std::shared_ptr<Signer> signer;
std::shared_ptr<std::ofstream> log;
+ std::vector<std::string> serials;
RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, std::shared_ptr<BIO> output ) :
tbs( new TBSCertificate() ) {
tbs->profile = data;
break;
+ case RecordHeader::SignerCommand::SET_WISH_FROM:
+ tbs->wishFrom = data;
+ break;
+
+ case RecordHeader::SignerCommand::SET_WISH_TO:
+ tbs->wishTo = data;
+ break;
+
case RecordHeader::SignerCommand::ADD_SAN: {
size_t pos = data.find( "," );
case RecordHeader::SignerCommand::LOG_SAVED:
if( result ) {
+ respondCommand( RecordHeader::SignerResult::SIGNING_CA, result->ca_name );
respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate );
}
break;
- case RecordHeader::SignerCommand::REVOKE: {
- ( *log ) << "got revoking command: " << data.size() << std::endl;
- std::string nullstr( "\0", 1 );
- size_t t = data.find( nullstr );
-
- if( t == std::string::npos ) {
- // error
- ( *log ) << "error while parsing revoking command." << data << std::endl;
- break;
- }
-
- std::string ca = data.substr( 0, t );
- std::string serial = data.substr( t + 1 );
- ( *log ) << "revoking " << ca << "<->" << serial << std::endl;
-
- ( *log ) << "[";
-
- for( auto x : CAs ) {
- ( *log ) << x.first << ", ";
- }
-
- ( *log ) << "]" << std::endl;
+ case RecordHeader::SignerCommand::ADD_SERIAL:
+ serials.push_back( data );
+ break;
+ case RecordHeader::SignerCommand::REVOKE: {
+ std::string ca = data;
auto reqCA = CAs.at( ca );
( *log ) << "CA found" << std::endl;
- std::shared_ptr<X509_CRL> crl = signer->revoke( reqCA, serial );
+ std::shared_ptr<CRL> crl;
+ std::string date;
+ std::tie<std::shared_ptr<CRL>, std::string>( crl, date ) = signer->revoke( reqCA, serials );
- std::shared_ptr<BIO> mem( BIO_new( BIO_s_mem() ), BIO_free );
+ respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() );
- PEM_write_bio_X509_CRL( mem.get(), crl.get() );
- BUF_MEM* bptr;
- BIO_get_mem_ptr( mem.get(), &bptr );
+ break;
+ }
- std::string newCRL( bptr->data, bptr->length );
- respondCommand( RecordHeader::SignerResult::REVOKED, newCRL );
+ case RecordHeader::SignerCommand::GET_FULL_CRL: {
+ auto ca = CAs.at( data );
+ CRL c( ca->path + "/ca.crl" );
+ respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() );
if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) {
( *log ) << "ERROR: SSL close failed" << std::endl;
}
};
-DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr<Signer> signer, std::shared_ptr<BIO> bio ) :
- currentSession() {
-
- this->signer = signer;
-
- ctx = generateSSLContext( true );
-
- this->bio = bio;
+DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr<Signer> signer, std::shared_ptr<BIO> bio )
+ : bio( bio ), ctx( generateSSLContext( true ) ), signer( signer ), currentSession() {
}
void DefaultRecordHandler::reset() {
projects / cassiopeia.git / blobdiff