func revokeBySerial(ctx context.Context, serial string, reasonCode revocation.Reason, rac core.RegistrationAuthority, logger blog.Logger, tx *gorp.Transaction) (err error) {
if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 {
panic(fmt.Sprintf("Invalid reason code: %d", reasonCode))
}
certObj, err := sa.SelectCertificate(tx, "WHERE serial = ?", serial)
if err == sql.ErrNoRows {
return core.NotFoundError(fmt.Sprintf("No certificate found for %s", serial))
}
if err != nil {
return err
}
cert, err := x509.ParseCertificate(certObj.DER)
if err != nil {
return
}
u, err := user.Current()
err = rac.AdministrativelyRevokeCertificate(ctx, *cert, reasonCode, u.Username)
if err != nil {
return
}
logger.Info(fmt.Sprintf("Revoked certificate %s with reason '%s'", serial, revocation.ReasonToString[reasonCode]))
return
}
// NewRegistrationAuthorityServer constructs an RPC server
func NewRegistrationAuthorityServer(rpc RPCServer, impl core.RegistrationAuthority) error {
log := blog.GetAuditLogger()
rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte, err error) {
var rr registrationRequest
if err = json.Unmarshal(req, &rr); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return
}
reg, err := impl.NewRegistration(rr.Reg)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, req)
return
}
return
})
rpc.Handle(MethodNewAuthorization, func(req []byte) (response []byte, err error) {
var ar authorizationRequest
if err = json.Unmarshal(req, &ar); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewAuthorization, err, req)
return
}
authz, err := impl.NewAuthorization(ar.Authz, ar.RegID)
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodNewCertificate, func(req []byte) (response []byte, err error) {
log.Info(fmt.Sprintf(" [.] Entering MethodNewCertificate"))
var cr certificateRequest
if err = json.Unmarshal(req, &cr); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewCertificate, err, req)
return
}
log.Info(fmt.Sprintf(" [.] No problem unmarshaling request"))
cert, err := impl.NewCertificate(cr.Req, cr.RegID)
if err != nil {
return
}
log.Info(fmt.Sprintf(" [.] No problem issuing new cert"))
response, err = json.Marshal(cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewCertificate, err, req)
return
}
return
})
rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte, err error) {
var urReq updateRegistrationRequest
err = json.Unmarshal(req, &urReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateRegistration, err, req)
return
}
reg, err := impl.UpdateRegistration(urReq.Base, urReq.Update)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodUpdateRegistration, err, req)
return
}
return
})
rpc.Handle(MethodUpdateAuthorization, func(req []byte) (response []byte, err error) {
var uaReq updateAuthorizationRequest
err = json.Unmarshal(req, &uaReq)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateAuthorization, err, req)
return
}
newAuthz, err := impl.UpdateAuthorization(uaReq.Authz, uaReq.Index, uaReq.Response)
if err != nil {
return
}
response, err = json.Marshal(newAuthz)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodUpdateAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodRevokeCertificate, func(req []byte) (response []byte, err error) {
var revReq struct {
Cert []byte
Reason core.RevocationCode
RegID *int64
}
if err = json.Unmarshal(req, &revReq); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodRevokeCertificate, err, req)
return
}
cert, err := x509.ParseCertificate(revReq.Cert)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
return
}
err = impl.RevokeCertificate(*cert, revReq.Reason, revReq.RegID)
return
})
rpc.Handle(MethodOnValidationUpdate, func(req []byte) (response []byte, err error) {
var authz core.Authorization
if err = json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodOnValidationUpdate, err, req)
return
}
err = impl.OnValidationUpdate(authz)
return
})
return nil
}
// NewRegistrationAuthorityServer constructs an RPC server
func NewRegistrationAuthorityServer(rpc Server, impl core.RegistrationAuthority, log blog.Logger) error {
rpc.Handle(MethodNewRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var rr registrationRequest
if err = json.Unmarshal(req, &rr); err != nil {
improperMessage(MethodNewRegistration, err, req)
return
}
reg, err := impl.NewRegistration(ctx, rr.Reg)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
errorCondition(MethodNewRegistration, err, req)
return
}
return
})
rpc.Handle(MethodNewAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var ar authorizationRequest
if err = json.Unmarshal(req, &ar); err != nil {
improperMessage(MethodNewAuthorization, err, req)
return
}
authz, err := impl.NewAuthorization(ctx, ar.Authz, ar.RegID)
if err != nil {
return
}
response, err = json.Marshal(authz)
if err != nil {
errorCondition(MethodNewAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodNewCertificate, func(ctx context.Context, req []byte) (response []byte, err error) {
var cr certificateRequest
if err = json.Unmarshal(req, &cr); err != nil {
improperMessage(MethodNewCertificate, err, req)
return
}
cert, err := impl.NewCertificate(ctx, cr.Req, cr.RegID)
if err != nil {
return
}
response, err = json.Marshal(cert)
if err != nil {
errorCondition(MethodNewCertificate, err, req)
return
}
return
})
rpc.Handle(MethodUpdateRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var urReq updateRegistrationRequest
err = json.Unmarshal(req, &urReq)
if err != nil {
improperMessage(MethodUpdateRegistration, err, req)
return
}
reg, err := impl.UpdateRegistration(ctx, urReq.Base, urReq.Update)
if err != nil {
return
}
response, err = json.Marshal(reg)
if err != nil {
errorCondition(MethodUpdateRegistration, err, req)
return
}
return
})
