cacert-gosigner/pkg/messages/messages.go
Jan Dittberner e35e9e9df6 Cleanup command and response types
- use consistent method recipient names
- move ErrorResponse to the end of the messages
- fix email address output in SignCertificateCommand String() method
2022-12-11 14:03:45 +01:00

430 lines
10 KiB
Go

/*
Copyright 2022 CAcert Inc.
SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
//go:generate go run github.com/shamaton/msgpackgen
// Package messages contains structure definitions for protocol messages
package messages
import (
"crypto"
"crypto/x509"
"encoding/pem"
"fmt"
"math/big"
"sort"
"strings"
"time"
// required for msgpackgen
_ "github.com/dave/jennifer"
"github.com/google/uuid"
"git.cacert.org/cacert-gosigner/internal/x509/signing"
)
type CommandCode int8
const (
CmdUndef CommandCode = iota
CmdHealth
CmdCAInfo
CmdFetchCRL
CmdSignCertificate
CmdSignOpenPGP
CmdRevokeCertificate
)
var commandNames = map[CommandCode]string{
CmdUndef: "UNDEFINED",
CmdHealth: "HEALTH",
CmdFetchCRL: "FETCH CRL",
CmdCAInfo: "CA INFO",
CmdSignCertificate: "SIG CERT",
CmdSignOpenPGP: "SIG OPENPGP",
CmdRevokeCertificate: "REV CERT",
}
func (c CommandCode) String() string {
if name, ok := commandNames[c]; ok {
return name
}
return fmt.Sprintf("unknown %d", c)
}
type ResponseCode int8
const (
RespError ResponseCode = -1
RespUndef ResponseCode = iota
RespHealth
RespCAInfo
RespFetchCRL
RespSignCertificate
RespSignOpenPGP
RespRevokeCertificate
)
var responseNames = map[ResponseCode]string{
RespError: "ERROR",
RespUndef: "UNDEFINED",
RespHealth: "HEALTH",
RespCAInfo: "CA INFO",
RespFetchCRL: "FETCH CRL",
RespSignCertificate: "SIG CERT",
RespSignOpenPGP: "SIG OPENPGP",
RespRevokeCertificate: "REV CERT",
}
func (c ResponseCode) String() string {
if name, ok := responseNames[c]; ok {
return name
}
return fmt.Sprintf("unknown %d", c)
}
type CommandAnnounce struct {
Code CommandCode `msgpack:"code"`
ID string `msgpack:"id"`
Created time.Time `msgpack:"created"`
}
func (r *CommandAnnounce) String() string {
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
}
func BuildCommandAnnounce(code CommandCode) *CommandAnnounce {
commandID := uuid.NewString()
return &CommandAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
}
type ResponseAnnounce struct {
Code ResponseCode `msgpack:"code"`
Created time.Time `msgpack:"created"`
ID string `msgpack:"id"`
}
func (r *ResponseAnnounce) String() string {
return fmt.Sprintf("code=%s, id=%s, created=%s", r.Code, r.ID, r.Created.Format(time.RFC3339))
}
func BuildResponseAnnounce(code ResponseCode, commandID string) *ResponseAnnounce {
return &ResponseAnnounce{Code: code, ID: commandID, Created: time.Now().UTC()}
}
type CAProfile struct {
Name string `msgpack:"name"`
Description string `msgpack:"description"`
UseFor signing.ProfileUsage `msgpack:"use-for"`
}
func (p CAProfile) String() string {
return fmt.Sprintf("profile['%s': '%s']", p.Name, p.UseFor)
}
type CertificateStatus string
const (
CertStatusOk CertificateStatus = "ok"
CertStatusFailed CertificateStatus = "failed"
)
type CAInfoCommand struct {
Name string `msgpack:"name"`
}
func (c *CAInfoCommand) String() string {
return fmt.Sprintf("name=%s", c.Name)
}
type CAInfoResponse struct {
Name string `msgpack:"name"`
Certificate []byte `msgpack:"certificate"`
Signing bool `msgpack:"signing"`
Profiles []CAProfile `msgpack:"profiles"`
}
func (r CAInfoResponse) String() string {
return fmt.Sprintf("certificate name=%s, signing=%t, profiles=[%s]", r.Name, r.Signing, r.Profiles)
}
type FetchCRLCommand struct {
IssuerID string `msgpack:"issuer_id"`
LastKnownID []byte `msgpack:"last_known_id"`
}
func (c *FetchCRLCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "issuerId='%s'", c.IssuerID)
if c.LastKnownID != nil {
_, _ = fmt.Fprintf(builder, ", lastKnownId=0x%x", new(big.Int).SetBytes(c.LastKnownID))
}
return builder.String()
}
type FetchCRLResponse struct {
IssuerID string `msgpack:"issuer_id"`
IsDelta bool `msgpack:"is_delta"`
UnChanged bool `msgpack:"unchanged"`
CRLData []byte `msgpack:"crl_data"`
CRLNumber []byte `msgpack:"crl_number"`
}
func (r *FetchCRLResponse) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder,
"issuer id=%s, delta=%t, unchanged=%t, CRL number=0x%x",
r.IssuerID,
r.IsDelta,
r.UnChanged,
new(big.Int).SetBytes(r.CRLNumber),
)
if r.UnChanged {
return builder.String()
}
if r.IsDelta {
_, _ = fmt.Fprintf(builder, ", delta CRL data of %d bytes not shown", len(r.CRLData))
return builder.String()
}
revocationList, err := x509.ParseRevocationList(r.CRLData)
if err != nil {
_, _ = fmt.Fprintf(builder, ", could not parse CRL: %s", err.Error())
