From: Lucas Werkmeister Date: Tue, 18 Apr 2017 20:19:20 +0000 (+0200) Subject: Merge "upd: improve format script" X-Git-Url: https://code.wpia.club/?a=commitdiff_plain;h=fc948d298f3cf27a5b8f73b2a8d6251ccf6c99d2;hp=27762923761fa360343dc87784eb9748de1fcac5;p=cassiopeia.git Merge "upd: improve format script" --- diff --git a/Makefile b/Makefile index 74caedf..7e9ba65 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ CXX_DEP=g++ LD=libtool --mode=link g++ ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS))) -CFLAGS+=-DNO_DAEMON -g +CFLAGS+=-DNO_DAEMON -g -Og endif ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 @@ -93,7 +93,7 @@ endif install: build ${INSTALL_PROGRAM} bin/cassiopeia ${DESTDIR}/usr/bin/cassiopeia ${INSTALL_PROGRAM} bin/cassiopeia-signer ${DESTDIR}/usr/bin/cassiopeia-signer - ${INSTALL_DIR} ${DESTDIR}/etc/cacert/cassiopeia + ${INSTALL_DIR} ${DESTDIR}/etc/wpia/cassiopeia .PHONY: libs libs: ${LIBS} diff --git a/README.md b/README.md index 54a8404..502c008 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ Cassiopeia ================= -Signing Module for CAcert +Signing Module for WPIA diff --git a/debian/.gitignore b/debian/.gitignore index 611a639..b681343 100644 --- a/debian/.gitignore +++ b/debian/.gitignore @@ -1,6 +1,6 @@ /files -/cacert-cassiopeia -/cacert-cassiopeia-doc -/cacert-cassiopeia-signer +/wpia-cassiopeia +/wpia-cassiopeia-doc +/wpia-cassiopeia-signer /*.substvars /*.debhelper diff --git a/debian/README b/debian/README index 37f9c0e..5dc8805 100644 --- a/debian/README +++ b/debian/README @@ -3,4 +3,4 @@ The Debian Package cassiopeia Comments regarding the Package - -- CAcert Software Team Tue, 04 Feb 2014 23:42:00 +0100 + -- WPIA Software Team Tue, 04 Feb 2014 23:42:00 +0100 diff --git a/debian/cacert-cassiopeia.install b/debian/cacert-cassiopeia.install deleted file mode 100644 index 63e3122..0000000 --- a/debian/cacert-cassiopeia.install +++ /dev/null @@ -1,2 +0,0 @@ -/usr/bin/cassiopeia -/etc/cacert/cassiopeia diff --git a/debian/cassiopeia.1 b/debian/cassiopeia.1 index 2d7465e..eef8aa4 100644 --- a/debian/cassiopeia.1 +++ b/debian/cassiopeia.1 @@ -1,15 +1,15 @@ .\" Hey, EMACS: -*- nroff -*- -.\" (C) Copyright 2014 CAcert Software Team , +.\" (C) Copyright 2014-2017 WPIA Software Team , .\" .TH cassiopeia 1 "November 2, 2014" .SH NAME -cassiopeia \- the CAcert.org signing software +cassiopeia \- the WPIA signing software .SH SYNOPSIS .B cassiopeia .RI [options] .SH DESCRIPTION .B cassiopeia -is the signing software that will be used to operate the CAcert.org system. +is the signing software that will be used to operate the WPIA system. .SH OPTIONS .TP .B --once diff --git a/debian/changelog b/debian/changelog index 7f636b6..e2ccd65 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,5 @@ -cacert-cassiopeia (0.1) unstable; urgency=low +wpia-cassiopeia (0.1) unstable; urgency=low * Initial Release. - -- CAcert Software Team Tue, 04 Feb 2014 23:42:00 +0100 + -- WPIA Software Team Tue, 04 Feb 2014 23:42:00 +0100 diff --git a/debian/control b/debian/control index f8fb972..7a7aaf0 100644 --- a/debian/control +++ b/debian/control @@ -1,29 +1,29 @@ -Source: cacert-cassiopeia +Source: wpia-cassiopeia Section: utils Priority: extra -Maintainer: CAcert Software Team +Maintainer: WPIA Software Team Build-Depends: debhelper (>= 8.0.0), libtool, libpqxx-dev, libboost-test-dev Standards-Version: 