ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-11-20 02:25:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Format first-party source according to .clang-format

Browse Source
This commit is contained in:
Pretty Printer
2020-04-17 09:56:34 -05:00
committed by manojsdoshi
parent 65dfc5d19e
commit 50760c6935
1076 changed files with 86161 additions and 77449 deletions
Download Patch File Download Diff File Expand all files Collapse all files

339
src/ripple/app/misc/impl/Manifest.cpp
View File

@@ -18,10 +18,10 @@
//==============================================================================
#include <ripple/app/misc/Manifest.h>
#include <ripple/basics/base64.h>
#include <ripple/basics/contract.h>
#include <ripple/basics/Log.h>
#include <ripple/basics/StringUtilities.h>
#include <ripple/basics/base64.h>
#include <ripple/basics/contract.h>
#include <ripple/beast/rfc2616.h>
#include <ripple/core/DatabaseCon.h>
#include <ripple/json/json_reader.h>
@@ -34,40 +34,41 @@
namespace ripple {
boost::optional<Manifest> deserializeManifest(Slice s)
boost::optional<Manifest>
deserializeManifest(Slice s)
{
if (s.empty())
return boost::none;
static SOTemplate const manifestFormat {
// A manifest must include:
// - the master public key
{sfPublicKey, soeREQUIRED},
static SOTemplate const manifestFormat{
// A manifest must include:
// - the master public key
{sfPublicKey, soeREQUIRED},
// - a signature with that public key
{sfMasterSignature, soeREQUIRED},
// - a signature with that public key
{sfMasterSignature, soeREQUIRED},
// - a sequence number
{sfSequence, soeREQUIRED},
// - a sequence number
{sfSequence, soeREQUIRED},
// It may, optionally, contain:
// - a version number which defaults to 0
{sfVersion, soeDEFAULT},
// It may, optionally, contain:
// - a version number which defaults to 0
{sfVersion, soeDEFAULT},
// - a domain name
{sfDomain, soeOPTIONAL},
// - a domain name
{sfDomain, soeOPTIONAL},
// - an ephemeral signing key that can be changed as necessary
{sfSigningPubKey, soeOPTIONAL},
// - an ephemeral signing key that can be changed as necessary
{sfSigningPubKey, soeOPTIONAL},
// - a signature using the ephemeral signing key, if it is present
{sfSignature, soeOPTIONAL},
};
// - a signature using the ephemeral signing key, if it is present
{sfSignature, soeOPTIONAL},
};
try
{
SerialIter sit{ s };
STObject st{ sit, sfGeneric };
SerialIter sit{s};
STObject st{sit, sfGeneric};
st.applyTemplate(manifestFormat);
@@ -75,15 +76,15 @@ boost::optional<Manifest> deserializeManifest(Slice s)
if (st.isFieldPresent(sfVersion) && st.getFieldU16(sfVersion) != 0)
return boost::none;
auto const pk = st.getFieldVL (sfPublicKey);
auto const pk = st.getFieldVL(sfPublicKey);
if (! publicKeyType (makeSlice(pk)))
if (!publicKeyType(makeSlice(pk)))
return boost::none;
Manifest m;
m.serialized.assign(reinterpret_cast<char const*>(s.data()), s.size());
m.masterKey = PublicKey(makeSlice(pk));
m.sequence = st.getFieldU32 (sfSequence);
m.sequence = st.getFieldU32(sfSequence);
if (st.isFieldPresent(sfDomain))
{
@@ -93,23 +94,24 @@ boost::optional<Manifest> deserializeManifest(Slice s)
if (boost::algorithm::clamp(d.size(), 4, 128) != d.size())
return boost::none;
m.domain.assign (reinterpret_cast<char const*>(d.data()), d.size());
m.domain.assign(reinterpret_cast<char const*>(d.data()), d.size());
// This regular expression should do a decent job of weeding out
// obviously wrong domain names but it isn't perfect. It does not
// really support IDNs. If this turns out to be an issue, a more
// thorough regex can be used or this check can just be removed.
