ASN1_INTEGER_set( target.get()->cert_info->serialNumber, num );
}
-void X509Cert::setTimes( long before, long after ) {
+void X509Cert::setTimes( uint32_t before, uint32_t after ) {
X509_gmtime_adj( X509_get_notBefore( target.get() ), before );
X509_gmtime_adj( X509_get_notAfter( target.get() ), after );
}
X509_EXTENSION_free( ext );
}
-std::string X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey ) {
+std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey ) {
if( !X509_sign( target.get(), caKey.get(), EVP_sha512() ) ) {
throw "Signing failed.";
}
- X509_print_fp( stdout, target.get() );
+ //X509_print_fp( stdout, target.get() );
std::shared_ptr<BIO> mem = std::shared_ptr<BIO>( BIO_new( BIO_s_mem() ), BIO_free );
PEM_write_bio_X509( mem.get(), target.get() );
BUF_MEM* buf;
BIO_get_mem_ptr( mem.get(), &buf );
- std::string output( buf->data, buf->data + buf->length );
- return output;
+ std::shared_ptr<SignedCertificate> res = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
+ res->certificate = std::string( buf->data, buf->data + buf->length );
+ res->serial = ASN1_INTEGER_get( target.get()->cert_info->serialNumber );
+ return res;
}
void setPubkeyFrom( std::shared_ptr<X509Req> r );
void setSerialNumber( int num );
void setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans );
- void setTimes( long before, long after );
- std::string sign( std::shared_ptr<EVP_PKEY> caKey );
+ void setTimes( uint32_t before, uint32_t after );
+ std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey );
};
std::vector<std::shared_ptr<SAN>> SANs;
};
+struct SignedCertificate {
+ std::string certificate;
+ uint32_t serial;
+ uint32_t before;
+ uint32_t after;
+ std::string pkHash;
+ std::string certHash;
+ std::string crt_name;
+};
+
class JobProvider {
public:
virtual std::shared_ptr<Job> fetchJob() = 0;
virtual bool finishJob( std::shared_ptr<Job> job ) = 0;
virtual std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job ) = 0;
+ virtual void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) = 0;
};
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include <sys/stat.h>
+
#include <iostream>
#include <fstream>
#include <streambuf>
#include "mysql.h"
#include "simpleOpensslSigner.h"
+std::string writeBackFile( uint32_t serial, std::string cert ) {
+ std::string filename = "keys";
+ mkdir( filename.c_str(), 0755 );
+ filename += "/crt";
+ mkdir( filename.c_str(), 0755 );
+ filename += "/" + std::to_string( serial / 1000 );
+ mkdir( filename.c_str(), 0755 );
+ filename += "/" + std::to_string( serial ) + ".crt";
+ std::ofstream file;
+ file.open( filename.c_str() );
+ file << cert.c_str();
+ file.close();
+ return filename;
+}
+
int main( int argc, const char* argv[] ) {
if( argc < 2 ) {
std::cout << argv[0] << " password" << std::endl;
std::cout << "Found a CSR at '" << cert->csr << "' signing" << std::endl;
std::ifstream t( cert->csr );
cert->csr_content = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
- sign->sign( cert );
+
+ std::shared_ptr<SignedCertificate> res = sign->sign( cert );
+ std::string fn = writeBackFile( res->serial, res->certificate );
+ res->crt_name = fn;
+ jp->writeBack( job, res );
} catch( const char* c ) {
std::cerr << c << std::endl;
return 2;
return job;
}
-std::string MySQLJobProvider::escape_string( const std::string & target ) {
+std::string MySQLJobProvider::escape_string( const std::string& target ) {
if( !conn ) {
throw "Not connected!";
}
return cert;
}
+
+void MySQLJobProvider::writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) {
+ if( !conn ) {
+ throw "Error while writing back";
+ }
+
+ std::string q = "UPDATE certs SET crt_name='" + this->escape_string( res->crt_name ) + "', serial='" + this->escape_string( std::to_string( res->serial ) ) + "' WHERE id='" + this->escape_string( job->id ) + "' LIMIT 1";
+
+ // TODO write more thingies back
+
+ if( query( q ).first ) {
+ throw "Error while writing back";
+ }
+}
std::shared_ptr<Job> fetchJob();
bool finishJob( std::shared_ptr<Job> job );
std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job );
+ void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res );
};
class Signer {
public:
- virtual void sign( std::shared_ptr<TBSCertificate> cert ) = 0;
+ virtual std::shared_ptr<SignedCertificate> sign( std::shared_ptr<TBSCertificate> cert ) = 0;
};
std::shared_ptr<EVP_PKEY> SimpleOpensslSigner::caKey = loadPkeyFromFile( "assured.key" );
-void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
if( !caKey ) {
throw "CA-key not found";
}
std::string output = c.sign( caKey );
- std::cout << "Certificate:" << std::endl << output << std::endl;
+ std::shared_ptr<SignedCertificate> output = c.sign( caKey );
+
+ return output;
}
static std::shared_ptr<EVP_PKEY> caKey;
static std::shared_ptr<X509> caCert;
public:
- void sign( std::shared_ptr<TBSCertificate> cert );
+ std::shared_ptr<SignedCertificate> sign( std::shared_ptr<TBSCertificate> cert );
};