cmc

synrc · Nov 15, 2024 · 0cf0b39 · 0cf0b39
2 parents 608affb + 6062e36
commit 0cf0b39
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 54 deletions.
diff --git a/lib/services/cmc.ex b/lib/services/cmc.ex
@@ -2,46 +2,13 @@ defmodule CA.CMC do
   @moduledoc "CA/CMC TLS TCP server."
   require CA
 
-  def oid(:"id-cmc-identification"),        do: {1,3,6,1,5,5,7,7,2}
-  def oid(:"id-cmc-identityProof"),         do: {1,3,6,1,5,5,7,7,3}
-  def oid(:"id-cmc-dataReturn"),            do: {1,3,6,1,5,5,7,7,4}
-  def oid(:"id-cmc-transactionId"),         do: {1,3,6,1,5,5,7,7,5}
-  def oid(:"id-cmc-senderNonce"),           do: {1,3,6,1,5,5,7,7,6}
-  def oid(:"id-cmc-recipientNonce"),        do: {1,3,6,1,5,5,7,7,7}
-  def oid(:"id-cmc-statusInfo"),            do: {1,3,6,1,5,5,7,7,1}
-  def oid(:"id-cmc-addExtensions"),         do: {1,3,6,1,5,5,7,7,8}
-  def oid(:"id-cmc-encryptedPOP"),          do: {1,3,6,1,5,5,7,7,9}
-  def oid(:"id-cmc-decryptedPOP"),          do: {1,3,6,1,5,5,7,7,10}
-  def oid(:"id-cmc-lraPOPWitness"),         do: {1,3,6,1,5,5,7,7,11}
-  def oid(:"id-cmc-getCert"),               do: {1,3,6,1,5,5,7,7,15}
-  def oid(:"id-cmc-getCRL"),                do: {1,3,6,1,5,5,7,7,16}
-  def oid(:"id-cmc-revokeRequest"),         do: {1,3,6,1,5,5,7,7,17}
-  def oid(:"id-cmc-regInfo"),               do: {1,3,6,1,5,5,7,7,18}
-  def oid(:"id-cmc-responseInfo"),          do: {1,3,6,1,5,5,7,7,19}
-  def oid(:"id-cmc-queryPending"),          do: {1,3,6,1,5,5,7,7,21}
-  def oid(:"id-cmc-popLinkRandom"),         do: {1,3,6,1,5,5,7,7,22}
-  def oid(:"id-cmc-popLinkWitness"),        do: {1,3,6,1,5,5,7,7,23}
-  def oid(:"id-cmc-confirmCertAcceptance"), do: {1,3,6,1,5,5,7,7,24}
-  def oid(:"id-cmc-statusInfoV2"),          do: {1,3,6,1,5,5,7,7,25}
-  def oid(:"id-cmc-trustedAnchors"),        do: {1,3,6,1,5,5,7,7,26}
-  def oid(:"id-cmc-authData"),              do: {1,3,6,1,5,5,7,7,27}
-  def oid(:"id-cmc-batchRequests"),         do: {1,3,6,1,5,5,7,7,28}
-  def oid(:"id-cmc-batchResponses"),        do: {1,3,6,1,5,5,7,7,29}
-  def oid(:"id-cmc-publishCert"),           do: {1,3,6,1,5,5,7,7,30}
-  def oid(:"id-cmc-modCertTemplate"),       do: {1,3,6,1,5,5,7,7,31}
-  def oid(:"id-cmc-controlProcessed"),      do: {1,3,6,1,5,5,7,7,32}
-  def oid(:"id-cmc-identityProofV2"),       do: {1,3,6,1,5,5,7,7,33}
-  def oid(:"id-cmc-popLinkWitnessV2"),      do: {1,3,6,1,5,5,7,7,34}
-
-  def code(),  do: :binary.encode_hex(:crypto.strong_rand_bytes(8))
-
   # Authority PKI X.509 CMC over TCP RFC 5272 5273 5274 5275 6402
 
+  # [1] https://www.rfc-editor.org/rfc/rfc6402
   # [2] https://www.rfc-editor.org/rfc/rfc5272
-  # [2] https://www.rfc-editor.org/rfc/rfc5273
-  # [2] https://www.rfc-editor.org/rfc/rfc5274
-  # [2] https://www.rfc-editor.org/rfc/rfc5275
-  # [3] https://www.rfc-editor.org/rfc/rfc6402
+  # [3] https://www.rfc-editor.org/rfc/rfc5273
+  # [4] https://www.rfc-editor.org/rfc/rfc5274
+  # [5] https://www.rfc-editor.org/rfc/rfc5275
 
   def start_link(port: port), do: {:ok, :erlang.spawn_link(fn -> listen(port) end)}
   def child_spec(opt) do
@@ -87,4 +54,37 @@ defmodule CA.CMC do
       end
   end
 
