aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-09-08 19:08:39 +0000
committerNick Mathewson <nickm@torproject.org>2007-09-08 19:08:39 +0000
commiteb3f24f027e9d160c5b5658e7d7f86a2acda880f (patch)
tree83ff95e67c1b0527d23042129be58cdc0a9d064d
parent1c8bd05c7086d9023faed011fa11737ced7fa4fb (diff)
downloadtor-eb3f24f027e9d160c5b5658e7d7f86a2acda880f.tar.gz
tor-eb3f24f027e9d160c5b5658e7d7f86a2acda880f.zip
r14358@Kushana: nickm | 2007-09-08 13:45:16 -0400
Implement certificate fetch functions. svn:r11405
-rw-r--r--doc/TODO8
-rw-r--r--src/or/directory.c17
-rw-r--r--src/or/or.h1
-rw-r--r--src/or/routerlist.c53
4 files changed, 76 insertions, 3 deletions
diff --git a/doc/TODO b/doc/TODO
index 2c77b70261..b61304dd80 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -49,13 +49,17 @@ Things we'd like to do in 0.2.0.x:
. Finalize proposal
* Describe schedule in copious detail.
- Get authorities voting
- . Code to manage key certificates
- - Download as needed.
+ o Code to manage key certificates
+ o Download as needed.
+ o Code to download
+ o Code to retry download.
. Code to generate consensus from a list of votes
* Detect whether votes are really all for the same period.
. Push/pull documents as appropriate.
- Pull votes and signatures if we don't get them.
- Cache votes and signatures on disk.
+ - Code to keep consensus docs in limbo if they don't have
+ have enough signatures.
o Have clients know which authorities are v3 authorities, and what
their keys are.
- While we're at it, let v3 authorities have fqdns lines.
diff --git a/src/or/directory.c b/src/or/directory.c
index 1813721cbb..b645a0855d 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1298,7 +1298,22 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
/*XXXX020*/;
}
if (conn->_base.purpose == DIR_PURPOSE_FETCH_CERTIFICATE) {
- /*XXXX020*/;
+ log_info(LD_DIR,"Received aurhority certificatess (size %d) from server "
+ "'%s:%d'",(int) body_len, conn->_base.address, conn->_base.port);
+ if (status_code != 200) {
+ log_fn(status_code == 403 ? LOG_INFO : LOG_WARN, LD_DIR,
+ "Received http status code %d (%s) from server "
+ "'%s:%d' while fetching \"/tor/keys/%s\".",
+ status_code, escaped(reason), conn->_base.address,
+ conn->_base.port, conn->requested_resource);
+ tor_free(body); tor_free(headers); tor_free(reason);
+ return -1;
+ }
+ if (trusted_dirs_load_certs_from_string(body, 0)<0) {
+ log_warn(LD_DIR, "Unable to parse fetched certificates");
+ } else {
+ log_info(LD_DIR, "Successfully loaded certificates from fetch.");
+ }
}
if (conn->_base.purpose == DIR_PURPOSE_FETCH_STATUS_VOTE) {
/*XXXX020*/;
diff --git a/src/or/or.h b/src/or/or.h
index 004a7df106..c1d879bbe7 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3451,6 +3451,7 @@ authority_cert_t *authority_cert_get_newest_by_id(const char *id_digest);
authority_cert_t *authority_cert_get_by_sk_digest(const char *sk_digest);
authority_cert_t *authority_cert_get_by_digests(const char *id_digest,
const char *sk_digest);
+void authority_certs_fetch_missing(networkstatus_vote_t *status);
void routerlist_add_family(smartlist_t *sl, routerinfo_t *router);
void add_nickname_list_to_smartlist(smartlist_t *sl, const char *list,
int must_be_running);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index f5216dfe0c..4101b93922 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -387,6 +387,59 @@ authority_cert_get_by_digests(const char *id_digest,
return NULL;
}
+/** DOCDOC */
+void
+authority_certs_fetch_missing(networkstatus_vote_t *status)
+{
+ smartlist_t *missing_digests = smartlist_create();
+ char *resource;
+ if (status) {
+ SMARTLIST_FOREACH(status->voters, networkstatus_voter_info_t *, voter,
+ {
+ trusted_dir_server_t *ds
+ = trusteddirserver_get_by_v3_auth_digest(voter->identity_digest);
+ if (ds &&
+ !authority_cert_get_by_digests(voter->identity_digest,
+ voter->signing_key_digest))
+ smartlist_add(missing_digests, voter->identity_digest);
+ });
+ }
+ SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, ds,
+ {
+ int found = 0;
+ if (!(ds->type & V3_AUTHORITY))
+ continue;
+ if (smartlist_digest_isin(missing_digests, ds->v3_identity_digest))
+ continue;
+ SMARTLIST_FOREACH(ds->v3_certs, authority_cert_t *, cert,
+ {
+ if (1) { //XXXX020! cert_is_definitely_expired(cert, now)) {
+ found = 1;
+ break;
+ }
+ });
+ smartlist_add(missing_digests, ds->v3_identity_digest);
+ });
+
+ {
+ smartlist_t *fps = smartlist_create();
+ SMARTLIST_FOREACH(missing_digests, const char *, d, {
+ char *fp = tor_malloc(HEX_DIGEST_LEN+1);
+ base16_encode(fp, HEX_DIGEST_LEN+1, d, DIGEST_LEN);
+ smartlist_add(fps, fp);
+ });
+ resource = smartlist_join_strings(fps, "+", 0, NULL);
+ SMARTLIST_FOREACH(fps, char *, cp, tor_free(cp));
+ smartlist_free(fps);
+ }
+ log_notice(LD_DIR, "Launching request for %d missing certificates.",
+ smartlist_len(missing_digests)); /*XXXX020 downgrade to INFO*/
+ smartlist_free(missing_digests);
+ directory_get_from_dirserver(DIR_PURPOSE_FETCH_CERTIFICATE, 0,
+ resource, 1);
+ tor_free(resource);
+}
+
/* Router descriptor storage.
*
* DOCDOC files annotated NM