static boost::regex const re(
"^" // Beginning of line
"(" // Beginning of a segment
"(?!-)" // - must not begin with '-'
"[a-zA-Z0-9-]{1,63}" // - only alphanumeric and '-'
"(?<!-)" // - must not end with '-'
"\\." // segment separator
")+" // 1 or more segments
"[A-Za-z]{2,63}" // TLD
"$" // End of line
, boost::regex_constants::optimize);
"^" // Beginning of line
"(" // Beginning of a segment
"(?!-)" // - must not begin with '-'
"[a-zA-Z0-9-]{1,63}" // - only alphanumeric and '-'
"(?<!-)" // - must not end with '-'
"\\." // segment separator
")+" // 1 or more segments
"[A-Za-z]{2,63}" // TLD
"$" // End of line
,
boost::regex_constants::optimize);
if (!boost::regex_match(m.domain, re))
return boost::none;
@@ -140,7 +142,7 @@ boost::optional<Manifest> deserializeManifest(Slice s)
auto const spk = st.getFieldVL(sfSigningPubKey);
if (!publicKeyType (makeSlice(spk)))
if (!publicKeyType(makeSlice(spk)))
return boost::none;
m.signingKey = PublicKey(makeSlice(spk));
@@ -154,88 +156,92 @@ boost::optional<Manifest> deserializeManifest(Slice s)
}
}
template<class Stream>
template <class Stream>
Stream&
logMftAct (
logMftAct(
Stream& s,
std::string const& action,
PublicKey const& pk,
std::uint32_t seq)
{
s << "Manifest: " << action <<
";Pk: " << toBase58 (TokenType::NodePublic, pk) <<
";Seq: " << seq << ";";
s << "Manifest: " << action
<< ";Pk: " << toBase58(TokenType::NodePublic, pk) << ";Seq: " << seq
<< ";";
return s;
}
template<class Stream>
Stream& logMftAct (
template <class Stream>
Stream&
logMftAct(
Stream& s,
std::string const& action,
PublicKey const& pk,
std::uint32_t seq,
std::uint32_t oldSeq)
{
s << "Manifest: " << action <<
";Pk: " << toBase58 (TokenType::NodePublic, pk) <<
";Seq: " << seq <<
";OldSeq: " << oldSeq << ";";
s << "Manifest: " << action
<< ";Pk: " << toBase58(TokenType::NodePublic, pk) << ";Seq: " << seq
<< ";OldSeq: " << oldSeq << ";";
return s;
}
bool Manifest::verify () const
bool
Manifest::verify() const
{
STObject st (sfGeneric);
SerialIter sit (serialized.data (), serialized.size ());
st.set (sit);
STObject st(sfGeneric);
SerialIter sit(serialized.data(), serialized.size());
st.set(sit);
// Signing key and signature are not required for
// master key revocations
if (! revoked () && ! ripple::verify (st, HashPrefix::manifest, signingKey))
if (!revoked() && !ripple::verify(st, HashPrefix::manifest, signingKey))
return false;
return ripple::verify (
return ripple::verify(
st, HashPrefix::manifest, masterKey, sfMasterSignature);
}
uint256 Manifest::hash () const
uint256
Manifest::hash() const
{
STObject st (sfGeneric);
SerialIter sit (serialized.data (), serialized.size ());
st.set (sit);
return st.getHash (HashPrefix::manifest);
STObject st(sfGeneric);
SerialIter sit(serialized.data(), serialized.size());
st.set(sit);
return st.getHash(HashPrefix::manifest);
}
bool Manifest::revoked () const
bool
Manifest::revoked() const
{
/*
The maximum possible sequence number means that the master key
has been revoked.
