From 01c10e3ad00424d929a89e7880ef7ff359413182 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Apr 14 2015 17:02:55 +0000 Subject: Handle success from Dogtag's submit endpoint In addition to handling result codes 1, 2, and 3 from a Dogtag server's submission call, handle the result code 0, which indicates that it went ahead and issued the certificate, and included it in the response as a base64-encoded blob. --- diff --git a/src/dogtag.c b/src/dogtag.c index 9fb3930..0fe3501 100644 --- a/src/dogtag.c +++ b/src/dogtag.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009,2010,2011,2012,2013,2014 Red Hat, Inc. + * Copyright (C) 2009,2010,2011,2012,2013,2014,2015 Red Hat, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/src/submit-d.c b/src/submit-d.c index 5592bad..78fbb97 100644 --- a/src/submit-d.c +++ b/src/submit-d.c @@ -431,9 +431,11 @@ cm_submit_d_xml_profiles(void *parent, const char *xml) int cm_submit_d_submit_result(void *parent, const char *xml, char **error_code, char **error_reason, - char **error, char **status, char **requestId) + char **error, char **status, char **requestId, + char **cert) { /* ProfileSubmitServlet.java: + * 0: issued * 1: internal error * 2: deferred (or "pending") * 3: rejected @@ -448,6 +450,11 @@ cm_submit_d_submit_result(void *parent, const char *xml, cm_submit_d_xml_value(parent, xml, "/XMLResponse/RequestId")); + *cert = cm_submit_d_xml_value(parent, xml, + "/XMLResponse/Requests/Request/b64"); + if ((*cert != NULL) && (strlen(*cert) > 0)) { + *cert = cm_submit_u_pem_from_base64("CERTIFICATE", 0, *cert); + } return 0; } @@ -569,12 +576,17 @@ cm_submit_d_submit_eval(void *parent, const char *xml, const char *url, dbus_bool_t can_agent, char **out, char **err) { char *error = NULL, *error_code = NULL, *error_reason = NULL; - char *status = NULL, *requestId = NULL; + char *status = NULL, *requestId = NULL, *cert = NULL; *out = NULL; *err = NULL; cm_submit_d_submit_result(parent, xml, &error_code, &error_reason, &error, - &status, &requestId); + &status, &requestId, &cert); + if ((status != NULL) && (strcmp(status, "0") == 0) && + (cert != NULL)) { + *out = talloc_asprintf(parent, "%s\n", trim(parent, cert)); + return CM_SUBMIT_STATUS_ISSUED; + } if ((status != NULL) && (strcmp(status, "2") == 0) && (requestId != NULL)) { if (can_agent) { @@ -1200,7 +1212,8 @@ restart: case op_submit_serial: cm_submit_d_submit_result(hctx, result, &error_code, &error_reason, - &error, &status, &requestId); + &error, &status, &requestId, + &cert); if (error_code != NULL) { printf("error code: %s\n", error_code); } @@ -1216,6 +1229,9 @@ restart: if (requestId != NULL) { printf("requestId: %s\n", requestId); } + if (cert != NULL) { + printf("cert: %s\n", cert); + } break; case op_reject: cm_submit_d_reject_result(hctx, result, diff --git a/src/submit-d.h b/src/submit-d.h index e9dcbb4..75623c4 100644 --- a/src/submit-d.h +++ b/src/submit-d.h @@ -21,7 +21,7 @@ int cm_submit_d_submit_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, - char **requestId); + char **requestId, char **cert); int cm_submit_d_check_result(void *parent, const char *xml, char **error_code, char **error_reason, char **error, char **status, diff --git a/tests/019-dparse/expected.out b/tests/019-dparse/expected.out index 360b82c..0088ef0 100644 --- a/tests/019-dparse/expected.out +++ b/tests/019-dparse/expected.out @@ -1,3 +1,29 @@ +[submit-as-agent(good.profileSubmit.issued) = ISSUED] +status="0",cert="-----BEGIN CERTIFICATE-----" +-----BEGIN CERTIFICATE----- +MIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu +UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1 +MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYD +VQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQK +DAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJv +eC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZ +S14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8 +Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ0 +4Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE +7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/ +UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABB +wBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6 +Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD +AgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiD +zQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VL +LEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf +/qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR +5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/c +RfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZM +AsSesPzyAiutWBAX +-----END CERTIFICATE----- + [submit-as-agent(good.profileSubmit.serial.in-range) = WAIT_WITH_DELAY] error="Request Deferred - defer request",status="2",requestId="12" 0 @@ -112,6 +138,32 @@ Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-agent(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. +[submit-as-end-entity(good.profileSubmit.issued) = ISSUED] +status="0",cert="-----BEGIN CERTIFICATE-----" +-----BEGIN CERTIFICATE----- +MIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu +UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1 +MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYD +VQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQK +DAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJv +eC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZ +S14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8 +Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ0 +4Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE +7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/ +UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABB +wBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6 +Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQD +AgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiD +zQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VL +LEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf +/qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR +5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/c +RfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZM +AsSesPzyAiutWBAX +-----END CERTIFICATE----- + [submit-as-end-entity(good.profileSubmit.serial.in-range) = WAIT] error="Request Deferred - defer request",status="2",requestId="12" state=check&requestId=12 @@ -224,4 +276,4 @@ Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-end-entity(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. -46 samples. +48 samples. diff --git a/tests/019-dparse/good.profileSubmit.issued b/tests/019-dparse/good.profileSubmit.issued new file mode 100644 index 0000000..f2399b9 --- /dev/null +++ b/tests/019-dparse/good.profileSubmit.issued @@ -0,0 +1 @@ +072CN=pillbox.bos.redhat.com,OU=Engineering,O=Red Hat,L=Somerville,ST=Massachusetts,C=US2aMIIDyDCCArCgAwIBAgIBKjANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE1MDQxMzIwMDMxMVoXDTE1MTAxMDIwMDMxMVowgYMxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRMwEQYDVQQHDApTb21lcnZpbGxlMRAwDgYDVQQKDAdSZWQgSGF0MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWcGlsbGJveC5ib3MucmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMM9VrTiHmA1bFavmJMj1rY7UjhDPeGTILN5NpyiVb1ZVUwUG4SKNi0L8SSssIBZS14KhSHMlTopKV6uDVtWg5fV/Rq6LwtBrGDoO3lVSW9D7zbgqXkWkviJuuQHS+h8Dz8x9IbV2fXM9FjyXuKB62K47PDu5q+zGtMFMdoy+kOWItrAvRuowjMKfoNaLLJ04Fb9P3NmVW9fvjZ/46pUOCpAik+nRJr/D2PA1d3s8CI34sbJZb04GNSzA+BHLJBE7PC1LDppo//g1IgDWNcp6IHSd6zwasTGzlhyMLVSfKze5qXJKS6JzX0DbbSJaZC/UN0wfzcmXya8Pd6nmvoOT0sCAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTaNCP4eABBwBT/3pQoWQ+cxEo9vTBEBggrBgEFBQcBAQQ4MDYwNAYIKwYBBQUHMAGGKGh0dHA6Ly9tYWNoZXRlLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBdriiDzQIkPqzRY1nUR9jI5oTygHKqNYIj8+1oKHweyKi98L47lv2hZgtREfgUCl7PS7VLLEDAqboUEK4lJH2lstxmz2fHuQ2AOeGv6zr16u4X+woP6ZZLP6Lj/MDaueUAbOEf/qLsaw15i53YzWXOsie3rYvy/sg0Teu4VqO3E10erL8NBJkQeKKonG70f5HuVgcR5sWwIsxJi8YQuRkhW9meftppJIz05VHesguFvdpr2xWSB5vTH4prbfketIZl6g/cRfOVKrVpzilh6++ZIbeFYqd3z4vIMLedjk2hSUwK5A3bPgFlqzYii8j4scn+0mZMAsSesPzyAiutWBAX diff --git a/tests/tools/dparse.c b/tests/tools/dparse.c index ceeea9b..8f55077 100644 --- a/tests/tools/dparse.c +++ b/tests/tools/dparse.c @@ -63,7 +63,7 @@ main(int argc, char **argv) if (strcmp(mode, "submit") == 0) { cm_submit_d_submit_result(NULL, xml, &error_code, &error_reason, &error, - &status, &requestId); + &status, &requestId, &cert); i = cm_submit_d_submit_eval(NULL, xml, "SUBMIT", can_agent, &out, &err); } else