add: Full CRL tranfer (non-chunked)

author Felix Dörre <felix@dogcraft.de>

Thu, 8 Jan 2015 17:26:59 +0000 (18:26 +0100)

committer Benny Baumann <BenBE@geshi.org>

Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
author Felix Dörre <felix@dogcraft.de>
Thu, 8 Jan 2015 17:26:59 +0000 (18:26 +0100)
committer Benny Baumann <BenBE@geshi.org>
Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
diff --git a/src/crypto/remoteSigner.cpp b/src/crypto/remoteSigner.cpp

index 335c2ff3d52561c11cff13f401c70c05c3e07c1f..81a70ccef9a240d7178156b0dd176e8741ec67b0 100644 (file)
--- a/src/crypto/remoteSigner.cpp
+++ b/src/crypto/remoteSigner.cpp
@@ -171,12 +171,12 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
  
      switch( ( RecordHeader::SignerResult ) head.command ) {
      case RecordHeader::SignerResult::REVOKED: {
-        const unsigned char* buffer = ( const unsigned char* ) payload.data();
-        const unsigned char* pos = buffer;
+        const unsigned char* buffer2 = ( const unsigned char* ) payload.data();
+        const unsigned char* pos = buffer2;
          ASN1_UTCTIME* time = d2i_ASN1_UTCTIME( NULL, &pos, payload.size() );
          ASN1_UTCTIME_free( time );
-        std::string rest = payload.substr( pos - buffer );
-        crl->revoke( serial, payload.substr( 0, pos - buffer ) );
+        std::string rest = payload.substr( pos - buffer2 );
+        crl->revoke( serial, payload.substr( 0, pos - buffer2 ) );
          crl->setSignature( rest );
          bool ok = crl->verify( ca );
  
@@ -185,6 +185,25 @@ std::pair<std::shared_ptr<CRL>, std::string> RemoteSigner::revoke( std::shared_p
              writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
          } else {
              ( *log ) << "CRL is broken" << std::endl;
+            send( conn, head, RecordHeader::SignerCommand::GET_FULL_CRL, ca->name );
+            length = conn->read( buffer.data(), buffer.size() );
+
+            if( length <= 0 ) {
+                ( *log ) << "Error, no response data" << std::endl;
+                return std::pair<std::shared_ptr<CRL>, std::string>( std::shared_ptr<CRL>(), "" );
+            }
+
+            payload = parseCommand( head, std::string( buffer.data(), length ), log );
+            writeFile( ca->path + std::string( "/ca.crl.bak" ), payload );
+            crl = std::shared_ptr<CRL>( new CRL( ca->path + std::string( "/ca.crl.bak" ) ) );
+
+            if( crl->verify( ca ) ) {
+                writeFile( ca->path + std::string( "/ca.crl" ), crl->toString() );
+                ( *log ) << "CRL is now valid" << std::endl;
+            } else {
+                ( *log ) << "CRL is still broken... Please, help me" << std::endl;
+            }
+
          }
  
          ( *log ) << "CRL: " << std::endl << crl->toString() << std::endl;
diff --git a/src/io/recordHandler.cpp b/src/io/recordHandler.cpp

index 72442ce110742ac5b8c6366efb6cf31cc636b654..5055d5c7b823cae75bb976943d6457cb3f79b68e 100644 (file)
--- a/src/io/recordHandler.cpp
+++ b/src/io/recordHandler.cpp
@@ -207,6 +207,14 @@ public:
  
              respondCommand( RecordHeader::SignerResult::REVOKED, date + crl->getSignature() );
  
+            break;
+        }
+
+        case RecordHeader::SignerCommand::GET_FULL_CRL: {
+            auto ca = CAs.at( data );
+            CRL c( ca->path + "/ca.crl" );
+            respondCommand( RecordHeader::SignerResult::FULL_CRL, c.toString() );
+
              if( !SSL_shutdown( ssl.get() ) && !SSL_shutdown( ssl.get() ) ) {
                  ( *log ) << "ERROR: SSL close failed" << std::endl;
              }
author	Felix Dörre <felix@dogcraft.de>
	Thu, 8 Jan 2015 17:26:59 +0000 (18:26 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Sat, 24 Jan 2015 17:33:29 +0000 (18:33 +0100)
src/crypto/remoteSigner.cpp		patch \| blob \| history
src/io/recordHandler.cpp		patch \| blob \| history