3.9.4 -Homepage: https://cacert.org/ +Homepage: https://wpia.club #Vcs-Git: git://git.debian.org/collab-maint/cassiopeia.git #Vcs-Browser: http://git.debian.org/?p=collab-maint/cassiopeia.git;a=summary -Package: cacert-cassiopeia +Package: wpia-cassiopeia Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} -Description: CAcert Certificate Signing Software +Description: WPIA Certificate Signing Software This package provides the necessary tools to run a - certificate signing instance on https://cacert.org + certificate signing instance -Package: cacert-cassiopeia-signer +Package: wpia-cassiopeia-signer Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} -Description: CAcert Certificate Signing Software +Description: WPIA Certificate Signing Software This package provides the signer-side part of the - CAcert signing software. + WPIA signing software. -Package: cacert-cassiopeia-doc +Package: wpia-cassiopeia-doc Architecture: all -Description: Documentation for the CAcert Certificate Signing Software +Description: Documentation for the WPIA Certificate Signing Software This package provides the necessary tools to run a - certificate signing instance on https://cacert.org + certificate signing instance diff --git a/debian/copyright b/debian/copyright index 31b5a0f..c3c64f4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,13 +1,13 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: cassiopeia -Source: +Source: Files: * -Copyright: 2014 CAcert Software Team +Copyright: 2014-2017 WPIA Software Team License: GPL-2.0+ Files: debian/* -Copyright: 2014 CAcert Software Team +Copyright: 2014-2017 WPIA Software Team License: GPL-2.0+ License: GPL-2.0+ diff --git a/debian/cacert-cassiopeia-doc.docs b/debian/wpia-cassiopeia-doc.docs similarity index 100% rename from debian/cacert-cassiopeia-doc.docs rename to debian/wpia-cassiopeia-doc.docs diff --git a/debian/cacert-cassiopeia-doc.install b/debian/wpia-cassiopeia-doc.install similarity index 100% rename from debian/cacert-cassiopeia-doc.install rename to debian/wpia-cassiopeia-doc.install diff --git a/debian/cacert-cassiopeia-signer.install b/debian/wpia-cassiopeia-signer.install similarity index 54% rename from debian/cacert-cassiopeia-signer.install rename to debian/wpia-cassiopeia-signer.install index 655c6e6..ea5f6d0 100644 --- a/debian/cacert-cassiopeia-signer.install +++ b/debian/wpia-cassiopeia-signer.install @@ -1,3 +1,3 @@ /usr/bin/cassiopeia-signer -/etc/cacert/cassiopeia +/etc/wpia/cassiopeia diff --git a/debian/cacert-cassiopeia.default b/debian/wpia-cassiopeia.default similarity index 100% rename from debian/cacert-cassiopeia.default rename to debian/wpia-cassiopeia.default diff --git a/debian/cacert-cassiopeia.init b/debian/wpia-cassiopeia.init similarity index 95% rename from debian/cacert-cassiopeia.init rename to debian/wpia-cassiopeia.init index b9b7eba..8edc245 100644 --- a/debian/cacert-cassiopeia.init +++ b/debian/wpia-cassiopeia.init @@ -11,19 +11,19 @@ # <...