func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Reason, rac core.RegistrationAuthority, logger blog.Logger, tx *gorp.Transaction) (err error) { if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 { panic(fmt.Sprintf("Invalid reason code: %d", reasonCode)) } certObj, err := sa.SelectCertificate(tx, "WHERE serial = ?", serial) if err == sql.ErrNoRows { return core.NotFoundError(fmt.Sprintf("No certificate found for %s", serial)) } if err != nil { return err } cert, err := x509.ParseCertificate(certObj.DER) if err != nil { return } u, err := user.Current() err = rac.AdministrativelyRevokeCertificate(ctx, *cert, reasonCode, u.Username) if err != nil { return } logger.Info(fmt.Sprintf("Revoked certificate %s with reason '%s'", serial, revocation.ReasonToString[reasonCode])) return }
// NewRegistrationAuthorityServer constructs an RPC server func NewRegistrationAuthorityServer(rpc RPCServer, impl core.RegistrationAuthority) error { log := blog.GetAuditLogger() rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte, err error) { var rr registrationRequest if err = json.Unmarshal(req, &rr); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewRegistration, err, req) return } reg, err := impl.NewRegistration(rr.Reg) if err != nil { return } response, err = json.Marshal(reg) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewRegistration, err, req) return } return }) rpc.Handle(MethodNewAuthorization, func(req []byte) (response []byte, err error) { var ar authorizationRequest if err = json.Unmarshal(req, &ar); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewAuthorization, err, req) return } authz, err := impl.NewAuthorization(ar.Authz, ar.RegID) if err != nil { return } response, err = json.Marshal(authz) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewAuthorization, err, req) return } return }) rpc.Handle(MethodNewCertificate, func(req []byte) (response []byte, err error) { log.Info(fmt.Sprintf(" [.] Entering MethodNewCertificate")) var cr certificateRequest if err = json.Unmarshal(req, &cr); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewCertificate, err, req) return } log.Info(fmt.Sprintf(" [.] No problem unmarshaling request")) cert, err := impl.NewCertificate(cr.Req, cr.RegID) if err != nil { return } log.Info(fmt.Sprintf(" [.] No problem issuing new cert")) response, err = json.Marshal(cert) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewCertificate, err, req) return } return }) rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte, err error) { var urReq updateRegistrationRequest err = json.Unmarshal(req, &urReq) if err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodUpdateRegistration, err, req) return } reg, err := impl.UpdateRegistration(urReq.Base, urReq.Update) if err != nil { return } response, err = json.Marshal(reg) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodUpdateRegistration, err, req) return } return }) rpc.Handle(MethodUpdateAuthorization, func(req []byte) (response []byte, err error) { var uaReq updateAuthorizationRequest err = json.Unmarshal(req, &uaReq) if err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodUpdateAuthorization, err, req) return } newAuthz, err := impl.UpdateAuthorization(uaReq.Authz, uaReq.Index, uaReq.Response) if err != nil { return } response, err = json.Marshal(newAuthz) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodUpdateAuthorization, err, req) return } return }) rpc.Handle(MethodRevokeCertificate, func(req []byte) (response []byte, err error) { var revReq struct { Cert []byte Reason core.RevocationCode RegID *int64 } if err = json.Unmarshal(req, &revReq); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodRevokeCertificate, err, req) return } cert, err := x509.ParseCertificate(revReq.Cert) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 return } err = impl.RevokeCertificate(*cert, revReq.Reason, revReq.RegID) return }) rpc.Handle(MethodOnValidationUpdate, func(req []byte) (response []byte, err error) { var authz core.Authorization if err = json.Unmarshal(req, &authz); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodOnValidationUpdate, err, req) return } err = impl.OnValidationUpdate(authz) return }) return nil }
// NewRegistrationAuthorityServer constructs an RPC server func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority, log blog.Logger) error { rpc.Handle(MethodNewRegistration, func(ctx context.Context, req []byte) (response []byte, err error) { var rr registrationRequest if err = json.Unmarshal(req, &rr); err != nil { improperMessage(MethodNewRegistration, err, req) return } reg, err := impl.NewRegistration(ctx, rr.Reg) if err != nil { return } response, err = json.Marshal(reg) if err != nil { errorCondition(MethodNewRegistration, err, req) return } return }) rpc.Handle(MethodNewAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) { var ar authorizationRequest if err = json.Unmarshal(req, &ar); err != nil { improperMessage(MethodNewAuthorization, err, req) return } authz, err := impl.NewAuthorization(ctx, ar.Authz, ar.RegID) if err != nil { return } response, err = json.Marshal(authz) if err != nil { errorCondition(MethodNewAuthorization, err, req) return } return }) rpc.Handle(MethodNewCertificate, func(ctx context.Context, req []byte) (response []byte, err error) { var cr certificateRequest if err = json.Unmarshal(req, &cr); err != nil { improperMessage(MethodNewCertificate, err, req) return } cert, err := impl.NewCertificate(ctx, cr.Req, cr.RegID) if err != nil { return } response, err = json.Marshal(cert) if err != nil { errorCondition(MethodNewCertificate, err, req) return } return }) rpc.Handle(MethodUpdateRegistration, func(ctx context.Context, req []byte) (response []byte, err error) { var urReq updateRegistrationRequest err = json.Unmarshal(req, &urReq) if err != nil { improperMessage(MethodUpdateRegistration, err, req) return } reg, err := impl.UpdateRegistration(ctx, urReq.Base, urReq.Update) if err != nil { return } response, err = json.Marshal(reg) if err != nil { errorCondition(MethodUpdateRegistration, err, req) return } return }) rpc.Handle(MethodUpdateAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) { var uaReq updateAuthorizationRequest err = json.Unmarshal(req, &uaReq) if err != nil { improperMessage(MethodUpdateAuthorization, err, req) return } newAuthz, err := impl.UpdateAuthorization(ctx, uaReq.Authz, uaReq.Index, uaReq.Response) if err != nil { return } response, err = json.Marshal(newAuthz) if err != nil { errorCondition(MethodUpdateAuthorization, err, req) return } return }) rpc.Handle(MethodRevokeCertificateWithReg, func(ctx context.Context, req []byte) (response []byte, err error) { var revReq struct { Cert []byte Reason revocation.Reason RegID int64 } if err = json.Unmarshal(req, &revReq); err != nil { improperMessage(MethodRevokeCertificateWithReg, err, req) return } cert, err := x509.ParseCertificate(revReq.Cert) if err != nil { return } err = impl.RevokeCertificateWithReg(ctx, *cert, revReq.Reason, revReq.RegID) return }) rpc.Handle(MethodAdministrativelyRevokeCertificate, func(ctx context.Context, req []byte) (response []byte, err error) { var revReq struct { Cert []byte Reason revocation.Reason User string } if err = json.Unmarshal(req, &revReq); err != nil { improperMessage(MethodAdministrativelyRevokeCertificate, err, req) return } cert, err := x509.ParseCertificate(revReq.Cert) if err != nil { return } err = impl.AdministrativelyRevokeCertificate(ctx, *cert, revReq.Reason, revReq.User) return }) rpc.Handle(MethodDeactivateAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) { var authz core.Authorization err = json.Unmarshal(req, &authz) if err != nil { errorCondition(MethodDeactivateAuthorization, err, req) return } err = impl.DeactivateAuthorization(ctx, authz) return }) rpc.Handle(MethodDeactivateRegistration, func(ctx context.Context, req []byte) (response []byte, err error) { var reg core.Registration err = json.Unmarshal(req, ®) if err != nil { errorCondition(MethodDeactivateRegistration, err, req) return } err = impl.DeactivateRegistration(ctx, reg) return }) return nil }
func NewRegistrationAuthorityServer(serverQueue string, channel *amqp.Channel, impl core.RegistrationAuthority) (*AmqpRPCServer, error) { log := blog.GetAuditLogger() rpc := NewAmqpRPCServer(serverQueue, channel) rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte) { var rr registrationRequest if err := json.Unmarshal(req, &rr); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewRegistration, err, req) return nil } reg, err := impl.NewRegistration(rr.Reg, rr.Key) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewRegistration, err, reg) return nil } response, err = json.Marshal(reg) if err != nil { response = []byte{} } return response }) rpc.Handle(MethodNewAuthorization, func(req []byte) (response []byte) { var ar authorizationRequest if err := json.Unmarshal(req, &ar); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewAuthorization, err, req) return nil } authz, err := impl.NewAuthorization(ar.Authz, ar.RegID) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewAuthorization, err, ar) return nil } response, err = json.Marshal(authz) if err != nil { return nil } return response }) rpc.Handle(MethodNewCertificate, func(req []byte) []byte { log.Info(fmt.Sprintf(" [.] Entering MethodNewCertificate")) var cr certificateRequest if err := json.Unmarshal(req, &cr); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodNewCertificate, err, req) return nil } log.Info(fmt.Sprintf(" [.] No problem unmarshaling request")) cert, err := impl.NewCertificate(cr.Req, cr.RegID) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodNewCertificate, err, cr) return nil } log.Info(fmt.Sprintf(" [.] No problem issuing new cert")) response, err := json.Marshal(cert) if err != nil { return nil } return response }) rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte) { var request struct { Base, Update core.Registration } err := json.Unmarshal(req, &request) if err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodUpdateRegistration, err, req) return nil } reg, err := impl.UpdateRegistration(request.Base, request.Update) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodUpdateRegistration, err, request) return nil } response, err = json.Marshal(reg) if err != nil { response = []byte{} } return response }) rpc.Handle(MethodUpdateAuthorization, func(req []byte) (response []byte) { var authz struct { Authz core.Authorization Index int Response core.Challenge } err := json.Unmarshal(req, &authz) if err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodUpdateAuthorization, err, req) return nil } newAuthz, err := impl.UpdateAuthorization(authz.Authz, authz.Index, authz.Response) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodUpdateAuthorization, err, authz) return nil } response, err = json.Marshal(newAuthz) if err != nil { return nil } return response }) rpc.Handle(MethodRevokeCertificate, func(req []byte) []byte { certs, err := x509.ParseCertificates(req) if err != nil || len(certs) == 0 { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodRevokeCertificate, err, req) return nil } // Error explicitly ignored since response is nil anyway err = impl.RevokeCertificate(*certs[0]) if err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodRevokeCertificate, err, certs) } return nil }) rpc.Handle(MethodOnValidationUpdate, func(req []byte) []byte { var authz core.Authorization if err := json.Unmarshal(req, &authz); err != nil { // AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64 improperMessage(MethodOnValidationUpdate, err, req) return nil } if err := impl.OnValidationUpdate(authz); err != nil { // AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3 errorCondition(MethodOnValidationUpdate, err, authz) } return nil }) return rpc, nil }