Start implementation of revoke action

2021-01-04 20:39:35 +01:00 · 2021-01-04 20:39:35 +01:00 · 2de9771472
commit 2de9771472
parent 38566f35ef
9 changed files with 739 additions and 57 deletions
--- a/signer/protocol_elements.go
+++ b/signer/protocol_elements.go
@ -0,0 +1,131 @@
+package signer
+
+import (
+	"crypto/x509"
+
+	"git.cacert.org/cacert-gosigner/shared"
+)
+
+const (
+	CsX509    shared.CryptoSystemId = 1
+	CsOpenPGP shared.CryptoSystemId = 2
+)
+
+const (
+	X509RootDefault shared.CryptoSystemRootId = 0
+	X509RootClass3  shared.CryptoSystemRootId = 1
+	X509RootClass3s shared.CryptoSystemRootId = 2
+	X509Root3       shared.CryptoSystemRootId = 3
+	X509Root4       shared.CryptoSystemRootId = 4
+	X509Root5       shared.CryptoSystemRootId = 5
+)
+
+const (
+	X509ProfileClient         shared.CertificateProfileId = 0
+	X509ProfileClientOrg      shared.CertificateProfileId = 1
+	X509ProfileClientCodesign shared.CertificateProfileId = 2
+	X509ProfileClientMachine  shared.CertificateProfileId = 3
+	X509ProfileClientAds      shared.CertificateProfileId = 4
+	X509ProfileServer         shared.CertificateProfileId = 5
+	X509ProfileServerOrg      shared.CertificateProfileId = 6
+	X509ProfileServerJabber   shared.CertificateProfileId = 7
+	X509ProfileOCSP           shared.CertificateProfileId = 8
+	X509ProfileTimestamp      shared.CertificateProfileId = 9
+	X509ProfileProxy          shared.CertificateProfileId = 10
+	X509ProfileSubCA          shared.CertificateProfileId = 11
+)
+
+const (
+	X509MDDefault   shared.MessageDigestAlgorithmId = 0
+	X509MDMd5       shared.MessageDigestAlgorithmId = 1
+	X509MDSha1      shared.MessageDigestAlgorithmId = 2
+	X509MDRipeMD160 shared.MessageDigestAlgorithmId = 3
+	X509MDSha256    shared.MessageDigestAlgorithmId = 8
+	X509MDSha384    shared.MessageDigestAlgorithmId = 9
+	X509MDSha512    shared.MessageDigestAlgorithmId = 10
+)
+
+const (
+	OpenPGPRoot0 shared.CryptoSystemRootId = 0
+)
+
+const (
+	OpenPGPDefaultProfile shared.CertificateProfileId = 0
+)
+
+const (
+	OpenPGPDefaultMD shared.MessageDigestAlgorithmId = 0
+)
+
+func NewCommandProcessor() *CommandProcessor {
+	cryptoSystems := make(map[shared.CryptoSystemId]*CryptoSystem)
+	cryptoSystems[CsX509] = &CryptoSystem{
+		Name: "X.509",
+		Roots: map[shared.CryptoSystemRootId]*RootCredentials{
+			X509RootDefault: {
+				Name:            "openssl",
+				PrivateKeyFile:  "/srv/ca/CA/private/ca.key.pem",
+				CertificateFile: "/srv/ca/CA/ca.crt.pem",
+				DatabaseFile:    "/srv/ca/CA/index.txt",
+				CRLNumber:       "/srv/ca/CA/crlnumber",
+			},
+			X509RootClass3: {
+				Name:            "class3",
+				PrivateKeyFile:  "/srv/ca/class3/private/ca.key.pem",
+				CertificateFile: "/srv/ca/class3/ca.crt.pem",
+				DatabaseFile:    "/srv/ca/class3/index.txt",
+				CRLNumber:       "/srv/ca/class3/crlnumber",
+			},
+			X509RootClass3s: {Name: "class3s"},
+			X509Root3:       {Name: "root3"},
+			X509Root4:       {Name: "root4"},
+			X509Root5:       {Name: "root5"},
+		},
+		Profiles: map[shared.CertificateProfileId]string{
+			X509ProfileClient:         "client",
+			X509ProfileClientOrg:      "client-org",
+			X509ProfileClientCodesign: "client-codesign",
+			X509ProfileClientMachine:  "client-machine",
+			X509ProfileClientAds:      "client-ads",
+			X509ProfileServer:         "server",
+			X509ProfileServerOrg:      "server-org",
+			X509ProfileServerJabber:   "server-jabber",
+			X509ProfileOCSP:           "ocsp",
+			X509ProfileTimestamp:      "timestamp",
+			X509ProfileProxy:          "proxy",
+			X509ProfileSubCA:          "subca",
+		},
+		// constants for openssl invocations. Should be replaced with
+		// something more useful
+		DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
+			X509MDDefault:   x509.SHA256WithRSA,
+			X509MDMd5:       x509.MD5WithRSA,
+			X509MDSha1:      x509.SHA1WithRSA,
+			X509MDRipeMD160: x509.UnknownSignatureAlgorithm,
+			X509MDSha256:    x509.SHA256WithRSA,
+			X509MDSha384:    x509.SHA384WithRSA,
+			X509MDSha512:    x509.SHA512WithRSA,
+		},
+	}
+
+	cryptoSystems[CsOpenPGP] = &CryptoSystem{
+		Name: "OpenPGP",
+		Roots: map[shared.CryptoSystemRootId]*RootCredentials{
+			OpenPGPRoot0: {
+				Name:           "OpenPGP Root",
+				PrivateKeyFile: "secring0.gpg",
+				PublicKeyFile:  "pubring0.gpg",
+			},
+		},
+		Profiles: map[shared.CertificateProfileId]string{
+			OpenPGPDefaultProfile: "default",
+		},
+		// constants for gnupg cert-digest-algo parameter. Should be replaced with
+		// something more useful
+		DigestAlgorithms: map[shared.MessageDigestAlgorithmId]x509.SignatureAlgorithm{
+			OpenPGPDefaultMD: x509.SHA256WithRSA,
+		},
+	}
+
+	return &CommandProcessor{CryptoSystems: cryptoSystems, Settings: NewCommandProcessorSettings()}
+}