Head

GCC Code Coverage Report

Directory:	cvmfs/		Exec	Total	Coverage
File:	cvmfs/server_tool.cc	Lines:	19	80	23.8 %
Date:	2019-02-03 02:48:13	Branches:	7	50	14.0 %


/**
 * This file is part of the CernVM File System.
 */

#include "server_tool.h"

#include "util/posix.h"

ServerTool::ServerTool() {}

ServerTool::~ServerTool() {
  if (download_manager_.IsValid()) {
    download_manager_->Fini();
  }

  if (signature_manager_.IsValid()) {
    signature_manager_->Fini();
  }
}

bool ServerTool::InitDownloadManager(const bool follow_redirects,
                                     const unsigned max_pool_handles,
                                     const bool use_system_proxy) {
  if (download_manager_.IsValid()) {
    return true;
  }

  download_manager_ = new download::DownloadManager();
  assert(download_manager_);
  download_manager_->Init(max_pool_handles, use_system_proxy,
                          perf::StatisticsTemplate("download", statistics()));

  download_manager_->SetTimeout(kDownloadTimeout, kDownloadTimeout);
  download_manager_->SetRetryParameters(kDownloadRetries, 500, 2000);

  if (follow_redirects) {
    download_manager_->EnableRedirects();
  }

  return true;
}

bool ServerTool::InitVerifyingSignatureManager(
    const std::string &pubkey_path, const std::string &trusted_certs) {
  if (signature_manager_.IsValid()) {
    return true;
  }

  signature_manager_ = new signature::SignatureManager();
  assert(signature_manager_);
  signature_manager_->Init();

  if (!signature_manager_->LoadPublicRsaKeys(pubkey_path)) {
    LogCvmfs(kLogCvmfs, kLogStderr, "failed to load public repo key '%s'",
             pubkey_path.c_str());
    return false;
  }

  if (!trusted_certs.empty() &&
      !signature_manager_->LoadTrustedCaCrl(trusted_certs)) {
    LogCvmfs(kLogCvmfs, kLogStderr, "failed to load trusted certificates");
    return false;
  }

  return true;
}

bool ServerTool::InitSigningSignatureManager(
    const std::string &certificate_path, const std::string &private_key_path,
    const std::string &private_key_password) {
  if (signature_manager_.IsValid()) {
    return true;
  }

  signature_manager_ = new signature::SignatureManager();
  assert(signature_manager_);
  signature_manager_->Init();

  // Load certificate
  if (!signature_manager_->LoadCertificatePath(certificate_path)) {
    LogCvmfs(kLogCvmfs, kLogStderr, "failed to load certificate '%s'",
             certificate_path.c_str());
    return false;
  }

  // Load private key
  if (!signature_manager_->LoadPrivateKeyPath(private_key_path,
                                              private_key_password)) {
    LogCvmfs(kLogCvmfs, kLogStderr, "failed to load private key '%s' (%s)",
             private_key_path.c_str(),
             signature_manager_->GetCryptoError().c_str());
    return false;
  }

  if (!signature_manager_->KeysMatch()) {
    LogCvmfs(kLogCvmfs, kLogStderr,
             "the private key '%s' doesn't seem to match certificate '%s' (%s)",
             private_key_path.c_str(), certificate_path.c_str(),
             signature_manager_->GetCryptoError().c_str());
    signature_manager_->UnloadPrivateKey();
    return false;
  }

  return true;
}

download::DownloadManager *ServerTool::download_manager() const {
  assert(download_manager_.IsValid());
  return download_manager_.weak_ref();
}

signature::SignatureManager *ServerTool::signature_manager() const {
  assert(signature_manager_.IsValid());
  return signature_manager_.weak_ref();
}

manifest::Manifest *ServerTool::OpenLocalManifest(
    const std::string path) const {
  return manifest::Manifest::LoadFile(path);
}

manifest::Failures ServerTool::FetchRemoteManifestEnsemble(
    const std::string &repository_url, const std::string &repository_name,
    manifest::ManifestEnsemble *ensemble) const {
  const uint64_t minimum_timestamp = 0;
  const shash::Any *base_catalog = NULL;
  return manifest::Fetch(repository_url, repository_name, minimum_timestamp,
                         base_catalog, signature_manager(), download_manager(),
                         ensemble);
}

manifest::Manifest *ServerTool::FetchRemoteManifest(
    const std::string &repository_url, const std::string &repository_name,
    const shash::Any &base_hash) const {
  manifest::ManifestEnsemble manifest_ensemble;
  UniquePtr<manifest::Manifest> manifest;

