std::string path;
- if( DAEMON ) {
- path = "/etc/cacert/cassiopeia/cassiopeia.conf";
- } else {
- path = "config.txt";
- }
+#ifdef NDEBUG
+ path = "/etc/cacert/cassiopeia/cassiopeia.conf";
+#else
+ path = "config.txt";
+#endif
if( parseConfig( path ) != 0 ) {
return -1;
std::cout << cert->csr_content << " content " << std::endl;
std::shared_ptr<SignedCertificate> res = sign->sign( cert );
+
+ if( !res ) {
+ std::cout << "Error no cert came back." << std::endl;
+ continue;
+ }
+
std::cout << "did it!" << res->certificate << std::endl;
std::string fn = writeBackFile( atoi( job->target.c_str() ), res->certificate );
res->crt_name = fn;
std::shared_ptr<TBSCertificate> tbs;
std::shared_ptr<SignedCertificate> result;
- SSL* ssl;
+ std::shared_ptr<SSL> ssl;
std::shared_ptr<OpensslBIOWrapper> io;
DefaultRecordHandler* parent;
this->parent = parent;
this->signer = signer;
- ssl = SSL_new( ctx.get() );
+ ssl = std::shared_ptr<SSL>( SSL_new( ctx.get() ), SSL_free );
std::shared_ptr<BIO> bio(
BIO_new( BIO_f_ssl() ),
[output]( BIO * p ) {
BIO_free( p );
} );
- SSL_set_accept_state( ssl );
- SSL_set_bio( ssl, output.get(), output.get() );
- BIO_set_ssl( bio.get(), ssl, BIO_NOCLOSE );
+ SSL_set_accept_state( ssl.get() );
+ SSL_set_bio( ssl.get(), output.get(), output.get() );
+ BIO_set_ssl( bio.get(), ssl.get(), BIO_NOCLOSE );
io = std::shared_ptr<OpensslBIOWrapper>( new OpensslBIOWrapper( bio ) );
}
respondCommand( RecordHeader::SignerResult::CERTIFICATE, result->certificate );
}
+ if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) {
+ std::cout << "SSL close failed" << std::endl;
+ }
+
break;
default:
}
std::shared_ptr<SignedCertificate> RemoteSigner::sign( std::shared_ptr<TBSCertificate> cert ) {
+ ( void )BIO_reset( target.get() );
+
std::shared_ptr<SSL> ssl( SSL_new( ctx.get() ), SSL_free );
std::shared_ptr<BIO> bio( BIO_new( BIO_f_ssl() ), BIO_free );
SSL_set_connect_state( ssl.get() );
for( int i = 0; i < 2; i++ ) {
try {
int length = conn->read( buffer.data(), buffer.size() );
+
+ if( length == -1 ) {
+ return std::shared_ptr<SignedCertificate>();
+ }
+
RecordHeader head;
std::string payload = parseCommand( head, std::string( buffer.data(), length ) );
}
}
+ if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) { // need to close the connection twice
+ std::cout << "SSL shutdown failed" << std::endl;
+ }
+
return result;
}
#define BUFFER_SIZE 8192
+#define SLIP_ESCAPE_CHAR ( (char) 0xDB)
+#define SLIP_PACKET ( (char) 0xC0)
+
char hexDigit( char c ) {
if( c < 0 ) {
return 'x';
SlipBIO::~SlipBIO() {}
int SlipBIO::write( const char* buf, int num ) {
+#ifdef SLIP_IO_DEBUG
std::cout << "Out: " << toHex( buf, num ) << std::endl;
+#endif
+
int badOnes = 0;
for( int i = 0; i < num; i++ ) {
- if( ( buf[i] == ( char )0xc0 ) || ( buf[i] == ( char )0xDB ) ) {
+ if( ( buf[i] == SLIP_PACKET ) || ( buf[i] == SLIP_ESCAPE_CHAR ) ) {
badOnes++;
}
}
std::shared_ptr<char> t = std::shared_ptr<char>( targetPtr, free );
int j = 0;
- //targetPtr[j++] = (char)0xC0;
-
for( int i = 0; i < num; i++ ) {
- if( buf[i] == ( char )0xc0 ) {
- targetPtr[j++] = ( char )0xDB;
+ if( buf[i] == SLIP_PACKET ) {
+ targetPtr[j++] = SLIP_ESCAPE_CHAR;
targetPtr[j++] = ( char )0xDC;
- } else if( buf[i] == ( char )0xDB ) {
- targetPtr[j++] = ( char )0xDB;
+ } else if( buf[i] == SLIP_ESCAPE_CHAR ) {
+ targetPtr[j++] = SLIP_ESCAPE_CHAR;
targetPtr[j++] = ( char )0xDD;
} else {
targetPtr[j++] = buf[i];
}
}
- targetPtr[j++] = ( char )0xC0;
+ targetPtr[j++] = SLIP_PACKET;
int sent = 0;
while( sent < j ) {
packageLeft = false;
}
+#ifdef SLIP_IO_DEBUG
+ std::cout << "in: " << toHex( buf, len ) << std::endl;
+#endif
+
return len;
}
( void ) cmod;
( void ) arg1;
( void ) arg2;
- std::cout << "SLIP crtl: " << cmod << std::endl;
+
+ if( cmod == BIO_CTRL_RESET ) {
+ char resetSequence[] = {SLIP_ESCAPE_CHAR, 0, SLIP_PACKET};
+ target->write( resetSequence, 3 );
+ decodePos = 0;
+ decodeTarget = 0;
+ rawPos = 0;
+ std::cout << "resetting SLIP" << std::endl;
+ return 0;
+ }
+
return target->ctrl( cmod, arg1, arg2 );
}
unsigned int j = decodeTarget;
for( unsigned int i = decodePos; i < rawPos; i++ ) {
- if( buffer[i] == ( char ) 0xDB ) {
+ if( buffer[i] == SLIP_ESCAPE_CHAR ) {
i++;
if( i >= rawPos ) {
rawPos = decodePos + 1;
return 0;// no packet
} else if( buffer[i] == ( char )0xdc ) {
- buffer[j++] = ( char ) 0xc0;
+ buffer[j++] = SLIP_PACKET;
} else if( buffer[i] == ( char )0xdd ) {
- buffer[j++] = ( char ) 0xdb;
+ buffer[j++] = SLIP_ESCAPE_CHAR;
+ } else if( buffer[i] == SLIP_PACKET ) {
+ failed = true;
+ i--;
+ continue;
} else {
decodeTarget = 0;
failed = true;
// failed package
// error
}
- } else if( buffer[i] == ( char ) 0xc0 ) {
+ } else if( buffer[i] == SLIP_PACKET ) {
decodePos = i + 1;
decodeTarget = j;