From: Felix Dörre <felix@dogcraft.de>
Date: Sun, 2 Nov 2014 00:42:59 +0000 (+0100)
Subject: add: Aim for initial interoperatibility with Gigi
X-Git-Url: https://code.wpia.club/?a=commitdiff_plain;h=aef2ba57f652658f3bebfa24e706c0083a56e6bf;p=cassiopeia.git

add: Aim for initial interoperatibility with Gigi
---

diff --git a/src/X509.cpp b/src/X509.cpp
index 5d38e3c..0278fb9 100644
--- a/src/X509.cpp
+++ b/src/X509.cpp
@@ -92,7 +92,7 @@ void X509Cert::setSerialNumber( int num ) {
     ASN1_INTEGER_set( target.get()->cert_info->serialNumber, num );
 }
 
-void X509Cert::setTimes( long before, long after ) {
+void X509Cert::setTimes( uint32_t before, uint32_t after ) {
     X509_gmtime_adj( X509_get_notBefore( target.get() ), before );
     X509_gmtime_adj( X509_get_notAfter( target.get() ), after );
 }
@@ -172,17 +172,19 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
     X509_EXTENSION_free( ext );
 }
 
-std::string X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey ) {
+std::shared_ptr<SignedCertificate> X509Cert::sign( std::shared_ptr<EVP_PKEY> caKey ) {
     if( !X509_sign( target.get(), caKey.get(), EVP_sha512() ) ) {
         throw "Signing failed.";
     }
 
-    X509_print_fp( stdout, target.get() );
+    //X509_print_fp( stdout, target.get() );
 
     std::shared_ptr<BIO> mem = std::shared_ptr<BIO>( BIO_new( BIO_s_mem() ), BIO_free );
     PEM_write_bio_X509( mem.get(), target.get() );
     BUF_MEM* buf;
     BIO_get_mem_ptr( mem.get(), &buf );
-    std::string output( buf->data, buf->data + buf->length );
-    return output;
+    std::shared_ptr<SignedCertificate> res = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
+    res->certificate = std::string( buf->data, buf->data + buf->length );
+    res->serial = ASN1_INTEGER_get( target.get()->cert_info->serialNumber );
+    return res;
 }
diff --git a/src/X509.h b/src/X509.h
index 6616580..db82daf 100644
--- a/src/X509.h
+++ b/src/X509.h
@@ -27,6 +27,6 @@ public:
     void setPubkeyFrom( std::shared_ptr<X509Req> r );
     void setSerialNumber( int num );
     void setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans );
-    void setTimes( long before, long after );
-    std::string sign( std::shared_ptr<EVP_PKEY> caKey );
+    void setTimes( uint32_t before, uint32_t after );
+    std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey );
 };
diff --git a/src/database.h b/src/database.h
index a80b73e..e3a9516 100644
--- a/src/database.h
+++ b/src/database.h
@@ -28,9 +28,20 @@ struct TBSCertificate {
     std::vector<std::shared_ptr<SAN>> SANs;
 };
 
+struct SignedCertificate {
+    std::string certificate;
+    uint32_t serial;
+    uint32_t before;
+    uint32_t after;
+    std::string pkHash;
+    std::string certHash;
+    std::string crt_name;
+};
+
 class JobProvider {
 public:
     virtual std::shared_ptr<Job> fetchJob() = 0;
     virtual bool finishJob( std::shared_ptr<Job> job ) = 0;
     virtual std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job ) = 0;
+    virtual void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) = 0;
 };
diff --git a/src/main.cpp b/src/main.cpp
index 2d42e84..49baf97 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -16,6 +16,8 @@
     with this program; if not, write to the Free Software Foundation, Inc.,
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
+#include <sys/stat.h>
+
 #include <iostream>
 #include <fstream>
 #include <streambuf>
@@ -24,6 +26,21 @@
 #include "mysql.h"
 #include "simpleOpensslSigner.h"
 