*/
return sequence == std::numeric_limits<std::uint32_t>::max ();
return sequence == std::numeric_limits<std::uint32_t>::max();
}
boost::optional<Blob> Manifest::getSignature () const
boost::optional<Blob>
Manifest::getSignature() const
{
STObject st (sfGeneric);
SerialIter sit (serialized.data (), serialized.size ());
st.set (sit);
STObject st(sfGeneric);
SerialIter sit(serialized.data(), serialized.size());
st.set(sit);
if (!get(st, sfSignature))
return boost::none;
return st.getFieldVL (sfSignature);
return st.getFieldVL(sfSignature);
}
Blob Manifest::getMasterSignature () const
Blob
Manifest::getMasterSignature() const
{
STObject st (sfGeneric);
SerialIter sit (serialized.data (), serialized.size ());
st.set (sit);
return st.getFieldVL (sfMasterSignature);
STObject st(sfGeneric);
SerialIter sit(serialized.data(), serialized.size());
st.set(sit);
return st.getFieldVL(sfMasterSignature);
}
ValidatorToken::ValidatorToken(std::string const& m, SecretKey const& valSecret)
: manifest(m)
, validationSecret(valSecret)
: manifest(m), validationSecret(valSecret)
{
}
@@ -245,12 +251,13 @@ ValidatorToken::make_ValidatorToken(std::vector<std::string> const& tokenBlob)
try
{
std::string tokenStr;
tokenStr.reserve (
std::accumulate (tokenBlob.cbegin(), tokenBlob.cend(), std::size_t(0),
[] (std::size_t init, std::string const& s)
{
return init + s.size();
}));
tokenStr.reserve(std::accumulate(
tokenBlob.cbegin(),
tokenBlob.cend(),
std::size_t(0),
[](std::size_t init, std::string const& s) {
return init + s.size();
}));
for (auto const& line : tokenBlob)
tokenStr += beast::rfc2616::trim(line);
@@ -259,15 +266,16 @@ ValidatorToken::make_ValidatorToken(std::vector<std::string> const& tokenBlob)
Json::Reader r;
Json::Value token;
if (! r.parse (tokenStr, token))
if (!r.parse(tokenStr, token))
return boost::none;
if (token.isMember("manifest") && token["manifest"].isString() &&
token.isMember("validation_secret_key") &&
token["validation_secret_key"].isString())
{
auto const ret = strUnHex (token["validation_secret_key"].asString());
if (! ret || ret->empty())
auto const ret =
strUnHex(token["validation_secret_key"].asString());
if (!ret || ret->empty())
return boost::none;
return ValidatorToken(
@@ -286,79 +294,79 @@ ValidatorToken::make_ValidatorToken(std::vector<std::string> const& tokenBlob)
}
PublicKey
ManifestCache::getSigningKey (PublicKey const& pk) const
ManifestCache::getSigningKey(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = map_.find (pk);
auto const iter = map_.find(pk);
if (iter != map_.end () && !iter->second.revoked ())
if (iter != map_.end() && !iter->second.revoked())
return iter->second.signingKey;
return pk;
}
PublicKey
ManifestCache::getMasterKey (PublicKey const& pk) const
ManifestCache::getMasterKey(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = signingToMasterKeys_.find (pk);
auto const iter = signingToMasterKeys_.find(pk);
if (iter != signingToMasterKeys_.end ())
if (iter != signingToMasterKeys_.end())
return iter->second;
return pk;
}
boost::optional<std::uint32_t>
ManifestCache::getSequence (PublicKey const& pk) const
ManifestCache::getSequence(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = map_.find (pk);
auto const iter = map_.find(pk);
if (iter != map_.end () && !iter->second.revoked ())
if (iter != map_.end() && !iter->second.revoked())
return iter->second.sequence;
return boost::none;
}
boost::optional<std::string>
ManifestCache::getDomain (PublicKey const& pk) const
ManifestCache::getDomain(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = map_.find (pk);
auto const iter = map_.find(pk);
if (iter != map_.end () && !iter->second.revoked ())
if (iter != map_.end() && !iter->second.revoked())
return iter->second.domain;
return boost::none;
}
boost::optional<std::string>
ManifestCache::getManifest (PublicKey const& pk) const
ManifestCache::getManifest(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = map_.find (pk);
auto const iter = map_.find(pk);
if (iter != map_.end () && !iter->second.revoked ())
if (iter != map_.end() && !iter->second.revoked())
return iter->second.serialized;
return boost::none;
}
bool
ManifestCache::revoked (PublicKey const& pk) const
ManifestCache::revoked(PublicKey const& pk) const
{
std::lock_guard lock{read_mutex_};
auto const iter = map_.find (pk);
auto const iter = map_.find(pk);
if (iter != map_.end ())
return iter->second.revoked ();
if (iter != map_.end())
return iter->second.revoked();
return false;
}
ManifestDisposition
ManifestCache::applyManifest (Manifest m)
ManifestCache::applyManifest(Manifest m)
{
std::lock_guard applyLock{apply_mutex_};
@@ -368,8 +376,7 @@ ManifestCache::applyManifest (Manifest m)
*/
auto const iter = map_.find(m.masterKey);
if (iter != map_.end() &&
m.sequence <= iter->second.sequence)
if (iter != map_.end() && m.sequence <= iter->second.sequence)
{
/*
A manifest was received for a validator we're tracking, but
@@ -378,11 +385,16 @@ ManifestCache::applyManifest (Manifest m)
connects.
