try {
std::vector<std::string> serials;
std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( x.second, serials );
- } catch( const std::exception &e ) {
+ } catch( const std::exception& e ) {
logger::error( "Exception: ", e.what() );
}
}
}
-int main( int argc, const char* argv[] ) {
+int main( int argc, const char *argv[] ) {
bool once = false;
bool resetOnly = false;
std::shared_ptr<BIO> b = openSerial( serialPath );
std::shared_ptr<BIO_METHOD> m( toBio<SlipBIO>(), BIO_meth_free );
std::shared_ptr<BIO> slip1( BIO_new( m.get() ), BIO_free );
- static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::make_shared<OpensslBIOWrapper>( b ), false );
+ static_cast<SlipBIO *>( slip1->ptr )->setTarget( std::make_shared<OpensslBIOWrapper>( b ), false );
auto sign = std::make_shared<RemoteSigner>( slip1, generateSSLContext( false ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
try {
job = jp->fetchJob();
- } catch ( std::exception &e ){
+ } catch( std::exception& e ) {
logger::errorf( "Exception while fetchJob: %s", e.what() );
}
if( job->task == "sign" ) {
try {
std::shared_ptr<TBSCertificate> cert = jp->fetchTBSCert( job );
+
if( !cert ) {
logger::error( "Unable to load CSR" );
jp->failJob( job );
logger::note( "revoking" );
std::pair<std::shared_ptr<CRL>, std::string> rev = sign->revoke( CAs.at( data.second ), serials );
std::string date = rev.second;
- const unsigned char* pos = ( const unsigned char* ) date.data();
+ const unsigned char *pos = ( const unsigned char * ) date.data();
std::shared_ptr<ASN1_TIME> time( d2i_ASN1_TIME( NULL, &pos, date.size() ), ASN1_TIME_free );
jp->writeBackRevocation( job, timeToString( time ) );
if( !DAEMON || once ) {
return 0;
}
- } catch ( std::exception &e ){
+ } catch( std::exception& e ) {
logger::errorf( "std::exception in mainloop: %s", e.what() );
}
extern std::string serialPath;
-int main( int argc, const char* argv[] ) try {
+int main( int argc, const char *argv[] ) try {
( void ) argc;
( void ) argv;
std::shared_ptr<BIO> conn = openSerial( serialPath );
std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
- static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ), true );
+ static_cast<SlipBIO *>( slip1->ptr )->setTarget( std::shared_ptr<OpensslBIO>( new OpensslBIOWrapper( conn ) ), true );
- DefaultRecordHandler* dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner( ) ), slip1 );
+ DefaultRecordHandler *dh = new DefaultRecordHandler( std::shared_ptr<Signer>( new SimpleOpensslSigner( ) ), slip1 );
logger::note( "Entering mainloop" );
} catch( std::exception& e ) {
try {
logger::fatalf( "Fatal Error: %s!\n", e.what() );
- }catch( std::exception &e){
+ } catch( std::exception& e ) {
printf( "Fatal Error (+logger failed): %s!\n", e.what() );
}
} catch( ... ) {
try {
logger::fatal( "Fatal Error: Unknown Exception!\n" );
- }catch( std::exception &e){
+ } catch( std::exception& e ) {
printf( "Fatal Error (+ logger failed): %s!\n", e.what() );
}
int parseProfiles() {
CAs = std::unordered_map<std::string, std::shared_ptr<CAConfig>>();
- DIR* dp;
- struct dirent* ep;
+ DIR *dp;
+ struct dirent *ep;
dp = opendir( "profiles" );
if( dp == NULL ) {
std::string cas = map->at( "ca" );
- DIR* dir;
- struct dirent* ent;
+ DIR *dir;
+ struct dirent *ent;
if( ( dir = opendir( "ca" ) ) != NULL ) {
while( ( ent = readdir( dir ) ) != NULL ) {
}
std::string CRL::revoke( std::string serial, std::string time ) {
- BIGNUM* serBN = 0;
+ BIGNUM *serBN = 0;
logger::note( "parsing serial" );
X509_gmtime_adj( tmptm.get(), 0 );
logger::note( "creating entry" );
- X509_REVOKED* rev = X509_REVOKED_new();
+ X509_REVOKED *rev = X509_REVOKED_new();
X509_REVOKED_set_serialNumber( rev, ser.get() );
if( time != "" ) {
X509_CRL_add0_revoked( crl.get(), rev );
int len = i2d_ASN1_TIME( tmptm.get(), NULL );
- unsigned char* buffer = ( unsigned char* ) OPENSSL_malloc( len );
- unsigned char* pos = buffer;
+ unsigned char *buffer = ( unsigned char * ) OPENSSL_malloc( len );
+ unsigned char *pos = buffer;
i2d_ASN1_TIME( tmptm.get(), &pos );
- std::string rettime = std::string( ( char* ) buffer, len );
+ std::string rettime = std::string( ( char * ) buffer, len );
OPENSSL_free( buffer );
return rettime;
}
// Write out the new CRL
std::shared_ptr<BIO> mem( BIO_new( BIO_s_mem() ), BIO_free );
