X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fio%2FrecordHandler.cpp;h=0e63805e98f8e5e57eb2cfd06913421395ec147b;hb=d19fbcd86a265cb99dd8597430e8159e9403c743;hp=72442ce110742ac5b8c6366efb6cf31cc636b654;hpb=82849da8a9e36be282c13537fb7e14ad1f021d40;p=cassiopeia.git diff --git a/src/io/recordHandler.cpp b/src/io/recordHandler.cpp index 72442ce..0e63805 100644 --- a/src/io/recordHandler.cpp +++ b/src/io/recordHandler.cpp @@ -7,6 +7,7 @@ #include +#include "util.h" #include "io/record.h" #include "io/opensslBIO.h" #include "io/slipBio.h" @@ -14,9 +15,10 @@ #include "db/database.h" #include "crypto/remoteSigner.h" #include "crypto/sslUtil.h" - #include "crypto/simpleOpensslSigner.h" +#include "log/logger.hpp" + extern std::vector profiles; extern std::unordered_map> CAs; @@ -35,8 +37,11 @@ public: std::shared_ptr signer; std::shared_ptr log; + std::vector serials; RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr signer, std::shared_ptr ctx, std::shared_ptr output ) : + sessid( 0 ), + lastCommandCount( 0 ), tbs( new TBSCertificate() ) { this->parent = parent; this->signer = signer; @@ -46,12 +51,7 @@ public: throw "Error while fetching time?"; } - log = std::shared_ptr( - new std::ofstream( std::string( "logs/log_" ) + std::to_string( c_time ) ), - []( std::ofstream * ptr ) { - ptr->close(); - delete ptr; - } ); + log = openLogfile( std::string( "logs/log_" ) + std::to_string( c_time ) ); ssl = std::shared_ptr( SSL_new( ctx.get() ), SSL_free ); std::shared_ptr bio( @@ -79,7 +79,7 @@ public: int res = io->read( buffer.data(), buffer.capacity() ); if( res <= 0 ) { - ( *log ) << "Stream error, resetting SSL" << std::endl; + logger::error( "Stream error, resetting SSL" ); parent->reset(); return; } @@ -92,7 +92,7 @@ public: execute( head, payload ); } catch( const char* msg ) { if( log ) { - ( *log ) << "ERROR: " << msg << std::endl; + logger::error( "ERROR: ", msg ); } parent->reset(); @@ -109,13 +109,13 @@ public: case RecordHeader::SignerCommand::SET_CSR: tbs->csr_content = data; tbs->csr_type = "CSR"; - ( *log ) << "INFO: CSR read:" << std::endl << tbs->csr_content; + logger::note( "INFO: CSR read:\n", tbs->csr_content ); break; case RecordHeader::SignerCommand::SET_SPKAC: tbs->csr_content = data; tbs->csr_type = "SPKAC"; - ( *log ) << "INFO: SPKAC read:" << std::endl << tbs->csr_content; + logger::note( "INFO: SPKAC read:\n", tbs->csr_content ); break; case RecordHeader::SignerCommand::SET_SIGNATURE_TYPE: @@ -127,6 +127,14 @@ public: tbs->profile = data; break; + case RecordHeader::SignerCommand::SET_WISH_FROM: + tbs->wishFrom = data; + break; + + case RecordHeader::SignerCommand::SET_WISH_TO: + tbs->wishTo = data; + break; + case RecordHeader::SignerCommand::ADD_SAN: { size_t pos = data.find( "," ); @@ -160,57 +168,52 @@ public: case RecordHeader::SignerCommand::SIGN: result = signer->sign( tbs ); - ( *log ) << "INFO: signlog: " << result->log << std::endl; - ( *log ) << "INFO: res: " << result->certificate << std::endl; + logger::note( "INFO: signlog:\n", result->log ); + logger::note( "INFO: res:\n", result->certificate ); respondCommand( RecordHeader::SignerResult::SAVE_LOG, result->log ); break; case RecordHeader::SignerCommand::LOG_SAVED: if( result ) { + respondCommand( RecordHeader::SignerResult::SIGNING_CA, result->ca_name ); respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate ); } if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { - ( *log ) << "ERROR: SSL close failed" << std::endl; - } - - break; - - case RecordHeader::SignerCommand::REVOKE: { - ( *log ) << "got revoking command: " << data.size() << std::endl; - std::string nullstr( "\0", 1 ); - size_t t = data.find( nullstr ); - - if( t == std::string::npos ) { - // error - ( *log ) << "error while parsing revoking command." << data << std::endl; - break; + logger::warn( "ERROR: SSL shutdown failed." ); } - std::string ca = data.substr( 0, t ); - std::string serial = data.substr( t + 1 ); - ( *log ) << "revoking " << ca << "<->" << serial << std::endl; - - ( *log ) << "["; + parent->reset(); // Connection ended - for( auto x : CAs ) { - ( *log ) << x.first << ", "; - } + break; - ( *log ) << "]" << std::endl; + case RecordHeader::SignerCommand::ADD_SERIAL: + serials.push_back( data ); + break; + case RecordHeader::SignerCommand::REVOKE: { + std::string ca = data; auto reqCA = CAs.at( ca ); - ( *log ) << "CA found" << std::endl; + logger::note( "CA found" ); std::shared_ptr crl; std::string date; - std::tie, std::string>( crl, date ) = signer->revoke( reqCA, serial ); + std::tie, std::string>( crl, date ) = signer->revoke( reqCA, serials ); respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() ); + break; + } + + case RecordHeader::SignerCommand::GET_FULL_CRL: { + auto ca = CAs.at( data ); + CRL c( ca->path + "/ca.crl" ); + respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() ); + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { - ( *log ) << "ERROR: SSL close failed" << std::endl; + logger::error( "ERROR: SSL shutdown failed." ); } + parent->reset(); // Connection ended break; } @@ -220,14 +223,8 @@ public: } }; -DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, std::shared_ptr bio ) : - currentSession() { - - this->signer = signer; - - ctx = generateSSLContext( true ); - - this->bio = bio; +DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, std::shared_ptr bio ) + : bio( bio ), ctx( generateSSLContext( true ) ), signer( signer ), currentSession() { } void DefaultRecordHandler::reset() { @@ -236,7 +233,7 @@ void DefaultRecordHandler::reset() { void DefaultRecordHandler::handle() { if( !currentSession ) { - std::cout << "session allocated" << std::endl; + logger::note( "New session allocated." ); currentSession = std::shared_ptr( new RecordHandlerSession( this, signer, ctx, bio ) ); }