X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FremoteSigner.cpp;h=f4680d650933248c0bb9584f63cc8b892583b549;hb=2fc4b5f8d5400f6ebd284a0e6fbaad23a345b585;hp=74368467540de8af841e24a16ec6a9b618f571fc;hpb=3c27aae8d1bfbf441c25b273d328d0859022ed60;p=cassiopeia.git diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp index 7436846..f4680d6 100644 --- a/src/crypto/remoteSigner.cpp +++ b/src/crypto/remoteSigner.cpp @@ -15,10 +15,10 @@ RemoteSigner::~RemoteSigner() { } void RemoteSigner::send( std::shared_ptr bio, RecordHeader& head, RecordHeader::SignerCommand cmd, std::string data ) { - head.command = ( uint16_t ) cmd; + head.command = static_cast( cmd ); head.command_count++; head.totalLength = data.size(); - sendCommand( head, data, bio, log ); + sendCommand( head, data, bio ); } std::shared_ptr RemoteSigner::sign( std::shared_ptr cert ) { @@ -29,7 +29,7 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr conn( new OpensslBIOWrapper( bio ) ); + auto conn = std::make_shared( bio ); RecordHeader head; head.flags = 0; head.sessid = 13; @@ -40,7 +40,7 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrcsr_content ); } else { logger::error( "Unknown csr_type: ", cert->csr_type ); - return std::shared_ptr(); + return nullptr; } send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md ); @@ -48,19 +48,19 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrwishFrom ); send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo ); - for( auto ava : cert->AVAs ) { + for( auto &ava : cert->AVAs ) { if( ava->name.find( "," ) != std::string::npos ) { // invalid ava - return std::shared_ptr(); + return nullptr; } send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value ); } - for( auto san : cert->SANs ) { + for( auto &san : cert->SANs ) { if( san->type.find( "," ) != std::string::npos ) { // invalid ava - return std::shared_ptr(); + return nullptr; } send( conn, head, RecordHeader::SignerCommand::ADD_SAN, san->type + "," + san->content ); @@ -68,23 +68,14 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr result = std::shared_ptr( new SignedCertificate() ); - std::vector buffer( 2048 * 4 ); + auto result = std::make_shared(); for( int i = 0; i < 3; i++ ) { try { - int length = conn->read( buffer.data(), buffer.size() ); - - if( length <= 0 ) { - logger::error( "Error, no response data" ); - result = std::shared_ptr(); - break; - } - RecordHeader head; - std::string payload = parseCommand( head, std::string( buffer.data(), length ), log ); + std::string payload = parseCommand( head, conn->readLine() ); - switch( ( RecordHeader::SignerResult ) head.command ) { + switch( static_cast( head.command )) { case RecordHeader::SignerResult::CERTIFICATE: result->certificate = payload; break; @@ -141,9 +132,11 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrserial = std::string( serStr.get() ); } + logger::note( "Closing SSL connection" ); if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice logger::warn( "SSL shutdown failed" ); } + logger::note( "SSL connection closed" ); return result; } @@ -156,43 +149,36 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p SSL_set_connect_state( ssl.get() ); SSL_set_bio( ssl.get(), target.get(), target.get() ); BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE ); - std::shared_ptr conn( new OpensslBIOWrapper( bio ) ); + auto conn = std::make_shared( bio ); RecordHeader head; head.flags = 0; head.sessid = 13; - for( std::string serial : serials ) { + for( auto &serial : serials ) { send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial ); } std::string payload = ca->name; send( conn, head, RecordHeader::SignerCommand::REVOKE, payload ); - std::vector buffer( 2048 * 4 ); - int length = conn->read( buffer.data(), buffer.size() ); + payload = parseCommand( head, conn->readLine() ); - if( length <= 0 ) { - throw "Error, no response data"; - } - - payload = parseCommand( head, std::string( buffer.data(), length ), log ); - - std::shared_ptr crl( new CRL( ca->path + std::string( "/ca.crl" ) ) ); + auto crl = std::make_shared( ca->path + std::string( "/ca.crl" ) ); std::string date; - if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::REVOKED ) { + if( static_cast( head.command ) != RecordHeader::SignerResult::REVOKED ) { throw "Protocol violation"; } - const unsigned char* buffer2 = ( const unsigned char* ) payload.data(); + const unsigned char* buffer2 = reinterpret_cast( payload.data() ); const unsigned char* pos = buffer2; ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() ); ASN1_TIME_free( time ); date = payload.substr( 0, pos - buffer2 ); std::string rest = payload.substr( pos - buffer2 ); - for( std::string serial : serials ) { + for( std::string &serial : serials ) { crl->revoke( serial, date ); } @@ -205,20 +191,15 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p } else { logger::warn( "CRL is broken, trying to recover" ); send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name ); - length = conn->read( buffer.data(), buffer.size() ); - - if( length <= 0 ) { - throw "Error, no response data"; - } - payload = parseCommand( head, std::string( buffer.data(), length ), log ); + payload = parseCommand( head, conn->readLine() ); - if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::FULL_CRL ) { + if( static_cast( head.command ) != RecordHeader::SignerResult::FULL_CRL ) { throw "Protocol violation"; } writeFile( ca->path + std::string( "/ca.crl.bak" ), payload ); - crl = std::shared_ptr( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) ); + crl = std::make_shared( ca->path + std::string( "/ca.crl.bak" ) ); if( crl->verify( ca ) ) { writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() ); @@ -230,11 +211,13 @@ std::pair, std::string> RemoteSigner::revoke( std::shared_p logger::debug( "CRL:\n", crl->toString() ); + logger::note( "Closing SSL connection" ); if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice logger::warn( "SSL shutdown failed" ); } + logger::note( "SSL connection closed" ); - return std::pair, std::string>( crl, date ); + return { crl, date }; } void RemoteSigner::setLog( std::shared_ptr target ) {