X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fio%2FrecordHandler.cpp;h=2eb8358a567c55f19c117c231f6fc8ca8c1c28c3;hb=dc63575cbbef92d3ee7f0f6c22dae7e42f579651;hp=72442ce110742ac5b8c6366efb6cf31cc636b654;hpb=82849da8a9e36be282c13537fb7e14ad1f021d40;p=cassiopeia.git diff --git a/src/io/recordHandler.cpp b/src/io/recordHandler.cpp index 72442ce..2eb8358 100644 --- a/src/io/recordHandler.cpp +++ b/src/io/recordHandler.cpp @@ -1,12 +1,14 @@ #include "io/recordHandler.h" #include +#include #include #include #include #include +#include "util.h" #include "io/record.h" #include "io/opensslBIO.h" #include "io/slipBio.h" @@ -14,16 +16,17 @@ #include "db/database.h" #include "crypto/remoteSigner.h" #include "crypto/sslUtil.h" - #include "crypto/simpleOpensslSigner.h" +#include "log/logger.hpp" + extern std::vector profiles; extern std::unordered_map> CAs; class RecordHandlerSession { public: - uint32_t sessid; - uint32_t lastCommandCount; + uint32_t sessid = 0; + uint32_t lastCommandCount = 0; std::shared_ptr tbs; std::shared_ptr result; @@ -34,24 +37,18 @@ public: DefaultRecordHandler* parent; std::shared_ptr signer; - std::shared_ptr log; + std::unique_ptr logFile; + //std::stringstream sessionlog; + std::vector serials; + logger::logger_set logger; + RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr signer, std::shared_ptr ctx, std::shared_ptr output ) : - tbs( new TBSCertificate() ) { + tbs( std::make_shared() ), + logFile( openLogfile( "logs/log_" + timestamp() ) ), + logger{ std::cout, *logFile } { this->parent = parent; this->signer = signer; - time_t c_time; - - if( time( &c_time ) == -1 ) { - throw "Error while fetching time?"; - } - - log = std::shared_ptr( - new std::ofstream( std::string( "logs/log_" ) + std::to_string( c_time ) ), - []( std::ofstream * ptr ) { - ptr->close(); - delete ptr; - } ); ssl = std::shared_ptr( SSL_new( ctx.get() ), SSL_free ); std::shared_ptr bio( @@ -62,60 +59,41 @@ public: SSL_set_accept_state( ssl.get() ); SSL_set_bio( ssl.get(), output.get(), output.get() ); BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE ); - io = std::shared_ptr( new OpensslBIOWrapper( bio ) ); + io = std::make_shared( bio ); } void respondCommand( RecordHeader::SignerResult res, std::string payload ) { RecordHeader rh; - rh.command = ( uint16_t ) res; + rh.command = static_cast( res ); rh.flags = 0; rh.command_count = 0; // TODO i++ - rh.totalLength = payload.size(); - sendCommand( rh, payload, io, log ); + sendCommand( rh, payload, io ); } void work() { - std::vector buffer( 2048, 0 ); - int res = io->read( buffer.data(), buffer.capacity() ); - - if( res <= 0 ) { - ( *log ) << "Stream error, resetting SSL" << std::endl; - parent->reset(); - return; - } - - std::string content( buffer.data(), res ); - try { RecordHeader head; - std::string payload = parseCommand( head, content, log ); - execute( head, payload ); - } catch( const char* msg ) { - if( log ) { - ( *log ) << "ERROR: " << msg << std::endl; - } - + std::string all = parseCommandChunked( head, io ); + execute( static_cast( head.command ), all ); + } catch( const std::exception& msg ) { + logger::error( "ERROR: ", msg.what() ); parent->reset(); return; } } - void execute( RecordHeader& head, std::string data ) { - if( head.totalLength != head.payloadLength || head.offset != 0 ) { - throw "Error, chunking not supported yet"; - } - - switch( ( RecordHeader::SignerCommand ) head.command ) { + void execute( RecordHeader::SignerCommand command, std::string data ) { + switch( command ) { case RecordHeader::SignerCommand::SET_CSR: tbs->csr_content = data; tbs->csr_type = "CSR"; - ( *log ) << "INFO: CSR read:" << std::endl << tbs->csr_content; + logger::note( "INFO: CSR read:\n", tbs->csr_content ); break; case RecordHeader::SignerCommand::SET_SPKAC: tbs->csr_content = data; tbs->csr_type = "SPKAC"; - ( *log ) << "INFO: SPKAC read:" << std::endl << tbs->csr_content; + logger::note( "INFO: SPKAC read:\n", tbs->csr_content ); break; case RecordHeader::SignerCommand::SET_SIGNATURE_TYPE: @@ -127,107 +105,117 @@ public: tbs->profile = data; break; - case RecordHeader::SignerCommand::ADD_SAN: { - size_t pos = data.find( "," ); + case RecordHeader::SignerCommand::SET_WISH_FROM: + tbs->wishFrom = data; + break; - if( pos == std::string::npos ) { - // error - } else { - std::shared_ptr san( new SAN() ); - san->type = data.substr( 0, pos ); - san->content = data.substr( pos + 1 ); - tbs->SANs.push_back( san ); + case RecordHeader::SignerCommand::SET_WISH_TO: + tbs->wishTo = data; + break; + + case RecordHeader::SignerCommand::ADD_SAN: + { + size_t pos = data.find( "," ); + + if( pos == std::string::npos ) { + // error + } else { + auto san = std::make_shared(); + san->type = data.substr( 0, pos ); + san->content = data.substr( pos + 1 ); + tbs->SANs.push_back( san ); + } } - } - break; - - case RecordHeader::SignerCommand::ADD_AVA: { - size_t pos = data.find( "," ); - - if( pos == std::string::npos ) { - // error - } else { - std::shared_ptr ava( new AVA() ); - ava->name = data.substr( 0, pos ); - ava->value = data.substr( pos + 1 ); - tbs->AVAs.push_back( ava ); + break; + + case RecordHeader::SignerCommand::ADD_AVA: + { + size_t pos = data.find( "," ); + + if( pos == std::string::npos ) { + // error + } else { + auto ava = std::make_shared(); + ava->name = data.substr( 0, pos ); + ava->value = data.substr( pos + 1 ); + tbs->AVAs.push_back( ava ); + } } - } - break; + break; case RecordHeader::SignerCommand::ADD_PROOF_LINE: break; case RecordHeader::SignerCommand::SIGN: result = signer->sign( tbs ); - ( *log ) << "INFO: signlog: " << result->log << std::endl; - ( *log ) << "INFO: res: " << result->certificate << std::endl; + logger::note( "INFO: signlog:\n", result->log ); + logger::note( "INFO: res:\n", result->certificate ); respondCommand( RecordHeader::SignerResult::SAVE_LOG, result->log ); break; case RecordHeader::SignerCommand::LOG_SAVED: if( result ) { + respondCommand( RecordHeader::SignerResult::SIGNING_CA, result->ca_name ); respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate ); } + logger::note( "Shutting down SSL" ); + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { - ( *log ) << "ERROR: SSL close failed" << std::endl; + logger::warn( "ERROR: SSL shutdown failed." ); } - break; + io->ctrl( BIO_CTRL_FLUSH, 0, NULL ); + logger::note( "Shutted down SSL" ); - case RecordHeader::SignerCommand::REVOKE: { - ( *log ) << "got revoking command: " << data.size() << std::endl; - std::string nullstr( "\0", 1 ); - size_t t = data.find( nullstr ); + parent->reset(); // Connection ended - if( t == std::string::npos ) { - // error - ( *log ) << "error while parsing revoking command." << data << std::endl; - break; - } - - std::string ca = data.substr( 0, t ); - std::string serial = data.substr( t + 1 ); - ( *log ) << "revoking " << ca << "<->" << serial << std::endl; + break; - ( *log ) << "["; + case RecordHeader::SignerCommand::ADD_SERIAL: + serials.push_back( data ); + break; - for( auto x : CAs ) { - ( *log ) << x.first << ", "; + case RecordHeader::SignerCommand::REVOKE: + { + logger::note("Revoking: ", data); + std::string ca = data; + auto reqCA = CAs.at( ca ); + logger::note( "CA found in recordHandler" ); + std::shared_ptr crl; + std::string date; + std::tie( crl, date ) = signer->revoke( reqCA, serials ); + + respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() ); } + break; - ( *log ) << "]" << std::endl; - - auto reqCA = CAs.at( ca ); - ( *log ) << "CA found" << std::endl; - std::shared_ptr crl; - std::string date; - std::tie, std::string>( crl, date ) = signer->revoke( reqCA, serial ); - - respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() ); - - if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { - ( *log ) << "ERROR: SSL close failed" << std::endl; + case RecordHeader::SignerCommand::GET_FULL_CRL: + { + logger::note("Requesting full CRL: ", data); + auto ca = CAs.at( data ); + CRL c( ca->path + "/ca.crl" ); + respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() ); + + logger::note( "Shutting down SSL" ); + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { + logger::error( "ERROR: SSL shutdown failed." ); + } + io->ctrl( BIO_CTRL_FLUSH, 0, NULL ); + logger::note( "Shutted down SSL" ); + + parent->reset(); // Connection ended } - break; - } default: - throw "Unimplemented"; + throw std::runtime_error( "Unimplemented" ); } } }; DefaultRecordHandler::DefaultRecordHandler( std::shared_ptr signer, std::shared_ptr bio ) : - currentSession() { - - this->signer = signer; - - ctx = generateSSLContext( true ); - - this->bio = bio; + bio( bio ), ctx( generateSSLContext( true ) ), signer( signer ), currentSession() { } void DefaultRecordHandler::reset() { @@ -236,9 +224,14 @@ void DefaultRecordHandler::reset() { void DefaultRecordHandler::handle() { if( !currentSession ) { - std::cout << "session allocated" << std::endl; - currentSession = std::shared_ptr( new RecordHandlerSession( this, signer, ctx, bio ) ); + ( void ) BIO_reset( bio.get() ); + logger::note( "New session allocated." ); + currentSession = std::make_shared( this, signer, ctx, bio ); } - currentSession->work(); + try { + currentSession->work(); + } catch( eof_exception e ) { + reset(); + } }