cacert-gosigner/pkg/messages/messages.go
Jan Dittberner ad6b987c91 Implement sign certificate command
- decouple config and messages
- cainfo maps from config.Profile to messages.CAProfile
- config parses profile usage
- validity can be configured per certificate profile, defaults are defined in
  a defaultValidity method of the profile usage
- the client simulator emits certificate signing requests at random intervals
- add implementation of SingCertificateCommand to MsgPackHandler
- remove indirection signing.RequestSignature
2022-12-11 13:32:05 +01:00

362 lines
8.4 KiB
Go

/*
Copyright 2022 CAcert Inc.
SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
//go:generate go run github.com/shamaton/msgpackgen
// Package messages contains structure definitions for protocol messages
package messages
import (
"crypto"
"crypto/x509"
"encoding/pem"
"fmt"
"math/big"
"sort"
"strings"
"time"
// required for msgpackgen
_ "github.com/dave/jennifer"
"github.com/google/uuid"
"git.cacert.org/cacert-gosigner/internal/x509/signing"
)
type CommandCode int8
const (
CmdUndef CommandCode = iota
CmdHealth
CmdCAInfo
CmdFetchCRL
CmdSignCertificate
CmdSignOpenPGP
CmdRevokeCertificate
)
var commandNames = map[CommandCode]string{
CmdUndef: "UNDEFINED",
CmdHealth: "HEALTH",
CmdFetchCRL: "FETCH CRL",
CmdCAInfo: "CA INFO",
CmdSignCertificate: "SIG CERT",
CmdSignOpenPGP: "SIG OPENPGP",
CmdRevokeCertificate: "REV CERT",
}
func (c CommandCode) String() string {
if name, ok := commandNames[c]; ok {
return name
}
return fmt.Sprintf("unknown %d", c)
}
type ResponseCode int8
const (
RespError ResponseCode = -1
RespUndef ResponseCode = iota
RespHealth
RespCAInfo
RespFetchCRL
RespSignCertificate
RespSignOpenPGP
RespRevokeCertificate
)
var responseNames = map[ResponseCode]string{
RespError: "ERROR",
RespUndef: "UNDEFINED",
RespHealth: "HEALTH",
RespCAInfo: "CA INFO",
RespFetchCRL: "FETCH CRL",
RespSignCertificate: "SIG CERT",
RespSignOpenPGP: "SIG OPENPGP",
RespRevokeCertificate: "REV CERT",
}
func (c ResponseCode) String() string {
if name, ok := responseNames[c]; ok {
return name
}
return fmt.Sprintf("unknown %d", c)
}
type CommandAnnounce struct {
Code CommandCode `msgpack:"code"`
ID string `msgpack:"id"`
Created time.Time `msgpack:"created"`
}
func (r *CommandAnnounce) String() string {
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
}
func BuildCommandAnnounce(code CommandCode) *CommandAnnounce {
commandID := uuid.NewString()
return &CommandAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
}
type ResponseAnnounce struct {
Code ResponseCode `msgpack:"code"`
Created time.Time `msgpack:"created"`
ID string `msgpack:"id"`
}
func (r *ResponseAnnounce) String() string {
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
}
func BuildResponseAnnounce(code ResponseCode, commandID string) *ResponseAnnounce {
return &ResponseAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
}
type CAProfile struct {
Name string `msgpack:"name"`
Description string `msgpack:"description"`
UseFor signing.ProfileUsage `msgpack:"use-for"`
}
func (p CAProfile) String() string {
return fmt.Sprintf("profile['%s': '%s']", p.Name, p.UseFor)
}
type CertificateStatus string
const (
CertStatusOk CertificateStatus = "ok"
CertStatusFailed CertificateStatus = "failed"
)
type CAInfoCommand struct {
Name string `msgpack:"name"`
}
func (r *CAInfoCommand) String() string {
return fmt.Sprintf("name=%s", r.Name)
}
type CAInfoResponse struct {
Name string `msgpack:"name"`
Certificate []byte `msgpack:"certificate"`
Signing bool `msgpack:"signing"`
Profiles []CAProfile `msgpack:"profiles"`
}
func (i CAInfoResponse) String() string {
return fmt.Sprintf("certificate name=%s, signing=%t, profiles=[%s]", i.Name, i.Signing, i.Profiles)
}
type ErrorResponse struct {
Message string `msgpack:"message"`
}
func (e *ErrorResponse) String() string {
return fmt.Sprintf("message=%s", e.Message)
}
type FetchCRLCommand struct {
