caservice.cpp

完成数字证书加密

#include "CAService.h"
#include "CertRevocateList.h"
#include "CertList.h"

CAService::CAService()
{
	OpenSSL_add_all_digests();
	OpenSSL_add_all_ciphers();

/*	m_crypto = new CryptoData();
	assert(m_crypto!=NULL);
*/	
	m_serialNumber = 1;
	m_serialNumber = atoi(readCAconfig("SerialNumber").c_str());
	
	initItem();

	m_rootPrivKeyPath = (char*)calloc(1, 512);
	assert( m_rootPrivKeyPath!=NULL );
	m_rootCertPath = (char*)calloc(1, 512);
	assert( m_rootCertPath!=NULL );

	m_db = NULL;
	m_db = new CertDB();
	assert( m_db!=NULL );

	m_caPath=readCAconfig("Directory", "CA");
	m_crlPath=m_caPath+"/"+readCAconfig("Directory", "crl");
	m_exportPath=m_caPath+"/"+ readCAconfig("Directory", "export");
	m_importPath = m_caPath+"/" + readCAconfig("Directory", "import");
	m_rootPath=m_caPath+"/"+readCAconfig("Directory", "root");
	m_usersPath=m_caPath+"/"+readCAconfig("Directory", "users");
	m_reqPath=m_caPath+"/"+readCAconfig("Directory", "req");
	
	string cert = m_rootPath + "/" + readCAconfig("System", "rootCertPath");
	string priv = m_rootPath + "/" + readCAconfig("System", "rootKeyPath");
	strcpy(m_rootPrivKeyPath, priv.c_str());
	strcpy(m_rootCertPath, cert.c_str());

	com = new Communicate("ca");
	assert(com!=NULL);

	m_id = m_action = 0;	
}

CAService::~CAService()
{
	if (m_rootCertPath) free(m_rootCertPath), m_rootCertPath=NULL;
	if (m_rootPrivKeyPath) free(m_rootPrivKeyPath), m_rootPrivKeyPath=NULL;
	if (m_db) delete m_db, m_db=NULL;
//	if (m_crypto) delete m_crypto, m_crypto=NULL;
}

void CAService::initItem()
{
	m_SerialNumber = m_ObjectType = m_CertReq = m_ObjectUpdated = m_CommonName = m_sn = m_serial = m_distingishName = "";

	m_type = 0;

	m_reqPath=m_caPath=m_rootPath=m_crlPath=m_exportPath=m_importPath=m_usersPath="";
	m_importObject = m_Issuer = "";
	m_swap = "";
}

void CAService::freeComm() 
{
	if (com) com->freeCA(), delete com, com=NULL;
}

bool CAService::initializeConnect()
{
	if (!m_db->initializeConnect()) {
		cout<<"Because db don't open, system exit."<<endl;
		return false;
	}
	return true;
}

bool CAService::shutdownConnect()
{
	m_db->closeConnection();
//	m_db->closeDB();
	return true;
}

bool CAService::checkWhetherUserHaveExisted(const char* DN)
{
	return m_db->checkWhetherUserHaveExisted(DN);
}

string CAService::readCAconfig(string keyword, string objectName)
{
	string result = "";	
	FILE *fd = fopen(CA_CONFIG_PATH, "r");
	assert(fd != NULL);
	
	if (fd == NULL) {
		result.append("");
	}
	else {
		char *line  = (char*)calloc(1, 1*K);
		string config="";
		while (!feof(fd)) {
			memset(line, 0, 1*K);
			fgets(line, 1*K, fd); 
			config.append(line);
		}
		fclose(fd);
		
