X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fcrypto%2FsimpleOpensslSigner.cpp;h=f7042a29fccee7cbbdc731e5cf16e7d04469b4cd;hb=0141e5a371a97b0cb409d168ea8401bcb4f30923;hp=1ea12441d67a3d3c638e82ea474b147209c730ef;hpb=7f424efc9d4ebbb89ce4e6bee10ca8ec839f29d8;p=cassiopeia.git diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp index 1ea1244..f7042a2 100644 --- a/src/crypto/simpleOpensslSigner.cpp +++ b/src/crypto/simpleOpensslSigner.cpp @@ -1,6 +1,5 @@ #include "simpleOpensslSigner.h" -#include #include #include @@ -85,6 +84,8 @@ std::shared_ptr SimpleOpensslSigner::sign( std::shared_ptrwishFrom << std::endl; + signlog << "FINE: Signing is wanted to: " << cert->wishTo << std::endl; std::shared_ptr req; @@ -108,12 +109,6 @@ std::shared_ptr SimpleOpensslSigner::sign( std::shared_ptr retsh = std::shared_ptr( X509_new(), X509_free ); - X509* ret = retsh.get(); - - if( !ret ) { - throw "Creating X509 failed."; - } X509_NAME* subjectP = X509_NAME_new(); @@ -150,23 +145,73 @@ std::shared_ptr SimpleOpensslSigner::sign( std::shared_ptr parsed; + + if( ( parsed = parseDate( cert->wishFrom ) ).first /* is of yyyy-mm-dd */ ) { + if( parsed.second > now ) { + from = parsed.second; + } else { // fail + from = now; + } + } else { + from = now; + } + + if( from - now > /* 2 Weeks */ 2 * 7 * 24 * 60 * 60 || now - from >= 0 ) { + from = now; + } + + if( ( parsed = parseDate( cert->wishTo ) ).first /*is of yyyy-mm-dd */ ) { + if( parsed.second > from ) { + to = parsed.second; + } else { + to = from + /*2 Years */ 2 * 365 * 24 * 60 * 60; + } + } else if( ( parsed = parseYearInterval( from, cert->wishTo ) ).first /*is of [0-9]+y */ ) { + to = parsed.second; + } else if( ( parsed = parseMonthInterval( from, cert->wishTo ) ).first /*is of [0-9]+m */ ) { + to = parsed.second; + } else { + to = from + /*2 Years */ 2 * 365 * 24 * 60 * 60; + } + + time_t limit = prof.maxValidity; + + if( to - from > limit || to - from < 0 ) { + to = from + limit; + } + + c.setTimes( from, to ); signlog << "FINE: Setting extensions." << std::endl; c.setExtensions( ca->ca, cert->SANs, prof ); signlog << "FINE: Signed" << std::endl; std::shared_ptr output = c.sign( ca->caKey, cert->md ); signlog << "FINE: all went well" << std::endl; - signlog << "FINE: crt went to: " << writeBackFile( num, output->certificate, ca->path ) << std::endl; + std::string fn = writeBackFile( num, output->certificate, ca->path ); + if( fn.empty() ) { + signlog << "ERROR: failed to get filename for storage of signed certificate." << std::endl; + throw "Storage location could not be determined"; + } + + signlog << "FINE: crt went to: " << fn << std::endl; output->ca_name = ca->name; output->log = signlog.str(); return output; } -std::pair, std::string> SimpleOpensslSigner::revoke( std::shared_ptr ca, std::string serial ) { +std::pair, std::string> SimpleOpensslSigner::revoke( std::shared_ptr ca, std::vector serials ) { std::string crlpath = ca->path + "/ca.crl"; std::shared_ptr crl( new CRL( crlpath ) ); - std::string date = crl->revoke( serial, "" ); + std::string date = ""; + + for( std::string serial : serials ) { + date = crl->revoke( serial, "" ); + } + crl->sign( ca ); writeFile( crlpath, crl->toString() ); return std::pair, std::string>( crl, date );