PEM_write_bio_X509_CRL( mem.get(), crl.get() );
- BUF_MEM* bptr;
+ BUF_MEM *bptr;
BIO_get_mem_ptr( mem.get(), &bptr );
std::string newCRL( bptr->data, bptr->length );
return newCRL;
const ASN1_BIT_STRING *psig;
X509_CRL_get0_signature( crl.get(), &psig, &palg );
- int len = i2d_X509_ALGOR( const_cast<X509_ALGOR*>( palg ), NULL );
- len += i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>( psig ), NULL );
- len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>( X509_CRL_get0_lastUpdate( crl.get() ) ), NULL );
- len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>( X509_CRL_get0_nextUpdate( crl.get() ) ), NULL );
-
- unsigned char* buffer = ( unsigned char* ) OPENSSL_malloc( len );
- unsigned char* pos = buffer;
- i2d_X509_ALGOR( const_cast<X509_ALGOR*>( palg ), &pos );
- i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>( psig ), &pos );
- i2d_ASN1_TIME( const_cast<ASN1_TIME*>( X509_CRL_get0_lastUpdate( crl.get() ) ), &pos );
- i2d_ASN1_TIME( const_cast<ASN1_TIME*>( X509_CRL_get0_nextUpdate( crl.get() ) ), &pos );
- std::string res = std::string( ( char* ) buffer, len );
+ int len = i2d_X509_ALGOR( const_cast<X509_ALGOR *>( palg ), NULL );
+ len += i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING *>( psig ), NULL );
+ len += i2d_ASN1_TIME( const_cast<ASN1_TIME *>( X509_CRL_get0_lastUpdate( crl.get() ) ), NULL );
+ len += i2d_ASN1_TIME( const_cast<ASN1_TIME *>( X509_CRL_get0_nextUpdate( crl.get() ) ), NULL );
+
+ unsigned char *buffer = ( unsigned char * ) OPENSSL_malloc( len );
+ unsigned char *pos = buffer;
+ i2d_X509_ALGOR( const_cast<X509_ALGOR *>( palg ), &pos );
+ i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING *>( psig ), &pos );
+ i2d_ASN1_TIME( const_cast<ASN1_TIME *>( X509_CRL_get0_lastUpdate( crl.get() ) ), &pos );
+ i2d_ASN1_TIME( const_cast<ASN1_TIME *>( X509_CRL_get0_nextUpdate( crl.get() ) ), &pos );
+ std::string res = std::string( ( char * ) buffer, len );
OPENSSL_free( buffer );
return res;
X509_ALGOR *palg;
ASN1_BIT_STRING *psig;
// this is not intended use of the OPENSSL-API but API-limitations leave us with no other options.
- X509_CRL_get0_signature(crl.get(), const_cast<const ASN1_BIT_STRING **>(&psig), const_cast<const X509_ALGOR**>(&palg));
+ X509_CRL_get0_signature( crl.get(), const_cast<const ASN1_BIT_STRING **>( &psig ), const_cast<const X509_ALGOR **>( &palg ) );
- const unsigned char* data = ( unsigned char* )( signature.data() );
- const unsigned char* buffer = data;
+ const unsigned char *data = ( unsigned char * )( signature.data() );
+ const unsigned char *buffer = data;
X509_ALGOR *alg = d2i_X509_ALGOR( NULL, &buffer, signature.size() );
ASN1_BIT_STRING *sig = d2i_ASN1_BIT_STRING( NULL, &buffer, signature.size() + data - buffer );
ASN1_TIME *a1 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
ASN1_TIME *a2 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
- std::swap(*palg, *alg);
- std::swap(*psig, *sig);
- X509_CRL_set1_lastUpdate( crl.get(), a1);
- X509_CRL_set1_nextUpdate( crl.get(), a2);
-
- X509_ALGOR_free(alg);
- ASN1_BIT_STRING_free(sig);
- ASN1_TIME_free(a1);
- ASN1_TIME_free(a2);
+ std::swap( *palg, *alg );
+ std::swap( *psig, *sig );
+ X509_CRL_set1_lastUpdate( crl.get(), a1 );
+ X509_CRL_set1_nextUpdate( crl.get(), a2 );
+
+ X509_ALGOR_free( alg );
+ ASN1_BIT_STRING_free( sig );
+ ASN1_TIME_free( a1 );
+ ASN1_TIME_free( a2 );
}
bool CRL::needsResign() {
#include <openssl/bio.h>
#include <openssl/x509v3.h>
-X509Req::X509Req( X509_REQ* csr ) : req( csr, X509_REQ_free ) {
- EVP_PKEY* pkt = X509_REQ_get_pubkey( req.get() );
+X509Req::X509Req( X509_REQ *csr ) : req( csr, X509_REQ_free ) {
+ EVP_PKEY *pkt = X509_REQ_get_pubkey( req.get() );
if( !pkt ) {
throw std::runtime_error( "Error extracting public key" );
}
spkac = spkac.substr( 6 );
- NETSCAPE_SPKI* spki_p = NETSCAPE_SPKI_b64_decode( spkac.c_str(), spkac.size() );
+ NETSCAPE_SPKI *spki_p = NETSCAPE_SPKI_b64_decode( spkac.c_str(), spkac.size() );
if( !spki_p ) {
throw std::runtime_error( "Error: decode failed" );
}
spki = std::shared_ptr<NETSCAPE_SPKI>( spki_p, NETSCAPE_SPKI_free );
- EVP_PKEY* pkt_p = NETSCAPE_SPKI_get_pubkey( spki.get() );
+ EVP_PKEY *pkt_p = NETSCAPE_SPKI_get_pubkey( spki.get() );
if( !pkt_p ) {
