wip: sign cert

src/brski/brski.cpp

@@ -30,6 +30,7 @@ const std::string USAGE_STRING =
 enum class CommandId {
   COMMAND_EXPORT_PVR = 1,
   COMMAND_PLEDGE_REQUEST,
+  COMMAND_SIGN_CERT,
   COMMAND_START_REGISTRAR,
   COMMAND_START_MASA,
 };
@@ -40,12 +41,13 @@ struct command_config {
   const std::string info;
 };
 
-const std::array<struct command_config, 4> command_list = {{
+const std::array<struct command_config, 5> command_list = {{
     {"epvr", CommandId::COMMAND_EXPORT_PVR,
      "\tepvr\t\tExport the pledge voucher request as base64 CMS file"},
     {"preq", CommandId::COMMAND_PLEDGE_REQUEST,
      "\tpreq\t\tSend a pledge-voucher request to the registrar and\n"
      "\t\t\t return the pinned-domain-cert."},
+    {"sign", CommandId::COMMAND_SIGN_CERT, "\tsign\t\tSign a certificate\n"},
     {"registrar", CommandId::COMMAND_START_REGISTRAR,
      "\tregistrar\tStarts the registrar"},
     {"masa", CommandId::COMMAND_START_MASA, "\tmasa\t\tStarts the MASA"},

src/brski/masa/masa_api.hpp

@@ -21,6 +21,9 @@
 #define PATH_BRSKI_REQUESTAUDITLOG BRSKI_PREFIX_PATH "/requestauditlog"
 #define PATH_BRSKI_ENROLLSTATUS BRSKI_PREFIX_PATH "/enrollstatus"
 
+/* Not part of the standard */
+#define PATH_BRSKI_SIGNCERT BRSKI_PREFIX_PATH "/signcert"
+
 #define EST_PREFIX_PATH "/.well-known/est"
 #define PATH_EST_CACERTS EST_PREFIX_PATH "/cacerts"
 #define PATH_EST_SIMPLEENROLL EST_PREFIX_PATH "/simpleenroll"

src/brski/registrar/registrar_api.cpp

@@ -288,3 +288,17 @@ int registrar_enrollstatus(const RequestHeader &request_header,
   response_header["Content-Type"] = "text/plain";
   return 200;
 }
+
+int registrar_signcert(const RequestHeader &request_header,
+                           const std::string &request_body,
+                           CRYPTO_CERT peer_certificate,
+                           ResponseHeader &response_header,
+                           std::string &response, void *context)
+{
+  log_trace("registrar_signcert:");
+  log_trace("%s", request_body.c_str());
+
+  response.assign("registrar_enrollstatus");
+  response_header["Content-Type"] = "text/plain";
+  return 200;
+}

src/brski/registrar/registrar_api.hpp

@@ -66,4 +66,19 @@ int registrar_enrollstatus(const RequestHeader &request_header,
                            ResponseHeader &response_header,
                            std::string &response, void *context);
 
+/**
+ * @brief Registrar sign certificate
+ * Not part of the specification.
+ *
+ * @return The HTTP status code.
+ * @retval 200 OK.
+ * @retval 400 Bad Request (malformed request).
+ * @retval 500 Internal Server Error.
+ * @retval 502 Bad Gateway
+ */
+int registrar_signcert(const RequestHeader &request_header,
+                           const std::string &request_body,
+                           CRYPTO_CERT peer_certificate,
+                           ResponseHeader &response_header,
+                           std::string &response, void *context);
 #endif

src/brski/registrar/registrar_server.cpp

@@ -37,6 +37,10 @@ void setup_registrar_routes(std::vector<struct RouteTuple> &routes) {
   routes.push_back({.path = std::string(PATH_BRSKI_ENROLLSTATUS),
                     .method = HTTP_METHOD_POST,
                     .handle = registrar_enrollstatus});
+
+  routes.push_back({.path = std::string(PATH_BRSKI_SIGNCERT),
+                    .method = HTTP_METHOD_POST,
+                    .handle = registrar_signcert});
 }
 
 int registrar_start(struct registrar_config *rconf, struct masa_config *mconf,