X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FremoteSigner.cpp;h=c52936b8bc2afe26e78f0341a0fbfd2ce7276819;hb=dc63575cbbef92d3ee7f0f6c22dae7e42f579651;hp=5888667aea2903cbbc37b3038dd1c8db3fcfb63e;hpb=709700dfbbeb5bf8aee1f5a1966f0192d783ae03;p=cassiopeia.git

diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index 5888667..c52936b 100644
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -69,22 +69,13 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
     send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
     send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
     auto result = std::make_shared<SignedCertificate>();
-    std::vector<char> buffer( 2048 * 4 );
 
     for( int i = 0; i < 3; i++ ) {
         try {
-            int length = conn->read( buffer.data(), buffer.size() );
-
-            if( length <= 0 ) {
-                logger::error( "Error, no response data" );
-                result = nullptr;
-                break;
-            }
-
             RecordHeader head;
-            std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
+            std::string payload = parseCommandChunked( head, conn );
 
-            switch( static_cast<RecordHeader::SignerResult>( head.command )) {
+            switch( static_cast<RecordHeader::SignerResult>( head.command ) ) {
             case RecordHeader::SignerResult::CERTIFICATE:
                 result->certificate = payload;
                 break;
@@ -101,8 +92,8 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
                 logger::error( "Invalid Message" );
                 break;
             }
-        } catch( const char* msg ) {
-            logger::error( msg );
+        } catch( const std::exception& msg ) {
+            logger::error( msg.what() );
             return std::shared_ptr<SignedCertificate>();
         }
     }
@@ -116,20 +107,20 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
             int dlen = BIO_write( bios.get(), buf, len );
 
             if( dlen <= 0 ) {
-                throw "Memory error.";
+                throw std::runtime_error( "Memory error." );
             }
 
             len -= dlen;
             buf += dlen;
         }
 
-        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) );
+        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ), X509_free );
 
         if( !pem ) {
-            throw "Pem was not readable";
+            throw std::runtime_error( "Pem was not readable" );
         }
 
-        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free );
+        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber( pem.get() ), NULL ), BN_free );
         std::shared_ptr<char> serStr(
             BN_bn2hex( ser.get() ),
             []( char* p ) {
@@ -141,10 +132,14 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
         result->serial = std::string( serStr.get() );
     }
 
+    logger::note( "Closing SSL connection" );
+
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         logger::warn( "SSL shutdown failed" );
     }
 
+    logger::note( "SSL connection closed" );
+
     return result;
 }
 
@@ -169,20 +164,14 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     std::string payload = ca->name;
     send( conn, head, RecordHeader::SignerCommand::REVOKE, payload );
 
-    std::vector<char> buffer( 2048 * 4 );
-    int length = conn->read( buffer.data(), buffer.size() );
-
-    if( length <= 0 ) {
-        throw "Error, no response data";
-    }
-
-    payload = parseCommand( head, std::string( buffer.data(), length ) );
+    payload = parseCommandChunked( head, conn );
 
-    auto crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl" ) );
+    std::string tgtName = ca->path + std::string( "/ca.crl" );
+    auto crl = std::make_shared<CRL>( tgtName );
     std::string date;
 
     if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
-        throw "Protocol violation";
+        throw std::runtime_error( "Protocol violation" );
     }
 
     const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
@@ -201,39 +190,40 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
 
     if( ok ) {
         logger::note( "CRL verificated successfully" );
-        writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+        writeFile( tgtName, crl->toString() );
     } else {
         logger::warn( "CRL is broken, trying to recover" );
         send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
-        length = conn->read( buffer.data(), buffer.size() );
-
-        if( length <= 0 ) {
-            throw "Error, no response data";
-        }
 
-        payload = parseCommand( head, std::string( buffer.data(), length ) );
+        payload = parseCommandChunked( head, conn );
 
         if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
-            throw "Protocol violation";
+            throw std::runtime_error( "Protocol violation" );
         }
 
-        writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
-        crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl.bak" ) );
+        std::string name_bak = ca->path + std::string( "/ca.crl.bak" );
+        writeFile( name_bak, payload );
+        crl = std::make_shared<CRL>( name_bak );
 
         if( crl->verify( ca ) ) {
-            writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+            if( rename( name_bak.c_str(), tgtName.c_str() ) != 0 ) {
+                logger::warn( "Moving new CRL over old CRL failed" );
+            }
+
             logger::note( "CRL is now valid again" );
         } else {
             logger::warn( "CRL is still broken... Please, help me" );
         }
     }
 
-    logger::debug( "CRL:\n", crl->toString() );
+    logger::note( "Closing SSL connection" );
 
     if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
         logger::warn( "SSL shutdown failed" );
     }
 
+    logger::note( "SSL connection closed" );
+
     return { crl, date };
 }