Jan Dittberner
ad6b987c91
- decouple config and messages - cainfo maps from config.Profile to messages.CAProfile - config parses profile usage - validity can be configured per certificate profile, defaults are defined in a defaultValidity method of the profile usage - the client simulator emits certificate signing requests at random intervals - add implementation of SingCertificateCommand to MsgPackHandler - remove indirection signing.RequestSignature
362 lines
8.4 KiB
Go
362 lines
8.4 KiB
Go
/*
|
|
Copyright 2022 CAcert Inc.
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
//go:generate go run github.com/shamaton/msgpackgen
|
|
|
|
// Package messages contains structure definitions for protocol messages
|
|
package messages
|
|
|
|
import (
|
|
"crypto"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"math/big"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
// required for msgpackgen
|
|
_ "github.com/dave/jennifer"
|
|
"github.com/google/uuid"
|
|
|
|
"git.cacert.org/cacert-gosigner/internal/x509/signing"
|
|
)
|
|
|
|
type CommandCode int8
|
|
|
|
const (
|
|
CmdUndef CommandCode = iota
|
|
CmdHealth
|
|
CmdCAInfo
|
|
CmdFetchCRL
|
|
CmdSignCertificate
|
|
CmdSignOpenPGP
|
|
CmdRevokeCertificate
|
|
)
|
|
|
|
var commandNames = map[CommandCode]string{
|
|
CmdUndef: "UNDEFINED",
|
|
CmdHealth: "HEALTH",
|
|
CmdFetchCRL: "FETCH CRL",
|
|
CmdCAInfo: "CA INFO",
|
|
CmdSignCertificate: "SIG CERT",
|
|
CmdSignOpenPGP: "SIG OPENPGP",
|
|
CmdRevokeCertificate: "REV CERT",
|
|
}
|
|
|
|
func (c CommandCode) String() string {
|
|
if name, ok := commandNames[c]; ok {
|
|
return name
|
|
}
|
|
|
|
return fmt.Sprintf("unknown %d", c)
|
|
}
|
|
|
|
type ResponseCode int8
|
|
|
|
const (
|
|
RespError ResponseCode = -1
|
|
RespUndef ResponseCode = iota
|
|
RespHealth
|
|
RespCAInfo
|
|
RespFetchCRL
|
|
RespSignCertificate
|
|
RespSignOpenPGP
|
|
RespRevokeCertificate
|
|
)
|
|
|
|
var responseNames = map[ResponseCode]string{
|
|
RespError: "ERROR",
|
|
RespUndef: "UNDEFINED",
|
|
RespHealth: "HEALTH",
|
|
RespCAInfo: "CA INFO",
|
|
RespFetchCRL: "FETCH CRL",
|
|
RespSignCertificate: "SIG CERT",
|
|
RespSignOpenPGP: "SIG OPENPGP",
|
|
RespRevokeCertificate: "REV CERT",
|
|
}
|
|
|
|
func (c ResponseCode) String() string {
|
|
if name, ok := responseNames[c]; ok {
|
|
return name
|
|
}
|
|
|
|
return fmt.Sprintf("unknown %d", c)
|
|
}
|
|
|
|
type CommandAnnounce struct {
|
|
Code CommandCode `msgpack:"code"`
|
|
ID string `msgpack:"id"`
|
|
Created time.Time `msgpack:"created"`
|
|
}
|
|
|
|
func (r *CommandAnnounce) String() string {
|
|
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
|
|
}
|
|
|
|
func BuildCommandAnnounce(code CommandCode) *CommandAnnounce {
|
|
commandID := uuid.NewString()
|
|
|
|
return &CommandAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
|
|
}
|
|
|
|
type ResponseAnnounce struct {
|
|
Code ResponseCode `msgpack:"code"`
|
|
Created time.Time `msgpack:"created"`
|
|
ID string `msgpack:"id"`
|
|
}
|
|
|
|
func (r *ResponseAnnounce) String() string {
|
|
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
