CFLAGS += -O2
endif
-CFLAGS+=${ADDFLAGS} -Wall -Werror -Wextra -pedantic -std=c++11 -Ilib/openssl/include -Isrc
+CFLAGS+=${ADDFLAGS} -Wall -Werror -Wextra -pedantic -std=c++1y -Ilib/openssl/include -Isrc
CXXFLAGS=$(CFLAGS)
LDFLAGS+=${ADDFLAGS} -L/usr/lib/i386-linux-gnu/ -lssl -lcrypto -ldl -Llib/openssl
return -1;
}
- std::shared_ptr<JobProvider> jp( new MySQLJobProvider( sqlHost, sqlUser, sqlPass, sqlDB ) );
+ std::shared_ptr<JobProvider> jp = std::make_shared<MySQLJobProvider>( sqlHost, sqlUser, sqlPass, sqlDB );
std::shared_ptr<BIO> b = openSerial( serialPath );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
- static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( b ) ) );
- std::shared_ptr<RemoteSigner> sign( new RemoteSigner( slip1, generateSSLContext( false ) ) );
+ static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::make_shared<OpensslBIOWrapper>( b ) );
+ auto sign = std::make_shared<RemoteSigner>( slip1, generateSSLContext( false ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
time_t lastCRLCheck = 0;
std::string serialPath;
std::shared_ptr<std::unordered_map<std::string, std::string>> parseConf( std::string path ) {
- std::shared_ptr<std::unordered_map<std::string, std::string>> map( new std::unordered_map<std::string, std::string>() );
+ auto map = std::make_shared<std::unordered_map<std::string, std::string>>();
std::ifstream config;
config.open( path );
}
if( CAs.find( caName ) == CAs.end() ) {
- std::shared_ptr<CAConfig> ca( new CAConfig( caName ) );
+ auto ca = std::make_shared<CAConfig>( caName );
CAs.emplace( caName, ca );
}
throw "Error parsing CSR";
}
- return std::shared_ptr<X509Req>( new X509Req( req ) );
+ return std::shared_ptr<X509Req>( new X509Req( req )); // TODO ask
}
std::shared_ptr<X509Req> X509Req::parseSPKAC( std::string content ) {
BUF_MEM* buf = NULL;
BIO_get_mem_ptr( mem.get(), &buf );
- std::shared_ptr<SignedCertificate> res = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
+ auto res = std::make_shared<SignedCertificate>();
res->certificate = std::string( buf->data, buf->data + buf->length );
std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
}
void RemoteSigner::send( std::shared_ptr<OpensslBIOWrapper> bio, RecordHeader& head, RecordHeader::SignerCommand cmd, std::string data ) {
- head.command = ( uint16_t ) cmd;
+ head.command = static_cast<uint16_t>( cmd );
head.command_count++;
head.totalLength = data.size();
sendCommand( head, data, bio );
SSL_set_connect_state( ssl.get() );
SSL_set_bio( ssl.get(), target.get(), target.get() );
BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE );
- std::shared_ptr<OpensslBIOWrapper> conn( new OpensslBIOWrapper( bio ) );
+ auto conn = std::make_shared<OpensslBIOWrapper>( bio );
RecordHeader head;
head.flags = 0;
head.sessid = 13;
send( conn, head, RecordHeader::SignerCommand::SET_SPKAC, cert->csr_content );
} else {
logger::error( "Unknown csr_type: ", cert->csr_type );
- return std::shared_ptr<SignedCertificate>();
+ return nullptr;
}
send( conn, head, RecordHeader::SignerCommand::SET_SIGNATURE_TYPE, cert->md );
send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom );
send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo );
- for( auto ava : cert->AVAs ) {
+ for( auto &ava : cert->AVAs ) {
if( ava->name.find( "," ) != std::string::npos ) {
// invalid ava
- return std::shared_ptr<SignedCertificate>();
+ return nullptr;
}
send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value );
}
- for( auto san : cert->SANs ) {
+ for( auto &san : cert->SANs ) {
if( san->type.find( "," ) != std::string::npos ) {
// invalid ava
- return std::shared_ptr<SignedCertificate>();
+ return nullptr;
}
