infrastructure for actually issuing cert

2026-05-28 04:34:11 -04:00 · 2012-07-02 12:03:28 -07:00 · 2012-07-02 12:03:28 -07:00 · c196bef0ab
commit c196bef0ab
parent 83a1ee779b
3 changed files with 24 additions and 2 deletions
--- a/client-webserver/REDIS
+++ b/client-webserver/REDIS
@ -19,6 +19,7 @@ hash:  sessionid, "created" → int
       sessionid, "csr" → str
       sessionid, "state" → str
       sessionid, "challenges → int
+       sessionid, "cert" → str

 list: session:names → str

--- a/client-webserver/chocolate.py
+++ b/client-webserver/chocolate.py
@ -101,6 +101,10 @@ class session(object):
        """Has there already been a signing request made in this session?"""
        return sessions.hget(self.id, "state") is not None

+    def cert(self):
+        """Return the issued certificate."""
+        return sessions.hget(self.id, "cert")
+
    def add_request(self, csr, names):
        sessions.hset(self.id, "csr", csr)
        for name in names: sessions.lpush(self.id + ":names", name)
@ -113,6 +117,14 @@ class session(object):
        for i in xrange(n):
            yield r.hgetall("session:%d" % i)

+    def send_cert(self, m, r):
+        """Initialize response to return issued cert to client."""
+        if self.cert():
+            r.success.certificate = self.cert()
+        else:
+            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/internalerror")
+        return
+
    def handlesession(self, m, r):
        if r.failure.IsInitialized(): return
        if m.session == "":
@ -135,6 +147,11 @@ class session(object):
                # Don't need to, or can't, kill nonexistent/already dead session
                r.failure.cause = r.StaleRequest
            elif self.age() > MaximumSessionAge:
+                # TODO: Sessions in state "done" should probably not be killed by timeout
+                # because they have already resulted in issuance of a cert and no further
+                # issuance can occur.  At least, their timeout should probably be extended
+                # to 48 hours or something.  Currently, a session can die by timeout in
+                # any state.
                self.die(r, r.StaleRequest)
            else:
                self.handleexistingsession(m, r)
@ -214,8 +231,10 @@ class session(object):
        if state == "testchallenge":
            self.send_challenges(m, r)
            return
-        # If we're in done, tell the client to come back later.
-        pass
+        # If we're in done, tell the client about the successfully issued cert.
+        if state == "done":
+            self.send_cert(m, r)
+            return
        # Unknown session status.
        self.die(r, r.BadRequest, uri="https://ca.example.com/failures/internalerror")
        return
--- a/client-webserver/daemon.py
+++ b/client-webserver/daemon.py
@ -65,6 +65,8 @@ def testchallenge(session):
    # conditions are

 def issue(session):
+    # TODO: actually issue the cert
+    r.hset(session, "cert", "----ISSUED CERT GOES HERE----")
    if False:   # once issuing cert succeeded
        r.hset(session, "state", "done")
        r.lpush("pending-done", session)