+  def oid(:"id-cmc-identification"),        do: {1,3,6,1,5,5,7,7,2}
+  def oid(:"id-cmc-identityProof"),         do: {1,3,6,1,5,5,7,7,3}
+  def oid(:"id-cmc-dataReturn"),            do: {1,3,6,1,5,5,7,7,4}
+  def oid(:"id-cmc-transactionId"),         do: {1,3,6,1,5,5,7,7,5}
+  def oid(:"id-cmc-senderNonce"),           do: {1,3,6,1,5,5,7,7,6}
+  def oid(:"id-cmc-recipientNonce"),        do: {1,3,6,1,5,5,7,7,7}
+  def oid(:"id-cmc-statusInfo"),            do: {1,3,6,1,5,5,7,7,1}
+  def oid(:"id-cmc-addExtensions"),         do: {1,3,6,1,5,5,7,7,8}
+  def oid(:"id-cmc-encryptedPOP"),          do: {1,3,6,1,5,5,7,7,9}
+  def oid(:"id-cmc-decryptedPOP"),          do: {1,3,6,1,5,5,7,7,10}
+  def oid(:"id-cmc-lraPOPWitness"),         do: {1,3,6,1,5,5,7,7,11}
+  def oid(:"id-cmc-getCert"),               do: {1,3,6,1,5,5,7,7,15}
+  def oid(:"id-cmc-getCRL"),                do: {1,3,6,1,5,5,7,7,16}
+  def oid(:"id-cmc-revokeRequest"),         do: {1,3,6,1,5,5,7,7,17}
+  def oid(:"id-cmc-regInfo"),               do: {1,3,6,1,5,5,7,7,18}
+  def oid(:"id-cmc-responseInfo"),          do: {1,3,6,1,5,5,7,7,19}
+  def oid(:"id-cmc-queryPending"),          do: {1,3,6,1,5,5,7,7,21}
+  def oid(:"id-cmc-popLinkRandom"),         do: {1,3,6,1,5,5,7,7,22}
+  def oid(:"id-cmc-popLinkWitness"),        do: {1,3,6,1,5,5,7,7,23}
+  def oid(:"id-cmc-confirmCertAcceptance"), do: {1,3,6,1,5,5,7,7,24}
+  def oid(:"id-cmc-statusInfoV2"),          do: {1,3,6,1,5,5,7,7,25}
+  def oid(:"id-cmc-trustedAnchors"),        do: {1,3,6,1,5,5,7,7,26}
+  def oid(:"id-cmc-authData"),              do: {1,3,6,1,5,5,7,7,27}
+  def oid(:"id-cmc-batchRequests"),         do: {1,3,6,1,5,5,7,7,28}
+  def oid(:"id-cmc-batchResponses"),        do: {1,3,6,1,5,5,7,7,29}
+  def oid(:"id-cmc-publishCert"),           do: {1,3,6,1,5,5,7,7,30}
+  def oid(:"id-cmc-modCertTemplate"),       do: {1,3,6,1,5,5,7,7,31}
+  def oid(:"id-cmc-controlProcessed"),      do: {1,3,6,1,5,5,7,7,32}
+  def oid(:"id-cmc-identityProofV2"),       do: {1,3,6,1,5,5,7,7,33}
+  def oid(:"id-cmc-popLinkWitnessV2"),      do: {1,3,6,1,5,5,7,7,34}
+
+  def code(),  do: :binary.encode_hex(:crypto.strong_rand_bytes(8))
+
 end
diff --git a/lib/services/cmp.ex b/lib/services/cmp.ex
@@ -3,14 +3,6 @@ defmodule CA.CMP do
   require CA
   require CA.CMP.Scheme
 
