fix: mark failed OCSP signature attempts to prevent re-signing

Change-Id: I62cb3d5906722a00442725c0a8f7dd66027f6606

diff --git a/src/apps/client.cpp b/src/apps/client.cpp
index 32ecc1f1f93a936dbdc0143f6cd4baac086af4ae..aa0e06c2a882e8b1f14d61d4677c9f36932f7e9e 100644 (file)
--- a/src/apps/client.cpp
+++ b/src/apps/client.cpp
@@ -59,7 +59,7 @@ bool pathExists( const std::string& name ) {
     return stat( name.c_str(), &buffer ) == 0;
 }
 
-void signOCSP( std::shared_ptr<Signer> sign, std::string profileName, std::string req, std::string crtName ) {
+void signOCSP( std::shared_ptr<Signer> sign, std::string profileName, std::string req, std::string crtName, std::string failName ) {
     auto cert = std::make_shared<TBSCertificate>();
     cert->ocspCA = profileName;
     cert->wishFrom = "now";
@@ -78,6 +78,7 @@ void signOCSP( std::shared_ptr<Signer> sign, std::string profileName, std::strin
     std::shared_ptr<SignedCertificate> res = sign->sign( cert );
 
     if( !res ) {
+        writeFile( failName, "failed" );
         logger::error( "OCSP Cert signing failed." );
         return;
     }
@@ -118,6 +119,12 @@ void checkOCSP( std::shared_ptr<Signer> sign ) {
             continue;
         }
 
+        std::string failName = "ca/" + profileName + "/ocsp.fail";
+
+        if( pathExists( failName ) ) {
+            continue;
+        }
+
         logger::notef( "Discovered OCSP CSR that needs action: %s", csr );
         std::string req = readFile( csr );
         std::shared_ptr<X509Req> parsed = X509Req::parseCSR( req );
@@ -127,7 +134,7 @@ void checkOCSP( std::shared_ptr<Signer> sign ) {
             continue;
         }
 
-        signOCSP( sign, profileName, req, crtName );
+        signOCSP( sign, profileName, req, crtName, failName );
     }
 }