rpc.Handle(MethodUpdateAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var uaReq updateAuthorizationRequest
err = json.Unmarshal(req, &uaReq)
if err != nil {
improperMessage(MethodUpdateAuthorization, err, req)
return
}
newAuthz, err := impl.UpdateAuthorization(ctx, uaReq.Authz, uaReq.Index, uaReq.Response)
if err != nil {
return
}
response, err = json.Marshal(newAuthz)
if err != nil {
errorCondition(MethodUpdateAuthorization, err, req)
return
}
return
})
rpc.Handle(MethodRevokeCertificateWithReg, func(ctx context.Context, req []byte) (response []byte, err error) {
var revReq struct {
Cert []byte
Reason revocation.Reason
RegID int64
}
if err = json.Unmarshal(req, &revReq); err != nil {
improperMessage(MethodRevokeCertificateWithReg, err, req)
return
}
cert, err := x509.ParseCertificate(revReq.Cert)
if err != nil {
return
}
err = impl.RevokeCertificateWithReg(ctx, *cert, revReq.Reason, revReq.RegID)
return
})
rpc.Handle(MethodAdministrativelyRevokeCertificate, func(ctx context.Context, req []byte) (response []byte, err error) {
var revReq struct {
Cert []byte
Reason revocation.Reason
User string
}
if err = json.Unmarshal(req, &revReq); err != nil {
improperMessage(MethodAdministrativelyRevokeCertificate, err, req)
return
}
cert, err := x509.ParseCertificate(revReq.Cert)
if err != nil {
return
}
err = impl.AdministrativelyRevokeCertificate(ctx, *cert, revReq.Reason, revReq.User)
return
})
rpc.Handle(MethodDeactivateAuthorization, func(ctx context.Context, req []byte) (response []byte, err error) {
var authz core.Authorization
err = json.Unmarshal(req, &authz)
if err != nil {
errorCondition(MethodDeactivateAuthorization, err, req)
return
}
err = impl.DeactivateAuthorization(ctx, authz)
return
})
rpc.Handle(MethodDeactivateRegistration, func(ctx context.Context, req []byte) (response []byte, err error) {
var reg core.Registration
err = json.Unmarshal(req, ®)
if err != nil {
errorCondition(MethodDeactivateRegistration, err, req)
return
}
err = impl.DeactivateRegistration(ctx, reg)
return
})
return nil
}
func NewRegistrationAuthorityServer(serverQueue string, channel *amqp.Channel, impl core.RegistrationAuthority) (*AmqpRPCServer, error) {
log := blog.GetAuditLogger()
rpc := NewAmqpRPCServer(serverQueue, channel)
rpc.Handle(MethodNewRegistration, func(req []byte) (response []byte) {
var rr registrationRequest
if err := json.Unmarshal(req, &rr); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewRegistration, err, req)
return nil
}
reg, err := impl.NewRegistration(rr.Reg, rr.Key)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewRegistration, err, reg)
return nil
}
response, err = json.Marshal(reg)
if err != nil {
response = []byte{}
}
return response
})
rpc.Handle(MethodNewAuthorization, func(req []byte) (response []byte) {
var ar authorizationRequest
if err := json.Unmarshal(req, &ar); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewAuthorization, err, req)
return nil
}
authz, err := impl.NewAuthorization(ar.Authz, ar.RegID)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewAuthorization, err, ar)
return nil
}
response, err = json.Marshal(authz)
if err != nil {
return nil
}
return response
})
rpc.Handle(MethodNewCertificate, func(req []byte) []byte {
log.Info(fmt.Sprintf(" [.] Entering MethodNewCertificate"))
var cr certificateRequest
if err := json.Unmarshal(req, &cr); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodNewCertificate, err, req)
return nil
}
log.Info(fmt.Sprintf(" [.] No problem unmarshaling request"))
cert, err := impl.NewCertificate(cr.Req, cr.RegID)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodNewCertificate, err, cr)
return nil
}
log.Info(fmt.Sprintf(" [.] No problem issuing new cert"))
response, err := json.Marshal(cert)
if err != nil {
return nil
}
return response
})
rpc.Handle(MethodUpdateRegistration, func(req []byte) (response []byte) {
var request struct {
Base, Update core.Registration
}
err := json.Unmarshal(req, &request)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateRegistration, err, req)
return nil
}
reg, err := impl.UpdateRegistration(request.Base, request.Update)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodUpdateRegistration, err, request)
return nil
}
response, err = json.Marshal(reg)
if err != nil {
response = []byte{}
}
return response
})
rpc.Handle(MethodUpdateAuthorization, func(req []byte) (response []byte) {
var authz struct {
Authz core.Authorization
Index int
Response core.Challenge
}
err := json.Unmarshal(req, &authz)
if err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodUpdateAuthorization, err, req)
return nil
}
newAuthz, err := impl.UpdateAuthorization(authz.Authz, authz.Index, authz.Response)
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodUpdateAuthorization, err, authz)
return nil
}
response, err = json.Marshal(newAuthz)
if err != nil {
return nil
}
return response
})
rpc.Handle(MethodRevokeCertificate, func(req []byte) []byte {
certs, err := x509.ParseCertificates(req)
if err != nil || len(certs) == 0 {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodRevokeCertificate, err, req)
return nil
}
// Error explicitly ignored since response is nil anyway
err = impl.RevokeCertificate(*certs[0])
if err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodRevokeCertificate, err, certs)
}
return nil
})
rpc.Handle(MethodOnValidationUpdate, func(req []byte) []byte {
var authz core.Authorization
if err := json.Unmarshal(req, &authz); err != nil {
// AUDIT[ Improper Messages ] 0786b6f2-91ca-4f48-9883-842a19084c64
improperMessage(MethodOnValidationUpdate, err, req)
return nil
}
if err := impl.OnValidationUpdate(authz); err != nil {
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
errorCondition(MethodOnValidationUpdate, err, authz)
}
return nil
})
return rpc, nil
}