throw std::runtime_error( "Error: reading SPKAC Pubkey failed" );
}
std::shared_ptr<X509Req> X509Req::parseCSR( std::string content ) {
- std::shared_ptr<BIO> in = std::shared_ptr<BIO>( BIO_new_mem_buf( const_cast<char*>( content.c_str() ), -1 ), BIO_free );
- X509_REQ* req = PEM_read_bio_X509_REQ( in.get(), NULL, NULL, NULL );
+ std::shared_ptr<BIO> in = std::shared_ptr<BIO>( BIO_new_mem_buf( const_cast<char *>( content.c_str() ), -1 ), BIO_free );
+ X509_REQ *req = PEM_read_bio_X509_REQ( in.get(), NULL, NULL, NULL );
if( !req ) {
throw std::runtime_error( "Error parsing CSR" );
return std::shared_ptr<X509Req>( new X509Req( content ) );
}
-int add_ext( std::shared_ptr<X509> issuer, std::shared_ptr<X509> subj, int nid, const char* value ) {
- X509_EXTENSION* ex;
+int add_ext( std::shared_ptr<X509> issuer, std::shared_ptr<X509> subj, int nid, const char *value ) {
+ X509_EXTENSION *ex;
X509V3_CTX ctx;
/* This sets the 'context' of the extensions. */
* no request and no CRL
*/
X509V3_set_ctx( &ctx, issuer.get(), subj.get(), NULL, NULL, 0 );
- ex = X509V3_EXT_conf_nid( NULL, &ctx, nid, const_cast<char*>( value ) );
+ ex = X509V3_EXT_conf_nid( NULL, &ctx, nid, const_cast<char *>( value ) );
if( !ex ) {
return 0;
}
X509Cert::X509Cert() {
- X509* c = X509_new();
+ X509 *c = X509_new();
if( !c ) {
throw std::runtime_error( "malloc failed" );
throw std::runtime_error( "Setting X509-version to 3 failed" );
}
- X509_NAME* subjectP = X509_NAME_new();
+ X509_NAME *subjectP = X509_NAME_new();
if( !subjectP ) {
throw std::runtime_error( "malloc failure in construct." );
}
void X509Cert::addRDN( int nid, std::string data ) {
- if( ! X509_NAME_add_entry_by_NID( subject.get(), nid, MBSTRING_UTF8, ( unsigned char* )const_cast<char*>( data.data() ), data.size(), -1, 0 ) ) {
+ if( ! X509_NAME_add_entry_by_NID( subject.get(), nid, MBSTRING_UTF8, ( unsigned char * )const_cast<char *>( data.data() ), data.size(), -1, 0 ) ) {
throw std::runtime_error( "malloc failure in RDN" );
}
}
}
}
-void X509Cert::setSerialNumber( BIGNUM* num ) {
- ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL);
+void X509Cert::setSerialNumber( BIGNUM *num ) {
+ ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL );
X509_set_serialNumber( target.get(), i );
ASN1_INTEGER_free( i );
}
ASN1_TIME_set( X509_get_notAfter( target.get() ), after );
}
-static X509_EXTENSION* do_ext_i2d( int ext_nid, int crit, ASN1_VALUE* ext_struc ) {
- unsigned char* ext_der;
+static X509_EXTENSION *do_ext_i2d( int ext_nid, int crit, ASN1_VALUE *ext_struc ) {
+ unsigned char *ext_der;
int ext_len;
- ASN1_OCTET_STRING* ext_oct;
- X509_EXTENSION* ext;
+ ASN1_OCTET_STRING *ext_oct;
+ X509_EXTENSION *ext;
/* Convert internal representation to DER */
ext_der = NULL;
ext_len = ASN1_item_i2d( ext_struc, &ext_der, ASN1_ITEM_ptr( ASN1_ITEM_ref( GENERAL_NAMES ) ) );
} );
for( auto& name : sans ) {
- GENERAL_NAME* gen = GENERAL_NAME_new();
+ GENERAL_NAME *gen = GENERAL_NAME_new();
if( !gen ) {
throw std::runtime_error( "Malloc failure." );
sk_GENERAL_NAME_push( gens.get(), gen );
}
- X509_EXTENSION* ext = do_ext_i2d( NID_subject_alt_name, 0/*critical*/, ( ASN1_VALUE* )gens.get() );
+ X509_EXTENSION *ext = do_ext_i2d( NID_subject_alt_name, 0/*critical*/, ( ASN1_VALUE * )gens.get() );
X509_add_ext( target.get(), ext, -1 );
X509_EXTENSION_free( ext );
throw std::runtime_error( "error setting subject" );
}
- const EVP_MD* md;
+ const EVP_MD *md;
if( signAlg == "sha512" ) {
md = EVP_sha512();
PEM_write_bio_X509( mem.get(), target.get() );
- BUF_MEM* buf = NULL;
+ BUF_MEM *buf = NULL;
BIO_get_mem_ptr( mem.get(), &buf );
auto res = std::make_shared<SignedCertificate>();
std::shared_ptr<EVP_PKEY> pk;
std::shared_ptr<X509_REQ> req;
std::shared_ptr<NETSCAPE_SPKI> spki;
- X509Req( X509_REQ* csr );
+ X509Req( X509_REQ *csr );
X509Req( std::string spkac );
public:
static std::shared_ptr<X509Req> parseCSR( std::string content );
void addRDN( int nid, std::string data );
void setIssuerNameFrom( std::shared_ptr<X509> ca );
void setPubkeyFrom( std::shared_ptr<X509Req> r );
- void setSerialNumber( BIGNUM* num );
+ void setSerialNumber( BIGNUM *num );
void setExtensions( std::shared_ptr<X509> caCert, std::vector<std::shared_ptr<SAN>>& sans, Profile& prof, std::string crlURL, std::string crtURL );
