more logging of revocation, fix revocation write-back

author Felix Dörre <felix@dogcraft.de>

Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)

committer Felix Dörre <felix@dogcraft.de>

Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)
author Felix Dörre <felix@dogcraft.de>
Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)
committer Felix Dörre <felix@dogcraft.de>
Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)
diff --git a/src/apps/client.cpp b/src/apps/client.cpp

index ca9432e453fa8e4449f400f08d46c971b6ad8f52..9dea0a88b5f06ebf438377f86003f454db54f904 100644 (file)
--- a/src/apps/client.cpp
+++ b/src/apps/client.cpp
@@ -200,9 +200,11 @@ int main( int argc, const char* argv[] ) {
                  }
              } else if( job->task == "revoke" ) {
                  try {
+                    logger::note( "revoking" );
                      auto data = jp->getRevocationInfo( job );
                      std::vector<std::string> serials;
                      serials.push_back( data.first );
+                    logger::note( "revoking" );
                      std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), serials );
                      std::string date = rev.second;
                      const unsigned char* pos = ( const unsigned char* ) date.data();
@@ -228,7 +230,7 @@ int main( int argc, const char* argv[] ) {
          } catch( const std::string& c ) {
              logger::error( "Exception: ", c );
          } catch ( std::exception &e ){
-            logger::errorf ( "Exception while fetchJob: %s", e.what() );
+            logger::errorf ( "std::exception in mainloop: %s", e.what() );
          }
  
      }
diff --git a/src/crypto/CRL.cpp b/src/crypto/CRL.cpp

index 1a31cdd3be24627e1694144188958d4367d63247..08b49cdc3b0607fd910983a4c7e2ef2d42f96e6e 100644 (file)
--- a/src/crypto/CRL.cpp
+++ b/src/crypto/CRL.cpp
@@ -1,6 +1,7 @@
  #include "CRL.h"
  
  #include <openssl/ssl.h>
+#include <log/logger.hpp>
  
  CRL::CRL( std::string path ) {
      std::shared_ptr<BIO> bio( BIO_new_file( path.c_str(), "r" ), free );
@@ -14,6 +15,7 @@ CRL::CRL( std::string path ) {
  std::string CRL::revoke( std::string serial, std::string time ) {
      BIGNUM* serBN = 0;
  
+    logger::note("parsing serial");
      if( ! BN_hex2bn( &serBN, serial.c_str() ) ) {
          throw "hex2bn malloc fail";
      }
@@ -25,6 +27,7 @@ std::string CRL::revoke( std::string serial, std::string time ) {
          throw "BN Malloc fail";
      }
  
+    logger::note("building current time");
      std::shared_ptr<ASN1_TIME> tmptm( ASN1_TIME_new(), ASN1_TIME_free );
  
      if( !tmptm ) {
@@ -33,6 +36,7 @@ std::string CRL::revoke( std::string serial, std::string time ) {
  
      X509_gmtime_adj( tmptm.get(), 0 );
  
+    logger::note("creating entry");
      X509_REVOKED* rev = X509_REVOKED_new();
      X509_REVOKED_set_serialNumber( rev, ser.get() );
  
@@ -64,20 +68,25 @@ void CRL::sign( std::shared_ptr<CAConfig> ca ) {
  
      X509_gmtime_adj( tmptm.get(), 0 );
  
+    logger::note("setting issuer");
      if( !X509_CRL_set_issuer_name( crl.get(), X509_get_subject_name( ca->ca.get() ) ) ) {
          throw "Setting issuer failed";
      }
  
+    logger::note("setting update");
      X509_CRL_set_lastUpdate( crl.get(), tmptm.get() );
  
      if( !X509_time_adj_ex( tmptm.get(), 1, 10, NULL ) ) {
          throw "Updating time failed";
      }
  
+    logger::note("setting next update");
      X509_CRL_set_nextUpdate( crl.get(), tmptm.get() );
  
+    logger::note("sorting");
      // Sorting and signing
      X509_CRL_sort( crl.get() );
+    logger::note("signing");
      X509_CRL_sign( crl.get(), ca->caKey.get(), EVP_sha256() );
  }
  
