CernVM-FS  2.10.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
server_tool.cc
Go to the documentation of this file.
1 
5 #include "server_tool.h"
6 
7 #include "util/posix.h"
8 
10 
12  if (download_manager_.IsValid()) {
13  download_manager_->Fini();
14  }
15 
17  signature_manager_->Fini();
18  }
19 }
20 
21 bool ServerTool::InitDownloadManager(const bool follow_redirects,
22  const std::string &proxy,
23  const unsigned max_pool_handles) {
24  if (download_manager_.IsValid()) {
25  return true;
26  }
27 
30  download_manager_->Init(max_pool_handles,
31  perf::StatisticsTemplate("download", statistics()));
32 
34  download_manager_->SetRetryParameters(kDownloadRetries, 2000, 5000);
35  download_manager_->UseSystemCertificatePath();
36 
37  if (proxy != "") {
38  download_manager_->SetProxyChain(proxy, "",
40  }
41 
42  if (follow_redirects) {
43  download_manager_->EnableRedirects();
44  }
45 
46  return true;
47 }
48 
50  const std::string &pubkey_path, const std::string &trusted_certs) {
52  return true;
53  }
54 
57  signature_manager_->Init();
58 
59  if (!signature_manager_->LoadPublicRsaKeys(pubkey_path)) {
60  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load public repo key '%s'",
61  pubkey_path.c_str());
62  return false;
63  }
64 
65  if (!trusted_certs.empty() &&
66  !signature_manager_->LoadTrustedCaCrl(trusted_certs)) {
67  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load trusted certificates");
68  return false;
69  }
70 
71  return true;
72 }
73 
75  const std::string &certificate_path, const std::string &private_key_path,
76  const std::string &private_key_password) {
78  return true;
79  }
80 
83  signature_manager_->Init();
84 
85  // Load certificate
86  if (!signature_manager_->LoadCertificatePath(certificate_path)) {
87  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load certificate '%s'",
88  certificate_path.c_str());
89  return false;
90  }
91 
92  // Load private key
93  if (!signature_manager_->LoadPrivateKeyPath(private_key_path,
94  private_key_password)) {
95  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load private key '%s' (%s)",
96  private_key_path.c_str(),
97  signature_manager_->GetCryptoError().c_str());
98  return false;
99  }
100 
101  if (!signature_manager_->KeysMatch()) {
103  "the private key '%s' doesn't seem to match certificate '%s' (%s)",
104  private_key_path.c_str(), certificate_path.c_str(),
105  signature_manager_->GetCryptoError().c_str());
106  signature_manager_->UnloadPrivateKey();
107  return false;
108  }
109 
110  return true;
111 }
112 
115  return download_manager_.weak_ref();
116 }
117 
120  return signature_manager_.weak_ref();
121 }
122 
124  const std::string path) const {
125  return manifest::Manifest::LoadFile(path);
126 }
127 
129  const std::string &repository_url, const std::string &repository_name,
130  manifest::ManifestEnsemble *ensemble) const {
131  const uint64_t minimum_timestamp = 0;
132  const shash::Any *base_catalog = NULL;
133  return manifest::Fetch(repository_url, repository_name, minimum_timestamp,
134  base_catalog, signature_manager(), download_manager(),
135  ensemble);
136 }
137 
139  const std::string &repository_url, const std::string &repository_name,
140  const shash::Any &base_hash) const {
141  manifest::ManifestEnsemble manifest_ensemble;
143 
144  // fetch (and verify) the manifest
146  repository_url, repository_name, &manifest_ensemble);
147 
148  if (retval != manifest::kFailOk) {
150  "failed to fetch repository manifest "
151  "(%d - %s)",
152  retval, manifest::Code2Ascii(retval));
153  return NULL;
154  } else {
155  // copy-construct a fresh manifest object because ManifestEnsemble will
156  // free manifest_ensemble.manifest when it goes out of scope
157  manifest = new manifest::Manifest(*manifest_ensemble.manifest);