void setTimes( uint32_t before, uint32_t after );
std::shared_ptr<SignedCertificate> sign( std::shared_ptr<EVP_PKEY> caKey, std::string signAlg );
send( conn, head, RecordHeader::SignerCommand::SET_WISH_FROM, cert->wishFrom );
send( conn, head, RecordHeader::SignerCommand::SET_WISH_TO, cert->wishTo );
- for( auto &ava : cert->AVAs ) {
+ for( auto& ava : cert->AVAs ) {
if( ava->name.find( "," ) != std::string::npos ) {
// invalid ava
return nullptr;
send( conn, head, RecordHeader::SignerCommand::ADD_AVA, ava->name + "," + ava->value );
}
- for( auto &san : cert->SANs ) {
+ for( auto& san : cert->SANs ) {
if( san->type.find( "," ) != std::string::npos ) {
// invalid ava
return nullptr;
if( result ) {
std::shared_ptr<BIO> bios( BIO_new( BIO_s_mem() ), BIO_free );
- const char* buf = result->certificate.data();
+ const char *buf = result->certificate.data();
unsigned int len = result->certificate.size();
while( len > 0 ) {
head.flags = 0;
head.sessid = 13;
- for( auto &serial : serials ) {
+ for( auto& serial : serials ) {
send( conn, head, RecordHeader::SignerCommand::ADD_SERIAL, serial );
}
throw std::runtime_error( "Protocol violation" );
}
- const unsigned char* buffer2 = reinterpret_cast<const unsigned char*>( payload.data() );
- const unsigned char* pos = buffer2;
- ASN1_TIME* time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
+ const unsigned char *buffer2 = reinterpret_cast<const unsigned char *>( payload.data() );
+ const unsigned char *pos = buffer2;
+ ASN1_TIME *time = d2i_ASN1_TIME( NULL, &pos, payload.size() );
ASN1_TIME_free( time );
date = payload.substr( 0, pos - buffer2 );
std::string rest = payload.substr( pos - buffer2 );
- for( std::string &serial : serials ) {
+ for( std::string& serial : serials ) {
crl->revoke( serial, date );
}
uint16_t profile = prof.id;
std::string res = readFile( ca->path + "/serial" );
- BIGNUM* bn = 0;
+ BIGNUM *bn = 0;
if( res == "" ) {
bn = BN_new();
std::shared_ptr<BIGNUM> serial = std::shared_ptr<BIGNUM>( bn, BN_free );
- std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char* ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
+ std::shared_ptr<unsigned char> data = std::shared_ptr<unsigned char>( ( unsigned char * ) malloc( BN_num_bytes( serial.get() ) + 20 ), free );
int len = BN_bn2bin( serial.get(), data.get() );
data.get()[len] = 0x0;
c.setTimes( from, to );
logger::note( "FINE: Setting validity period successful:" );
{
- struct tm* timeobj;
+ struct tm *timeobj;
std::vector<char> timebuf;
timeobj = gmtime( &from );
timebuf.resize( 128 );
- timebuf.resize( std::strftime( const_cast<char*>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
+ timebuf.resize( std::strftime( const_cast<char *>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
logger::note( "FINE: - Valid not before: ", std::string( timebuf.cbegin(), timebuf.cend() ) );
timeobj = gmtime( &to );
timebuf.resize( 128 );
- timebuf.resize( std::strftime( const_cast<char*>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
+ timebuf.resize( std::strftime( const_cast<char *>( timebuf.data() ), timebuf.size(), "%F %T %Z", timeobj ) );
logger::note( "FINE: - Valid not after: ", std::string( timebuf.cbegin(), timebuf.cend() ) );
}
}
return std::shared_ptr<X509>();
}
- X509* key = PEM_read_X509( f.get(), NULL, NULL, 0 );
+ X509 *key = PEM_read_X509( f.get(), NULL, NULL, 0 );
if( !key ) {
return std::shared_ptr<X509>();
return std::shared_ptr<EVP_PKEY>();
}
- EVP_PKEY* key = PEM_read_PrivateKey( f.get(), NULL, NULL, 0 );
+ EVP_PKEY *key = PEM_read_PrivateKey( f.get(), NULL, NULL, 0 );
if( !key ) {
return std::shared_ptr<EVP_PKEY>();
} );
}
-int gencb( int a, int b, BN_GENCB* g ) {
+int gencb( int a, int b, BN_GENCB *g ) {
( void ) a;
( void ) b;
( void ) g;
return 1;
}
-static int verify_callback( int preverify_ok, X509_STORE_CTX* ctx ) {
+static int verify_callback( int preverify_ok, X509_STORE_CTX *ctx ) {
if( !preverify_ok ) {
//auto cert = X509_STORE_CTX_get_current_cert(ctx);
//BIO *o = BIO_new_fp(stdout,BIO_NOCLOSE);
caKey = loadPkeyFromFile( path + "/ca.key" );
- ASN1_TIME* tm = X509_get_notBefore( ca.get() ); // tm MUST NOT be free'd; duplicate for owning copy.
+ ASN1_TIME *tm = X509_get_notBefore( ca.get() ); // tm MUST NOT be free'd; duplicate for owning copy.
