add: Handle Attribute Value Associations (AVAs)

author Felix Dörre <felix@dogcraft.de>

Sat, 1 Nov 2014 23:30:17 +0000 (00:30 +0100)

committer Benny Baumann <BenBE@geshi.org>

Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
author Felix Dörre <felix@dogcraft.de>
Sat, 1 Nov 2014 23:30:17 +0000 (00:30 +0100)
committer Benny Baumann <BenBE@geshi.org>
Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
diff --git a/src/X509.cpp b/src/X509.cpp

index a391b0e6715bd2273cd03b594755b9e021bbe479..a0c11711752bae8ad7e8daeecc605d007a75b230 100644 (file)
--- a/src/X509.cpp
+++ b/src/X509.cpp
@@ -184,6 +184,10 @@ void X509Cert::setExtensions( std::shared_ptr<X509> caCert, std::vector<std::sha
      add_ext( caCert, target, NID_info_access, "OCSP;URI:http://ocsp.cacert.org" );
      add_ext( caCert, target, NID_crl_distribution_points, "URI:http://crl.cacert.org/class3-revoke.crl" );
  
+    if( sans.size() == 0 ) {
+        return;
+    }
+
      std::shared_ptr<GENERAL_NAMES> gens = std::shared_ptr<GENERAL_NAMES>(
          sk_GENERAL_NAME_new_null(),
          []( GENERAL_NAMES * ref ) {
diff --git a/src/database.h b/src/database.h

index 7829da81e94cde4a0a6371e03cb319a0cf2b0a97..b438187d8be3b66c1df7a3afb68fa3b4924556a1 100644 (file)
--- a/src/database.h
+++ b/src/database.h
@@ -22,17 +22,22 @@ struct SAN {
      std::string type;
  };
  
+struct AVA {
+    std::string name;
+    std::string value;
+};
+
  struct TBSCertificate {
-    std::string CN;
-    std::string subj;
      std::string md;
      std::string profile;
      std::string csr;
      std::string csr_type;
      std::string csr_content;
      std::vector<std::shared_ptr<SAN>> SANs;
+    std::vector<std::shared_ptr<AVA>> AVAs;
  };
  
+
  struct SignedCertificate {
      std::string certificate;
      std::string serial;
diff --git a/src/main.cpp b/src/main.cpp

index 56ff30fd3e8cc8a2670b4832b1297bd141737e8f..1fb8d83ab43a1063dc3dbe60106683ad18af882b 100644 (file)
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -56,6 +56,12 @@ std::string writeBackFile( uint32_t serial, std::string cert ) {
  int main( int argc, const char* argv[] ) {
      ( void ) argc;
      ( void ) argv;
+    bool once = false;
+
+    if( argc == 2 && std::string( "--once" ) == std::string( argv[1] ) ) {
+        once = true;
+    }
+
      std::ifstream config;
      config.open( "config.txt" );
  
@@ -159,7 +165,10 @@ int main( int argc, const char* argv[] ) {
                  res->crt_name = fn;
                  jp->writeBack( job, res );
              } catch( const char* c ) {
-                std::cerr << c << std::endl;
+                std::cerr << "ERROR: " << c << std::endl;
+                return 2;
+            } catch( std::string c ) {
+                std::cerr << "ERROR: " << c << std::endl;
                  return 2;
              }
          } else {
@@ -170,7 +179,7 @@ int main( int argc, const char* argv[] ) {
              return 1;
          }
  
-        if( !DAEMON ) {
+        if( !DAEMON || once ) {
              return 0;
          }
      }
diff --git a/src/mysql.cpp b/src/mysql.cpp

index 23f71df8cea093786be1e7b2f90cebb1e7581214..bd6929e96f829f4b5eff9a106ea572a94e7e93fe 100644 (file)
--- a/src/mysql.cpp
+++ b/src/mysql.cpp
@@ -95,7 +95,7 @@ std::pair< int, std::shared_ptr<MYSQL_RES> > MySQLJobProvider::query( const std:
      int err = mysql_real_query( this->conn.get(), query.c_str(), query.size() );
  
      if( err ) {
-        throw( std::string( "MySQL error: " ) + mysql_error( this->conn.get() ) ).c_str();
+        throw std::string( "MySQL error: " ) + mysql_error( this->conn.get() );
      }
  
      auto c = conn;
@@ -187,7 +187,7 @@ bool MySQLJobProvider::finishJob( std::shared_ptr<Job> job ) {
  
  std::shared_ptr<TBSCertificate> MySQLJobProvider::fetchTBSCert( std::shared_ptr<Job> job ) {
      std::shared_ptr<TBSCertificate> cert = std::shared_ptr<TBSCertificate>( new TBSCertificate() );
-    std::string q = "SELECT CN, subject, md, profile, csr_name, csr_type FROM certs WHERE id='" + this->escape_string( job->target ) + "'";
+    std::string q = "SELECT md, profile, csr_name, csr_type FROM certs WHERE id='" + this->escape_string( job->target ) + "'";
  
      int err = 0;
  
