summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xtools/merge.py23
-rwxr-xr-xverifycert.erl46
2 files changed, 51 insertions, 18 deletions
diff --git a/tools/merge.py b/tools/merge.py
index a016b35..ce3bf0b 100755
--- a/tools/merge.py
+++ b/tools/merge.py
@@ -219,16 +219,19 @@ def unpack_entry(entry):
import subprocess
-def verify_entry(entry, hash):
+def verify_entry(verifycert, entry, hash):
unpacked = unpack_entry(entry)
mtl = unpacked[0]
assert hash == get_leaf_hash(mtl)
- p = subprocess.Popen(
- ["../verifycert.erl"],
- stdin=subprocess.PIPE, stdout=subprocess.PIPE)
- (verify_result, _) = p.communicate(entry)
- if verify_result != "ok\n":
- print >>sys.stderr, verify_result
+ s = struct.pack(">I", len(entry)) + entry
+ verifycert.stdin.write(s)
+ result_length_packed = verifycert.stdout.read(4)
+ (result_length,) = struct.unpack(">I", result_length_packed)
+ result = verifycert.stdout.read(result_length)
+ assert len(result) == result_length
+ (error_code,) = struct.unpack("B", result[0:1])
+ if error_code != 0:
+ print >>sys.stderr, result[1:]
sys.exit(1)
timing_point(timing, "get new entries")
@@ -246,6 +249,8 @@ for hash in new_entries:
entries_to_fetch[storagenode["name"]].append(hash)
break
+verifycert = subprocess.Popen(["../verifycert.erl"],
+ stdin=subprocess.PIPE, stdout=subprocess.PIPE)
added_entries = 0
for storagenode in storagenodes:
@@ -254,7 +259,7 @@ for storagenode in storagenodes:
entries = get_entries(storagenode["name"], "https://%s/" % storagenode["address"], chunk)
for hash in chunk:
entry = entries[hash]
- verify_entry(entry, hash)
+ verify_entry(verifycert, entry, hash)
write_chain(hash, entry)
add_to_logorder(hash)
logorder.append(hash)
@@ -263,6 +268,8 @@ for storagenode in storagenodes:
timing_point(timing, "add entries")
print "added", added_entries, "entries"
+verifycert.communicate(struct.pack("I", 0))
+
tree = build_merkle_tree(logorder)
tree_size = len(logorder)
root_hash = tree[-1][0]
diff --git a/verifycert.erl b/verifycert.erl
index 2fafca9..e501d6d 100755
--- a/verifycert.erl
+++ b/verifycert.erl
@@ -1,15 +1,41 @@
#!/usr/bin/env escript
%% -*- erlang -*-
-%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.0.3.ez/lager-2.0.3/ebin
+%%! -pa ebin -pa lib/catlfish-0.2.0-dev.ez/catlfish-0.2.0-dev/ebin -pa lib/lager-2.1.1.ez/lager-2.1.1/ebin
+
+write_reply(Bin) ->
+ Length = size(Bin),
+ file:write(standard_io, <<Length:32, Bin/binary>>).
+
+verify(Certs, DBEntry) ->
+ try
+ Chain = catlfish:chain_from_entry(DBEntry),
+ %% XXX: doesn't verify that MTL is derived from Chain
+ case x509:normalise_chain(Certs, Chain) of
+ {ok, _} ->
+ write_reply(<<0:8>>);
+ {error, Reason} ->
+ ReasonBin = list_to_binary(io_lib:format("~p", [Reason])),
+ write_reply(<<1:8, ReasonBin/binary>>)
+ end
+ catch
+ Type:What ->
+ [CrashFunction | Stack] = erlang:get_stacktrace(),
+ ErrorBin = list_to_binary(io_lib:format("Crash: ~p ~p~n~p~n~p~n", [Type, What, CrashFunction, Stack])),
+ write_reply(<<2:8, ErrorBin/binary>>)
+ end.
+
+loop(Certs) ->
+ {ok, LengthBin} = file:read(standard_io, 4),
+ <<Length:32>> = list_to_binary(LengthBin),
+ case Length of
+ 0 ->
+ none;
+ _ ->
+ {ok, DBEntry} = file:read(standard_io, Length),
+ verify(Certs, list_to_binary(DBEntry)),
+ loop(Certs)
+ end.
main(_) ->
- {ok, DBEntry} = file:read(standard_io, 100000),
- %io:format("~p~n", [DBEntry]),
Certs = x509:read_pemfiles_from_dir("tests/known_roots/"),
- Chain = catlfish:chain_from_entry(list_to_binary(DBEntry)),
- case x509:normalise_chain(Certs, Chain) of
- {ok, _} ->
- io:format("ok~n", []);
- {error, Reason} ->
- io:format("error: ~p~n", [Reason])
- end.
+ loop(Certs).