CernVM-FS  2.9.0
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
server_tool.cc
Go to the documentation of this file.
1 
5 #include "server_tool.h"
6 
7 #include "util/posix.h"
8 
10 
12  if (download_manager_.IsValid()) {
13  download_manager_->Fini();
14  }
15 
17  signature_manager_->Fini();
18  }
19 }
20 
21 bool ServerTool::InitDownloadManager(const bool follow_redirects,
22  const unsigned max_pool_handles,
23  const bool use_system_proxy) {
24  if (download_manager_.IsValid()) {
25  return true;
26  }
27 
30  download_manager_->Init(max_pool_handles, use_system_proxy,
31  perf::StatisticsTemplate("download", statistics()));
32 
34  download_manager_->SetRetryParameters(kDownloadRetries, 2000, 5000);
35 
36  if (follow_redirects) {
37  download_manager_->EnableRedirects();
38  }
39 
40  return true;
41 }
42 
44  const std::string &pubkey_path, const std::string &trusted_certs) {
46  return true;
47  }
48 
51  signature_manager_->Init();
52 
53  if (!signature_manager_->LoadPublicRsaKeys(pubkey_path)) {
54  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load public repo key '%s'",
55  pubkey_path.c_str());
56  return false;
57  }
58 
59  if (!trusted_certs.empty() &&
60  !signature_manager_->LoadTrustedCaCrl(trusted_certs)) {
61  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load trusted certificates");
62  return false;
63  }
64 
65  return true;
66 }
67 
69  const std::string &certificate_path, const std::string &private_key_path,
70  const std::string &private_key_password) {
72  return true;
73  }
74 
77  signature_manager_->Init();
78 
79  // Load certificate
80  if (!signature_manager_->LoadCertificatePath(certificate_path)) {
81  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load certificate '%s'",
82  certificate_path.c_str());
83  return false;
84  }
85 
86  // Load private key
87  if (!signature_manager_->LoadPrivateKeyPath(private_key_path,
88  private_key_password)) {
89  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load private key '%s' (%s)",
90  private_key_path.c_str(),
91  signature_manager_->GetCryptoError().c_str());
92  return false;
93  }
94 
95  if (!signature_manager_->KeysMatch()) {
97  "the private key '%s' doesn't seem to match certificate '%s' (%s)",
98  private_key_path.c_str(), certificate_path.c_str(),
99  signature_manager_->GetCryptoError().c_str());
100  signature_manager_->UnloadPrivateKey();
101  return false;
102  }
103 
104  return true;
105 }
106 
109  return download_manager_.weak_ref();
110 }
111 
114  return signature_manager_.weak_ref();
115 }
116 
118  const std::string path) const {
119  return manifest::Manifest::LoadFile(path);
120 }
121 
123  const std::string &repository_url, const std::string &repository_name,
124  manifest::ManifestEnsemble *ensemble) const {
125  const uint64_t minimum_timestamp = 0;
126  const shash::Any *base_catalog = NULL;
127  return manifest::Fetch(repository_url, repository_name, minimum_timestamp,
128  base_catalog, signature_manager(), download_manager(),
129  ensemble);
130 }
131 
133  const std::string &repository_url, const std::string &repository_name,
134  const shash::Any &base_hash) const {
135  manifest::ManifestEnsemble manifest_ensemble;
137 
138  // fetch (and verify) the manifest
140  repository_url, repository_name, &manifest_ensemble);
141 
142  if (retval != manifest::kFailOk) {
144  "failed to fetch repository manifest "
145  "(%d - %s)",
146  retval, manifest::Code2Ascii(retval));
147  return NULL;
148  } else {
149  // copy-construct a fresh manifest object because ManifestEnsemble will
150  // free manifest_ensemble.manifest when it goes out of scope
151  manifest = new manifest::Manifest(*manifest_ensemble.manifest);
152  }
153 
154  // check if manifest fetching was successful