> ### END INIT INFO -# Author: CAcert Software Team +# Author: WPIA Software Team # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="cacert's signer software" -NAME=cacert-cassiopeia +DESC="wpia's signer software" +NAME=wpia-cassiopeia DAEMON=/usr/bin/cassiopeia DAEMON_ARGS= PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME -DIR=/var/lib/cacert-gigi +DIR=/var/lib/wpia-gigi # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 @@ -48,7 +48,7 @@ fi # do_start() { - if [ ! -f /etc/cacert/cassiopeia/cassiopeia.conf ]; then + if [ ! -f /etc/wpia/cassiopeia/cassiopeia.conf ]; then echo Missing cassiopeia-configfile exit 2 fi @@ -59,7 +59,7 @@ do_start() start-stop-daemon -b --start --quiet --pidfile $PIDFILE -d $DIR --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon -b --start --quiet --pidfile $PIDFILE --make-pidfile -d $DIR -c nobody --exec $DAEMON --no-close -- \ - >> /var/log/cacert-cassiopeia.log 2>&1 \ + >> /var/log/wpia-cassiopeia.log 2>&1 \ || return 2 # The above code will not work for interpreted scripts, use the next # six lines below instead (Ref: #643337, start-stop-daemon(8) ) diff --git a/debian/wpia-cassiopeia.install b/debian/wpia-cassiopeia.install new file mode 100644 index 0000000..c26fe8f --- /dev/null +++ b/debian/wpia-cassiopeia.install @@ -0,0 +1,2 @@ +/usr/bin/cassiopeia +/etc/wpia/cassiopeia diff --git a/debian/cacert-cassiopeia.manpages b/debian/wpia-cassiopeia.manpages similarity index 100% rename from debian/cacert-cassiopeia.manpages rename to debian/wpia-cassiopeia.manpages diff --git a/docs/BuildInstructions.md b/docs/BuildInstructions.md new file mode 100644 index 0000000..191d517 --- /dev/null +++ b/docs/BuildInstructions.md @@ -0,0 +1,20 @@ +Requirements for building of cassiopeia +================= + +Operation System Debian 9.0 (Stretch) + +Install the following packages: + + apt-get install wget curl debhelper fakeroot build-essential libboost-test-dev libtool-bin libpqxx-dev libasan3 + +Clone the repository: + + git clone https://code.wpia.club/cassiopeia.git + +Generate the changelog file for the Debian packages: + + cassiopeia/scripts/genchangelog.sh + +Compile the source code and build the Debian packages: + + cd cassiopeia && dpkg-buildpackage -b -us -uc diff --git a/lib/Makefile b/lib/Makefile index 880f2bb..5db2f54 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -12,7 +12,7 @@ collisiondetect/libdetectcoll.la: ${LIB_COLL_FILES} # echo $^ openssl/libcrypto.a: ${LIB_SSL_FILES} - cd ${LIB_SSL} && ( [ -f Makefile ] || ./config -DPURIFY ) + cd ${LIB_SSL} && ( [ -f Makefile ] || ./config -DPURIFY no-md2 no-md4 no-rc4 no-ssl3 no-weak-ssl-ciphers no-unit-test ) ${MAKE} -C ${LIB_SSL} depend ${MAKE} -C ${LIB_SSL} ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) diff --git a/scripts/genchangelog.sh b/scripts/genchangelog.sh index 01ab165..df7c8f4 100755 --- a/scripts/genchangelog.sh +++ b/scripts/genchangelog.sh @@ -1,8 +1,8 @@ cd "$(dirname $0)" cat > ../debian/changelog < $(LANG=C date "+%a, %d %b %Y %H:%M:%S %z") + -- WPIA Software Team $(LANG=C date "+%a, %d %b %Y %H:%M:%S %z") EOF diff --git a/src/apps/client.cpp b/src/apps/client.cpp index 2a7dc72..8744743 100644 --- a/src/apps/client.cpp +++ b/src/apps/client.cpp @@ -66,7 +66,7 @@ int main( int argc, const char* argv[] ) { std::string path; #ifdef NDEBUG - path = "/etc/cacert/cassiopeia/cassiopeia.conf"; + path = "/etc/wpia/cassiopeia/cassiopeia.conf"; #else path = "config.txt"; #endif diff --git a/src/apps/signer.cpp b/src/apps/signer.cpp index 26909bd..1db3e14 100644 --- a/src/apps/signer.cpp +++ b/src/apps/signer.cpp @@ -30,7 +30,7 @@ int main( int argc, const char* argv[] ) try { std::string path; #ifdef NDEBUG - path = "/etc/cacert/cassiopeia/cassiopeia.conf"; + path = "/etc/wpia/cassiopeia/cassiopeia.conf"; #else