X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2FremoteSigner.cpp;h=a6ea5780c4c5d8ca5a55c1cd656edef766ef9e26;hb=890efd9eb1d32033fe3afd088838bde707f3a2bb;hp=71714003cdabd8812e41d57779834d9f2fba6587;hpb=f06c8dee90dbb6ccf031af872efb2cdd8d3d3b8a;p=cassiopeia.git diff --git a/src/remoteSigner.cpp b/src/remoteSigner.cpp index 7171400..a6ea578 100644 --- a/src/remoteSigner.cpp +++ b/src/remoteSigner.cpp @@ -2,10 +2,14 @@ #include +#include +#include + RemoteSigner::RemoteSigner( std::shared_ptr target, std::shared_ptr ctx ) { this->target = target; this->ctx = ctx; } + RemoteSigner::~RemoteSigner() { } @@ -32,6 +36,8 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrcsr_type == "CSR" ) { send( conn, head, RecordHeader::SignerCommand::SET_CSR, cert->csr_content ); + } else if( cert->csr_type == "SPKAC" ) { + send( conn, head, RecordHeader::SignerCommand::SET_SPKAC, cert->csr_content ); } else { std::cout << "Unknown csr_type: " << cert->csr_type; return std::shared_ptr(); @@ -67,8 +73,10 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrread( buffer.data(), buffer.size() ); - if( length == -1 ) { - return std::shared_ptr(); + if( length <= 0 ) { + std::cout << "Error, no response data" << std::endl; + result = std::shared_ptr(); + break; } RecordHeader head; @@ -82,6 +90,10 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptrlog = payload; break; + + default: + std::cout << "Invalid Message" << std::endl; + break; } } catch( const char* msg ) { std::cout << msg << std::endl; @@ -89,6 +101,37 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr bios( BIO_new( BIO_s_mem() ), BIO_free ); + const char* buf = result->certificate.data(); + unsigned int len = result->certificate.size(); + + while( len > 0 ) { + int dlen = BIO_write( bios.get(), buf, len ); + + if( dlen <= 0 ) { + throw "Memory error."; + } + + len -= dlen; + buf += dlen; + } + + std::shared_ptr pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) ); + + if( !pem ) { + throw "Pem was not readable"; + } + + std::shared_ptr ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free ); + std::shared_ptr serStr( + BN_bn2hex( ser.get() ), + []( char* p ) { + OPENSSL_free( p ); + } ); // OPENSSL_free is a macro... + result->serial = std::string( serStr.get() ); + } + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice std::cout << "SSL shutdown failed" << std::endl; } @@ -96,6 +139,49 @@ std::shared_ptr RemoteSigner::sign( std::shared_ptr RemoteSigner::revoke( std::shared_ptr ca, std::string serial ) { + ( void )BIO_reset( target.get() ); + + std::shared_ptr ssl( SSL_new( ctx.get() ), SSL_free ); + std::shared_ptr bio( BIO_new( BIO_f_ssl() ), BIO_free ); + SSL_set_connect_state( ssl.get() ); + SSL_set_bio( ssl.get(), target.get(), target.get() ); + BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE ); + std::shared_ptr conn( new OpensslBIOWrapper( bio ) ); + + RecordHeader head; + head.flags = 0; + head.sessid = 13; + + std::string payload = ca->name + std::string( "\0", 1 ) + serial; + send( conn, head, RecordHeader::SignerCommand::REVOKE, payload ); + + std::vector buffer( 2048 * 4 ); + int length = conn->read( buffer.data(), buffer.size() ); + + if( length <= 0 ) { + std::cout << "Error, no response data" << std::endl; + return std::shared_ptr(); + } + + payload = parseCommand( head, std::string( buffer.data(), length ), log ); + + switch( ( RecordHeader::SignerResult ) head.command ) { + case RecordHeader::SignerResult::REVOKED: + std::cout << "CRL: " << std::endl << payload << std::endl; + break; + + default: + throw "Invalid response command."; + } + + if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice + std::cout << "SSL shutdown failed" << std::endl; + } + + return std::shared_ptr(); +} + void RemoteSigner::setLog( std::shared_ptr target ) { this->log = target; }