155  if (!manifest) {
156  LogCvmfs(kLogCvmfs, kLogStderr, "failed to load repository manifest");
157  return NULL;
158  }
159 
160  // check the provided base hash of the repository if provided
161  if (!base_hash.IsNull() && manifest->catalog_hash() != base_hash) {
163  "base hash does not match manifest "
164  "(found: %s expected: %s)",
165  manifest->catalog_hash().ToString().c_str(),
166  base_hash.ToString().c_str());
167  return NULL;
168  }
169 
170  // return the fetched manifest (releasing pointer ownership)
171  return manifest.Release();
172 }
173 
175  const std::string &temp_directory, const std::string &repo_name) {
176  // create a new Reflog if there was none found yet
177  const std::string tmp_path_prefix = temp_directory + "/new_reflog";
178  const std::string tmp_path = CreateTempPath(tmp_path_prefix, 0600);
179 
180  LogCvmfs(kLogCvmfs, kLogDebug, "creating new reflog '%s' for %s",
181  tmp_path.c_str(), repo_name.c_str());
182  return manifest::Reflog::Create(tmp_path, repo_name);
183 }
#define LogCvmfs(source, mask,...)
Definition: logging.h:20
bool IsNull() const
Definition: hash.h:379
static const unsigned kDownloadTimeout
Definition: server_tool.h:58
const manifest::Manifest * manifest() const
Definition: repository.h:123
T * weak_ref() const
Definition: pointer.h:43
std::string ToString(const bool with_suffix=false) const
Definition: hash.h:245
UniquePtr< download::DownloadManager > download_manager_
Definition: server_tool.h:53
static const unsigned kDownloadRetries
Definition: server_tool.h:59
std::string CreateTempPath(const std::string &path_prefix, const int mode)
Definition: posix.cc:1054
manifest::Manifest * FetchRemoteManifest(const std::string &repository_url, const std::string &repository_name, const shash::Any &base_hash=shash::Any()) const
Definition: server_tool.cc:132
assert((mem||(size==0))&&"Out Of Memory")
manifest::Failures FetchRemoteManifestEnsemble(const std::string &repository_url, const std::string &repository_name, manifest::ManifestEnsemble *ensemble) const
Definition: server_tool.cc:122
bool InitVerifyingSignatureManager(const std::string &pubkey_path, const std::string &trusted_certs="")
Definition: server_tool.cc:43
static Reflog * Create(const std::string &database_path, const std::string &repo_name)
Definition: reflog.cc:32
signature::SignatureManager * signature_manager() const
Definition: server_tool.cc:112
download::DownloadManager * download_manager() const
Definition: server_tool.cc:107
bool InitDownloadManager(const bool follow_redirects, const unsigned max_pool_handles=1, const bool use_system_proxy=true)
Definition: server_tool.cc:21
Failures Fetch(const std::string &base_url, const std::string &repository_name, const uint64_t minimum_timestamp, const shash::Any *base_catalog, signature::SignatureManager *signature_manager, download::DownloadManager *download_manager, ManifestEnsemble *ensemble)
perf::Statistics * statistics()
Definition: server_tool.h:49
bool IsValid() const
Definition: pointer.h:44
UniquePtr< signature::SignatureManager > signature_manager_
Definition: server_tool.h:54
manifest::Manifest * OpenLocalManifest(const std::string path) const
Definition: server_tool.cc:117
T * Release()
Definition: pointer.h:45
virtual ~ServerTool()
Definition: server_tool.cc:11
manifest::Reflog * CreateEmptyReflog(const std::string &temp_directory, const std::string &repo_name)
Definition: server_tool.cc:174
static Manifest * LoadFile(const std::string &path)
Definition: manifest.cc:78
bool InitSigningSignatureManager(const std::string &certificate_path, const std::string &private_key_path, const std::string &private_key_password)
Definition: server_tool.cc:68
const char * Code2Ascii(const Failures error)