Added config file schema and signing key validation.

src/conf.cpp

@@ -2,6 +2,7 @@
 #include <iostream>
 #include <fstream>
 #include <rapidjson/document.h>
+#include <rapidjson/schema.h>
 #include <rapidjson/istreamwrapper.h>
 #include <rapidjson/ostreamwrapper.h>
 #include <rapidjson/prettywriter.h>
@@ -17,6 +18,34 @@ namespace conf
 ContractCtx ctx;
 ContractConfig cfg;
 
+const char *cfg_schema =
+    "{"
+    "\"type\": \"object\","
+    "\"required\": [ \"version\", \"pubkeyb64\", \"seckeyb64\", \"binary\", \"binargs\", \"listenip\""
+    ", \"peers\", \"unl\", \"peerport\", \"roundtime\", \"pubport\", \"pubmaxsize\", \"pubmaxcpm\" ],"
+    "\"properties\": {"
+    "\"version\": { \"type\": \"string\" },"
+    "\"pubkeyb64\": { \"type\": \"string\" },"
+    "\"seckeyb64\": { \"type\": \"string\" },"
+    "\"binary\": { \"type\": \"string\" },"
+    "\"binargs\": { \"type\": \"string\" },"
+    "\"listenip\": { \"type\": \"string\" },"
+    "\"peers\": {"
+    "\"type\": \"array\","
+    "\"items\": { \"type\": \"string\" }"
+    "},"
+    "\"unl\": {"
+    "\"type\": \"array\","
+    "\"items\": { \"type\": \"string\" }"
+    "},"
+    "\"peerport\": { \"type\": \"integer\" },"
+    "\"roundtime\": { \"type\": \"integer\" },"
+    "\"pubport\": { \"type\": \"integer\" },"
+    "\"pubmaxsize\": { \"type\": \"integer\" },"
+    "\"pubmaxcpm\": { \"type\": \"integer\" }"
+    "}"
+    "}";
+
 //   v1 <  v2  -> -1
 //   v1 == v2  ->  0
 //   v1 >  v2  -> +1
@@ -49,13 +78,32 @@ int version_compare(std::string v1, std::string v2)
     return 0;
 }
 
+bool is_schema_valid(Document &d)
+{
+    Document sd;
+    sd.Parse(cfg_schema);
+    SchemaDocument schema(sd);
+
+    SchemaValidator validator(schema);
+    return d.Accept(validator);
+}
+
 int load_config()
 {
     ifstream ifs(ctx.configFile);
     IStreamWrapper isw(ifs);
 
     Document d;
-    d.ParseStream(isw);
+    if (d.ParseStream(isw).HasParseError())
+    {
+        cerr << "Invalid config file format. Parser error at position " << d.GetErrorOffset() << endl;
+        return 0;
+    }
+    else if (!is_schema_valid(d))
+    {
+        cerr << "Invalid config file format.\n";
+        return 0;
+    }
 
     //Check contract version.
     string cfgVersion = d["version"].GetString();

src/crypto.cpp

@@ -100,17 +100,34 @@ int init()
         return 0;
     }
 
-    //If any keys are missing generate a new pair and save to file.
-    if (conf::cfg.pubkeyb64.empty() || conf::cfg.seckeyb64.empty())
+    if (conf::ctx.command == "new" || conf::ctx.command == "rekey")
     {
         cout << "Generating new keys.\n";
         generate_crypto_keys();
         cryptopair_to_b64();
         conf::save_config();
     }
-    else
+    else if (conf::ctx.command == "run")
     {
-        b64pair_to_crypto();
+        if (conf::cfg.pubkeyb64.empty() || conf::cfg.seckeyb64.empty())
+        {
+            cerr << "Signing keys missing. Run with 'rekey' to generate new keys.\n";
+            return 0;
+        }
+        else
+        {
+            //Decode b64 keys into bytes and store in memory.
+            b64pair_to_crypto();
+
+            //Sign and verify a sample to ensure we have a matching key pair.
+            string msg = "hotpocket";
+            string sigb64 = sign_b64(msg);
+            if (!verify_b64(msg, sigb64, conf::cfg.pubkeyb64))
+            {
+                cerr << "Invalid signing keys. Run with 'rekey' to generate new keys.\n";
+                return 0;
+            }
+        }
     }
 
     return 1;