X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Fapps%2Fclient.cpp;h=3d4c339907e9f0a38391a6b73e3d40a03f23ab8b;hb=e8f8107bdd0d1149117f06e10b145ef00d5543fb;hp=574160631ac2fdede9b336d03a4d3fc4aa0935eb;hpb=f06c8dee90dbb6ccf031af872efb2cdd8d3d3b8a;p=cassiopeia.git diff --git a/src/apps/client.cpp b/src/apps/client.cpp index 5741606..3d4c339 100644 --- a/src/apps/client.cpp +++ b/src/apps/client.cpp @@ -4,15 +4,16 @@ #include #include #include +#include -#include "database.h" -#include "mysql.h" -#include "simpleOpensslSigner.h" +#include "db/database.h" +#include "db/mysql.h" +#include "crypto/simpleOpensslSigner.h" +#include "crypto/remoteSigner.h" +#include "crypto/sslUtil.h" #include "util.h" -#include "bios.h" -#include "slipBio.h" -#include "remoteSigner.h" -#include "sslUtil.h" +#include "io/bios.h" +#include "io/slipBio.h" #include "config.h" #ifdef NO_DAEMON @@ -22,21 +23,30 @@ #endif extern std::string keyDir; -extern std::vector profiles; extern std::string sqlHost, sqlUser, sqlPass, sqlDB; extern std::string serialPath; +extern std::unordered_map> CAs; -std::string writeBackFile( uint32_t serial, std::string cert ) { - std::string filename = "keys"; - mkdir( filename.c_str(), 0755 ); - filename += "/crt"; - mkdir( filename.c_str(), 0755 ); - filename += "/" + std::to_string( serial / 1000 ); - mkdir( filename.c_str(), 0755 ); - filename += "/" + std::to_string( serial ) + ".crt"; - writeFile( filename, cert ); - std::cout << "wrote to " << filename << std::endl; - return filename; +void checkCRLs( std::shared_ptr sign ) { + std::cout << "Signing CRLs" << std::endl; + + for( auto x : CAs ) { + std::cout << "Checking: " << x.first << std::endl; + + if( !x.second->crlNeedsResign() ) { + std::cout << "Skipping Resigning CRL: " + x.second->name << std::endl; + continue; + } + + std::cout << "Resigning CRL: " + x.second->name << std::endl; + + try { + std::vector serials; + std::pair, std::string> rev = sign->revoke( x.second, serials ); + } catch( const char* c ) { + std::cout << "Exception: " << c << std::endl; + } + } } int main( int argc, const char* argv[] ) { @@ -68,11 +78,27 @@ int main( int argc, const char* argv[] ) { std::shared_ptr jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) ); std::shared_ptr b = openSerial( serialPath ); std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); - ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); + static_cast( slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); std::shared_ptr sign( new RemoteSigner( slip1, generateSSLContext( false ) ) ); // std::shared_ptr sign( new SimpleOpensslSigner() ); + time_t lastCRLCheck = 0; + while( true ) { + time_t current; + time( ¤t ); + + if( lastCRLCheck + 30 * 60 < current ) { + // todo set good log TODO FIXME + sign->setLog( std::shared_ptr( + &std::cout, + []( std::ostream * o ) { + ( void ) o; + } ) ); + checkCRLs( sign ); + lastCRLCheck = current; + } + std::shared_ptr job = jp->fetchJob(); if( !job ) { @@ -99,6 +125,8 @@ int main( int argc, const char* argv[] ) { if( job->task == "sign" ) { try { std::shared_ptr cert = jp->fetchTBSCert( job ); + cert->wishFrom = job->from; + cert->wishTo = job->to; log << "INFO: message digest: " << cert->md << std::endl; log << "INFO: profile id: " << cert->profile << std::endl; @@ -117,7 +145,7 @@ int main( int argc, const char* argv[] ) { } log << "FINE: Found the CSR at '" << cert->csr << "'" << std::endl; - cert->csr_content = readFile( cert->csr ); + cert->csr_content = readFile( keyDir + "/../" + cert->csr ); log << "FINE: CSR is " << std::endl << cert->csr_content << std::endl; std::shared_ptr res = sign->sign( cert ); @@ -130,9 +158,16 @@ int main( int argc, const char* argv[] ) { log << "FINE: CERTIFICATE LOG: " << res->log << std::endl; log << "FINE: CERTIFICATE:" << std::endl << res->certificate << std::endl; - std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate ); + std::string fn = writeBackFile( job->target.c_str(), res->certificate, keyDir ); + + if( fn.empty() ) { + log << "ERROR: Writeback of the certificate failed." << std::endl; + jp->failJob( job ); + continue; + } + res->crt_name = fn; - jp->writeBack( job, res ); + jp->writeBack( job, res ); //! \FIXME: Check return value log << "FINE: signing done." << std::endl; if( DAEMON ) { @@ -142,7 +177,7 @@ int main( int argc, const char* argv[] ) { continue; } catch( const char* c ) { log << "ERROR: " << c << std::endl; - } catch( std::string c ) { + } catch( std::string& c ) { log << "ERROR: " << c << std::endl; } @@ -150,11 +185,27 @@ int main( int argc, const char* argv[] ) { jp->failJob( job ); } catch( const char* c ) { log << "ERROR: " << c << std::endl; - } catch( std::string c ) { + } catch( std::string& c ) { log << "ERROR: " << c << std::endl; } + } else if( job->task == "revoke" ) { + try { + auto data = jp->getRevocationInfo( job ); + std::vector serials; + serials.push_back( data.first ); + std::pair, std::string> rev = sign->revoke( CAs.at( data.second ), serials ); + std::string date = rev.second; + const unsigned char* pos = ( const unsigned char* ) date.data(); + std::shared_ptr time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free ); + + jp->writeBackRevocation( job, timeToString( time ) ); + jp->finishJob( job ); + } catch( const char* c ) { + std::cout << "Exception: " << c << std::endl; + } } else { log << "Unknown job type" << job->task << std::endl; + jp->failJob( job ); } if( !DAEMON || once ) {