path = "config.txt"; #endif diff --git a/src/crypto/CRL.cpp b/src/crypto/CRL.cpp index d48bc89..01f8af5 100644 --- a/src/crypto/CRL.cpp +++ b/src/crypto/CRL.cpp @@ -58,6 +58,10 @@ std::string CRL::revoke( std::string serial, std::string time ) { } void CRL::sign( std::shared_ptr ca ) { + if(!ca->caKey){ + throw new std::invalid_argument("Cannot sign CRL with CA " + ca->name + " because it has no private key."); + } + // Updating necessary CRL props std::shared_ptr tmptm( ASN1_TIME_new(), ASN1_TIME_free ); diff --git a/src/crypto/X509.cpp b/src/crypto/X509.cpp index 37bb900..f9dbc7a 100644 --- a/src/crypto/X509.cpp +++ b/src/crypto/X509.cpp @@ -237,9 +237,11 @@ std::shared_ptr X509Cert::sign( std::shared_ptr caK } else if( signAlg == "sha256" ) { md = EVP_sha256(); } else if( signAlg == "sha1" ) { - md = EVP_sha1(); + throw std::runtime_error("Refusing to sign with weak signature algorithm (SHA-1)."); + } else if( signAlg == "md5" ) { + throw std::runtime_error("Refusing to sign with weak signature algorithm (MD5)."); } else { - throw std::runtime_error("Unknown md-type"); + throw std::runtime_error("Unknown signature algorithm"); } if( !X509_sign( target.get(), caKey.get(), md ) ) { diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp index cad772c..6987d2c 100644 --- a/src/crypto/simpleOpensslSigner.cpp +++ b/src/crypto/simpleOpensslSigner.cpp @@ -86,6 +86,9 @@ std::shared_ptr SimpleOpensslSigner::sign( std::shared_ptrcaKey){ + throw std::runtime_error("Cannot sign certificate with CA " + ca->name + " because it has no private key."); + } logger::note( "FINE: Key for Signing CA is correctly loaded." ); diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp index 7a0c639..d7fddfe 100644 --- a/src/crypto/sslUtil.cpp +++ b/src/crypto/sslUtil.cpp @@ -192,10 +192,15 @@ extern std::string crtPrefix; CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) { ca = loadX509FromFile( path + "/ca.crt" ); + if (!ca) { + throw new std::invalid_argument("ca name: " + name + " contains unreadable certificate."); + } + caKey = loadPkeyFromFile( path + "/ca.key" ); - ASN1_TIME* tm = X509_get_notBefore( ca.get() ); - auto ca0 = ca; - notBefore = std::shared_ptr( tm, [ca0](auto p){(void)p;} ); + + ASN1_TIME* tm = X509_get_notBefore( ca.get() ); // tm MUST NOT be free'd; duplicate for owning copy. + notBefore = std::shared_ptr( ASN1_STRING_dup(tm), ASN1_TIME_free ); + std::size_t pos = name.find("_"); if (pos == std::string::npos) { throw new std::invalid_argument("ca name: " + name + " is malformed."); @@ -204,6 +209,7 @@ CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name if (pos2 == std::string::npos) { throw new std::invalid_argument("ca name: " + name + " is malformed."); } + crlURL = crlPrefix + "/g2/" + name.substr(pos+1, pos2-pos - 1) + "/" + name.substr(0,pos) + "-" + name.substr(pos2+1) + ".crl"; crtURL = crtPrefix + "/g2/" + name.substr(pos+1, pos2-pos - 1) + "/" + name.substr(0,pos) + "-" + name.substr(pos2+1) + ".crt"; } diff --git a/test/Makefile b/test/Makefile index 3e55b13..756e9a2 100644 --- a/test/Makefile +++ b/test/Makefile @@ -16,7 +16,7 @@ CXX_DEP=g++ LD=libtool --mode=link g++ ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS))) -CFLAGS+=-DNO_DAEMON -g +CFLAGS+=-DNO_DAEMON -g -Og endif CFLAGS+=${ADDFLAGS} -Wall -Werror -Wextra -pedantic -std=c++11 -I../src -I../lib/openssl/include