d3/d66/swissknife__letter_8cc_source.html

 #include "cvmfs_config.h"

 #include "swissknife_letter.h"


 #include <inttypes.h>

 #include <termios.h>


 #include <cassert>


 #include "crypto/hash.h"

 #include "crypto/signature.h"

 #include "download.h"

 #include "letter.h"

 #include "util/string.h"

 #include "whitelist.h"


 using namespace std;  // NOLINT


 static void ReadStdinBytes(unsigned char *buf, const uint16_t num_bytes) {

   int read_chunk;

   unsigned read_all = 0;


   do {

     if ((read_chunk = read(0, buf+read_all, num_bytes-read_all)) <= 0)

       break;

     read_all += read_chunk;

   } while (read_all < num_bytes);


   if (read_chunk == 0) exit(0);

   assert(read_all == num_bytes);

 }


 static void WriteStdoutBytes(const unsigned char *buf,

                              const uint16_t num_bytes)

 {

   int wrote_chunk;

   unsigned wrote_all = 0;


   do {

     if ((wrote_chunk = write(1, buf+wrote_all, num_bytes-wrote_all)) <= 0)

       break;

     wrote_all += wrote_chunk;

   } while (wrote_all < num_bytes);


   assert(wrote_all == num_bytes);

 }


 static uint16_t ReadErlang(unsigned char *buf) {

   int len;


   ReadStdinBytes(buf, 2);

   len = (buf[0] << 8) | buf[1];

   if (len > 0)

     ReadStdinBytes(buf, len);

   return len;

 }


 static void WriteErlang(const unsigned char *buf, int len) {

   unsigned char li;


   li = (len >> 8) & 0xff;

   WriteStdoutBytes(&li, 1);

   li = len & 0xff;

   WriteStdoutBytes(&li, 1);


   WriteStdoutBytes(buf, len);

 }


 int swissknife::CommandLetter::Main(const swissknife::ArgumentList &args) {

   bool verify = false;

   if (args.find('v') != args.end()) verify = true;

   if ((args.find('s') != args.end()) && verify) {

     LogCvmfs(kLogCvmfs, kLogStderr,

              "invalid option combination (sign + verify)");

     return 1;

   }


   bool erlang = false;

   string repository_url;

   string certificate_path;

   string certificate_password;

   shash::Algorithms hash_algorithm = shash::kSha1;

   uint64_t max_age = kDefaultMaxAge;

   if (verify) {

     repository_url = *args.find('r')->second;

     max_age = String2Uint64(*args.find('m')->second);

     if (args.find('e') != args.end()) erlang = true;

   } else {

     certificate_path = *args.find('c')->second;

     if (args.find('p') != args.end())

       certificate_password = *args.find('p')->second;

     if (args.find('a') != args.end()) {

       hash_algorithm = shash::ParseHashAlgorithm(*args.find('a')->second);

       if (hash_algorithm == shash::kAny) {

         LogCvmfs(kLogCvmfs, kLogStderr, "unknown hash algorithm");

         return 1;

       }

     }

   }

   string fqrn;

   string text;

   string key_path;

   string cacrl_path;

   fqrn = *args.find('f')->second;

   key_path = *args.find('k')->second;

   if (args.find('t') != args.end()) text = *args.find('t')->second;

   if (args.find('z') != args.end()) cacrl_path = *args.find('z')->second;


   whitelist::Failures retval_wl;

   letter::Failures retval_ltr;


   if (verify) {

     if (!InitVerifyingSignatureManager(key_path, cacrl_path)) {

       return 2;

     }


     const bool     follow_redirects = false;

     const unsigned max_pool_handles = 2;

     const string proxy =

       (args.find('@') != args.end()) ? *args.find('@')->second : "";

     if (!this->InitDownloadManager(follow_redirects, proxy, max_pool_handles)) {

       LogCvmfs(kLogCvmfs, kLogStderr, "failed to init repo connection");

       return 2;

     }


     whitelist::Whitelist whitelist(fqrn, download_manager(),

                                    signature_manager());

     retval_wl = whitelist.LoadUrl(repository_url);

     if (retval_wl != whitelist::kFailOk) {

       LogCvmfs(kLogCvmfs, kLogStderr, "failed to load whitelist (%d): %s",

                retval_wl, whitelist::Code2Ascii(retval_wl));

       return 2;

     }


     if (erlang) {

       const char *ready = "ready";

       WriteErlang(reinterpret_cast<const unsigned char *>(ready), 5);

     }


     char exit_code = 0;

     do {

       if (erlang) {

         unsigned char buf[65000];

         int length = ReadErlang(buf);

         text = string(reinterpret_cast<char *>(buf), length);

       } else {

         if (text == "") {

           char c;

           int num_read;

           while ((num_read = read(0, &c, 1)) == 1) {

             if (c == '\n')

               break;

             text.push_back(c);

           }

           if (num_read != 1) return exit_code;

         }

       }


       if ((time(NULL) + 3600*24*3) > whitelist.expires()) {

         LogCvmfs(kLogCvmfs, kLogStderr, "reloading whitelist");

         whitelist::Whitelist refresh(fqrn, download_manager(),

                                      signature_manager());

         retval_wl = refresh.LoadUrl(repository_url);

         if (retval_wl == whitelist::kFailOk)

           whitelist = refresh;