notBefore = std::shared_ptr<ASN1_TIME>( ASN1_STRING_dup( tm ), ASN1_TIME_free );
std::size_t pos = name.find( "_" );
std::string timeToString( std::shared_ptr<ASN1_TIME> time ) {
std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ), ASN1_GENERALIZEDTIME_free );
- std::string strdate( ( char* ) ASN1_STRING_get0_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
+ std::string strdate( ( char * ) ASN1_STRING_get0_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
logger::notef( "openssl formatted me a date: %s", strdate );
}
void extractTimes( std::shared_ptr<X509> target, std::shared_ptr<SignedCertificate> cert ) {
- cert->before = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notBefore( target.get() ), [target](auto p){(void)p;} ) );
- cert->after = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notAfter( target.get() ), [target](auto p){(void)p;} ) );
+ cert->before = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notBefore( target.get() ), [target]( auto p ) {
+ ( void )p;
+ } ) );
+ cert->after = timeToString( std::shared_ptr<ASN1_TIME>( X509_get_notAfter( target.get() ), [target]( auto p ) {
+ ( void )p;
+ } ) );
}
bool CAConfig::crlNeedsResign() {
namespace BIOWrapper {
- int write( BIO* b, const char* buf, int num ) {
- return static_cast<OpensslBIO*>( b->ptr )->write( buf, num );
+ int write( BIO *b, const char *buf, int num ) {
+ return static_cast<OpensslBIO *>( b->ptr )->write( buf, num );
}
- int read( BIO* b, char* buf, int size ) {
- return static_cast<OpensslBIO*>( b->ptr )->read( buf, size );
+ int read( BIO *b, char *buf, int size ) {
+ return static_cast<OpensslBIO *>( b->ptr )->read( buf, size );
}
- int puts( BIO* b, const char* str ) {
- return static_cast<OpensslBIO*>( b->ptr )->puts( str );
+ int puts( BIO *b, const char *str ) {
+ return static_cast<OpensslBIO *>( b->ptr )->puts( str );
}
- int gets( BIO* b, char* str, int size ) {
- return static_cast<OpensslBIO*>( b->ptr )->gets( str, size );
+ int gets( BIO *b, char *str, int size ) {
+ return static_cast<OpensslBIO *>( b->ptr )->gets( str, size );
}
- long ctrl( BIO* b, int cmod, long arg1, void* arg2 ) {
- return static_cast<OpensslBIO*>( b->ptr )->ctrl( cmod, arg1, arg2 );
+ long ctrl( BIO *b, int cmod, long arg1, void *arg2 ) {
+ return static_cast<OpensslBIO *>( b->ptr )->ctrl( cmod, arg1, arg2 );
}
- int free( BIO* b ) {
- delete static_cast<OpensslBIO*>( b->ptr );
+ int free( BIO *b ) {
+ delete static_cast<OpensslBIO *>( b->ptr );
b->ptr = 0;
return 0;
}
OpensslBIO::~OpensslBIO() {}
-int OpensslBIO::puts( const char* str ) {
+int OpensslBIO::puts( const char *str ) {
( void ) str;
return -1;
}
-int OpensslBIO::gets( char* str, int size ) {
+int OpensslBIO::gets( char *str, int size ) {
( void ) str;
( void ) size;
return -1;
#include <openssl/bio.h>
struct bio_st {
- const BIO_METHOD *method;
- /* bio, mode, argp, argi, argl, ret */
- long (*callback) (struct bio_st *, int, const char *, int, long, long);
- char *cb_arg; /* first argument for the callback */
- int init;
- int shutdown;
- int flags; /* extra storage */
- int retry_reason;
- int num;
- void *ptr;
- struct bio_st *next_bio; /* used by filter BIOs */
- struct bio_st *prev_bio; /* used by filter BIOs */
- int references;
- uint64_t num_read;
- uint64_t num_write;
- CRYPTO_EX_DATA ex_data;
- CRYPTO_RWLOCK *lock;
+ const BIO_METHOD *method;
+ /* bio, mode, argp, argi, argl, ret */
+ long ( *callback )( struct bio_st *, int, const char *, int, long, long );
+ char *cb_arg; /* first argument for the callback */
+ int init;
+ int shutdown;
+ int flags; /* extra storage */
+ int retry_reason;
+ int num;
+ void *ptr;
+ struct bio_st *next_bio; /* used by filter BIOs */
+ struct bio_st *prev_bio; /* used by filter BIOs */
+ int references;
+ uint64_t num_read;
+ uint64_t num_write;
+ CRYPTO_EX_DATA ex_data;
+ CRYPTO_RWLOCK *lock;
};
static const int typeID = BIO_TYPE_CUSTOM;
virtual ~OpensslBIO();
- virtual int write( const char* buf, int num ) = 0;
- virtual int read( char* buf, int size ) = 0;
- virtual int puts( const char* str );
- virtual int gets( char* str, int size );
- virtual long ctrl( int cmod, long arg1, void* arg2 ) = 0;
+ virtual int write( const char *buf, int num ) = 0;
+ virtual int read( char *buf, int size ) = 0;
+ virtual int puts( const char *str );
+ virtual int gets( char *str, int size );
+ virtual long ctrl( int cmod, long arg1, void *arg2 ) = 0;
};
namespace BIOWrapper {
- int write( BIO* b, const char* buf, int num );
+ int write( BIO *b, const char *buf, int num );
- int read( BIO* b, char* buf, int size );
+ int read( BIO *b, char *buf, int size );
- int puts( BIO* b, const char* str );
+ int puts( BIO *b, const char *str );
- int gets( BIO* b, char* str, int size );
+ int gets( BIO *b, char *str, int size );
- long ctrl( BIO* b, int cmod, long arg1, void* arg2 );
+ long ctrl( BIO *b, int cmod, long arg1, void *arg2 );
template <typename T>
- int bio_new( BIO* b ) {
+ int bio_new( BIO *b ) {
b->init = 1;
b->num = 0;
b->ptr = new T();