send( conn, head, RecordHeader::SignerCommand::ADD_SAN, san->type + "," + san->content );
send( conn, head, RecordHeader::SignerCommand::SIGN, "" );
send( conn, head, RecordHeader::SignerCommand::LOG_SAVED, "" );
- std::shared_ptr<SignedCertificate> result = std::shared_ptr<SignedCertificate>( new SignedCertificate() );
+ auto result = std::make_shared<SignedCertificate>();
std::vector<char> buffer( 2048 * 4 );
for( int i = 0; i < 3; i++ ) {
if( length <= 0 ) {
logger::error( "Error, no response data" );
- result = std::shared_ptr<SignedCertificate>();
+ result = nullptr;
break;
}
RecordHeader head;
std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
- switch( ( RecordHeader::SignerResult ) head.command ) {
+ switch( static_cast<RecordHeader::SignerResult>( head.command )) {
case RecordHeader::SignerResult::CERTIFICATE:
result->certificate = payload;
break;
SSL_set_connect_state( ssl.get() );
SSL_set_bio( ssl.get(), target.get(), target.get() );
BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE );
- std::shared_ptr<OpensslBIOWrapper> conn( new OpensslBIOWrapper( bio ) );
+ auto conn = std::make_shared<OpensslBIOWrapper>( bio );
RecordHeader head;
head.flags = 0;
head.sessid = 13;
- for( std::string serial : serials ) {
+ for( auto &serial : serials ) {
send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial );
}
payload = parseCommand( head, std::string( buffer.data(), length ) );
- std::shared_ptr<CRL> crl( new CRL( ca->path + std::string( "/ca.crl" ) ) );
+ auto crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl" ) );
std::string date;
- if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::REVOKED ) {
+ if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::REVOKED ) {
throw "Protocol violation";
}
- const unsigned char* buffer2 = ( const unsigned char* ) payload.data();
+ const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
const unsigned char* pos = buffer2;
ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
ASN1_TIME_free( time );
date = payload.substr( 0, pos - buffer2 );
std::string rest = payload.substr( pos - buffer2 );
- for( std::string serial : serials ) {
+ for( std::string &serial : serials ) {
crl->revoke( serial, date );
}
payload = parseCommand( head, std::string( buffer.data(), length ) );
- if( ( RecordHeader::SignerResult ) head.command != RecordHeader::SignerResult::FULL_CRL ) {
+ if( static_cast<RecordHeader::SignerResult>( head.command ) != RecordHeader::SignerResult::FULL_CRL ) {
throw "Protocol violation";
}
writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
- crl = std::shared_ptr<CRL>( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) );
+ crl = std::make_shared<CRL>( ca->path + std::string( "/ca.crl.bak" ) );
if( crl->verify( ca ) ) {
writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
logger::warn( "SSL shutdown failed" );
}
- return std::pair<std::shared_ptr<CRL>, std::string>( crl, date );
+ return { crl, date };
}
void RemoteSigner::setLog( std::shared_ptr<std::ostream> target ) {
std::pair<std::shared_ptr<CRL>, std::string> SimpleOpensslSigner::revoke( std::shared_ptr<CAConfig> ca, std::vector<std::string> serials ) {
std::string crlpath = ca->path + "/ca.crl";
- std::shared_ptr<CRL> crl( new CRL( crlpath ) );
+ auto crl = std::make_shared<CRL>( crlpath );
std::string date = "";
for( std::string serial : serials ) {
}
bool CAConfig::crlNeedsResign() {
- std::shared_ptr<CRL> crl( new CRL( path + "/ca.crl" ) );
+ auto crl = std::make_shared<CRL>( path + "/ca.crl" );
return crl->needsResign();
}
job->to = std::string( row[4], row[4] + l[4] );
job->warning = std::string( row[5], row[5] + l[5] );
- logger::note( "Got a job: (id=%s, target=%s, task=%s, from=%s, to=%s, warnings=%s)", job->id, job->target, job->task, job->from, job->to, job->warning );
