diff options
-rwxr-xr-x | tools/merge.py | 23 | ||||
-rwxr-xr-x | verifycert.erl | 46 |
2 files changed, 51 insertions, 18 deletions
diff --git a/tools/merge.py b/tools/merge.py index a016b35..ce3bf0b 100755 --- a/tools/merge.py +++ b/tools/merge.py @@ -219,16 +219,19 @@ def unpack_entry(entry): import subprocess -def verify_entry(entry, hash): +def verify_entry(verifycert, entry, hash): unpacked = unpack_entry(entry) mtl = unpacked[0] assert hash == get_leaf_hash(mtl) - p = subprocess.Popen( - ["../verifycert.erl"], - stdin=subprocess.PIPE, stdout=subprocess.PIPE) - (verify_result, _) = p.communicate(entry) - if verify_result != "ok\n": - print >>sys.stderr, verify_result + s = struct.pack(">I", len(entry)) + entry + verifycert.stdin.write(s) + result_length_packed = verifycert.stdout.read(4) + (result_length,) = struct.unpack(">I", result_length_packed) + result = verifycert.stdout.read(result_length) + assert len(result) == result_length + (error_code,) = struct.unpack("B", result[0:1]) + if error_code != 0: + print >>sys.stderr, result[1:] sys.exit(1) timing_point(timing, "get new entries") @@ -246,6 +249,8 @@ for hash in new_entries: entries_to_fetch[storagenode["name"]].append(hash) break +verifycert = subprocess.Popen(["../verifycert.erl"], + stdin=subprocess.PIPE, stdout=subprocess.PIPE) added_entries = 0 for storagenode in storagenodes: @@ -254,7 +259,7 @@ for storagenode in storagenodes: entries = get_entries(storagenode["name"], "https://%s/" % storagenode["address"], chunk) for hash in chunk: entry = entries[hash] - verify_entry(entry, hash) + verify_entry(verifycert, entry, hash) write_chain(hash, entry) add_to_logorder(hash) logorder.append(hash) @@ -263,6 +268,8 @@ for storagenode in storagenodes: timing_point(timing, "add entries") print "added", added_entries, "entries" +verifycert.communicate(struct.pack("I", 0)) + tree = build_merkle_tree(logorder) tree_size = len(logorder) root_hash = tree[-1][0] diff --git a/verifycert.erl b/verifycert.erl index 2fafca9..e501d6d 100755 --- a/verifycert.erl +++ b/verifycert.erl @@ -1,15 +1,41 @@ #!/usr/bin/env escript %% -*- erlang -*- -%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.0.3.ez/lager-2.0.3/ebin +%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin + +write_reply(Bin) -> + Length = size(Bin), + file:write(standard_io, <<Length:32, Bin/binary>>). + +verify(Certs, DBEntry) -> + try + Chain = catlfish:chain_from_entry(DBEntry), + %% XXX: doesn't verify that MTL is derived from Chain + case x509:normalise_chain(Certs, Chain) of + {ok, _} -> + write_reply(<<0:8>>); + {error, Reason} -> + ReasonBin = list_to_binary(io_lib:format("~p", [Reason])), + write_reply(<<1:8, ReasonBin/binary>>) + end + catch + Type:What -> + [CrashFunction | Stack] = erlang:get_stacktrace(), + ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])), + write_reply(<<2:8, ErrorBin/binary>>) + end. + +loop(Certs) -> + {ok, LengthBin} = file:read(standard_io, 4), + <<Length:32>> = list_to_binary(LengthBin), + case Length of + 0 -> + none; + _ -> + {ok, DBEntry} = file:read(standard_io, Length), + verify(Certs, list_to_binary(DBEntry)), + loop(Certs) + end. main(_) -> - {ok, DBEntry} = file:read(standard_io, 100000), - %io:format("~p~n", [DBEntry]), Certs = x509:read_pemfiles_from_dir("tests/known_roots/"), - Chain = catlfish:chain_from_entry(list_to_binary(DBEntry)), - case x509:normalise_chain(Certs, Chain) of - {ok, _} -> - io:format("ok~n", []); - {error, Reason} -> - io:format("error: ~p~n", [Reason]) - end. + loop(Certs). |