		NggObject *object = NggObject::fromXML(config);
		assert( object!=NULL );
		for (int i=0; i<object->m_Contains.size(); i++) {
			if (object->m_Contains[i]->m_Name==keyword) {
				if (keyword == "Root" || keyword == "Operator" || keyword == "Administrator"|| keyword=="SerialNumber") {
					result.append(object->m_Contains[i]->m_Value);	
				}
				else {
					NggObject* nggobject = object->m_Contains[i];
					assert( nggobject!=NULL );
					for (int ii=0; ii<nggobject->m_Contains.size(); ii++) {
						if (nggobject->m_Contains[ii]->m_Name==objectName) {
							result.append(nggobject->m_Contains[ii]->m_Value);	
							break;
						}
					}
					if (nggobject) nggobject=NULL;					
				}
				break;
			}
		}

		if (object) delete object, object=NULL ;
		if (line) free(line), line=NULL;
	}	
	return result;
}

void CAService::handleMessage(MSG msg)
{
}

void CAService::sendMessageCA(CONTENT msg)
{
	assert( m_action!=0 );

//	Communicate com("ca");
	com->caSendMessageToADT(msg);
}

string CAService::getCRL()
{
	CRL crl;
	return crl.getCRL();
}

void CAService::insertCRL(char* req)
{
/*	if ((reqbio=BIO_new_mem_buf(req, filelen))==NULL) {
		writelog("reading req fail .");
		return ;
	}

	X509_REQ* request = NULL;
	PEM_read_bio_X509_REQ();*/
}

void CAService::updateCRL(char* req, string action)
{
}

bool CAService::unpackMessage(string msg)
{
	string result = "";
	if (msg=="") {
		return false;
	}
	
	NggObject* object = NggObject::fromXML(msg);
	assert(object!=NULL);
	for (int i=0; i<object->m_Contains.size(); i++) {		
		if (object->m_Contains[i]->m_Name=="Request") {
			
			bool flag = false;
			NggObject* obj = object->m_Contains[i];
			assert(obj!=NULL);
			
			for(int k=0; k<obj->m_Contains.size(); k++) {
				if (obj->m_Contains[k]->m_Name=="Parameter") {
					NggObject *rd_obj = obj->m_Contains[k];
					for(int j=0; j<rd_obj->m_Contains.size(); j++) {
						if (rd_obj->m_Contains[j]->m_Name=="CertReq") {
							m_CertReq = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="ObjectNameUpdated") {
							m_ObjectUpdated = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="ObjectType") {
							m_ObjectType = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="CommonName") {
							m_CommonName = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="SerialNumber") {
							m_SerialNumber = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="Issuer") {
							m_Issuer = rd_obj->m_Contains[j]->m_Value;
						}
						if (rd_obj->m_Contains[j]->m_Name=="ImportObject") {
							m_importObject = rd_obj->m_Contains[j]->m_Value;
						}
					}
					flag = true;
				}
			}
			if (flag) {
				break;
			}
		}
	}
	if (object) delete object, object=NULL;

	return true;
}

string CAService::packMessage(string msg, string result)
{
	m_serial = readCAconfig("SerialNumber", "");
	NggObject* object = NggObject::fromXML(msg);
	assert(object!=NULL);
	for (int i=0; i<object->m_Contains.size(); i++) {		
		if (object->m_Contains[i]->m_Name=="Notification") {			
			NggObject* obj = object->m_Contains[i];
			assert(obj!=NULL);			
			for(int k=0; k<obj->m_Contains.size(); k++) {
				if (obj->m_Contains[k]->m_Name=="Status") {
					obj->m_Contains[k]->m_Value = "ok";
				}
				if (obj->m_Contains[k]->m_Name=="DN") {
					obj->m_Contains[k]->m_Value = m_distingishName;
				}
				if (obj->m_Contains[k]->m_Name=="SerialNumber") {
					obj->m_Contains[k]->m_Value = m_serial;
				}
				if (obj->m_Contains[k]->m_Name=="Description") {
					obj->m_Contains[k]->m_Value = result;
				}
			}
			break;
		}
	}

	msg=object->toXML();
	if (object) delete object, object=NULL;