@@ -211,12 +211,10 @@ std::shared_ptr<TBSCertificate> MySQLJobProvider::fetchTBSCert( std::shared_ptr<
          return std::shared_ptr<TBSCertificate>();
      }
  
-    cert->CN = std::string( row[0], row[0] + l[0] );
-    cert->subj = std::string( row[1], row[1] + l[1] );
-    cert->md = std::string( row[2], row[2] + l[2] );
-    cert->profile = std::string( row[3], row[3] + l[3] );
-    cert->csr = std::string( row[4], row[4] + l[4] );
-    cert->csr_type = std::string( row[5], row[5] + l[5] );
+    cert->md = std::string( row[0], row[0] + l[0] );
+    cert->profile = std::string( row[1], row[1] + l[1] );
+    cert->csr = std::string( row[2], row[2] + l[2] );
+    cert->csr_type = std::string( row[3], row[3] + l[3] );
  
      cert->SANs = std::vector<std::shared_ptr<SAN>>();
  
@@ -228,6 +226,8 @@ std::shared_ptr<TBSCertificate> MySQLJobProvider::fetchTBSCert( std::shared_ptr<
          return std::shared_ptr<TBSCertificate>();
      }
  
+    std::cout << "Fetching SANs" << std::endl;
+
      while( ( row = mysql_fetch_row( res.get() ) ) ) {
          unsigned long* l = mysql_fetch_lengths( res.get() );
  
@@ -241,6 +241,28 @@ std::shared_ptr<TBSCertificate> MySQLJobProvider::fetchTBSCert( std::shared_ptr<
          cert->SANs.push_back( nSAN );
      }
  
+    q = "SELECT name, value FROM certAvas WHERE certid='" + this->escape_string( job->target ) + "'";
+    std::tie( err, res ) = query( q );
+
+    if( err ) {
+        std::cout << mysql_error( this->conn.get() );
+        return std::shared_ptr<TBSCertificate>();
+
+    }
+
+    while( ( row = mysql_fetch_row( res.get() ) ) ) {
+        unsigned long* l = mysql_fetch_lengths( res.get() );
+
+        if( !l ) {
+            return std::shared_ptr<TBSCertificate>();
+        }
+
+        std::shared_ptr<AVA> nAVA = std::shared_ptr<AVA>( new AVA() );
+        nAVA->name = std::string( row[0], row[0] + l[0] );
+        nAVA->value = std::string( row[1], row[1] + l[1] );
+        cert->AVAs.push_back( nAVA );
+    }
+
      return cert;
  }
  
diff --git a/src/simpleOpensslSigner.cpp b/src/simpleOpensslSigner.cpp

index 5ff46307fcd57db30e88fa4c4bd2bf62d49b20f8..b41c58c2bd5475edc6ffe23221ac1f722dd42f06 100644 (file)
--- a/src/simpleOpensslSigner.cpp
+++ b/src/simpleOpensslSigner.cpp
@@ -155,10 +155,16 @@ std::shared_ptr<SignedCertificate> SimpleOpensslSigner::sign( std::shared_ptr<TB
          throw "malloc failure";
      }
  
-    std::shared_ptr<X509_NAME> subject = std::shared_ptr<X509_NAME>( subjectP, X509_NAME_free );
-    const char* strdata = "commonName";
-    X509_NAME_add_entry_by_NID( subject.get(), NID_commonName, MBSTRING_UTF8, ( unsigned char* )const_cast<char*>( strdata ), 10, -1, 0 ); // guard
-    c.addRDN( NID_commonName, "common-Content" );
+    for( std::shared_ptr<AVA> a : cert->AVAs ) {
+        if( a->name == "CN" ) {
+            c.addRDN( NID_commonName, a->value );
+        } else if( a->name == "EMAIL" ) {
+            c.addRDN( NID_pkcs9_emailAddress, a->value );
+        } else {
+            throw "unknown AVA-type";
+        }
+    }
+
      c.setIssuerNameFrom( caCert );
      c.setPubkeyFrom( req );
      std::shared_ptr<BIGNUM> ser = nextSerial();
author	Felix Dörre <felix@dogcraft.de>
	Sat, 1 Nov 2014 23:30:17 +0000 (00:30 +0100)
committer	Benny Baumann <BenBE@geshi.org>
	Fri, 7 Nov 2014 22:53:05 +0000 (23:53 +0100)
src/X509.cpp		patch \| blob \| history
src/database.h		patch \| blob \| history
src/main.cpp		patch \| blob \| history
src/mysql.cpp		patch \| blob \| history
src/simpleOpensslSigner.cpp		patch \| blob \| history