|
|
}
|
|
|
|
func BuildResponseAnnounce(code ResponseCode, commandID string) *ResponseAnnounce {
|
|
return &ResponseAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
|
|
}
|
|
|
|
type CAProfile struct {
|
|
Name string `msgpack:"name"`
|
|
Description string `msgpack:"description"`
|
|
UseFor signing.ProfileUsage `msgpack:"use-for"`
|
|
}
|
|
|
|
func (p CAProfile) String() string {
|
|
return fmt.Sprintf("profile['%s': '%s']", p.Name, p.UseFor)
|
|
}
|
|
|
|
type CertificateStatus string
|
|
|
|
const (
|
|
CertStatusOk CertificateStatus = "ok"
|
|
CertStatusFailed CertificateStatus = "failed"
|
|
)
|
|
|
|
type CAInfoCommand struct {
|
|
Name string `msgpack:"name"`
|
|
}
|
|
|
|
func (r *CAInfoCommand) String() string {
|
|
return fmt.Sprintf("name=%s", r.Name)
|
|
}
|
|
|
|
type CAInfoResponse struct {
|
|
Name string `msgpack:"name"`
|
|
Certificate []byte `msgpack:"certificate"`
|
|
Signing bool `msgpack:"signing"`
|
|
Profiles []CAProfile `msgpack:"profiles"`
|
|
}
|
|
|
|
func (i CAInfoResponse) String() string {
|
|
return fmt.Sprintf("certificate name=%s, signing=%t, profiles=[%s]", i.Name, i.Signing, i.Profiles)
|
|
}
|
|
|
|
type ErrorResponse struct {
|
|
Message string `msgpack:"message"`
|
|
}
|
|
|
|
func (e *ErrorResponse) String() string {
|
|
return fmt.Sprintf("message=%s", e.Message)
|
|
}
|
|
|
|
type FetchCRLCommand struct {
|
|
IssuerID string `msgpack:"issuer_id"`
|
|
LastKnownID []byte `msgpack:"last_known_id"`
|
|
}
|
|
|
|
func (f *FetchCRLCommand) String() string {
|
|
builder := &strings.Builder{}
|
|
|
|
_, _ = fmt.Fprintf(builder, "issuerId='%s'", f.IssuerID)
|
|
|
|
if f.LastKnownID != nil {
|
|
_, _ = fmt.Fprintf(builder, ", lastKnownId=0x%x", new(big.Int).SetBytes(f.LastKnownID))
|
|
}
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
type FetchCRLResponse struct {
|
|
IssuerID string `msgpack:"issuer_id"`
|
|
IsDelta bool `msgpack:"is_delta"`
|
|
UnChanged bool `msgpack:"unchanged"`
|
|
CRLData []byte `msgpack:"crl_data"`
|
|
CRLNumber []byte `msgpack:"crl_number"`
|
|
}
|
|
|
|
func (r *FetchCRLResponse) String() string {
|
|
builder := &strings.Builder{}
|
|
|
|
_, _ = fmt.Fprintf(
|
|
builder,
|
|
"issuer id=%s, delta=%t, unchanged=%t, CRL number=0x%x",
|
|
r.IssuerID,
|
|
r.IsDelta,
|
|
r.UnChanged,
|
|
new(big.Int).SetBytes(r.CRLNumber),
|
|
)
|
|
|
|
if r.UnChanged {
|
|
return builder.String()
|
|
}
|
|
|
|
if r.IsDelta {
|
|
_, _ = fmt.Fprintf(builder, ", delta CRL data of %d bytes not shown", len(r.CRLData))
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
revocationList, err := x509.ParseRevocationList(r.CRLData)
|
|
if err != nil {
|
|
_, _ = fmt.Fprintf(builder, ", could not parse CRL: %s", err.Error())
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
_, _ = fmt.Fprintf(
|
|
builder,
|
|
", CRL info: issuer=%s, number=0x%x, next update=%s, revoked certificates=%d",
|
|
revocationList.Issuer,
|
|
revocationList.Number,
|
|
revocationList.NextUpdate,
|
|
len(revocationList.RevokedCertificates),
|
|
)
|
|
_, _ = builder.WriteString(", CRL data:\n")
|
|
_ = pem.Encode(builder, &pem.Block{