+std::string writeBackFile( uint32_t serial, std::string cert ) {
+    std::string filename = "keys";
+    mkdir( filename.c_str(), 0755 );
+    filename += "/crt";
+    mkdir( filename.c_str(), 0755 );
+    filename += "/" + std::to_string( serial / 1000 );
+    mkdir( filename.c_str(), 0755 );
+    filename += "/" + std::to_string( serial ) + ".crt";
+    std::ofstream file;
+    file.open( filename.c_str() );
+    file << cert.c_str();
+    file.close();
+    return filename;
+}
+
 int main( int argc, const char* argv[] ) {
     if( argc < 2 ) {
         std::cout << argv[0] << " password" << std::endl;
@@ -51,7 +68,11 @@ int main( int argc, const char* argv[] ) {
             std::cout << "Found a CSR at '" << cert->csr << "' signing" << std::endl;
             std::ifstream t( cert->csr );
             cert->csr_content = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
-            sign->sign( cert );
+
+            std::shared_ptr<SignedCertificate> res = sign->sign( cert );
+            std::string fn = writeBackFile( res->serial, res->certificate );
+            res->crt_name = fn;
+            jp->writeBack( job, res );
         } catch( const char* c ) {
             std::cerr << c << std::endl;
             return 2;
diff --git a/src/mysql.cpp b/src/mysql.cpp
index 66c2442..67fc49e 100644
--- a/src/mysql.cpp
+++ b/src/mysql.cpp
@@ -155,7 +155,7 @@ std::shared_ptr<Job> MySQLJobProvider::fetchJob() {
     return job;
 }
 
-std::string MySQLJobProvider::escape_string( const std::string & target ) {
+std::string MySQLJobProvider::escape_string( const std::string& target ) {
     if( !conn ) {
         throw "Not connected!";
     }
@@ -243,3 +243,17 @@ std::shared_ptr<TBSCertificate> MySQLJobProvider::fetchTBSCert( std::shared_ptr<
 
     return cert;
 }
+
+void MySQLJobProvider::writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) {
+    if( !conn ) {
+        throw "Error while writing back";
+    }
+
+    std::string q = "UPDATE certs SET crt_name='" + this->escape_string( res->crt_name ) + "', serial='" + this->escape_string( std::to_string( res->serial ) ) + "' WHERE id='" + this->escape_string( job->id ) + "' LIMIT 1";
+
+    // TODO write more thingies back
+
+    if( query( q ).first ) {
+        throw "Error while writing back";
+    }
+}
diff --git a/src/mysql.h b/src/mysql.h
index 827a10a..d726957 100644
--- a/src/mysql.h
+++ b/src/mysql.h
@@ -33,4 +33,5 @@ public:
     std::shared_ptr<Job> fetchJob();
     bool finishJob( std::shared_ptr<Job> job );
     std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job );
+    void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res );
 };
diff --git a/src/signer.h b/src/signer.h
index f36cf48..feef5da 100644
--- a/src/signer.h
+++ b/src/signer.h
@@ -6,5 +6,5 @@
 
 class Signer {
 public:
-    virtual void sign( std::shared_ptr<TBSCertificate> cert ) = 0;
+    virtual std::shared_ptr<SignedCertificate> sign( std::shared_ptr<TBSCertificate> cert ) = 0;
 };
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp
index e38aeb1..0118995 100644
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -66,7 +66,7 @@ std::shared_ptr<X509> SimpleOpensslSigner::caCert = loadX509FromFile( "assured.c
 
 std::shared_ptr<EVP_PKEY> SimpleOpensslSigner::caKey = loadPkeyFromFile( "assured.key" );
 
-void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
     if( !caKey ) {
         throw "CA-key not found";
     }
@@ -100,5 +100,7 @@ void SimpleOpensslSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
 
     std::string output = c.sign( caKey );
 
-    std::cout << "Certificate:" << std::endl << output << std::endl;
+    std::shared_ptr<SignedCertificate> output = c.sign( caKey );
+
+    return output;
 }
diff --git a/src/simpleOpensslSigner.h b/src/simpleOpensslSigner.h
index 586e6e2..b2f245f 100644
--- a/src/simpleOpensslSigner.h
+++ b/src/simpleOpensslSigner.h
@@ -10,5 +10,5 @@ private:
     static std::shared_ptr<EVP_PKEY> caKey;
     static std::shared_ptr<X509> caCert;
 public:
-    void sign( std::shared_ptr<TBSCertificate> cert );
+    std::shared_ptr<SignedCertificate> sign( std::shared_ptr<TBSCertificate> cert );
 };