@@ -115,6 +124,7 @@ std::string CRL::getSignature() {
  }
  
  void CRL::setSignature( std::string signature ) {
+    X509_CRL_sort( crl.get() );
      const unsigned char* data = ( unsigned char* )( signature.data() );
      const unsigned char* buffer = data;
      d2i_X509_ALGOR( &crl->sig_alg, &buffer, signature.size() );
diff --git a/src/crypto/simpleOpensslSigner.cpp b/src/crypto/simpleOpensslSigner.cpp

index 98c5f1fd0b83ee4ad80d90ae3d67ca7801b553d7..17323a34adb45ddca61613e7c0209c48bb2d73c8 100644 (file)
--- a/src/crypto/simpleOpensslSigner.cpp
+++ b/src/crypto/simpleOpensslSigner.cpp
@@ -254,16 +254,20 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
  }
  
  std::pair<std::shared_ptr<CRL>, std::string> SimpleOpensslSigner::revoke( std::shared_ptr<CAConfig> ca, std::vector<std::string> serials ) {
+    logger::note( "revoking" );
      std::string crlpath = ca->path + "/ca.crl";
  
      auto crl = std::make_shared<CRL>( crlpath );
      std::string date = "";
  
+    logger::note( "adding serials" );
      for( std::string serial : serials ) {
          date = crl->revoke( serial, "" );
      }
  
+    logger::note( "signing CRL" );
      crl->sign( ca );
      writeFile( crlpath, crl->toString() );
+    logger::note( "wrote CRL" );
      return std::pair<std::shared_ptr<CRL>, std::string>( crl, date );
  }
diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp

index 05689c05aaed8dc8f5a34bc71ee62d2663072863..687387c1573c7d9c615fdcfcff78cb3ab838b9d6 100644 (file)
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -212,6 +212,7 @@ std::string timeToString( std::shared_ptr<ASN1_TIME> time ) {
      std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
      std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
  
+    logger::notef("openssl formatted me a date: %s", strdate);
      if( strdate[strdate.size() - 1] != 'Z' ) {
          throw "Got invalid date?";
      }
diff --git a/src/db/psql.cpp b/src/db/psql.cpp

index a001b767973baa611fc2d181fecec1246bff1123..c2a282e4adf8347abe3c30c6cef3091dc495b37c 100644 (file)
--- a/src/db/psql.cpp
+++ b/src/db/psql.cpp
@@ -141,9 +141,8 @@ void PostgresJobProvider::writeBack( std::shared_ptr<Job> job, std::shared_ptr<S
  }
  
  std::pair<std::string, std::string> PostgresJobProvider::getRevocationInfo( std::shared_ptr<Job> job ) {
-    return {"",""};
      pqxx::work txn(c);
-    std::string q = "SELECT certs.serial, cacerts.keyname FROM certs INNER JOIN cacerts ON certs.\"caId\" = cacerts.id WHERE certs.id = " + txn.quote( job->target );
+    std::string q = "SELECT certs.serial, cacerts.keyname FROM certs INNER JOIN cacerts ON certs.\"caid\" = cacerts.id WHERE certs.id = " + txn.quote( job->target );
  
      pqxx::result r = txn.exec( q );
      if( r.size() != 1) {
@@ -155,10 +154,14 @@ std::pair<std::string, std::string> PostgresJobProvider::getRevocationInfo( std:
  }
  
  void PostgresJobProvider::writeBackRevocation( std::shared_ptr<Job> job, std::string date ) {
+    logger::errorf( "Revoking at " + date);
      pqxx::work txn(c);
-    pqxx::result r = txn.exec( "UPDATE certs SET revoked = " + txn.quote( date ) + " WHERE id = " + txn.quote( job->target ) );
+    logger::errorf( "executing" );
+    pqxx::result r = txn.exec( "UPDATE certs SET revoked = " + txn.quote( pgTime( date ) ) + " WHERE id = " + txn.quote( job->target ) );
      if( r.affected_rows() != 1 ){
          throw "Only one row should be updated.";
      }
+    logger::errorf( "committing" );
      txn.commit();
+    logger::errorf( "committed" );
  }
author	Felix Dörre <felix@dogcraft.de>
	Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)
committer	Felix Dörre <felix@dogcraft.de>
	Mon, 9 Nov 2015 08:58:13 +0000 (09:58 +0100)
src/apps/client.cpp		patch \| blob \| history
src/crypto/CRL.cpp		patch \| blob \| history
src/crypto/simpleOpensslSigner.cpp		patch \| blob \| history
src/crypto/sslUtil.cpp		patch \| blob \| history
src/db/psql.cpp		patch \| blob \| history