func revokeBySerial(serial string, reasonCode core.RevocationCode, deny bool, cac rpc.CertificateAuthorityClient, auditlogger *blog.AuditLogger, tx *gorp.Transaction) (err error) { if reasonCode < 0 || reasonCode == 7 || reasonCode > 10 { panic(fmt.Sprintf("Invalid reason code: %d", reasonCode)) } certObj, err := tx.Get(core.Certificate{}, serial) if err != nil { return } certificate, ok := certObj.(*core.Certificate) if !ok { err = fmt.Errorf("Cast failure") return } if deny { // Retrieve DNS names associated with serial var cert *x509.Certificate cert, err = x509.ParseCertificate(certificate.DER) if err != nil { return } err = addDeniedNames(tx, append(cert.DNSNames, cert.Subject.CommonName)) if err != nil { return } } err = cac.RevokeCertificate(certificate.Serial, reasonCode) if err != nil { return } auditlogger.Info(fmt.Sprintf("Revoked certificate %s with reason '%s'", serial, core.RevocationReasons[reasonCode])) return }
func setupWFE(c cmd.Config, logger *blog.AuditLogger, stats statsd.Statter) (rpc.RegistrationAuthorityClient, rpc.StorageAuthorityClient, chan *amqp.Error) { ch, err := rpc.AmqpChannel(c) cmd.FailOnError(err, "Could not connect to AMQP") logger.Info(" [!] Connected to AMQP") closeChan := ch.NotifyClose(make(chan *amqp.Error, 1)) raRPC, err := rpc.NewAmqpRPCClient("WFE->RA", c.AMQP.RA.Server, ch, stats) cmd.FailOnError(err, "Unable to create RPC client") saRPC, err := rpc.NewAmqpRPCClient("WFE->SA", c.AMQP.SA.Server, ch, stats) cmd.FailOnError(err, "Unable to create RPC client") rac, err := rpc.NewRegistrationAuthorityClient(raRPC) cmd.FailOnError(err, "Unable to create RA client") sac, err := rpc.NewStorageAuthorityClient(saRPC) cmd.FailOnError(err, "Unable to create SA client") return rac, sac, closeChan }
func startMonitor(rpcCh *amqp.Channel, logger *blog.AuditLogger, stats statsd.Statter) { ae := analysisengine.NewLoggingAnalysisEngine() // For convenience at the broker, identifiy ourselves by hostname consumerTag, err := os.Hostname() if err != nil { cmd.FailOnError(err, "Could not determine hostname") } _, err = rpcCh.QueueDeclarePassive( QueueName, AmqpDurable, AmqpDeleteUnused, AmqpExclusive, AmqpNoWait, nil) if err != nil { logger.Info(fmt.Sprintf("Queue %s does not exist on AMQP server, attempting to create.", QueueName)) // Attempt to create the Queue if not exists _, err = rpcCh.QueueDeclare( QueueName, AmqpDurable, AmqpDeleteUnused, AmqpExclusive, AmqpNoWait, nil) if err != nil { cmd.FailOnError(err, "Could not declare queue") } routingKey := "#" //wildcard err = rpcCh.QueueBind( QueueName, routingKey, AmqpExchange, false, nil) if err != nil { txt := fmt.Sprintf("Could not bind to queue [%s]. NOTE: You may need to delete %s to re-trigger the bind attempt after fixing permissions, or manually bind the queue to %s.", QueueName, QueueName, routingKey) cmd.FailOnError(err, txt) } } deliveries, err := rpcCh.Consume( QueueName, consumerTag, AmqpAutoAck, AmqpExclusive, AmqpNoLocal, AmqpNoWait, nil) if err != nil { cmd.FailOnError(err, "Could not subscribe to queue") } deliveryTimings := make(map[string]time.Time) // Run forever. for d := range deliveries { go timeDelivery(d, stats, deliveryTimings) // Pass each message to the Analysis Engine err = ae.ProcessMessage(d) if err != nil { logger.Alert(fmt.Sprintf("Could not process message: %s", err)) } else { // Only ack the delivery we actually handled (ackMultiple=false) const ackMultiple = false d.Ack(ackMultiple) } } }