X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FremoteSigner.cpp;h=4b1e630ad21e511a1229bce1b78b61c3c8b918a2;hb=f8d1606423c351f2003ce18258ef047e0d2af326;hp=5888667aea2903cbbc37b3038dd1c8db3fcfb63e;hpb=709700dfbbeb5bf8aee1f5a1966f0192d783ae03;p=cassiopeia.git diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp index 5888667..4b1e630 100644 --- a/src/crypto/remoteSigner.cpp +++ b/src/crypto/remoteSigner.cpp @@ -69,20 +69,11 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr(); - std::vector buffer( 2048 * 4 ); for( int i = 0; i < 3; i++ ) { try { - int length = conn->read( buffer.data(), buffer.size() ); - - if( length <= 0 ) { - logger::error( "Error, no response data" ); - result = nullptr; - break; - } - RecordHeader head; - std::string payload = parseCommand( head, std::string( buffer.data(), length ) ); + std::string payload = parseCommandChunked( head, conn ); switch( static_cast( head.command )) { case RecordHeader::SignerResult::CERTIFICATE: @@ -141,9 +132,11 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrserial = std::string( serStr.get() ); } + logger::note( "Closing SSL connection" ); if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice logger::warn( "SSL shutdown failed" ); } + logger::note( "SSL connection closed" ); return result; } @@ -169,16 +162,10 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p std::string payload = ca->name; send( conn, head, RecordHeader::SignerCommand::REVOKE, payload ); - std::vector buffer( 2048 * 4 ); - int length = conn->read( buffer.data(), buffer.size() ); - - if( length <= 0 ) { - throw "Error, no response data"; - } + payload = parseCommandChunked( head, conn ); - payload = parseCommand( head, std::string( buffer.data(), length ) ); - - auto crl = std::make_shared( ca->path + std::string( "/ca.crl" ) ); + std::string tgtName = ca->path + std::string( "/ca.crl" ); + auto crl = std::make_shared( tgtName ); std::string date; if( static_cast( head.command ) != RecordHeader::SignerResult::REVOKED ) { @@ -201,38 +188,37 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p if( ok ) { logger::note( "CRL verificated successfully" ); - writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); + writeFile( tgtName, crl->toString() ); } else { logger::warn( "CRL is broken, trying to recover" ); send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name ); - length = conn->read( buffer.data(), buffer.size() ); - - if( length <= 0 ) { - throw "Error, no response data"; - } - payload = parseCommand( head, std::string( buffer.data(), length ) ); + payload = parseCommandChunked( head, conn ); if( static_cast( head.command ) != RecordHeader::SignerResult::FULL_CRL ) { throw "Protocol violation"; } - writeFile( ca->path + std::string( "/ca.crl.bak" ), payload ); - crl = std::make_shared( ca->path + std::string( "/ca.crl.bak" ) ); + std::string name_bak = ca->path + std::string( "/ca.crl.bak" ); + writeFile( name_bak, payload ); + crl = std::make_shared( name_bak ); if( crl->verify( ca ) ) { - writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); + writeFile( tgtName, crl->toString() ); + if( remove( name_bak.c_str() ) != 0 ){ + logger::warn( "Removing old CRL failed" ); + } logger::note( "CRL is now valid again" ); } else { logger::warn( "CRL is still broken... Please, help me" ); } } - logger::debug( "CRL:\n", crl->toString() ); - + logger::note( "Closing SSL connection" ); if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice logger::warn( "SSL shutdown failed" ); } + logger::note( "SSL connection closed" ); return { crl, date }; }