cacert-gosignerclient/internal/handler/handler.go

/*
Copyright 2022 CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package handler

import (
	"fmt"
	"time"

	"github.com/shamaton/msgpackgen/msgpack"
	"github.com/sirupsen/logrus"

	"git.cacert.org/cacert-gosignerclient/internal/client"

	"git.cacert.org/cacert-gosigner/pkg/messages"

	"git.cacert.org/cacert-gosigner/pkg/protocol"
	"git.cacert.org/cacert-gosignerclient/internal/config"
)

type SignerClientHandler struct {
	logger         *logrus.Logger
	commands       chan *protocol.Command
	config         *config.ClientConfig
	clientCallback chan interface{}
}

func (s *SignerClientHandler) Send(command *protocol.Command, out chan []byte) error {
	var (
		frame []byte
		err   error
	)

	frame, err = msgpack.Marshal(command.Announce)
	if err != nil {
		return fmt.Errorf("could not marshal command annoucement: %w", err)
	}

	s.logger.WithField("announcement", command.Announce).Debug("write command announcement")

	s.logger.Trace("writing command announcement")

	out <- frame

	frame, err = msgpack.Marshal(command.Command)
	if err != nil {
		return fmt.Errorf("could not marshal command data: %w", err)
	}

	s.logger.WithField("command", command.Command).Debug("write command data")

	out <- frame

	return nil
}

func (s *SignerClientHandler) ResponseAnnounce(in chan []byte) (*protocol.Response, error) {
	response := &protocol.Response{}

	var announce messages.ResponseAnnounce

	select {
	case frame := <-in:
		if err := msgpack.Unmarshal(frame, &announce); err != nil {
			return nil, fmt.Errorf("could not unmarshal response announcement: %w", err)
		}

		response.Announce = &announce

		s.logger.WithField("announcement", response.Announce).Debug("received response announcement")

		return response, nil
	case <-time.After(s.config.ResponseAnnounceTimeout):
		return nil, protocol.ErrResponseAnnounceTimeoutExpired
	}
}

func (s *SignerClientHandler) ResponseData(in chan []byte, response *protocol.Response) error {
	select {
	case frame := <-in:
		switch response.Announce.Code {
		case messages.RespHealth:
			var resp messages.HealthResponse
			if err := msgpack.Unmarshal(frame, &resp); err != nil {
				return fmt.Errorf("could not unmarshal health response data: %w", err)
			}

			response.Response = &resp
		case messages.RespFetchCRL:
			var resp messages.FetchCRLResponse
			if err := msgpack.Unmarshal(frame, &resp); err != nil {
				return fmt.Errorf("could not unmarshal fetch CRL response data: %w", err)
			}

			response.Response = &resp
		case messages.RespError:
			var resp messages.ErrorResponse
			if err := msgpack.Unmarshal(frame, &resp); err != nil {
				return fmt.Errorf("could not unmarshal error response data: %w", err)
			}

			response.Response = &resp
		default:
			return fmt.Errorf("unhandled response code %s", response.Announce.Code)
		}
	case <-time.After(s.config.ResponseDataTimeout):
		return protocol.ErrResponseDataTimeoutExpired
	}

	return nil
}

func (s *SignerClientHandler) HandleResponse(response *protocol.Response) error {
	s.logger.WithField("response", response.Announce).Info("handled response")
	s.logger.WithField("response", response).Debug("full response")

	switch r := response.Response.(type) {
	case *messages.ErrorResponse:
		s.logger.WithField("message", r.Message).Error("error from signer")
	case *messages.HealthResponse:
		s.handleHealthResponse(r)
	case *messages.FetchCRLResponse:
		s.handleFetchCRLResponse(r)
	default:
		s.logger.WithField("response", response).Warnf("unhandled response of type %T", response.Response)
	}

	return nil
}

func (s *SignerClientHandler) handleHealthResponse(r *messages.HealthResponse) {
	signerInfo := client.SignerInfo{}

	signerInfo.SignerHealth = r.Healthy
	signerInfo.SignerVersion = r.Version

	if !r.Healthy {
		// it might be a good idea to notify monitoring if the signer is not OK
		s.logger.Error("signer is not healthy")
	}

	for _, item := range r.Info {
		if !item.Healthy {
			s.logger.WithField("component", item.Source).Error("signer component is not healthy")
		}

		switch item.Source {
		case "HSM":
			signerInfo.CACertificates = make([]client.CertInfo, 0)
			signerInfo.UsableProfiles = make(map[string][]client.Profile)

