X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FremoteSigner.cpp;h=18ad28a70146c1b94268cda66092368deee1b976;hb=1788c672486234375c0758cd8c1c3f7f47273adb;hp=9cc3a2d858c081e8a896443663c47efe3e9fa3d7;hpb=b96ef8b6ed1da29999800fbfd681b153de75bb72;p=cassiopeia.git

diff --git a/src/remoteSigner.cpp b/src/remoteSigner.cpp
index 9cc3a2d..18ad28a 100644
--- a/src/remoteSigner.cpp
+++ b/src/remoteSigner.cpp
@@ -2,10 +2,14 @@
 
 #include <iostream>
 
+#include <openssl/ssl.h>
+#include <openssl/bn.h>
+
 RemoteSigner::RemoteSigner( std::shared_ptr<BIO> target, std::shared_ptr<SSL_CTX> ctx ) {
     this->target = target;
     this->ctx = ctx;
 }
+
 RemoteSigner::~RemoteSigner() {
 }
 
@@ -13,11 +17,13 @@ void RemoteSigner::send( std::shared_ptr<OpensslBIOWrapper> bio, RecordHeader& h
     head.command = ( uint16_t ) cmd;
     head.command_count++;
     head.totalLength = data.size();
-    sendCommand( head, data, bio );
+    sendCommand( head, data, bio, log );
 
 }
 
 std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+    ( void )BIO_reset( target.get() );
+
     std::shared_ptr<SSL> ssl( SSL_new( ctx.get() ), SSL_free );
     std::shared_ptr<BIO> bio( BIO_new( BIO_f_ssl() ), BIO_free );
     SSL_set_connect_state( ssl.get() );
@@ -28,7 +34,7 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
     head.flags = 0;
     head.sessid = 13;
 
-    if( cert->csr_type == "csr" ) {
+    if( cert->csr_type == "CSR" ) {
         send( conn, head, RecordHeader::SignerCommand::SET_CSR, cert->csr_content );
     } else {
         std::cout << "Unknown csr_type: " << cert->csr_type;
@@ -37,8 +43,25 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
 
     send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md );
     send( conn, head, RecordHeader::SignerCommand::SET_PROFILE, cert->profile );
-    send( conn, head, RecordHeader::SignerCommand::ADD_AVA, "CN,commonName" );
-    send( conn, head, RecordHeader::SignerCommand::ADD_SAN, "DNS,*.example.com" );
+
+    for( auto ava : cert->AVAs ) {
+        if( ava->name.find( "," ) != std::string::npos ) {
+            // invalid ava
+            return std::shared_ptr<SignedCertificate>();
+        }
+
+        send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value );
+    }
+
+    for( auto san : cert->SANs ) {
+        if( san->type.find( "," ) != std::string::npos ) {
+            // invalid ava
+            return std::shared_ptr<SignedCertificate>();
+        }
+
+        send( conn, head, RecordHeader::SignerCommand::ADD_SAN, san->type + "," + san->content );
+    }
+
     send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
     send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
     std::shared_ptr<SignedCertificate> result = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
@@ -47,15 +70,69 @@ std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertif
     for( int i = 0; i < 2; i++ ) {
         try {
             int length = conn->read( buffer.data(), buffer.size() );
+
+            if( length <= 0 ) {
+                std::cout << "Error, no response data" << std::endl;
+                result = std::shared_ptr<SignedCertificate>();
+                break;
+            }
+
             RecordHeader head;
-            std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
-            std::cout << "Data: " << std::endl << payload << std::endl;
+            std::string payload = parseCommand( head, std::string( buffer.data(), length ), log );
+
+            switch( ( RecordHeader::SignerResult ) head.command ) {
+            case RecordHeader::SignerResult::CERTIFICATE:
+                result->certificate = payload;
+                break;
+
+            case RecordHeader::SignerResult::SAVE_LOG:
+                result->log = payload;
+                break;
+            }
         } catch( const char* msg ) {
             std::cout << msg << std::endl;
             return std::shared_ptr<SignedCertificate>();
         }
     }
 
+    if( result ) {
+        std::shared_ptr<BIO> bios( BIO_new( BIO_s_mem() ), BIO_free );
+        const char* buf = result->certificate.data();
+        unsigned int len = result->certificate.size();
+
+        while( len > 0 ) {
+            int dlen = BIO_write( bios.get(), buf, len );
+
+            if( dlen <= 0 ) {
+                throw "Memory error.";
+            }
+
+            len -= dlen;
+            buf += dlen;
+        }
+
+        std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) );
+
+        if( !pem ) {
+            throw "Pem was not readable";
+        }
+
+        std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free );
+        std::shared_ptr<char> serStr(
+            BN_bn2hex( ser.get() ),
+            []( char* p ) {
+                OPENSSL_free( p );
+            } ); // OPENSSL_free is a macro...
+        result->serial = std::string( serStr.get() );
+    }
+
+    if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
+        std::cout << "SSL shutdown failed" << std::endl;
+    }
+
     return result;
 }
 
+void RemoteSigner::setLog( std::shared_ptr<std::ostream> target ) {
+    this->log = target;
+}