fix: use correct prepared statement for writing logs

[cassiopeia.git] / src / crypto / simpleOpensslSigner.cpp

diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp
index b569ef2fa5789544b101d7e8653b3cb76a9d9a54..a6d037188fbbf915336db93e305c9a0d71dc165b 100644 (file)
--- a/src/crypto/simpleOpensslSigner.cpp
+++ b/src/crypto/simpleOpensslSigner.cpp
@@ -18,6 +18,7 @@
 #include "sslUtil.h"
 
 extern std::unordered_map<std::string, Profile> profiles;
+extern std::unordered_map<std::string, std::shared_ptr<CAConfig>> CAs;
 
 std::shared_ptr<int> SimpleOpensslSigner::lib_ref = ssl_lib_ref;
 
@@ -31,7 +32,7 @@ std::pair<std::shared_ptr<BIGNUM>, std::string> SimpleOpensslSigner::nextSerial(
     uint16_t profile = prof.id;
     std::string res = readFile( ca->path + "/serial" );
 
-    BIGNUM* bn = 0;
+    BIGNUM *bn = 0;
 
     if( res == "" ) {
         bn = BN_new();
@@ -47,7 +48,7 @@ std::pair<std::shared_ptr<BIGNUM>, std::string> SimpleOpensslSigner::nextSerial(
 
     std::shared_ptr<BIGNUM> serial = std::shared_ptr<BIGNUM>( bn, BN_free );
 
-    std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
+    std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char * ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
     int len = BN_bn2bin( serial.get(), data.get() );
 
     data.get()[len] = 0x0;
@@ -60,11 +61,10 @@ std::pair<std::shared_ptr<BIGNUM>, std::string> SimpleOpensslSigner::nextSerial(
         throw std::runtime_error( "Big number math failed while fetching random data for serial number." );
     }
 
-    std::shared_ptr<char> serStr = std::shared_ptr<char>(
-        BN_bn2hex( serial.get() ),
-        []( char* ref ) {
-            OPENSSL_free( ref );
-        } );
+    auto freeMem = []( char *ref ) {
+        OPENSSL_free( ref );
+    };
+    std::shared_ptr<char> serStr = std::shared_ptr<char>( BN_bn2hex( serial.get() ), freeMem );
 
     writeFile( ca->path + "/serial", serStr.get() );
 
@@ -75,12 +75,28 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
     std::stringstream signlog;
     logger::logger_set log_set_sign( {logger::log_target( signlog, logger::level::debug )}, logger::auto_register::on );
 
-    logger::note( "FINE: Profile name is: ", cert->profile );
+    std::shared_ptr<CAConfig> ca;
+    Profile *prof;
 
-    Profile& prof = profiles.at( cert->profile );
-    logger::note( "FINE: Profile ID is: ", prof.id );
+    if( cert->ocspCA != "" ) {
+        auto caIterator = CAs.find( cert->ocspCA );
 
-    std::shared_ptr<CAConfig> ca = prof.getCA();
+        if( caIterator == CAs.end() ) {
+            logger::error( "ERROR: Signing CA specified in request for an OCSP cert could not be loaded." );
+            throw std::runtime_error( "CA-key for OCSP cert not found" );
+        }
+
+        ca = caIterator->second;
+        logger::note( "Trying to fetch OCSP-profile" );
+        prof = &profiles.at( "0100-ocsp" );
+        logger::note( "Done with it" );
+    } else {
+        logger::note( "FINE: Profile name is: ", cert->profile );
+
+        prof = &profiles.at( cert->profile );
+        logger::note( "FINE: Profile ID is: ", prof->id );
+        ca = prof->getCA();
+    }
 
     if( !ca ) {
         logger::error( "ERROR: Signing CA specified in profile could not be loaded." );
@@ -93,8 +109,8 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
 
     logger::note( "FINE: Key for Signing CA is correctly loaded." );
 
-    logger::note( "INFO: Baseline Key Usage is: ", prof.ku );
-    logger::note( "INFO: Extended Key Usage is: ", prof.eku );
+    logger::note( "INFO: Baseline Key Usage is: ", prof->ku );
+    logger::note( "INFO: Extended Key Usage is: ", prof->eku );
 
     logger::note( "FINE: Signing is wanted by: ", cert->wishFrom );
     logger::note( "FINE: Signing is wanted for: ", cert->wishTo );
@@ -208,7 +224,7 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
             to = from + /*2 Years */ 2 * 365 * 24 * 60 * 60;
         }
 
-        time_t limit = prof.maxValidity;
+        time_t limit = prof->maxValidity;
 
         if( ( to - from > limit ) || ( to - from < 0 ) ) {
             to = from + limit;
@@ -217,29 +233,29 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
         c.setTimes( from, to );
         logger::note( "FINE: Setting validity period successful:" );
         {
-            struct tm* timeobj;
+            struct tm *timeobj;
             std::vector<char> timebuf;
 
             timeobj = gmtime( &from );
             timebuf.resize( 128 );
-            timebuf.resize( std::strftime( const_cast<char*>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
+            timebuf.resize( std::strftime( const_cast<char *>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
             logger::note( "FINE: - Valid not before: ", std::string( timebuf.cbegin(), timebuf.cend() ) );
 
             timeobj = gmtime( &to );
             timebuf.resize( 128 );
-            timebuf.resize( std::strftime( const_cast<char*>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
+            timebuf.resize( std::strftime( const_cast<char *>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
             logger::note( "FINE: - Valid not after:  ", std::string( timebuf.cbegin(), timebuf.cend() ) );
         }
     }
 
     logger::note( "INFO: Setting extensions:" );
-    c.setExtensions( ca->ca, cert->SANs, prof, ca->crlURL, ca->crtURL );
+    c.setExtensions( ca->ca, cert->SANs, *prof, ca->crlURL, ca->crtURL );
     logger::note( "FINE: Setting extensions successful." );
 
     logger::note( "INFO: Generating next Serial Number ..." );
     std::shared_ptr<BIGNUM> ser;
     std::string num;
-    std::tie( ser, num ) = nextSerial( prof, ca );
+    std::tie( ser, num ) = nextSerial( *prof, ca );
     c.setSerialNumber( ser.get() );
     logger::note( "FINE: Certificate Serial Number set to: ", num );