X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fapps%2Fclient.cpp;h=999b4532cb1cef0741e020ac835b157b3cc126e2;hb=d04ce75bc27a0cdb4482c493bbc63d6af3347121;hp=be31bc2201fdac4305108b1c39298141961a0dc2;hpb=c3f5775ce88f4df732e5e803dab70ce395c5f504;p=cassiopeia.git diff --git a/src/apps/client.cpp b/src/apps/client.cpp index be31bc2..999b453 100644 --- a/src/apps/client.cpp +++ b/src/apps/client.cpp @@ -4,15 +4,17 @@ #include #include #include - -#include "database.h" -#include "mysql.h" -#include "simpleOpensslSigner.h" +#include + +#include "db/database.h" +#include "db/mysql.h" +#include "crypto/simpleOpensslSigner.h" +#include "crypto/remoteSigner.h" +#include "crypto/sslUtil.h" +#include "log/logger.hpp" #include "util.h" -#include "bios.h" -#include "slipBio.h" -#include "remoteSigner.h" -#include "sslUtil.h" +#include "io/bios.h" +#include "io/slipBio.h" #include "config.h" #ifdef NO_DAEMON @@ -22,97 +24,184 @@ #endif extern std::string keyDir; -extern std::vector profiles; extern std::string sqlHost, sqlUser, sqlPass, sqlDB; +extern std::string serialPath; +extern std::unordered_map> CAs; -std::string writeBackFile( uint32_t serial, std::string cert ) { - std::string filename = "keys"; - mkdir( filename.c_str(), 0755 ); - filename += "/crt"; - mkdir( filename.c_str(), 0755 ); - filename += "/" + std::to_string( serial / 1000 ); - mkdir( filename.c_str(), 0755 ); - filename += "/" + std::to_string( serial ) + ".crt"; - writeFile( filename, cert ); - std::cout << "wrote to " << filename << std::endl; - return filename; -} +void checkCRLs( std::shared_ptr sign ) { + + logger::note( "Signing CRLs" ); -int handlermain( int argc, const char* argv[] ); + for( auto& x : CAs ) { + logger::notef( "Checking: %s ...", x.first ); + + if( !x.second->crlNeedsResign() ) { + logger::warnf( "Skipping Resigning CRL: %s ...", x.second->name ); + continue; + } + + logger::notef( "Resigning CRL: %s ...", x.second->name ); + + try { + std::vector serials; + std::pair, std::string> rev = sign->revoke( x.second, serials ); + } catch( const char* c ) { + logger::error( "Exception: ", c ); + } + } +} int main( int argc, const char* argv[] ) { - ( void ) argc; - ( void ) argv; bool once = false; - if( argc == 2 && std::string( "--once" ) == std::string( argv[1] ) ) { + if( argc == 2 && std::string( "--once" ) == argv[1] ) { once = true; } std::string path; - if( DAEMON ) { - path = "/etc/cacert/cassiopeia/cassiopeia.conf"; - } else { - path = "config.txt"; - } +#ifdef NDEBUG + path = "/etc/cacert/cassiopeia/cassiopeia.conf"; +#else + path = "config.txt"; +#endif if( parseConfig( path ) != 0 ) { + logger::fatal( "Error: Could not parse the configuration file." ); return -1; } - if( argc == 0 ) { - return handlermain( argc, argv ); + if( serialPath == "" ) { + logger::fatal( "Error: no serial device is given!" ); + return -1; } std::shared_ptr jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) ); - std::shared_ptr b = openSerial( "/dev/ttyUSB0" ); + std::shared_ptr b = openSerial( serialPath ); std::shared_ptr slip1( BIO_new( toBio() ), BIO_free ); - ( ( SlipBIO* )slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); + static_cast( slip1->ptr )->setTarget( std::shared_ptr( new OpensslBIOWrapper( b ) ) ); std::shared_ptr sign( new RemoteSigner( slip1, generateSSLContext( false ) ) ); // std::shared_ptr sign( new SimpleOpensslSigner() ); + time_t lastCRLCheck = 0; + while( true ) { + time_t current; + time( ¤t ); + + if( lastCRLCheck + 30 * 60 < current ) { + // todo set good log TODO FIXME + sign->setLog( std::shared_ptr( + &std::cout, + []( std::ostream* o ) { + ( void ) o; + } ) ); + checkCRLs( sign ); + lastCRLCheck = current; + } + std::shared_ptr job = jp->fetchJob(); if( !job ) { - std::cout << "Nothing to work on" << std::endl; + logger::debug( "Nothing to work on." ); sleep( 5 ); continue; } + std::shared_ptr logPtr = openLogfile( std::string( "logs/" ) + job->id + std::string( "_" ) + job->warning + std::string( ".log" ) ); + + sign->setLog( logPtr ); + logger::note( "TASK ID: ", job->id ); + logger::note( "TRY: ", job->warning ); + logger::note( "TARGET: ", job->target ); + logger::note( "TASK: ", job->task ); + if( job->task == "sign" ) { try { std::shared_ptr cert = jp->fetchTBSCert( job ); + cert->wishFrom = job->from; + cert->wishTo = job->to; + logger::note( "INFO: Message Digest: ", cert->md ); + logger::note( "INFO: Profile ID: ", cert->profile ); + + for( auto& SAN : cert->SANs ) { + logger::notef( "INFO: SAN %s: %s", SAN->type, SAN->content ); + } + + for( auto& AVA : cert->AVAs ) { + logger::notef( "INFO: AVA %s: %s", AVA->name, AVA->value ); + } if( !cert ) { - std::cout << "wasn't able to load CSR" << std::endl; - return 2; + logger::error( "Unable to load CSR" ); + jp->failJob( job ); + continue; } - std::cout << "Found a CSR at '" << cert->csr << "' signing" << std::endl; - cert->csr_content = readFile( cert->csr ); - std::cout << cert->csr_content << " content " << std::endl; + logger::notef( "FINE: Found the CSR at '%s'", cert->csr ); + cert->csr_content = readFile( keyDir + "/../" + cert->csr ); + logger::note( "FINE: CSR content:\n", cert->csr_content ); std::shared_ptr res = sign->sign( cert ); - std::cout << "did it!" << res->certificate << std::endl; - std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate ); + + if( !res ) { + logger::error( "ERROR: The signer failed. No certificate was returned." ); + jp->failJob( job ); + continue; + } + + logger::note( "FINE: CERTIFICATE LOG:\n", res->log ); + logger::note( "FINE: CERTIFICATE:\n", res->certificate ); + std::string fn = writeBackFile( job->target.c_str(), res->certificate, keyDir ); + + if( fn.empty() ) { + logger::error( "ERROR: Writeback of the certificate failed." ); + jp->failJob( job ); + continue; + } + res->crt_name = fn; - jp->writeBack( job, res ); - std::cout << "wrote back" << std::endl; + jp->writeBack( job, res ); //! \FIXME: Check return value + logger::note( "FINE: signing done." ); + + if( DAEMON ) { + jp->finishJob( job ); + } + + continue; } catch( const char* c ) { - std::cerr << "ERROR: " << c << std::endl; - return 2; - } catch( std::string c ) { - std::cerr << "ERROR: " << c << std::endl; - return 2; + logger::error( "ERROR: ", c ); + } catch( std::string& c ) { + logger::error( "ERROR: ", c ); } - } else { - std::cout << "Unknown job type" << job->task << std::endl; - } - if( DAEMON && !jp->finishJob( job ) ) { - return 1; + try { + jp->failJob( job ); + } catch( const char* c ) { + logger::error( "ERROR: ", c ); + } catch( std::string& c ) { + logger::error( "ERROR: ", c ); + } + } else if( job->task == "revoke" ) { + try { + auto data = jp->getRevocationInfo( job ); + std::vector serials; + serials.push_back( data.first ); + std::pair, std::string> rev = sign->revoke( CAs.at( data.second ), serials ); + std::string date = rev.second; + const unsigned char* pos = ( const unsigned char* ) date.data(); + std::shared_ptr time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free ); + + jp->writeBackRevocation( job, timeToString( time ) ); + jp->finishJob( job ); + } catch( const char* c ) { + logger::error( "Exception: ", c ); + } catch( const std::string& c ) { + logger::error( "Exception: ", c ); + } + } else { + logger::errorf( "Unknown job type (\"%s\")", job->task ); + jp->failJob( job ); } if( !DAEMON || once ) {