  // fetch (and verify) the manifest
  const manifest::Failures retval = FetchRemoteManifestEnsemble(
      repository_url, repository_name, &manifest_ensemble);

  if (retval != manifest::kFailOk) {
    LogCvmfs(kLogCvmfs, kLogStderr,
             "failed to fetch repository manifest "
             "(%d - %s)",
             retval, manifest::Code2Ascii(retval));
    return NULL;
  } else {
    // copy-construct a fresh manifest object because ManifestEnsemble will
    // free manifest_ensemble.manifest when it goes out of scope
    manifest = new manifest::Manifest(*manifest_ensemble.manifest);
  }

  // check if manifest fetching was successful
  if (!manifest) {
    LogCvmfs(kLogCvmfs, kLogStderr, "failed to load repository manifest");
    return NULL;
  }

  // check the provided base hash of the repository if provided
  if (!base_hash.IsNull() && manifest->catalog_hash() != base_hash) {
    LogCvmfs(kLogCvmfs, kLogStderr,
             "base hash does not match manifest "
             "(found: %s expected: %s)",
             manifest->catalog_hash().ToString().c_str(),
             base_hash.ToString().c_str());
    return NULL;
  }

  // return the fetched manifest (releasing pointer ownership)
  return manifest.Release();
}

manifest::Reflog *ServerTool::CreateEmptyReflog(
    const std::string &temp_directory, const std::string &repo_name) {
  // create a new Reflog if there was none found yet
  const std::string tmp_path_prefix = temp_directory + "/new_reflog";
  const std::string tmp_path = CreateTempPath(tmp_path_prefix, 0600);

  LogCvmfs(kLogCvmfs, kLogDebug, "creating new reflog '%s' for %s",
           tmp_path.c_str(), repo_name.c_str());
  return manifest::Reflog::Create(tmp_path, repo_name);
}


Generated by: GCOVR (Version 4.1)

