From 0a2b926f675f3aeb9aba18d0598eebb06e8691f7 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sat, 10 Jan 2015 01:05:50 +0100
Subject: [PATCH] add: write back revocation dates

---
 src/apps/client.cpp         | 13 ++++++++++++-
 src/crypto/remoteSigner.cpp |  6 ++++--
 src/db/database.h           |  1 +
 src/db/mysql.cpp            |  6 ++++++
 src/db/mysql.h              |  1 +
 5 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/apps/client.cpp b/src/apps/client.cpp
index 1793de0..4ffc526 100644
--- a/src/apps/client.cpp
+++ b/src/apps/client.cpp
@@ -150,7 +150,18 @@ int main( int argc, const char* argv[] ) {
 
             try {
                 auto data = jp->getRevocationInfo( job );
-                sign->revoke( CAs.at( data.second ), data.first );
+                std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), data.first );
+                std::string date = rev.second;
+                const unsigned char* pos = ( const unsigned char* ) date.data();
+                std::shared_ptr<ASN1_TIME> time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free );
+                std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
+                std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
+
+                if( strdate[strdate.size() - 1] != 'Z' ) {
+                    throw "Got invalid date?";
+                }
+
+                jp->writeBackRevocation( job, strdate.substr( 0, strdate.size() - 1 ) );
                 jp->finishJob( job );
             } catch( const char* c ) {
                 std::cout << "Exception: " << c << std::endl;
diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp
index 6073986..6259710 100644
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -172,6 +172,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
     payload = parseCommand( head, std::string( buffer.data(), length ), log );
 
     std::shared_ptr<CRL> crl( new CRL( ca->path + std::string( "/ca.crl" ) ) );
+    std::string date;
 
     switch( ( RecordHeader::SignerResult ) head.command ) {
     case RecordHeader::SignerResult::REVOKED: {
@@ -179,8 +180,9 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
         const unsigned char* pos = buffer2;
         ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
         ASN1_TIME_free( time );
+        date = payload.substr( 0, pos - buffer2 );
         std::string rest = payload.substr( pos - buffer2 );
-        crl->revoke( serial, payload.substr( 0, pos - buffer2 ) );
+        crl->revoke( serial, date );
         crl->setSignature( rest );
         bool ok = crl->verify( ca );
 
@@ -223,7 +225,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
         std::cout << "SSL shutdown failed" << std::endl;
     }
 
-    return std::pair<std::shared_ptr<CRL>, std::string>( std::shared_ptr<CRL>(), "" );
+    return std::pair<std::shared_ptr<CRL>, std::string>( crl, date );
 }
 
 void RemoteSigner::setLog( std::shared_ptr<std::ostream> target ) {
diff --git a/src/db/database.h b/src/db/database.h
index b67ce66..77db633 100644
--- a/src/db/database.h
+++ b/src/db/database.h
@@ -57,4 +57,5 @@ public:
     virtual std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job ) = 0;
     virtual void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) = 0;
     virtual std::pair<std::string, std::string> getRevocationInfo( std::shared_ptr<Job> job ) = 0;
+    virtual void writeBackRevocation( std::shared_ptr<Job> job, std::string date ) = 0;
 };
diff --git a/src/db/mysql.cpp b/src/db/mysql.cpp
index 7bb93d0..35bd507 100644
--- a/src/db/mysql.cpp
+++ b/src/db/mysql.cpp
@@ -347,3 +347,9 @@ std::pair<std::string, std::string> MySQLJobProvider::getRevocationInfo( std::sh
 
     return std::pair<std::string, std::string>( std::string( row[0], row[0] + l[0] ), std::string( row[1], row[1] + l[1] ) );
 }
+
+void MySQLJobProvider::writeBackRevocation( std::shared_ptr<Job> job, std::string date ) {
+    if( query( "UPDATE certs SET revoked = '" + this->escape_string( date ) + "' WHERE id = '" + this->escape_string( job->target ) + "'" ).first ) {
+        throw "Error while writing back revocation";
+    }
+}
diff --git a/src/db/mysql.h b/src/db/mysql.h
index 9096fe5..a6b6a36 100644
--- a/src/db/mysql.h
+++ b/src/db/mysql.h
@@ -36,4 +36,5 @@ public:
     std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job );
     void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res );
     std::pair<std::string, std::string> getRevocationInfo( std::shared_ptr<Job> job );
+    void writeBackRevocation( std::shared_ptr<Job> job, std::string date );
 };
-- 
2.39.2