	return msg;
}

CONTENT CAService::getMessageCA()
{
	char delResult[1*K];
	memset(delResult, 0, 1*K);
	string serialNumber="";
	string thirdIssuer = "";
	string crlContent = "";
	string crl = "";
	string issuer = "";
	char* result = (char*)calloc(1, 10*K);
	assert( result!=NULL );
	CONTENT msg;
	msg = com->caGetMessageFromADT();
	m_action = msg.type;

	char buf[2*K];
	memset(buf, 0, 2*K);
	unpackMessage(msg.buf);
	switch (m_action) {
		case APPLY_CERT:
			strcpy(buf, m_CertReq.c_str());
			if (issueTerminalCertificate(result, buf, USER_CERTIFICATE, NULL, strlen(buf))) {
				strcpy(msg.buf, packMessage(msg.buf, result).c_str());
			}
			else {
				strcpy(msg.buf, packMessage(msg.buf, "handling cert request fail.").c_str());
			}
			break;
		case REVOKE_CERT:
			strcpy(buf, m_SerialNumber.c_str());
			strcpy(msg.buf, packMessage(msg.buf, removeUserCertificate(buf).c_str()).c_str());
			break;
		case RECOVER_CERT:
			strcpy(buf, m_SerialNumber.c_str());
			if (deleteCertFromCRL(buf, delResult)) {
				strcpy(msg.buf, packMessage(msg.buf, "ok").c_str());
			}
			else {
				strcpy(msg.buf, packMessage(msg.buf, delResult).c_str());
			}
			break;
		case SHOW_CRL:
			getCRL();
			break;
		case UPDATE_CERT:
			strcpy(buf, updateUserCert().c_str());
			if (strcmp(buf, "ok")) {
				strcpy(msg.buf, packMessage(msg.buf, "update user cert to fail, for invalid user").c_str());
				return msg;
			}
			writelog("succeed to remove user from db");
			deleteCertFromCRL(m_swap, delResult);			
			writelog("update crl success");
			
			strcpy(buf, m_CertReq.c_str());
			if (m_ObjectType=="gw") {
				if(issueTerminalCertificate(result, buf, GW_CERTIFICATE, NULL, strlen(buf))) {
					strcpy(msg.buf, packMessage(msg.buf, result).c_str());
				}
				else {
					strcpy(msg.buf, packMessage(msg.buf, "handling cert request fail.").c_str());
				}
			}
			else if (m_ObjectType=="user") {
				if (issueTerminalCertificate(result, buf, USER_CERTIFICATE, NULL, strlen(buf))) {
					strcpy(msg.buf, packMessage(msg.buf, result).c_str());
				}
				else {
					strcpy(msg.buf, packMessage(msg.buf, "handling cert request fail.").c_str());
				}
			}
			writelog("create new cert success");
			break;
		case EXPORT_CERT:
			break;
		case APPLY_GW_CERT:
			strcpy(buf, m_CertReq.c_str());
			if(issueTerminalCertificate(result, buf, GW_CERTIFICATE, NULL, strlen(buf))) {
				strcpy(msg.buf, packMessage(msg.buf, result).c_str());
			}
			else {
				strcpy(msg.buf, packMessage(msg.buf, "handling cert request fail.").c_str());
			}
			break;
		case VERIFY_CERT:
			strcpy(msg.buf,	verifyCertificate(m_CertReq.c_str()).c_str());
			break;
		case IMPORT_THIRD_CRL:
			if (m_importObject!="") {
				strcpy(buf, m_importObject.c_str());
			}
			strcpy(msg.buf, importThirdCRL(buf, m_Issuer).c_str());			
			break;
		case EXPORT_CRL:
			crl = "<table><CRLs>";
			issuer=readCAconfig("System", "Issuer");
			crlContent = exportCRLToUser(issuer);
			crl.append("<CRL issuer=\"").append(issuer).append("\">");
			if (crlContent!="") {
				crl.append("<serialNumbers>");
				while ((serialNumber=analyzeString(crlContent)) != "") {
					crl.append("<serialNumber>").
						append(serialNumber).
						append("</serialNumber>");
				}
			}
			crl.append("</CRL>");
			issuer = readCAconfig("CRL", "third");
			if (issuer!="") {
				serialNumber = "";
				while ((thirdIssuer=analyzeString(issuer)) != "") {
					crl.append("<CRL issuer=\"").
						append(thirdIssuer).
						append("\">");
					if ((crlContent = exportCRLToUser(thirdIssuer)) != "") {
						crl.append("<serialNumbers>");
						while ((serialNumber=analyzeString(crlContent)) != "") {
							crl.append("<serialNumber>").
								append(serialNumber).
								append("</serialNumber>");
						}
					}
					crl.append("</CRL>");
				}
			}
			crl.append("</CRLs></table>");
			strcpy(msg.buf, packMessage(msg.buf, crl).c_str());
			break;
		default :
			break;
	}

