1 |
|
|
/** |
2 |
|
|
* This file is part of the CernVM File System. |
3 |
|
|
*/ |
4 |
|
|
|
5 |
|
|
#ifndef CVMFS_MANIFEST_FETCH_H_ |
6 |
|
|
#define CVMFS_MANIFEST_FETCH_H_ |
7 |
|
|
|
8 |
|
|
#include <cstdlib> |
9 |
|
|
#include <string> |
10 |
|
|
|
11 |
|
|
#include "manifest.h" |
12 |
|
|
|
13 |
|
|
namespace shash { |
14 |
|
|
struct Any; |
15 |
|
|
} |
16 |
|
|
|
17 |
|
|
namespace signature { |
18 |
|
|
class SignatureManager; |
19 |
|
|
} |
20 |
|
|
|
21 |
|
|
namespace download { |
22 |
|
|
class DownloadManager; |
23 |
|
|
} |
24 |
|
|
|
25 |
|
|
namespace manifest { |
26 |
|
|
|
27 |
|
|
enum Failures { |
28 |
|
|
kFailOk = 0, |
29 |
|
|
kFailLoad, |
30 |
|
|
kFailIncomplete, |
31 |
|
|
kFailNameMismatch, |
32 |
|
|
kFailRootMismatch, |
33 |
|
|
kFailOutdated, |
34 |
|
|
kFailBadCertificate, |
35 |
|
|
kFailBadSignature, |
36 |
|
|
kFailBadWhitelist, |
37 |
|
|
kFailInvalidCertificate, |
38 |
|
|
kFailUnknown, |
39 |
|
|
|
40 |
|
|
kFailNumEntries |
41 |
|
|
}; |
42 |
|
|
|
43 |
|
11 |
inline const char *Code2Ascii(const Failures error) { |
44 |
|
|
const char *texts[kFailNumEntries + 1]; |
45 |
|
11 |
texts[0] = "OK"; |
46 |
|
11 |
texts[1] = "failed to download"; |
47 |
|
11 |
texts[2] = "incomplete manifest"; |
48 |
|
11 |
texts[3] = "repository name mismatch"; |
49 |
|
11 |
texts[4] = "catalog root path mismatch"; |
50 |
|
11 |
texts[5] = "outdated manifest"; |
51 |
|
11 |
texts[6] = "bad certificate, failed to verify repository manifest"; |
52 |
|
11 |
texts[7] = "bad signature, failed to verify repository manifest"; |
53 |
|
11 |
texts[8] = "bad whitelist"; |
54 |
|
11 |
texts[9] = "invalid certificate"; |
55 |
|
11 |
texts[10] = "unknown error"; |
56 |
|
11 |
texts[11] = "no text"; |
57 |
|
11 |
return texts[error]; |
58 |
|
|
} |
59 |
|
|
|
60 |
|
|
|
61 |
|
|
/** |
62 |
|
|
* A manifest requires the certificate and the whitelist to be verified. |
63 |
|
|
* All three (for with the pkcs7 signature of the whitelist) are an ensemble. |
64 |
|
|
*/ |
65 |
|
|
struct ManifestEnsemble { |
66 |
|
39 |
ManifestEnsemble() { |
67 |
|
39 |
manifest = NULL; |
68 |
|
39 |
raw_manifest_buf = cert_buf = whitelist_buf = whitelist_pkcs7_buf = NULL; |
69 |
|
39 |
raw_manifest_size = cert_size = whitelist_size = whitelist_pkcs7_size = 0; |
70 |
|
39 |
} |
71 |
|
39 |
virtual ~ManifestEnsemble() { |
72 |
✓✓ |
39 |
delete manifest; |
73 |
✓✓ |
39 |
if (raw_manifest_buf) free(raw_manifest_buf); |
74 |
✓✓ |
39 |
if (cert_buf) free(cert_buf); |
75 |
✓✓ |
39 |
if (whitelist_buf) free(whitelist_buf); |
76 |
✗✓ |
39 |
if (whitelist_pkcs7_buf) free(whitelist_pkcs7_buf); |
77 |
✗✓ |
39 |
} |
78 |
|
|
// Can be overwritte to fetch certificate from cache |
79 |
|
15 |
virtual void FetchCertificate(const shash::Any &hash) { } |
80 |
|
|
|
81 |
|
|
Manifest *manifest; |
82 |
|
|
unsigned char *raw_manifest_buf; |
83 |
|
|
unsigned char *cert_buf; |
84 |
|
|
unsigned char *whitelist_buf; |
85 |
|
|
unsigned char *whitelist_pkcs7_buf; |
86 |
|
|
unsigned raw_manifest_size; |
87 |
|
|
unsigned cert_size; |
88 |
|
|
unsigned whitelist_size; |
89 |
|
|
unsigned whitelist_pkcs7_size; |
90 |
|
|
}; |
91 |
|
|
|
92 |
|
|
// TODO(jblomer): analogous to the Fetcher class, make a ManifestFetcher class |
93 |
|
|
Failures Fetch(const std::string &base_url, const std::string &repository_name, |
94 |
|
|
const uint64_t minimum_timestamp, const shash::Any *base_catalog, |
95 |
|
|
signature::SignatureManager *signature_manager, |
96 |
|
|
download::DownloadManager *download_manager, |
97 |
|
|
ManifestEnsemble *ensemble); |
98 |
|
|
|
99 |
|
|
|
100 |
|
|
} // namespace manifest |
101 |
|
|
|
102 |
|
|
#endif // CVMFS_MANIFEST_FETCH_H_ |