return 1;
}
- int free( BIO* b );
+ int free( BIO *b );
}
template <typename T>
-BIO_METHOD* toBio() {
+BIO_METHOD *toBio() {
return toBio<T>( BIOWrapper::bio_new<T> );
}
template <typename T>
-BIO_METHOD* toBio( int ( *newfunc )( BIO* ) ) {
+BIO_METHOD *toBio( int ( *newfunc )( BIO * ) ) {
BIO_METHOD *meth = BIO_meth_new( T::typeID, T::getName() );
BIO_meth_set_write( meth, BIOWrapper::write );
BIO_meth_set_read( meth, BIOWrapper::read );
OpensslBIOWrapper::~OpensslBIOWrapper() {
}
-int OpensslBIOWrapper::write( const char* buf, int num ) {
+int OpensslBIOWrapper::write( const char *buf, int num ) {
return BIO_write( b.get(), buf, num );
}
-int OpensslBIOWrapper::read( char* buf, int size ) {
+int OpensslBIOWrapper::read( char *buf, int size ) {
return BIO_read( b.get(), buf, size );
}
-long OpensslBIOWrapper::ctrl( int cmod, long arg1, void* arg2 ) {
+long OpensslBIOWrapper::ctrl( int cmod, long arg1, void *arg2 ) {
return BIO_ctrl( b.get(), cmod, arg1, arg2 );
}
-int OpensslBIOWrapper::puts( const char* str ) {
+int OpensslBIOWrapper::puts( const char *str ) {
return BIO_puts( b.get(), str );
}
-int OpensslBIOWrapper::gets( char* str, int size ) {
+int OpensslBIOWrapper::gets( char *str, int size ) {
return BIO_gets( b.get(), str, size );
}
-const char* OpensslBIOWrapper::getName() {
+const char *OpensslBIOWrapper::getName() {
return "OpenSSLWrapper";
}
std::string OpensslBIOWrapper::readLine() {
OpensslBIOWrapper( std::shared_ptr<BIO> b );
virtual ~OpensslBIOWrapper();
- int write( const char* buf, int num );
- int read( char* buf, int size );
- long ctrl( int cmod, long arg1, void* arg2 );
+ int write( const char *buf, int num );
+ int read( char *buf, int size );
+ long ctrl( int cmod, long arg1, void *arg2 );
- int puts( const char* str );
- int gets( char* str, int size );
+ int puts( const char *str );
+ int gets( char *str, int size );
- static const char* getName();
+ static const char *getName();
std::string readLine();
};
template <class T>
static void append( std::string& str, T val ) {
- str.append( ( char* ) &val, sizeof( T ) );
+ str.append( ( char * ) &val, sizeof( T ) );
}
template <class T>
std::shared_ptr<SSL> ssl;
std::shared_ptr<OpensslBIOWrapper> io;
- DefaultRecordHandler* parent;
+ DefaultRecordHandler *parent;
std::shared_ptr<Signer> signer;
std::unique_ptr<std::ofstream> logFile;
logger::logger_set logger;
- RecordHandlerSession( DefaultRecordHandler* parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, std::shared_ptr<BIO> output ) :
+ RecordHandlerSession( DefaultRecordHandler *parent, std::shared_ptr<Signer> signer, std::shared_ptr<SSL_CTX> ctx, std::shared_ptr<BIO> output ) :
tbs( std::make_shared<TBSCertificate>() ),
logFile( openLogfile( "logs/log_" + timestamp() ) ),
logger{ std::cout, *logFile } {
tbs->wishTo = data;
break;
- case RecordHeader::SignerCommand::ADD_SAN:
- {
- size_t pos = data.find( "," );
-
- if( pos == std::string::npos ) {
- // error
- } else {
- auto san = std::make_shared<SAN>();
- san->type = data.substr( 0, pos );
- san->content = data.substr( pos + 1 );
- tbs->SANs.push_back( san );
- }
- }
- break;
+ case RecordHeader::SignerCommand::ADD_SAN: {
+ size_t pos = data.find( "," );
- case RecordHeader::SignerCommand::ADD_AVA:
- {
- size_t pos = data.find( "," );
-
- if( pos == std::string::npos ) {
- // error
- } else {
- auto ava = std::make_shared<AVA>();
- ava->name = data.substr( 0, pos );
- ava->value = data.substr( pos + 1 );
- tbs->AVAs.push_back( ava );
- }
+ if( pos == std::string::npos ) {
+ // error
+ } else {
+ auto san = std::make_shared<SAN>();
+ san->type = data.substr( 0, pos );
+ san->content = data.substr( pos + 1 );
+ tbs->SANs.push_back( san );
}
- break;
+ }
+ break;
+
+ case RecordHeader::SignerCommand::ADD_AVA: {
+ size_t pos = data.find( "," );
+
+ if( pos == std::string::npos ) {
+ // error
+ } else {
+ auto ava = std::make_shared<AVA>();
+ ava->name = data.substr( 0, pos );
+ ava->value = data.substr( pos + 1 );
+ tbs->AVAs.push_back( ava );
+ }
+ }
+ break;
case RecordHeader::SignerCommand::ADD_PROOF_LINE:
break;
serials.push_back( data );
break;
- case RecordHeader::SignerCommand::REVOKE:
- {
- logger::note("Revoking: ", data);
- std::string ca = data;
- auto reqCA = CAs.at( ca );
- logger::note( "CA found in recordHandler" );
- std::shared_ptr<CRL> crl;
- std::string date;
- std::tie( crl, date ) = signer->revoke( reqCA, serials );
-
- respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() );
- }
- break;
+ case RecordHeader::SignerCommand::REVOKE: {
+ logger::note( "Revoking: ", data );
+ std::string ca = data;
+ auto reqCA = CAs.at( ca );
+ logger::note( "CA found in recordHandler" );
+ std::shared_ptr<CRL> crl;
+ std::string date;
+ std::tie( crl, date ) = signer->revoke( reqCA, serials );
+
+ respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() );
+ }
+ break;
+
+ case RecordHeader::SignerCommand::GET_FULL_CRL: {
+ logger::note( "Requesting full CRL: ", data );
+ auto ca = CAs.at( data );
+ CRL c( ca->path + "/ca.crl" );
+ respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() );
- case RecordHeader::SignerCommand::GET_FULL_CRL:
- {
- logger::note("Requesting full CRL: ", data);
- auto ca = CAs.at( data );
- CRL c( ca->path + "/ca.crl" );
- respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() );
-
- logger::note( "Shutting down SSL" );
- if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) {
- logger::error( "ERROR: SSL shutdown failed." );
- }
- io->ctrl( BIO_CTRL_FLUSH, 0, NULL );
- logger::note( "Shutted down SSL" );
-
- parent->reset(); // Connection ended
+ logger::note( "Shutting down SSL" );
+
+ if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) {
+ logger::error( "ERROR: SSL shutdown failed." );
}
- break;
+
+ io->ctrl( BIO_CTRL_FLUSH, 0, NULL );
+ logger::note( "Shutted down SSL" );
+
+ parent->reset(); // Connection ended
+ }
+ break;
default:
throw std::runtime_error( "Unimplemented" );
return 'x';
}
-std::string toHex( const char* buf, int len ) {
+std::string toHex( const char *buf, int len ) {
std::string data = "000000";
for( int i = 0; i < len; i++ ) {
SlipBIO::~SlipBIO() {}
-int SlipBIO::write( const char* buf, int num ) {
+int SlipBIO::write( const char *buf, int num ) {
#ifdef SLIP_IO_DEBUG
logger::notef( "slip-out: %s", toHex( buf, num ) );
#endif
}
int totalLen = num + badOnes; // 2
- char* targetPtr = ( char* ) malloc( totalLen );
+ char *targetPtr = ( char * ) malloc( totalLen );
if( !targetPtr ) {
return -1;
return num;
}
-int SlipBIO::read( char* buf, int size ) {
+int SlipBIO::read( char *buf, int size ) {
#ifdef UNMASK_DEBUG
logger::note( "starting read" );
#endif
return len;
}
-long SlipBIO::ctrl( int cmod, long arg1, void* arg2 ) {
+long SlipBIO::ctrl( int cmod, long arg1, void *arg2 ) {
( void ) cmod;
( void ) arg1;
( void ) arg2;
return target->ctrl( cmod, arg1, arg2 );
}
-const char* SlipBIO::getName() {
+const char *SlipBIO::getName() {
return "SlipBIO";
}
void setTarget( std::shared_ptr<OpensslBIO> target, bool server );
- virtual int write( const char* buf, int num );
- virtual int read( char* buf, int size );
- virtual long ctrl( int cmod, long arg1, void* arg2 );
+ virtual int write( const char *buf, int num );
+ virtual int read( char *buf, int size );
+ virtual long ctrl( int cmod, long arg1, void *arg2 );
- static const char* getName();
+ static const char *getName();
};
inline namespace literals {
- format_data operator"" _fmt( const char* it, std::size_t len ) {
+ format_data operator"" _fmt( const char *it, std::size_t len ) {
const auto end = it + len;
auto retval = format_data {};
template <typename... Args>
formated_string fmt( const std::string& str, const Args& ... args ) {
auto format = format_data{};
- std::ignore = std::initializer_list<int>{( format.set( args ), 0 )...};
+ std::ignore = std::initializer_list<int> {( format.set( args ), 0 )...};
return format( str );
}
template <typename Integer, typename... Args>
formated_integer<Integer> fmt( const Integer i, const Args& ... args ) {
auto format = format_data{};
- std::ignore = std::initializer_list<int>{( format.set( args ), 0 )...};
+ std::ignore = std::initializer_list<int> {( format.set( args ), 0 )...};
return format( i );
}
inline namespace literals {
- format_data operator"" _fmt( const char*, std::size_t );
+ format_data operator"" _fmt( const char *, std::size_t );
}
} // namespace format
inline std::string to_string( const format::formated_integer<Integer>& arg ) {
std::ostringstream stream;
stream <<
- std::setbase( arg.base ) <<
- std::setw( arg.width ) <<
- std::setfill( arg.fill ) <<
- arg.value;
+ std::setbase( arg.base ) <<
+ std::setw( arg.width ) <<
+ std::setfill( arg.fill ) <<
+ arg.value;
return stream.str();
}
*
* CAREFULL: THIS FUNCTION CONTAINS GLOBAL STATE!
*/
- std::vector<logger_set*>& logger_stack() {
- static auto stack = std::vector<logger_set*> {};
+ std::vector<logger_set *>& logger_stack() {
+ static auto stack = std::vector<logger_set *> {};
// To avoid infinite recursion, the base-logger must
// not auto-register but be added manually
static auto std_logger = logger_set {{std::cout}, auto_register::off};
return stack;
}
- void reassign_stack_pointer( logger_set*& ptr ) {
+ void reassign_stack_pointer( logger_set *&ptr ) {
const auto old_ptr = ptr;
if( ptr ) {
}
}
- logger_set& logger_set::operator=( logger_set && other ) noexcept {
+ logger_set& logger_set::operator=( logger_set&& other ) noexcept {
if( m_stackpointer ) {
*m_stackpointer = nullptr;
impl::pop_loggers();
inline std::string to_string( const std::string& arg ) {
return arg;
}
- inline std::string to_string( const char* arg ) {
+ inline std::string to_string( const char *arg ) {
return arg;
}
throw std::runtime_error {"logfile not open"};
}
}
- std::ostream* stream;
+ std::ostream *stream;
level min_level;
};
class logger_set;
namespace impl {
- void reassign_stack_pointer( logger_set*& ptr );
+ void reassign_stack_pointer( logger_set *&ptr );
}
/**
logger_set( std::initializer_list<log_target> lst, auto_register = auto_register::on );