-# WSL Service
-# netsh interface portproxy add v4tov4 listenport=8829 listenaddress=192.168.0.3 connectport=8829 connectaddress=172.31.45.170
-# netsh interface portproxy add v4tov4 listenport=8047 listenaddress=192.168.0.3 connectport=8047 connectaddress=172.31.45.170
-# New-NetFireWallRule -DisplayName 'CMP-OUT' -Direction Outbound -LocalPort 8829 -Action Allow -Protocol TCP
-# New-NetFireWallRule -DisplayName 'CMP-IN'  -Direction Inbound  -LocalPort 8829 -Action Allow -Protocol TCP
-# New-NetFireWallRule -DisplayName 'EST-OUT' -Direction Outbound -LocalPort 8047 -Action Allow -Protocol TCP
-# New-NetFireWallRule -DisplayName 'EST-IN'  -Direction Inbound  -LocalPort 8047 -Action Allow -Protocol TCP
-
   # Authority PKI X.509 CMP over TCP RFC 4210 9480 9481
 
   # [1] https://datatracker.ietf.org/doc/html/rfc4210
@@ -183,4 +175,12 @@ defmodule CA.CMP do
       :logger.info 'Strange PKIMessage request ~p', [body]
   end
 
+# WSL Service
+# netsh interface portproxy add v4tov4 listenport=8829 listenaddress=192.168.0.3 connectport=8829 connectaddress=172.31.45.170
+# netsh interface portproxy add v4tov4 listenport=8047 listenaddress=192.168.0.3 connectport=8047 connectaddress=172.31.45.170
+# New-NetFireWallRule -DisplayName 'CMP-OUT' -Direction Outbound -LocalPort 8829 -Action Allow -Protocol TCP
+# New-NetFireWallRule -DisplayName 'CMP-IN'  -Direction Inbound  -LocalPort 8829 -Action Allow -Protocol TCP
+# New-NetFireWallRule -DisplayName 'EST-OUT' -Direction Outbound -LocalPort 8047 -Action Allow -Protocol TCP
+# New-NetFireWallRule -DisplayName 'EST-IN'  -Direction Inbound  -LocalPort 8047 -Action Allow -Protocol TCP
+
 end
diff --git a/lib/services/crt.ex b/lib/services/crt.ex
@@ -65,7 +65,8 @@ defmodule CA.CRT do
       extensions = :lists.map(fn {:Extension,code,_x,b} ->
          CA.CE.oid(code, :lists.flatten(CA.CE.flat(code,:asn1rt_nif.decode_ber_tlv(b),[])))
       end, exts)
-      [ resourceType: :Certificate,
+      [
+        resourceType: :Certificate,
         version: ver,
         signatureAlgorithm: CA.AT.code(alg),
         subject: CA.RDN.rdn(CA.RDN.decodeAttrs(issuee)),

diff --git a/lib/services/est.ex b/lib/services/est.ex
@@ -4,6 +4,14 @@ defmodule CA.EST do
   @templates [ "ocsp", "ipsec", "bgp", "eap", "cap", "sip", "cmc", "scvp", "ssh", "tls" ]
   @classes   [ "ca", "ra", "server", "client", "human", "program" ]
 
+  # Authority PKI X.509 CMP over CoAP RFC 9482
+  # Authority PKI X.509 CMP over HTTP RFC 9483
+  # Authority PKI X.509 EST over HTTPS RFC 7030
+
+  # [1] https://www.rfc-editor.org/rfc/rfc9483
+  # [2] https://www.rfc-editor.org/rfc/rfc7030
+  # [3] https://www.ietf.org/archive/id/draft-ietf-lamps-rfc7030-csrattrs-07.html
+
   use Plug.Router
   plug :match
   plug :dispatch
@@ -25,14 +33,6 @@ defmodule CA.EST do
       }
   end
 
-  # Authority PKI X.509 CMP over CoAP RFC 9482
-  # Authority PKI X.509 CMP over HTTP RFC 9483
-  # Authority PKI X.509 EST over HTTPS RFC 7030
-
-  # [1] https://www.rfc-editor.org/rfc/rfc9483
-  # [2] https://www.rfc-editor.org/rfc/rfc7030
-  # [3] https://www.ietf.org/archive/id/draft-ietf-lamps-rfc7030-csrattrs-07.html
-
   get  "/.well-known/est/:operation"            do CA.EST.Get.get(conn,   "CA", [],             [],                action(operation)) end
   get  "/.well-known/est/:profile/:operation"   do CA.EST.Get.get(conn,   "CA", curve(profile), template(profile), action(operation)) end
   get  "/.well-known/cmp/p/:profile/:operation" do CA.EST.Get.get(conn,   "CA", curve(profile), template(profile), action(operation)) end