|
|
Type: "CERTIFICATE REVOCATION LIST",
|
|
Bytes: r.CRLData,
|
|
})
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
type HealthCommand struct{}
|
|
|
|
func (h *HealthCommand) String() string {
|
|
return ""
|
|
}
|
|
|
|
type HealthInfo struct {
|
|
Source string
|
|
Healthy bool
|
|
MoreInfo map[string]string
|
|
}
|
|
|
|
func (i *HealthInfo) String() string {
|
|
builder := &strings.Builder{}
|
|
|
|
_, _ = fmt.Fprintf(builder, "source: %s, healthy: %v", i.Source, i.Healthy)
|
|
|
|
if len(i.MoreInfo) > 0 {
|
|
keys := make([]string, 0, len(i.MoreInfo))
|
|
parts := make([]string, len(i.MoreInfo))
|
|
|
|
for k := range i.MoreInfo {
|
|
keys = append(keys, k)
|
|
}
|
|
|
|
sort.Strings(keys)
|
|
|
|
for j, k := range keys {
|
|
parts[j] = fmt.Sprintf("'%s': '%s'", k, i.MoreInfo[k])
|
|
}
|
|
|
|
builder.WriteRune('[')
|
|
builder.WriteString(strings.Join(parts, ", "))
|
|
builder.WriteRune(']')
|
|
}
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
type HealthResponse struct {
|
|
Version string `msgpack:"version"`
|
|
Healthy bool `msgpack:"healthy"`
|
|
Info []*HealthInfo
|
|
}
|
|
|
|
func (h *HealthResponse) String() string {
|
|
builder := &strings.Builder{}
|
|
|
|
_, _ = fmt.Fprintf(builder, "signer version=%s, healthy=%v, health data=[", h.Version, h.Healthy)
|
|
|
|
infos := make([]string, len(h.Info))
|
|
|
|
for i, info := range h.Info {
|
|
infos[i] = fmt.Sprintf("{%s}", info)
|
|
}
|
|
|
|
builder.WriteString(strings.Join(infos, ", "))
|
|
|
|
builder.WriteRune(']')
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
type SignCertificateCommand struct {
|
|
IssuerID string `msgpack:"issuer_id"`
|
|
ProfileName string `msgpack:"profile_name"`
|
|
CSRData []byte `msgpack:"csr_data"`
|
|
CommonName string `msgpack:"cn"`
|
|
Organization string `msgpack:"o"`
|
|
OrganizationalUnit string `msgpack:"ou"`
|
|
Hostnames []string `msgpack:"hostnames"`
|
|
EmailAddresses []string `msgpack:"email_addresses"`
|
|
PreferredHash crypto.Hash `msgpack:"preferred_hash"`
|
|
}
|
|
|
|
func (s *SignCertificateCommand) String() string {
|
|
builder := &strings.Builder{}
|
|
|
|
_, _ = fmt.Fprintf(
|
|
builder, "issuer_id=%s, profile_name=%s, cn=%s", s.IssuerID, s.ProfileName, s.CommonName,
|
|
)
|
|
|
|
if s.Organization != "" {
|
|
_, _ = fmt.Fprintf(builder, ", o=%s", s.Organization)
|
|
}
|
|
|
|
if s.OrganizationalUnit != "" {
|
|
_, _ = fmt.Fprintf(builder, ", ou=%s", s.OrganizationalUnit)
|
|
}
|
|
|
|
if len(s.Hostnames) > 0 {
|
|
builder.WriteString(", hostnames=[")
|
|
|
|
builder.WriteString(strings.Join(s.Hostnames, ", "))
|
|
|
|
builder.WriteRune(']')
|
|
}
|
|
|
|
if len(s.EmailAddresses) > 0 {
|
|
builder.WriteString(", email_addresses=[")
|
|
|
|
builder.WriteString(strings.Join(s.Hostnames, ", "))
|
|
|
|
builder.WriteRune(']')
|
|
}
|
|
|
|
return builder.String()
|
|
}
|
|
|
|
type SignCertificateResponse struct {
|
|
CertificateData []byte `msgpack:"cert_data"`
|
|
}
|
|
|
|
func (r *SignCertificateResponse) String() string {
|
|
return fmt.Sprintf("cert_data of %d bytes", len(r.CertificateData))
|
|
}
|