158  }
159 
160  // check if manifest fetching was successful
161  if (!manifest.IsValid()) {
162  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load repository manifest");
163  return NULL;
164  }
165 
166  // check the provided base hash of the repository if provided
167  if (!base_hash.IsNull() && manifest->catalog_hash() != base_hash) {
169  "base hash does not match manifest "
170  "(found: %s expected: %s)",
171  manifest->catalog_hash().ToString().c_str(),
172  base_hash.ToString().c_str());
173  return NULL;
174  }
175 
176  // return the fetched manifest (releasing pointer ownership)
177  return manifest.Release();
178 }
179 
181  const std::string &temp_directory, const std::string &repo_name) {
182  // create a new Reflog if there was none found yet
183  const std::string tmp_path_prefix = temp_directory + "/new_reflog";
184  const std::string tmp_path = CreateTempPath(tmp_path_prefix, 0600);
185 
186  LogCvmfs(kLogCvmfs, kLogDebug, "creating new reflog '%s' for %s",
187  tmp_path.c_str(), repo_name.c_str());
188  return manifest::Reflog::Create(tmp_path, repo_name);
189 }
#define LogCvmfs(source, mask,...)
Definition: logging.h:20
bool IsNull() const
Definition: hash.h:382
static const unsigned kDownloadTimeout
Definition: server_tool.h:58
const manifest::Manifest * manifest() const
Definition: repository.h:123
T * weak_ref() const
Definition: pointer.h:42
std::string ToString(const bool with_suffix=false) const
Definition: hash.h:248
UniquePtr< download::DownloadManager > download_manager_
Definition: server_tool.h:53
static const unsigned kDownloadRetries
Definition: server_tool.h:59
std::string CreateTempPath(const std::string &path_prefix, const int mode)
Definition: posix.cc:1059
manifest::Manifest * FetchRemoteManifest(const std::string &repository_url, const std::string &repository_name, const shash::Any &base_hash=shash::Any()) const
Definition: server_tool.cc:138
assert((mem||(size==0))&&"Out Of Memory")
manifest::Failures FetchRemoteManifestEnsemble(const std::string &repository_url, const std::string &repository_name, manifest::ManifestEnsemble *ensemble) const
Definition: server_tool.cc:128
bool InitVerifyingSignatureManager(const std::string &pubkey_path, const std::string &trusted_certs="")
Definition: server_tool.cc:49
static Reflog * Create(const std::string &database_path, const std::string &repo_name)
Definition: reflog.cc:32
signature::SignatureManager * signature_manager() const
Definition: server_tool.cc:118
download::DownloadManager * download_manager() const
Definition: server_tool.cc:113
Failures Fetch(const std::string &base_url, const std::string &repository_name, const uint64_t minimum_timestamp, const shash::Any *base_catalog, signature::SignatureManager *signature_manager, download::DownloadManager *download_manager, ManifestEnsemble *ensemble)
perf::Statistics * statistics()
Definition: server_tool.h:49
bool IsValid() const
Definition: pointer.h:43
bool InitDownloadManager(const bool follow_redirects, const std::string &proxy="", const unsigned max_pool_handles=1)
Definition: server_tool.cc:21
UniquePtr< signature::SignatureManager > signature_manager_
Definition: server_tool.h:54
manifest::Manifest * OpenLocalManifest(const std::string path) const
Definition: server_tool.cc:123
T * Release()
Definition: pointer.h:44
virtual ~ServerTool()
Definition: server_tool.cc:11
manifest::Reflog * CreateEmptyReflog(const std::string &temp_directory, const std::string &repo_name)
Definition: server_tool.cc:180
static Manifest * LoadFile(const std::string &path)
Definition: manifest.cc:78
bool InitSigningSignatureManager(const std::string &certificate_path, const std::string &private_key_path, const std::string &private_key_password)
Definition: server_tool.cc:74
const char * Code2Ascii(const Failures error)