       }


       string message;

       string cert;

       letter::Letter letter(fqrn, text, signature_manager());

       retval_ltr = letter.Verify(max_age, &message, &cert);

       if (retval_ltr != letter::kFailOk) {

         exit_code = 3;

         LogCvmfs(kLogCvmfs, kLogStderr, "%s", letter::Code2Ascii(retval_ltr));

       } else {

         if (whitelist.IsExpired()) {

           exit_code = 4;

           LogCvmfs(kLogCvmfs, kLogStderr, "whitelist expired");

         } else {

           retval_wl = whitelist.VerifyLoadedCertificate();

           if (retval_wl == whitelist::kFailOk) {

             exit_code = 0;

           } else {

             exit_code = 5;

             LogCvmfs(kLogCvmfs, kLogStderr, "%s",

                      whitelist::Code2Ascii(retval_wl));

           }

         }

       }


       if (erlang) {

         if ((exit_code == 0) && (message.length() > 60000))

           exit_code = 6;

         WriteErlang(reinterpret_cast<unsigned char *>(&exit_code), 1);

         if (exit_code == 0)

           WriteErlang(reinterpret_cast<const unsigned char *>(message.data()),

                       message.length());

       } else {

         if (exit_code == 0)

           LogCvmfs(kLogCvmfs, kLogStdout | kLogNoLinebreak, "%s",

                    message.c_str());

       }

       text = "";

     } while (erlang);


     return exit_code;

   }


   if (!InitSigningSignatureManager(certificate_path,

                                    key_path,

                                    certificate_password)) {

     return 2;

   }


   if (text == "") {

     char c;

     while (read(0, &c, 1) == 1) {

       if (c == '\n')

         break;

       text.push_back(c);

     }

   }


   letter::Letter text_letter(fqrn, text, signature_manager());

   LogCvmfs(kLogCvmfs, kLogStdout, "%s",

            text_letter.Sign(hash_algorithm).c_str());


   return 0;

 }

LogCvmfs
#define LogCvmfs(source, mask,...)
Definition: logging.h:22

whitelist.h

letter::Letter
Definition: letter.h:43

string.h

letter::kFailOk
Definition: letter.h:19

letter::Failures
Failures
Definition: letter.h:18

whitelist::Whitelist::LoadUrl
Failures LoadUrl(const std::string &base_url)
Definition: whitelist.cc:216

whitelist::Whitelist::VerifyLoadedCertificate
Failures VerifyLoadedCertificate() const
Definition: whitelist.cc:95

letter::Letter::Verify
Failures Verify(uint64_t max_age, std::string *msg, std::string *cert)
Definition: letter.cc:64

download.h

hash.h

shash::kSha1
Definition: hash.h:43

assert
assert((mem||(size==0))&&"Out Of Memory")

kLogNoLinebreak
Definition: logging_internal.h:59

swissknife_letter.h

cvmfs_inject.args
tuple args
Definition: cvmfs_inject.py:31

letter.h

shash::Algorithms
Algorithms
Definition: hash.h:41

kLogStdout
Definition: logging_internal.h:23

whitelist::kFailOk
Definition: whitelist.h:29

kLogStderr
Definition: logging_internal.h:24

ReadStdinBytes
static void ReadStdinBytes(unsigned char *buf, const uint16_t num_bytes)
Definition: swissknife_letter.cc:25

signature.h

letter::Letter::Sign
std::string Sign(const shash::Algorithms hash_algorithm)
Definition: letter.cc:30

whitelist::Code2Ascii
const char * Code2Ascii(const Failures error)
Definition: whitelist.h:49

WriteStdoutBytes
static void WriteStdoutBytes(const unsigned char *buf, const uint16_t num_bytes)
Definition: swissknife_letter.cc:40

swissknife::CommandLetter::Main
int Main(const ArgumentList &args)
Definition: swissknife_letter.cc:79

publish::whitelist
const whitelist::Whitelist * whitelist() const
Definition: repository.h:124

whitelist::Whitelist::expires
time_t expires() const
Definition: whitelist.cc:83

String2Uint64
uint64_t String2Uint64(const string &value)
Definition: string.cc:228

swissknife::ArgumentList
std::map< char, SharedPtr< std::string > > ArgumentList
Definition: swissknife.h:72

whitelist::Whitelist::IsExpired
bool IsExpired() const
Definition: whitelist.cc:89

kLogCvmfs
Definition: logging_internal.h:80

shash::ParseHashAlgorithm
Algorithms ParseHashAlgorithm(const string &algorithm_option)
Definition: hash.cc:72

letter::Code2Ascii
const char * Code2Ascii(const Failures error)
Definition: letter.h:30

WriteErlang
static void WriteErlang(const unsigned char *buf, int len)
Definition: swissknife_letter.cc:67

ReadErlang
static uint16_t ReadErlang(unsigned char *buf)
Definition: swissknife_letter.cc:56

whitelist::Failures
Failures
Definition: whitelist.h:28

shash::kAny
Definition: hash.h:46

whitelist::Whitelist
Definition: whitelist.h:71