+ logger::notef( "Got a job: (id=%s, target=%s, task=%s, from=%s, to=%s, warnings=%s)", job->id, job->target, job->task, job->from, job->to, job->warning );
return job;
}
return nullptr;
}
- std::shared_ptr<SAN> nSAN = std::shared_ptr<SAN>( new SAN() );
+ auto nSAN = std::make_shared<SAN>();
nSAN->content = std::string( row[0], row[0] + l[0] );
nSAN->type = std::string( row[1], row[1] + l[1] );
cert->SANs.push_back( nSAN );
return nullptr;
}
- std::shared_ptr<AVA> nAVA = std::shared_ptr<AVA>( new AVA() );
+ auto nAVA = std::make_shared<AVA>();
nAVA->name = std::string( row[0], row[0] + l[0] );
nAVA->value = std::string( row[1], row[1] + l[1] );
cert->AVAs.push_back( nAVA );
class RecordHandlerSession {
public:
- uint32_t sessid;
- uint32_t lastCommandCount;
+ uint32_t sessid = 0;
+ uint32_t lastCommandCount = 0;
std::shared_ptr<TBSCertificate> tbs;
std::shared_ptr<SignedCertificate> result;
DefaultRecordHandler* parent;
std::shared_ptr<Signer> signer;
- std::shared_ptr<std::ofstream> logFile;
+ std::unique_ptr<std::ofstream> logFile;
//std::stringstream sessionlog;
std::vector<std::string> serials;
logger::logger_set logger;
RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, std::shared_ptr<BIO> output ) :
- sessid( 0 ),
- lastCommandCount( 0 ),
- tbs( new TBSCertificate() ),
- logFile(openLogfile( std::string( "logs/log_" ) + std::to_string( [](){
- time_t c_time;
- if( time( &c_time ) == -1 ) {
- throw "Error while fetching time?";
- }
- return c_time;
- }() ) )),
- logger( {
- logger::log_target(std::cout, logger::level::note),
- //logger::log_target(sessionlog, logger::level::note),
- logger::log_target(*logFile, logger::level::note)
- }, logger::auto_register::on) {
+ tbs( std::make_shared<TBSCertificate>() ),
+ logFile(openLogfile( "logs/log_" + timestamp() ) ),
+ logger{ std::cout, *logFile } {
this->parent = parent;
this->signer = signer;
SSL_set_accept_state( ssl.get() );
SSL_set_bio( ssl.get(), output.get(), output.get() );
BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE );
- io = std::shared_ptr<OpensslBIOWrapper>( new OpensslBIOWrapper( bio ) );
+ io = std::make_shared<OpensslBIOWrapper>( bio );
}
void respondCommand( RecordHeader::SignerResult res, std::string payload ) {
RecordHeader rh;
- rh.command = ( uint16_t ) res;
+ rh.command = static_cast<uint16_t>( res );
rh.flags = 0;
rh.command_count = 0; // TODO i++
rh.totalLength = payload.size();
}
void work() {
- std::vector<char> buffer( 2048, 0 );
- int res = io->read( buffer.data(), buffer.capacity() );
+ std::vector<char> buffer( 2048 );
+ int res = io->read( buffer.data(), buffer.size() );
if( res <= 0 ) {
logger::error( "Stream error, resetting SSL" );
throw "Error, chunking not supported yet";
}
- switch( ( RecordHeader::SignerCommand ) head.command ) {
+ switch( static_cast<RecordHeader::SignerCommand>( head.command )) {
case RecordHeader::SignerCommand::SET_CSR:
tbs->csr_content = data;
tbs->csr_type = "CSR";
if( pos == std::string::npos ) {
// error
} else {
- std::shared_ptr<SAN> san( new SAN() );
+ auto san = std::make_shared<SAN>();
san->type = data.substr( 0, pos );
san->content = data.substr( pos + 1 );
tbs->SANs.push_back( san );
if( pos == std::string::npos ) {
// error
} else {
- std::shared_ptr<AVA> ava( new AVA() );
+ auto ava = std::make_shared<AVA>();
ava->name = data.substr( 0, pos );
ava->value = data.substr( pos + 1 );
tbs->AVAs.push_back( ava );
logger::note( "CA found in recordHandler" );
std::shared_ptr<CRL> crl;
std::string date;
- std::tie<std::shared_ptr<CRL>, std::string>( crl, date ) = signer->revoke( reqCA, serials );
+ std::tie( crl, date ) = signer->revoke( reqCA, serials );
respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() );
}
void DefaultRecordHandler::handle() {
if( !currentSession ) {
logger::note( "New session allocated." );
- currentSession = std::shared_ptr<RecordHandlerSession>( new RecordHandlerSession( this, signer, ctx, bio ) );
+ currentSession = std::make_shared<RecordHandlerSession>( this, signer, ctx, bio );
}
currentSession->work();
#include "log/logger.hpp"
-#define BUFFER_SIZE 8192
+static constexpr std::size_t buffer_size = 8192;
#define SLIP_ESCAPE_CHAR ( (char) 0xDB)
#define SLIP_PACKET ( (char) 0xC0)
return data;
}
-SlipBIO::SlipBIO() : buffer( std::vector<char>( BUFFER_SIZE ) ), decodeTarget( 0 ), decodePos( 0 ), rawPos( 0 ), failed( false ) {
+SlipBIO::SlipBIO() : buffer( std::vector<char>( buffer_size ) ), decodeTarget( 0 ), decodePos( 0 ), rawPos( 0 ), failed( false ) {
}
void SlipBIO::setTarget( std::shared_ptr<OpensslBIO> target ) {
this->target = target;
}
-SlipBIO::SlipBIO( std::shared_ptr<OpensslBIO> target ) : target( target ), buffer( std::vector<char>( BUFFER_SIZE ) ), decodeTarget( 0 ), decodePos( 0 ), rawPos( 0 ), failed( false ) {
+SlipBIO::SlipBIO( std::shared_ptr<OpensslBIO> target ) : target( target ), buffer( std::vector<char>( buffer_size ) ), decodeTarget( 0 ), decodePos( 0 ), rawPos( 0 ), failed( false ) {
}
SlipBIO::~SlipBIO() {}
int SlipBIO::write( const char* buf, int num ) {
#ifdef SLIP_IO_DEBUG
- logger::debug( "Out: " << toHex( buf, num ) );
+ logger::notef( "Out: %s", toHex( buf, num ) );
#endif
int badOnes = 0;
failed = true;
}
- int len = target->read( buffer.data() + rawPos, buffer.capacity() - rawPos );
+ int len = target->read( buffer.data() + rawPos, buffer.size() - rawPos );
if( len > 0 ) {
rawPos += len;
}
#ifdef SLIP_IO_DEBUG
- logger::debug( "in: " << toHex( buf, len ) );
+ logger::notef( "in: %s", toHex( buf, len ) );
#endif
return len;
#include <stdexcept>
void writeFile( const std::string& name, const std::string& content ) {
- std::ofstream file;
-
- file.open( name );
+ std::ofstream file( name );
file << content;
- file.close();
//! \FIXME: Error checking
}
std::string readFile( const std::string& name ) {
std::ifstream t( name );
std::string res = std::string( std::istreambuf_iterator<char>( t ), std::istreambuf_iterator<char>() );
- t.close();
return res;
}
std::string checkS( check, siz );
if( checkS != date ) {
- return std::pair<bool, time_t>( false, 0 );
+ return { false, 0 };
}
return std::pair<bool, time_t>( true, res );
}
}
-std::shared_ptr<std::ofstream> openLogfile( const std::string name ) {
+std::unique_ptr<std::ofstream> openLogfile( const std::string &name ) {
struct stat buffer;
std::string tname = name;
int ctr = 2;
tname = name + "_" + std::to_string( ctr++ );
}
- auto res = std::shared_ptr<std::ofstream>( new std::ofstream( tname ),
- []( std::ofstream * p ) {
- p->close();
- delete p;
- } );
+ auto res = make_unique<std::ofstream>( tname );
if( ! res->good() ) {
throw std::string( "Failed to open file for logging: " ) + name;
return res;
}
+
+std::string timestamp(){
+ time_t c_time;
+ if( time( &c_time ) == -1 ) {
+ throw std::runtime_error( "Error while fetching time?" );
+ }
+ return std::to_string( c_time );
+}
std::pair<bool, std::time_t> parseMonthInterval( std::time_t t, const std::string& date );
std::pair<bool, std::time_t> parseYearInterval( std::time_t t, const std::string& date );
-std::shared_ptr<std::ofstream> openLogfile( const std::string name );
+std::unique_ptr<std::ofstream> openLogfile( const std::string &name );
+
+template<typename T, typename... Args>
+std::unique_ptr<T> make_unique( Args&&... args ) {
+ return std::unique_ptr<T>( new T( std::forward<Args>(args)... ));
+}
+
+std::string timestamp();