logger_set( logger_set&& ) noexcept;
- logger_set& operator=( logger_set && ) noexcept;
+ logger_set& operator=( logger_set&& ) noexcept;
~logger_set();
template<typename... Args>
template<typename... Args>
void fatalf( const std::string& format, Args&& ... args );
- friend void impl::reassign_stack_pointer( logger_set*& ptr );
+ friend void impl::reassign_stack_pointer( logger_set *&ptr );
friend logger_set current_logger_extended( std::initializer_list<log_target> further_targets );
private:
void log_impl( level l, const std::string& msg );
std::vector<log_target> m_loggers;
- logger_set** m_stackpointer = nullptr;
+ logger_set **m_stackpointer = nullptr;
level m_min_level;
};
}
std::pair<bool, time_t> addMonths( std::time_t t, int32_t count ) {
- std::tm* parsed = gmtime( &t );
+ std::tm *parsed = gmtime( &t );
if( !parsed || count <= 0 || count > 24 ) { // FIXED MAX-Validity-Length
return std::pair<bool, time_t>( false, 0 );
}
}
-std::unique_ptr<std::ofstream> openLogfile( const std::string &name ) {
+std::unique_ptr<std::ofstream> openLogfile( const std::string& name ) {
struct stat buffer;
std::string tname = name;
int ctr = 2;
std::pair<bool, std::time_t> parseMonthInterval( std::time_t t, const std::string& date );
std::pair<bool, std::time_t> parseYearInterval( std::time_t t, const std::string& date );
-std::unique_ptr<std::ofstream> openLogfile( const std::string &name );
+std::unique_ptr<std::ofstream> openLogfile( const std::string& name );
#if __GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ > 8)
#else
-namespace std{
-template<typename T, typename... Args>
-std::unique_ptr<T> make_unique( Args&&... args ) {
- return std::unique_ptr<T>( new T( std::forward<Args>(args)... ));
-}
+namespace std {
+ template<typename T, typename... Args>
+ std::unique_ptr<T> make_unique( Args&& ... args ) {
+ return std::unique_ptr<T>( new T( std::forward<Args>( args )... ) );
+ }
}
#endif
public:
int state;
- int write( const char* buf, int num );
- int read( char* buf, int size );
- long ctrl( int cmod, long arg1, void* arg2 );
+ int write( const char *buf, int num );
+ int read( char *buf, int size );
+ long ctrl( int cmod, long arg1, void *arg2 );
- static const char* getName();
+ static const char *getName();
};
-int OpensslBIO1::write( const char* buf, int num ) {
+int OpensslBIO1::write( const char *buf, int num ) {
state = num * 2;
( void ) buf;
return 0;
}
-int OpensslBIO1::read( char* buf, int size ) {
+int OpensslBIO1::read( char *buf, int size ) {
state = size * 3;
( void ) buf;
return 0;
}
-long OpensslBIO1::ctrl( int cmod, long arg1, void* arg2 ) {
+long OpensslBIO1::ctrl( int cmod, long arg1, void *arg2 ) {
state = cmod * 7;
( void ) arg1;
( void ) arg2;
return 0;
}
-const char* OpensslBIO1::getName() {
+const char *OpensslBIO1::getName() {
return "dummyBIO";
}
BOOST_AUTO_TEST_CASE( BasicCalls ) {
std::shared_ptr<BIO_METHOD> m( toBio<OpensslBIO1>(), BIO_meth_free );
std::shared_ptr<BIO> n( BIO_new( m.get() ), BIO_free );
- OpensslBIO* o = new OpensslBIOWrapper( n );
- OpensslBIO1* data = ( OpensslBIO1* ) n->ptr;
+ OpensslBIO *o = new OpensslBIOWrapper( n );
+ OpensslBIO1 *data = ( OpensslBIO1 * ) n->ptr;
o->write( "bla", 13 );
BOOST_CHECK( data->state == 13 * 2 );
static inline bool head_and_tail_equal( const std::string& str, const std::string& head, const std::string& tail ) {
return str.size() >= head.size() + tail.size()
- and std::equal( head.begin(), head.end(), str.begin() )
- and std::equal( tail.rbegin(), tail.rend(), str.rbegin() )
- ;
+ and std::equal( head.begin(), head.end(), str.begin() )
+ and std::equal( tail.rbegin(), tail.rend(), str.rbegin() )
+ ;
}
BOOST_AUTO_TEST_CASE( basic_log ) {
OpensslBIOVector( std::vector<std::vector<char>> data ) : input( data ), it( input.begin() ), end( input.end() ) {
}
- int write( const char* buf, int num );
- int read( char* buf, int size );
- long ctrl( int cmod, long arg1, void* arg2 );
+ int write( const char *buf, int num );
+ int read( char *buf, int size );
+ long ctrl( int cmod, long arg1, void *arg2 );
- static const char* getName();
+ static const char *getName();
};
-int OpensslBIOVector::write( const char* buf, int num ) {
+int OpensslBIOVector::write( const char *buf, int num ) {
result.push_back( std::vector<char>( buf, buf + num ) );
return num;
}
-int OpensslBIOVector::read( char* buf, int size ) {
+int OpensslBIOVector::read( char *buf, int size ) {
if( it == end ) {
return -1;
}
return result;
}
-long OpensslBIOVector::ctrl( int cmod, long arg1, void* arg2 ) {
+long OpensslBIOVector::ctrl( int cmod, long arg1, void *arg2 ) {
( void ) cmod;
( void ) arg1;
( void ) arg2;
return 0;
}
-const char* OpensslBIOVector::getName() {
+const char *OpensslBIOVector::getName() {
return "dummyBIO";
}
BOOST_AUTO_TEST_CASE( TestMockup ) {
std::vector<std::vector<char>> source = {{1, 2}, {1, 2, 3}, {1, 2, 3, 4}, {1, 2, 3, 4, 5}};
- OpensslBIOVector* data = new OpensslBIOVector( source );
+ OpensslBIOVector *data = new OpensslBIOVector( source );
char buf[4096];