add: write back revocation dates

author Felix Dörre <felix@dogcraft.de>

Sat, 10 Jan 2015 00:05:50 +0000 (01:05 +0100)

committer Benny Baumann <BenBE@geshi.org>

Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
author Felix Dörre <felix@dogcraft.de>
Sat, 10 Jan 2015 00:05:50 +0000 (01:05 +0100)
committer Benny Baumann <BenBE@geshi.org>
Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
diff --git a/src/apps/client.cpp b/src/apps/client.cpp

index 1793de0027177b6a79e84598d88e92b4a24f02fa..4ffc526cf44d33cf04b17c6bdce73ecec153cf6f 100644 (file)
--- a/src/apps/client.cpp
+++ b/src/apps/client.cpp
@@ -150,7 +150,18 @@ int main( int argc, const char* argv[] ) {
  
              try {
                  auto data = jp->getRevocationInfo( job );
-                sign->revoke( CAs.at( data.second ), data.first );
+                std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), data.first );
+                std::string date = rev.second;
+                const unsigned char* pos = ( const unsigned char* ) date.data();
+                std::shared_ptr<ASN1_TIME> time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free );
+                std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
+                std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
+
+                if( strdate[strdate.size() - 1] != 'Z' ) {
+                    throw "Got invalid date?";
+                }
+
+                jp->writeBackRevocation( job, strdate.substr( 0, strdate.size() - 1 ) );
                  jp->finishJob( job );
              } catch( const char* c ) {
                  std::cout << "Exception: " << c << std::endl;
diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp

index 60739866d56364fdfe4e8d6591aa641ea05c7181..6259710f8868773a9d037d5fb6a8e163df1bb0ae 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -172,6 +172,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
      payload = parseCommand( head, std::string( buffer.data(), length ), log );
  
      std::shared_ptr<CRL> crl( new CRL( ca->path + std::string( "/ca.crl" ) ) );
+    std::string date;
  
      switch( ( RecordHeader::SignerResult ) head.command ) {
      case RecordHeader::SignerResult::REVOKED: {
@@ -179,8 +180,9 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
          const unsigned char* pos = buffer2;
          ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
          ASN1_TIME_free( time );
+        date = payload.substr( 0, pos - buffer2 );
          std::string rest = payload.substr( pos - buffer2 );
-        crl->revoke( serial, payload.substr( 0, pos - buffer2 ) );
+        crl->revoke( serial, date );
          crl->setSignature( rest );
          bool ok = crl->verify( ca );
  
@@ -223,7 +225,7 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
          std::cout << "SSL shutdown failed" << std::endl;
      }
  
-    return std::pair<std::shared_ptr<CRL>, std::string>( std::shared_ptr<CRL>(), "" );
+    return std::pair<std::shared_ptr<CRL>, std::string>( crl, date );
  }
  
  void RemoteSigner::setLog( std::shared_ptr<std::ostream> target ) {
diff --git a/src/db/database.h b/src/db/database.h

index b67ce665107d3b2aa11107a734aa29a7f10320a5..77db633aa636de0658a5173397145f370e8b8fff 100644 (file)
--- a/src/db/database.h
+++ b/src/db/database.h
@@ -57,4 +57,5 @@ public:
      virtual std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job ) = 0;
      virtual void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res ) = 0;
      virtual std::pair<std::string, std::string> getRevocationInfo( std::shared_ptr<Job> job ) = 0;
+    virtual void writeBackRevocation( std::shared_ptr<Job> job, std::string date ) = 0;
  };
diff --git a/src/db/mysql.cpp b/src/db/mysql.cpp

index 7bb93d01746891b75ce815830f28de16ab3c4526..35bd507efd48979544b5b08b038aee8344342839 100644 (file)
--- a/src/db/mysql.cpp
+++ b/src/db/mysql.cpp
@@ -347,3 +347,9 @@ std::pair<std::string, std::string> MySQLJobProvider::getRevocationInfo( std::sh
  
      return std::pair<std::string, std::string>( std::string( row[0], row[0] + l[0] ), std::string( row[1], row[1] + l[1] ) );
  }
+
+void MySQLJobProvider::writeBackRevocation( std::shared_ptr<Job> job, std::string date ) {
+    if( query( "UPDATE certs SET revoked = '" + this->escape_string( date ) + "' WHERE id = '" + this->escape_string( job->target ) + "'" ).first ) {
+        throw "Error while writing back revocation";
+    }
+}
diff --git a/src/db/mysql.h b/src/db/mysql.h

index 9096fe5fac04dff08d57a93760b218bca5cdc89e..a6b6a363c948e7cb70f69c363109c1bf978f6b52 100644 (file)
--- a/src/db/mysql.h
+++ b/src/db/mysql.h
@@ -36,4 +36,5 @@ public:
      std::shared_ptr<TBSCertificate> fetchTBSCert( std::shared_ptr<Job> job );
      void writeBack( std::shared_ptr<Job> job, std::shared_ptr<SignedCertificate> res );
      std::pair<std::string, std::string> getRevocationInfo( std::shared_ptr<Job> job );
+    void writeBackRevocation( std::shared_ptr<Job> job, std::string date );
  };
author	Felix Dörre <felix@dogcraft.de>
	Sat, 10 Jan 2015 00:05:50 +0000 (01:05 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
src/apps/client.cpp		patch \| blob \| history
src/crypto/remoteSigner.cpp		patch \| blob \| history
src/db/database.h		patch \| blob \| history
src/db/mysql.cpp		patch \| blob \| history
src/db/mysql.h		patch \| blob \| history