordHeader::SignerResult ) head.command ) {
-    case RecordHeader::SignerResult::REVOKED: {
-        const unsigned char* buffer2 = ( const unsigned char* ) payload.data();
-        const unsigned char* pos = buffer2;
-        ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
-        ASN1_TIME_free( time );
-        date = payload.substr( 0, pos - buffer2 );
-        std::string rest = payload.substr( pos - buffer2 );
-        crl->revoke( serial, date );
-        crl->setSignature( rest );
-        bool ok = crl->verify( ca );
-
-        if( ok ) {
-            ( *log ) << "CRL verificated successfully" << std::endl;
-            writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
-        } else {
-            ( *log ) << "CRL is broken" << std::endl;
-            send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
-            length = conn->read( buffer.data(), buffer.size() );
+    if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::REVOKED ) {
+        throw "Protocol violation";
+    }
 
-            if( length <= 0 ) {
-                ( *log ) << "Error, no response data" << std::endl;
-                return std::pair<std::shared_ptr<CRL>, std::string>( std::shared_ptr<CRL>(), "" );
-            }
+    const unsigned char* buffer2 = ( const unsigned char* ) payload.data();
+    const unsigned char* pos = buffer2;
+    ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+    ASN1_TIME_free( time );
+    date = payload.substr( 0, pos - buffer2 );
+    std::string rest = payload.substr( pos - buffer2 );
+    crl->revoke( serial, date );
+    crl->setSignature( rest );
+    bool ok = crl->verify( ca );
+
+    if( ok ) {
+        ( *log ) << "CRL verificated successfully" << std::endl;
+        writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+    } else {
+        ( *log ) << "CRL is broken" << std::endl;
+        send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
+        length = conn->read( buffer.data(), buffer.size() );
 
-            payload = parseCommand( head, std::string( buffer.data(), length ), log );
-            writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
-            crl = std::shared_ptr<CRL>( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) );
+        if( length <= 0 ) {
+            throw "Error, no response data";
+        }
 
-            if( crl->verify( ca ) ) {
-                writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
-                ( *log ) << "CRL is now valid" << std::endl;
-            } else {
-                ( *log ) << "CRL is still broken... Please, help me" << std::endl;
-            }
+        payload = parseCommand( head, std::string( buffer.data(), length ), log );
 
+        if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::FULL_CRL ) {
+            throw "Protocol violation";
         }
 
-        ( *log ) << "CRL: " << std::endl << crl->toString() << std::endl;
-        break;
-    }
+        writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
+        crl = std::shared_ptr<CRL>( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) );
+
+        if( crl->verify( ca ) ) {
+            writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+            ( *log ) << "CRL is now valid" << std::endl;
+        } else {
+            ( *log ) << "CRL is still broken... Please, help me" << std::endl;
+        }
 
-    default:
-        throw "Invalid response command.";
     }
 
+    ( *log ) << "CRL: " << std::endl << crl->toString() << std::endl;
 
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         std::cout << "SSL shutdown failed" << std::endl;