return builder.String()
}
_, _ = fmt.Fprintf(
builder,
", CRL info: issuer=%s, number=0x%x, next update=%s, revoked certificates=%d",
revocationList.Issuer,
revocationList.Number,
revocationList.NextUpdate,
len(revocationList.RevokedCertificates),
)
_, _ = builder.WriteString(", CRL data:\n")
_ = pem.Encode(builder, &pem.Block{
Type: "CERTIFICATE REVOCATION LIST",
Bytes: r.CRLData,
})
return builder.String()
}
type HealthCommand struct{}
func (c *HealthCommand) String() string {
return ""
}
type HealthInfo struct {
Source string
Healthy bool
MoreInfo map[string]string
}
func (i *HealthInfo) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "source: %s, healthy: %v", i.Source, i.Healthy)
if len(i.MoreInfo) > 0 {
keys := make([]string, 0, len(i.MoreInfo))
parts := make([]string, len(i.MoreInfo))
for k := range i.MoreInfo {
keys = append(keys, k)
}
sort.Strings(keys)
for j, k := range keys {
parts[j] = fmt.Sprintf("'%s': '%s'", k, i.MoreInfo[k])
}
builder.WriteRune('[')
builder.WriteString(strings.Join(parts, ", "))
builder.WriteRune(']')
}
return builder.String()
}
type HealthResponse struct {
Version string `msgpack:"version"`
Healthy bool `msgpack:"healthy"`
Info []*HealthInfo
}
func (r *HealthResponse) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(builder, "signer version=%s, healthy=%v, health data=[", r.Version, r.Healthy)
infos := make([]string, len(r.Info))
for i, info := range r.Info {
infos[i] = fmt.Sprintf("{%s}", info)
}
builder.WriteString(strings.Join(infos, ", "))
builder.WriteRune(']')
return builder.String()
}
type SignCertificateCommand struct {
IssuerID string `msgpack:"issuer_id"`
ProfileName string `msgpack:"profile_name"`
CSRData []byte `msgpack:"csr_data"`
CommonName string `msgpack:"cn"`
Organization string `msgpack:"o"`
OrganizationalUnit string `msgpack:"ou"`
Hostnames []string `msgpack:"hostnames"`
EmailAddresses []string `msgpack:"email_addresses"`
PreferredHash crypto.Hash `msgpack:"preferred_hash"`
}
func (c *SignCertificateCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder, "issuer_id=%s, profile_name=%s, cn=%s", c.IssuerID, c.ProfileName, c.CommonName,
)
if c.Organization != "" {
_, _ = fmt.Fprintf(builder, ", o=%s", c.Organization)
}
if c.OrganizationalUnit != "" {
_, _ = fmt.Fprintf(builder, ", ou=%s", c.OrganizationalUnit)
}
if len(c.Hostnames) > 0 {
builder.WriteString(", hostnames=[")
builder.WriteString(strings.Join(c.Hostnames, ", "))
builder.WriteRune(']')
}
if len(c.EmailAddresses) > 0 {
builder.WriteString(", email_addresses=[")
builder.WriteString(strings.Join(c.EmailAddresses, ", "))
builder.WriteRune(']')
}
return builder.String()
}
type SignCertificateResponse struct {
CertificateData []byte `msgpack:"cert_data"`
}
func (r *SignCertificateResponse) String() string {
return fmt.Sprintf("cert_data of %d bytes", len(r.CertificateData))
}
type RevokeCertificateCommand struct {
IssuerID string `msgpack:"issuer_id"`
Serial []byte `msgpack:"serial_number"`
Reason string `msgpack:"reason"`
}
func (c *RevokeCertificateCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder,
"issuerID=%s, serial=0x%s", c.IssuerID, new(big.Int).SetBytes(c.Serial).Text(16),
)
if c.Reason != "" {
_, _ = fmt.Fprintf(builder, ", reason=%s", c.Reason)
}
return builder.String()
}
type RevokeCertificateResponse struct {
IssuerID string `msgpack:"issuer_id"`
Serial []byte `msgpack:"serial_number"`
RevokedAt time.Time `msgpack:"revoked_at"`
}
func (r *RevokeCertificateResponse) String() string {
return fmt.Sprintf(
"issuerID=%s, serial=0x%s, revoked_at=%s",
r.IssuerID, new(big.Int).SetBytes(r.Serial).Text(16), r.RevokedAt.Format(time.RFC3339),
)
}
type SignOpenPGPCommand struct {
IssuerID string `msgpack:"issuer_id"`
ProfileName string `msgpack:"profile_name"`
PublicKey []byte `msgpack:"public_key"`
CommonName string `msgpack:"cn"`
EmailAddresses []string `msgpack:"email_addresses"`
}
func (c *SignOpenPGPCommand) String() string {
builder := &strings.Builder{}
_, _ = fmt.Fprintf(
builder, "issuer_id=%s, profile_name=%s, cn=%s", c.IssuerID, c.ProfileName, c.CommonName,
)
if len(c.EmailAddresses) > 0 {
builder.WriteString(", email_addresses=[")
builder.WriteString(strings.Join(c.EmailAddresses, ", "))
builder.WriteRune(']')
}
return builder.String()
}
type SignOpenPGPResponse struct {
SignatureData []byte `msgpack:"signature_data"`
}
func (r *SignOpenPGPResponse) String() string {
return fmt.Sprintf("sig_data of %d bytes", len(r.SignatureData))
}
type ErrorResponse struct {
Message string `msgpack:"message"`
}
func (r *ErrorResponse) String() string {
return fmt.Sprintf("message=%s", r.Message)
}