			for certName, value := range item.MoreInfo {
				certInfo, err := item.ParseCertificateInfo(value)
				if err != nil {
					s.logger.WithError(err).Error("could not parse certificate information")

					break
				}

				s.logger.WithFields(map[string]interface{}{
					"certificate": certName,
					"signing":     certInfo.Signing,
					"profiles":    certInfo.Profiles,
					"status":      certInfo.Status,
					"valid-until": certInfo.ValidUntil,
				}).Trace("certificate info")

				signerInfo.CACertificates = append(
					signerInfo.CACertificates,
					client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},
				)

				if certInfo.Signing {
					for _, profile := range certInfo.Profiles {
						signerInfo.UsableProfiles[certName] = append(
							signerInfo.UsableProfiles[certName],
							client.Profile{Name: profile.Name, UseFor: string(profile.UseFor)},
						)
					}
				}
			}
		default:
			s.logger.WithField("source", item.Source).Warn("unhandled health source")
		}
	}

	s.clientCallback <- signerInfo
}

func (s *SignerClientHandler) handleFetchCRLResponse(r *messages.FetchCRLResponse) {
	s.clientCallback <- r
}

func New(
	config *config.ClientConfig,
	logger *logrus.Logger,
	commands chan *protocol.Command,
	clientCallback chan interface{},
) (protocol.ClientHandler, error) {
	return &SignerClientHandler{
		logger:         logger,
		config:         config,
		commands:       commands,
		clientCallback: clientCallback,
	}, nil
}
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`/*`
			`Copyright 2022 CAcert Inc.`
			`SPDX-License-Identifier: Apache-2.0`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package handler`

			`import (`
			`"fmt"`
			`"time"`

			`"github.com/shamaton/msgpackgen/msgpack"`
			`"github.com/sirupsen/logrus"`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`"git.cacert.org/cacert-gosignerclient/internal/client"`

Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`"git.cacert.org/cacert-gosigner/pkg/messages"`

			`"git.cacert.org/cacert-gosigner/pkg/protocol"`
			`"git.cacert.org/cacert-gosignerclient/internal/config"`
			`)`

			`type SignerClientHandler struct {`
Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`logger *logrus.Logger`
			`commands chan *protocol.Command`
			`config *config.ClientConfig`
			`clientCallback chan interface{}`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`}`

			`func (s SignerClientHandler) Send(command protocol.Command, out chan []byte) error {`
			`var (`
			`frame []byte`
			`err error`
			`)`

			`frame, err = msgpack.Marshal(command.Announce)`
			`if err != nil {`
			`return fmt.Errorf("could not marshal command annoucement: %w", err)`
			`}`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`s.logger.WithField("announcement", command.Announce).Debug("write command announcement")`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago
			`s.logger.Trace("writing command announcement")`

			`out <- frame`

			`frame, err = msgpack.Marshal(command.Command)`
			`if err != nil {`
			`return fmt.Errorf("could not marshal command data: %w", err)`
			`}`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`s.logger.WithField("command", command.Command).Debug("write command data")`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago
			`out <- frame`

			`return nil`
			`}`

			`func (s SignerClientHandler) ResponseAnnounce(in chan []byte) (protocol.Response, error) {`
			`response := &protocol.Response{}`

			`var announce messages.ResponseAnnounce`

			`select {`
			`case frame := <-in:`
			`if err := msgpack.Unmarshal(frame, &announce); err != nil {`
			`return nil, fmt.Errorf("could not unmarshal response announcement: %w", err)`
			`}`

			`response.Announce = &announce`

			`s.logger.WithField("announcement", response.Announce).Debug("received response announcement")`

			`return response, nil`
			`case <-time.After(s.config.ResponseAnnounceTimeout):`
			`return nil, protocol.ErrResponseAnnounceTimeoutExpired`
			`}`
			`}`

			`func (s SignerClientHandler) ResponseData(in chan []byte, response protocol.Response) error {`
			`select {`
			`case frame := <-in:`
			`switch response.Announce.Code {`
			`case messages.RespHealth:`
			`var resp messages.HealthResponse`
			`if err := msgpack.Unmarshal(frame, &resp); err != nil {`
			`return fmt.Errorf("could not unmarshal health response data: %w", err)`
			`}`