Line	Branch	Exec	Source
1			/**
2			* This file is part of the CernVM File System.
3			*/
4
5			#include "server_tool.h"
6
7			#include "util/posix.h"
8
9		21	ServerTool::ServerTool() {}
10
11		22	ServerTool::~ServerTool() {
12	✓✗	21	if (download_manager_.IsValid()) {
13		21	download_manager_->Fini();
14			}
15
16	✗✓	21	if (signature_manager_.IsValid()) {
17			signature_manager_->Fini();
18			}
19	✗✗✗✓	1	}
20
21		21	bool ServerTool::InitDownloadManager(const bool follow_redirects,
22			const unsigned max_pool_handles,
23			const bool use_system_proxy) {
24	✗✓	21	if (download_manager_.IsValid()) {
25			return true;
26			}
27
28		21	download_manager_ = new download::DownloadManager();
29	✗✓	21	assert(download_manager_);
30			download_manager_->Init(max_pool_handles, use_system_proxy,
31		21	perf::StatisticsTemplate("download", statistics()));
32
33		21	download_manager_->SetTimeout(kDownloadTimeout, kDownloadTimeout);
34		21	download_manager_->SetRetryParameters(kDownloadRetries, 500, 2000);
35
36	✓✗	21	if (follow_redirects) {
37		21	download_manager_->EnableRedirects();
38			}
39
40		21	return true;
41			}
42
43			bool ServerTool::InitVerifyingSignatureManager(
44			const std::string &pubkey_path, const std::string &trusted_certs) {
45			if (signature_manager_.IsValid()) {
46			return true;
47			}
48
49			signature_manager_ = new signature::SignatureManager();
50			assert(signature_manager_);
51			signature_manager_->Init();
52
53			if (!signature_manager_->LoadPublicRsaKeys(pubkey_path)) {
54			LogCvmfs(kLogCvmfs, kLogStderr, "failed to load public repo key '%s'",
55			pubkey_path.c_str());
56			return false;
57			}
58
59			if (!trusted_certs.empty() &&
60			!signature_manager_->LoadTrustedCaCrl(trusted_certs)) {
61			LogCvmfs(kLogCvmfs, kLogStderr, "failed to load trusted certificates");
62			return false;
63			}
64
65			return true;
66			}
67
68			bool ServerTool::InitSigningSignatureManager(
69			const std::string &certificate_path, const std::string &private_key_path,
70			const std::string &private_key_password) {
71			if (signature_manager_.IsValid()) {
72			return true;
73			}
74
75			signature_manager_ = new signature::SignatureManager();
76			assert(signature_manager_);
77			signature_manager_->Init();
78
79			// Load certificate
80			if (!signature_manager_->LoadCertificatePath(certificate_path)) {
81			LogCvmfs(kLogCvmfs, kLogStderr, "failed to load certificate '%s'",
82			certificate_path.c_str());
83			return false;
84			}
85
86			// Load private key
87			if (!signature_manager_->LoadPrivateKeyPath(private_key_path,
88			private_key_password)) {
89			LogCvmfs(kLogCvmfs, kLogStderr, "failed to load private key '%s' (%s)",
90			private_key_path.c_str(),
91			signature_manager_->GetCryptoError().c_str());
92			return false;
93			}
94
95			if (!signature_manager_->KeysMatch()) {
96			LogCvmfs(kLogCvmfs, kLogStderr,
97			"the private key '%s' doesn't seem to match certificate '%s' (%s)",
98			private_key_path.c_str(), certificate_path.c_str(),
99			signature_manager_->GetCryptoError().c_str());
100			signature_manager_->UnloadPrivateKey();
101			return false;
102			}
103
104			return true;
105			}
106
107		14	download::DownloadManager *ServerTool::download_manager() const {
108	✗✓	14	assert(download_manager_.IsValid());
109		14	return download_manager_.weak_ref();
110			}
111
112			signature::SignatureManager *ServerTool::signature_manager() const {
113			assert(signature_manager_.IsValid());
114			return signature_manager_.weak_ref();
115			}
116
117			manifest::Manifest *ServerTool::OpenLocalManifest(
118			const std::string path) const {
119			return manifest::Manifest::LoadFile(path);
120			}
121
122			manifest::Failures ServerTool::FetchRemoteManifestEnsemble(
123			const std::string &repository_url, const std::string &repository_name,
124			manifest::ManifestEnsemble *ensemble) const {
125			const uint64_t minimum_timestamp = 0;
126			const shash::Any *base_catalog = NULL;
127			return manifest::Fetch(repository_url, repository_name, minimum_timestamp,
128			base_catalog, signature_manager(), download_manager(),
129			ensemble);
130			}
131
132			manifest::Manifest *ServerTool::FetchRemoteManifest(
133			const std::string &repository_url, const std::string &repository_name,
134			const shash::Any &base_hash) const {
135			manifest::ManifestEnsemble manifest_ensemble;
136			UniquePtr<manifest::Manifest> manifest;
137
138			// fetch (and verify) the manifest
139			const manifest::Failures retval = FetchRemoteManifestEnsemble(
140			repository_url, repository_name, &manifest_ensemble);
141
142			if (retval != manifest::kFailOk) {
143			LogCvmfs(kLogCvmfs, kLogStderr,
144			"failed to fetch repository manifest "
145			"(%d - %s)",
146			retval, manifest::Code2Ascii(retval));
147			return NULL;
148			} else {
149			// copy-construct a fresh manifest object because ManifestEnsemble will
150			// free manifest_ensemble.manifest when it goes out of scope
151			manifest = new manifest::Manifest(*manifest_ensemble.manifest);
152			}
153
154			// check if manifest fetching was successful
155			if (!manifest) {
156			LogCvmfs(kLogCvmfs, kLogStderr, "failed to load repository manifest");
157			return NULL;
158			}
159
160			// check the provided base hash of the repository if provided
161			if (!base_hash.IsNull() && manifest->catalog_hash() != base_hash) {
162			LogCvmfs(kLogCvmfs, kLogStderr,
163			"base hash does not match manifest "
164			"(found: %s expected: %s)",
165			manifest->catalog_hash().ToString().c_str(),
166			base_hash.ToString().c_str());
167			return NULL;
168			}
169
170			// return the fetched manifest (releasing pointer ownership)
171			return manifest.Release();
172			}
173
174			manifest::Reflog *ServerTool::CreateEmptyReflog(
175			const std::string &temp_directory, const std::string &repo_name) {
176			// create a new Reflog if there was none found yet
177			const std::string tmp_path_prefix = temp_directory + "/new_reflog";
178			const std::string tmp_path = CreateTempPath(tmp_path_prefix, 0600);
179
180			LogCvmfs(kLogCvmfs, kLogDebug, "creating new reflog '%s' for %s",
181			tmp_path.c_str(), repo_name.c_str());
182			return manifest::Reflog::Create(tmp_path, repo_name);
183			}