	initItem();
	cout <<(char*)msg.buf<<"---------"<<__FILE__<<", "<<__LINE__<<"\n\n\n\n"<<endl;
	return msg;
}

string CAService::exportCertIssuer()
{
	string tmp=readCAconfig("Directory", "CA")+
			   "/"+
			   readCAconfig("Directory", "root")+
			   "/"+
			   readCAconfig("System", "rootCertPath");
	char filepath[512];
	memset(filepath, 0, 512);
	strcpy(filepath, tmp.c_str());
	FILE *fd=fopen(filepath, "r");
	assert(fd!=NULL);
	string cert="";
	while(!feof(fd)) {
		char buf[512];
		memset(buf, 0, 512);
		fgets(buf, 512, fd);
		cert.append(buf);
	}
	fclose(fd);
	if (cert=="") {
		return "";
	}

	char mem[cert.size()];
	memset(mem, 0, cert.size());
	strcpy(mem, cert.c_str());
	
	BIO *io = BIO_new_mem_buf(mem, strlen(mem));
	assert(io!=NULL);

	X509* x509 = PEM_read_bio_X509(io, NULL, NULL, NULL);
	assert(x509!=NULL);
	X509_NAME* issuer=X509_get_issuer_name(x509);
	assert(issuer!=NULL);
	BIO* out = BIO_new(BIO_s_mem());
	assert(out!=NULL);
	X509_NAME_print(out, issuer, 80);
	char name[80];
	memset(name, 0, 80);
	assert(BIO_read(out, name, 80)!=0);
	
	X509_free(x509);
	x509=NULL;
	BIO_free(out);
	out=NULL;
	BIO_free(io);
	io=NULL;

	string issuerName="";
	return issuerName.append(name);

}

string CAService::analyzeString(string& thirdIssuer)
{
	string result = "";
	char* issuer = (char*)calloc(1, 1024);
	assert(issuer!=NULL);
	strcpy(issuer, thirdIssuer.c_str());
	char* pt = strstr(issuer, ";");
	if (pt==issuer) {
		return "";
	}
	char tmp[1*K];
	memset(tmp, 0, 1*K);
	strncpy(tmp, issuer, pt-1-issuer);
	result.append(tmp);
	
	thirdIssuer = "";
	if (*(pt+1)==0) {
		issuer = pt;
	}
	else {
		issuer = pt+1;
	}
	thirdIssuer.append(issuer);

	pt = NULL;
	if (issuer) {
		free(issuer), issuer = NULL;
	}
	
	return result;
}

string CAService::updateUserCert()
{
	string result = "ok";
	if (m_ObjectUpdated=="") {
		result = "don't assign object to be updated.";
		return result;
	}
	if (!m_db->delCertFromDB(m_ObjectType, m_ObjectUpdated)) {
		result = "del user's cert to fail .";
		return result;
	}