IssuerID string `msgpack:"issuer_id"`
LastKnownID []byte `msgpack:"last_known_id"`
}
func (f *FetchCRLCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "issuerId='%s'", f.IssuerID)
if f.LastKnownID != nil {
_, _ = fmt.Fprintf(builder, ", lastKnownId=0x%x", new(big.Int).SetBytes(f.LastKnownID))
}
return builder.String()
}
type FetchCRLResponse struct {
IssuerID string `msgpack:"issuer_id"`
IsDelta bool `msgpack:"is_delta"`
UnChanged bool `msgpack:"unchanged"`
CRLData []byte `msgpack:"crl_data"`
CRLNumber []byte `msgpack:"crl_number"`
}
func (r *FetchCRLResponse) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder,
"issuer id=%s, delta=%t, unchanged=%t, CRL number=0x%x",
r.IssuerID,
r.IsDelta,
r.UnChanged,
new(big.Int).SetBytes(r.CRLNumber),
)
if r.UnChanged {
return builder.String()
}
if r.IsDelta {
_, _ = fmt.Fprintf(builder, ", delta CRL data of %d bytes not shown", len(r.CRLData))
return builder.String()
}
revocationList, err := x509.ParseRevocationList(r.CRLData)
if err != nil {
_, _ = fmt.Fprintf(builder, ", could not parse CRL: %s", err.Error())
return builder.String()
}
_, _ = fmt.Fprintf(
builder,
", CRL info: issuer=%s, number=0x%x, next update=%s, revoked certificates=%d",
revocationList.Issuer,
revocationList.Number,
revocationList.NextUpdate,
len(revocationList.RevokedCertificates),
)
_, _ = builder.WriteString(", CRL data:\n")
_ = pem.Encode(builder, &pem.Block{
Type: "CERTIFICATE REVOCATION LIST",
Bytes: r.CRLData,
})
return builder.String()
}
type HealthCommand struct{}
func (h *HealthCommand) String() string {
return ""
}
type HealthInfo struct {
Source string
Healthy bool
MoreInfo map[string]string
}
func (i *HealthInfo) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "source: %s, healthy: %v", i.Source, i.Healthy)
if len(i.MoreInfo) > 0 {
keys := make([]string, 0, len(i.MoreInfo))
parts := make([]string, len(i.MoreInfo))
for k := range i.MoreInfo {
keys = append(keys, k)
}
sort.Strings(keys)
for j, k := range keys {
parts[j] = fmt.Sprintf("'%s': '%s'", k, i.MoreInfo[k])
}
builder.WriteRune('[')
builder.WriteString(strings.Join(parts, ", "))
builder.WriteRune(']')
}
return builder.String()
}
type HealthResponse struct {
Version string `msgpack:"version"`
Healthy bool `msgpack:"healthy"`
Info []*HealthInfo
}
func (h *HealthResponse) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "signer version=%s, healthy=%v, health data=[", h.Version, h.Healthy)
infos := make([]string, len(h.Info))
for i, info := range h.Info {
infos[i] = fmt.Sprintf("{%s}", info)
}
builder.WriteString(strings.Join(infos, ", "))
builder.WriteRune(']')
return builder.String()
}
type SignCertificateCommand struct {
IssuerID string `msgpack:"issuer_id"`
ProfileName string `msgpack:"profile_name"`
CSRData []byte `msgpack:"csr_data"`
CommonName string `msgpack:"cn"`
Organization string `msgpack:"o"`
OrganizationalUnit string `msgpack:"ou"`
Hostnames []string `msgpack:"hostnames"`
EmailAddresses []string `msgpack:"email_addresses"`
PreferredHash crypto.Hash `msgpack:"preferred_hash"`
}
func (s *SignCertificateCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder, "issuer_id=%s, profile_name=%s, cn=%s", s.IssuerID, s.ProfileName, s.CommonName,
)
if s.Organization != "" {
_, _ = fmt.Fprintf(builder, ", o=%s", s.Organization)
}
if s.OrganizationalUnit != "" {
_, _ = fmt.Fprintf(builder, ", ou=%s", s.OrganizationalUnit)
}
if len(s.Hostnames) > 0 {
builder.WriteString(", hostnames=[")
builder.WriteString(strings.Join(s.Hostnames, ", "))
builder.WriteRune(']')
}
if len(s.EmailAddresses) > 0 {
builder.WriteString(", email_addresses=[")
builder.WriteString(strings.Join(s.Hostnames, ", "))
builder.WriteRune(']')
}
return builder.String()
}
type SignCertificateResponse struct {
CertificateData []byte `msgpack:"cert_data"`
}
func (r *SignCertificateResponse) String() string {
return fmt.Sprintf("cert_data of %d bytes", len(r.CertificateData))
}