[or-cvs] r11405: Implement certificate fetch functions. (in tor/trunk: . doc src/or)

nickm at seul.org nickm at seul.org
Sat Sep 8 19:08:40 UTC 2007


Author: nickm
Date: 2007-09-08 15:08:39 -0400 (Sat, 08 Sep 2007)
New Revision: 11405

Modified:
   tor/trunk/
   tor/trunk/doc/TODO
   tor/trunk/src/or/directory.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/routerlist.c
Log:
 r14358 at Kushana:  nickm | 2007-09-08 13:45:16 -0400
 Implement certificate fetch functions.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14358] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2007-09-08 17:48:54 UTC (rev 11404)
+++ tor/trunk/doc/TODO	2007-09-08 19:08:39 UTC (rev 11405)
@@ -49,13 +49,17 @@
       . Finalize proposal
         * Describe schedule in copious detail.
       - Get authorities voting
-        . Code to manage key certificates
-          - Download as needed.
+        o Code to manage key certificates
+          o Download as needed.
+            o Code to download
+            o Code to retry download.
         . Code to generate consensus from a list of votes
           * Detect whether votes are really all for the same period.
         . Push/pull documents as appropriate.
           - Pull votes and signatures if we don't get them.
         - Cache votes and signatures on disk.
+          - Code to keep consensus docs in limbo if they don't have
+            have enough signatures.
         o Have clients know which authorities are v3 authorities, and what
           their keys are.
           - While we're at it, let v3 authorities have fqdns lines.

Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c	2007-09-08 17:48:54 UTC (rev 11404)
+++ tor/trunk/src/or/directory.c	2007-09-08 19:08:39 UTC (rev 11405)
@@ -1298,7 +1298,22 @@
     /*XXXX020*/;
   }
   if (conn->_base.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
-    /*XXXX020*/;
+    log_info(LD_DIR,"Received aurhority certificatess (size %d) from server "
+             "'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
+    if (status_code != 200) {
+      log_fn(status_code == 403 ? LOG_INFO : LOG_WARN, LD_DIR,
+          "Received http status code %d (%s) from server "
+          "'%s:%d' while fetching \"/tor/keys/%s\".",
+           status_code, escaped(reason), conn->_base.address,
+           conn->_base.port, conn->requested_resource);
+      tor_free(body); tor_free(headers); tor_free(reason);
+      return -1;
+    }
+    if (trusted_dirs_load_certs_from_string(body, 0)<0) {
+      log_warn(LD_DIR, "Unable to parse fetched certificates");
+    } else {
+      log_info(LD_DIR, "Successfully loaded certificates from fetch.");
+    }
   }
   if (conn->_base.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
     /*XXXX020*/;

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2007-09-08 17:48:54 UTC (rev 11404)
+++ tor/trunk/src/or/or.h	2007-09-08 19:08:39 UTC (rev 11405)
@@ -3451,6 +3451,7 @@
 authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);
 authority_cert_t *authority_cert_get_by_digests(const char *id_digest,
                                                 const char *sk_digest);
+void authority_certs_fetch_missing(networkstatus_vote_t *status);
 void routerlist_add_family(smartlist_t *sl, routerinfo_t *router);
 void add_nickname_list_to_smartlist(smartlist_t *sl, const char *list,
                                     int must_be_running);

Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c	2007-09-08 17:48:54 UTC (rev 11404)
+++ tor/trunk/src/or/routerlist.c	2007-09-08 19:08:39 UTC (rev 11405)
@@ -387,6 +387,59 @@
   return NULL;
 }
 
+/** DOCDOC */
+void
+authority_certs_fetch_missing(networkstatus_vote_t *status)
+{
+  smartlist_t *missing_digests = smartlist_create();
+  char *resource;
+  if (status) {
+    SMARTLIST_FOREACH(status->voters, networkstatus_voter_info_t *, voter,
+      {
+        trusted_dir_server_t *ds
+          = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
+        if (ds &&
+            !authority_cert_get_by_digests(voter->identity_digest,
+                                           voter->signing_key_digest))
+          smartlist_add(missing_digests, voter->identity_digest);
+      });
+  }
+  SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
+    {
+      int found = 0;
+      if (!(ds->type & V3_AUTHORITY))
+        continue;
+      if (smartlist_digest_isin(missing_digests, ds->v3_identity_digest))
+        continue;
+      SMARTLIST_FOREACH(ds->v3_certs, authority_cert_t *, cert,
+        {
+          if (1) { //XXXX020! cert_is_definitely_expired(cert, now)) {
+            found = 1;
+            break;
+          }
+        });
+      smartlist_add(missing_digests, ds->v3_identity_digest);
+    });
+
+  {
+    smartlist_t *fps = smartlist_create();
+    SMARTLIST_FOREACH(missing_digests, const char *, d, {
+        char *fp = tor_malloc(HEX_DIGEST_LEN+1);
+        base16_encode(fp, HEX_DIGEST_LEN+1, d, DIGEST_LEN);
+        smartlist_add(fps, fp);
+      });
+    resource = smartlist_join_strings(fps, "+", 0, NULL);
+    SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
+    smartlist_free(fps);
+  }
+  log_notice(LD_DIR, "Launching request for %d missing certificates.",
+             smartlist_len(missing_digests)); /*XXXX020 downgrade to INFO*/
+  smartlist_free(missing_digests);
+  directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
+                               resource, 1);
+  tor_free(resource);
+}
+
 /* Router descriptor storage.
  *
  * DOCDOC files annotated NM



More information about the tor-commits mailing list