X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FremoteSigner.cpp;h=b6c7c317d30047cf703c4c1824bb9c8836031ba2;hb=0141e5a371a97b0cb409d168ea8401bcb4f30923;hp=60739866d56364fdfe4e8d6591aa641ea05c7181;hpb=3305c4fdc8845fc3d17ea1bd49548073bb9111fe;p=cassiopeia.git diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp index 6073986..b6c7c31 100644 --- a/src/crypto/remoteSigner.cpp +++ b/src/crypto/remoteSigner.cpp @@ -6,9 +6,7 @@ #include #include -RemoteSigner::RemoteSigner( std::shared_ptr target, std::shared_ptr ctx ) { - this->target = target; - this->ctx = ctx; +RemoteSigner::RemoteSigner( std::shared_ptr target, std::shared_ptr ctx ) : target( target ), ctx( ctx ) { } RemoteSigner::~RemoteSigner() { @@ -46,6 +44,8 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrmd ); send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile ); + send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom ); + send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo ); for( auto ava : cert->AVAs ) { if( ava->name.find( "," ) != std::string::npos ) { @@ -134,6 +134,9 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrserial = std::string( serStr.get() ); } @@ -144,7 +147,7 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr, std::string> RemoteSigner::revoke( std::shared_ptr ca, std::string serial ) { +std::pair, std::string> RemoteSigner::revoke( std::shared_ptr ca, std::vector serials ) { ( void )BIO_reset( target.get() ); std::shared_ptr ssl( SSL_new( ctx.get() ), SSL_free ); @@ -158,72 +161,80 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p head.flags = 0; head.sessid = 13; - std::string payload = ca->name + std::string( "\0", 1 ) + serial; + for( std::string serial : serials ) { + send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial ); + } + + std::string payload = ca->name; send( conn, head, RecordHeader::SignerCommand::REVOKE, payload ); std::vector buffer( 2048 * 4 ); int length = conn->read( buffer.data(), buffer.size() ); if( length <= 0 ) { - std::cout << "Error, no response data" << std::endl; - return std::pair, std::string>( std::shared_ptr(), "" ); + throw "Error, no response data"; } payload = parseCommand( head, std::string( buffer.data(), length ), log ); std::shared_ptr crl( new CRL( ca->path + std::string( "/ca.crl" ) ) ); + std::string date; - switch( ( RecordHeader::SignerResult ) head.command ) { - case RecordHeader::SignerResult::REVOKED: { - const unsigned char* buffer2 = ( const unsigned char* ) payload.data(); - const unsigned char* pos = buffer2; - ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() ); - ASN1_TIME_free( time ); - std::string rest = payload.substr( pos - buffer2 ); - crl->revoke( serial, payload.substr( 0, pos - buffer2 ) ); - crl->setSignature( rest ); - bool ok = crl->verify( ca ); - - if( ok ) { - ( *log ) << "CRL verificated successfully" << std::endl; - writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); - } else { - ( *log ) << "CRL is broken" << std::endl; - send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name ); - length = conn->read( buffer.data(), buffer.size() ); + if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::REVOKED ) { + throw "Protocol violation"; + } - if( length <= 0 ) { - ( *log ) << "Error, no response data" << std::endl; - return std::pair, std::string>( std::shared_ptr(), "" ); - } + const unsigned char* buffer2 = ( const unsigned char* ) payload.data(); + const unsigned char* pos = buffer2; + ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() ); + ASN1_TIME_free( time ); + date = payload.substr( 0, pos - buffer2 ); + std::string rest = payload.substr( pos - buffer2 ); - payload = parseCommand( head, std::string( buffer.data(), length ), log ); - writeFile( ca->path + std::string( "/ca.crl.bak" ), payload ); - crl = std::shared_ptr( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) ); + for( std::string serial : serials ) { + crl->revoke( serial, date ); + } - if( crl->verify( ca ) ) { - writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); - ( *log ) << "CRL is now valid" << std::endl; - } else { - ( *log ) << "CRL is still broken... Please, help me" << std::endl; - } + crl->setSignature( rest ); + bool ok = crl->verify( ca ); + if( ok ) { + ( *log ) << "CRL verificated successfully" << std::endl; + writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); + } else { + ( *log ) << "CRL is broken" << std::endl; + send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name ); + length = conn->read( buffer.data(), buffer.size() ); + + if( length <= 0 ) { + throw "Error, no response data"; } - ( *log ) << "CRL: " << std::endl << crl->toString() << std::endl; - break; - } + payload = parseCommand( head, std::string( buffer.data(), length ), log ); + + if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::FULL_CRL ) { + throw "Protocol violation"; + } + + writeFile( ca->path + std::string( "/ca.crl.bak" ), payload ); + crl = std::shared_ptr( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) ); + + if( crl->verify( ca ) ) { + writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); + ( *log ) << "CRL is now valid" << std::endl; + } else { + ( *log ) << "CRL is still broken... Please, help me" << std::endl; + } - default: - throw "Invalid response command."; } + ( *log ) << "CRL: " << std::endl << crl->toString() << std::endl; if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice std::cout << "SSL shutdown failed" << std::endl; } - return std::pair, std::string>( std::shared_ptr(), "" ); + return std::pair, std::string>( crl, date ); } void RemoteSigner::setLog( std::shared_ptr target ) {