			`response.Response = &resp`
			`case messages.RespFetchCRL:`
			`var resp messages.FetchCRLResponse`
			`if err := msgpack.Unmarshal(frame, &resp); err != nil {`
			`return fmt.Errorf("could not unmarshal fetch CRL response data: %w", err)`
			`}`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`response.Response = &resp`
			`case messages.RespError:`
			`var resp messages.ErrorResponse`
			`if err := msgpack.Unmarshal(frame, &resp); err != nil {`
			`return fmt.Errorf("could not unmarshal error response data: %w", err)`
			`}`

Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`response.Response = &resp`
			`default:`
			`return fmt.Errorf("unhandled response code %s", response.Announce.Code)`
			`}`
			`case <-time.After(s.config.ResponseDataTimeout):`
			`return protocol.ErrResponseDataTimeoutExpired`
			`}`

			`return nil`
			`}`

			`func (s SignerClientHandler) HandleResponse(response protocol.Response) error {`
			`s.logger.WithField("response", response.Announce).Info("handled response")`
			`s.logger.WithField("response", response).Debug("full response")`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`switch r := response.Response.(type) {`
			`case *messages.ErrorResponse:`
			`s.logger.WithField("message", r.Message).Error("error from signer")`
			`case *messages.HealthResponse:`
			`s.handleHealthResponse(r)`
			`case *messages.FetchCRLResponse:`
			`s.handleFetchCRLResponse(r)`
			`default:`
			`s.logger.WithField("response", response).Warnf("unhandled response of type %T", response.Response)`
			`}`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago
			`return nil`
			`}`

Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`func (s SignerClientHandler) handleHealthResponse(r messages.HealthResponse) {`
			`signerInfo := client.SignerInfo{}`

			`signerInfo.SignerHealth = r.Healthy`
			`signerInfo.SignerVersion = r.Version`

			`if !r.Healthy {`
			`// it might be a good idea to notify monitoring if the signer is not OK`
			`s.logger.Error("signer is not healthy")`
			`}`

			`for _, item := range r.Info {`
			`if !item.Healthy {`
			`s.logger.WithField("component", item.Source).Error("signer component is not healthy")`
			`}`

			`switch item.Source {`
			`case "HSM":`
Improve CRL fetching - improve client data structures - do not fetch CRLs for root CA certificates 2 years ago			`signerInfo.CACertificates = make([]client.CertInfo, 0)`
Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`signerInfo.UsableProfiles = make(map[string][]client.Profile)`

			`for certName, value := range item.MoreInfo {`
			`certInfo, err := item.ParseCertificateInfo(value)`
			`if err != nil {`
			`s.logger.WithError(err).Error("could not parse certificate information")`

			`break`
			`}`

			`s.logger.WithFields(map[string]interface{}{`
			`"certificate": certName,`
			`"signing": certInfo.Signing,`
			`"profiles": certInfo.Profiles,`
			`"status": certInfo.Status,`
			`"valid-until": certInfo.ValidUntil,`
			`}).Trace("certificate info")`

Improve CRL fetching - improve client data structures - do not fetch CRLs for root CA certificates 2 years ago			`signerInfo.CACertificates = append(`
			`signerInfo.CACertificates,`
			`client.CertInfo{Name: certName, FetchCRL: certInfo.Signing},`
			`)`
Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago
			`if certInfo.Signing {`
			`for _, profile := range certInfo.Profiles {`
			`signerInfo.UsableProfiles[certName] = append(`
			`signerInfo.UsableProfiles[certName],`
			`client.Profile{Name: profile.Name, UseFor: string(profile.UseFor)},`
			`)`
			`}`
			`}`
			`}`
			`default:`
			`s.logger.WithField("source", item.Source).Warn("unhandled health source")`
			`}`
			`}`

			`s.clientCallback <- signerInfo`
			`}`

			`func (s SignerClientHandler) handleFetchCRLResponse(r messages.FetchCRLResponse) {`
			`s.clientCallback <- r`
			`}`

Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`func New(`
			`config *config.ClientConfig,`
			`logger *logrus.Logger,`
			`commands chan *protocol.Command,`
Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`clientCallback chan interface{},`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`) (protocol.ClientHandler, error) {`
			`return &SignerClientHandler{`
Implement CRL and Health response handling - add callback support to client and handler - implement support for updating the CA certificates and profiles from health data of the signer - implement CRL retrieval from the signer including delta CRL support - implement error response handling - add configurable start and interval timers for health and CRL data 2 years ago			`logger: logger,`
			`config: config,`
			`commands: commands,`
			`clientCallback: clientCallback,`
Initial signer client implementation This commit adds the project setup and implements a basic signer client that sends health check commands to the signer. 2 years ago			`}, nil`
			`}`