From 6d3ca7c94cbc7393d70c0188fe27dfc9d7dccd64 Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Wed, 27 Jun 2012 17:16:07 -0700 Subject: [PATCH] work towards one request per session --- webserver/chocolate_protocol.proto | 13 +++++-------- webserver/client.py | 15 +++++++-------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/webserver/chocolate_protocol.proto b/webserver/chocolate_protocol.proto index 426d0516f..22d067f7e 100644 --- a/webserver/chocolate_protocol.proto +++ b/webserver/chocolate_protocol.proto @@ -67,16 +67,13 @@ message chocolatemessage { required string certificate = 1; /* Repeated string certificate? */ } - repeated SigningRequest request = 3; /* TODO or should there just be one request and the request - should use subject alternate names for every name that - we want to have signed? There could still be multiple + optional SigningRequest request = 3; /* There should just be one request and the request + must use subject alternate names for every name that + we want to have signed. There could still be multiple challenges in response -- one or more challenges per name. */ - optional Failure failure = 4; /* TODO need to think about where there can be multiple failures - reported at once, and whether all failures are completely fatal - to the protocol, requiring it to be restarted from the beginning, - or whether you could have some CSRs fail and others still - succeed. */ + optional Failure failure = 4; /* Each failure is completely fatal to the protocol, requiring it + to be restarted from the beginning. */ optional Proceed proceed = 5; repeated Challenge challenge = 6; repeated Challenge completedchallenge = 7; diff --git a/webserver/client.py b/webserver/client.py index 29066ee20..ae2ccf87b 100644 --- a/webserver/client.py +++ b/webserver/client.py @@ -26,15 +26,14 @@ def init(m): m.session = "" def make_request(m): - m.request.add() - m.request[0].nonce = "".join([random.choice("abcdefghijklmnopqrstuvwxyz") for i in xrange(20)]) - m.request[0].recipient = "ca.example.com" - m.request[0].timestamp = int(time.time()) - m.request[0].csr = "FOO" - m.request[0].sig = "BAR" + m.request.nonce = "".join([random.choice("abcdefghijklmnopqrstuvwxyz") for i in xrange(20)]) + m.request.recipient = "ca.example.com" + m.request.timestamp = int(time.time()) + m.request.csr = "FOO" + m.request.sig = "BAR" -def sign(k, m, i=0): - m.request[i].sig = CSR.sign(k, sha256("(%d) (%s) (%s) (%s)" % (m.request[i].timestamp, m.request[i].recipient, m.request[i].nonce, m.request[i].csr))) +def sign(k, m): + m.request.sig = CSR.sign(k, sha256("(%d) (%s) (%s) (%s)" % (m.request.timestamp, m.request.recipient, m.request.nonce, m.request.csr))) m = chocolatemessage()