*/
if (auto stream = j_.debug())
logMftAct(stream, "Stale", m.masterKey, m.sequence, iter->second.sequence);
logMftAct(
stream,
"Stale",
m.masterKey,
m.sequence,
iter->second.sequence);
return ManifestDisposition::stale; // not a newer manifest, ignore
}
if (! m.verify())
if (!m.verify())
{
/*
A manifest's signature is invalid.
@@ -410,7 +422,7 @@ ManifestCache::applyManifest (Manifest m)
logMftAct(stream, "Revoked", m.masterKey, m.sequence);
}
if (iter == map_.end ())
if (iter == map_.end())
{
/*
This is the first received manifest for a trusted master key
@@ -420,7 +432,7 @@ ManifestCache::applyManifest (Manifest m)
if (auto stream = j_.info())
logMftAct(stream, "AcceptedNew", m.masterKey, m.sequence);
if (! revoked)
if (!revoked)
signingToMasterKeys_[m.signingKey] = m.masterKey;
auto masterKey = m.masterKey;
@@ -433,106 +445,104 @@ ManifestCache::applyManifest (Manifest m)
This is expected, but should happen infrequently.
*/
if (auto stream = j_.info())
logMftAct(stream, "AcceptedUpdate",
m.masterKey, m.sequence, iter->second.sequence);
logMftAct(
stream,
"AcceptedUpdate",
m.masterKey,
m.sequence,
iter->second.sequence);
signingToMasterKeys_.erase (iter->second.signingKey);
signingToMasterKeys_.erase(iter->second.signingKey);
if (! revoked)
if (!revoked)
signingToMasterKeys_[m.signingKey] = m.masterKey;
iter->second = std::move (m);
iter->second = std::move(m);
}
return ManifestDisposition::accepted;
}
void
ManifestCache::load (
DatabaseCon& dbCon, std::string const& dbTable)
ManifestCache::load(DatabaseCon& dbCon, std::string const& dbTable)
{
// Load manifests stored in database
std::string const sql =
"SELECT RawData FROM " + dbTable + ";";
auto db = dbCon.checkoutDb ();
soci::blob sociRawData (*db);
soci::statement st =
(db->prepare << sql,
soci::into (sociRawData));
st.execute ();
while (st.fetch ())
std::string const sql = "SELECT RawData FROM " + dbTable + ";";
auto db = dbCon.checkoutDb();
soci::blob sociRawData(*db);
soci::statement st = (db->prepare << sql, soci::into(sociRawData));
st.execute();
while (st.fetch())
{
std::string serialized;
convert (sociRawData, serialized);
convert(sociRawData, serialized);
if (auto mo = deserializeManifest(serialized))
{
if (!mo->verify())
{
JLOG(j_.warn())
<< "Unverifiable manifest in db";
JLOG(j_.warn()) << "Unverifiable manifest in db";
continue;
}
applyManifest (std::move(*mo));
applyManifest(std::move(*mo));
}
else
{
JLOG(j_.warn())
<< "Malformed manifest in database";
JLOG(j_.warn()) << "Malformed manifest in database";
}
}
}
bool
ManifestCache::load (
DatabaseCon& dbCon, std::string const& dbTable,
ManifestCache::load(
DatabaseCon& dbCon,
std::string const& dbTable,
std::string const& configManifest,
std::vector<std::string> const& configRevocation)
{
load (dbCon, dbTable);
load(dbCon, dbTable);
if (! configManifest.empty())
if (!configManifest.empty())
{
auto mo = deserializeManifest(base64_decode(configManifest));
if (! mo)
if (!mo)
{
JLOG (j_.error()) << "Malformed validator_token in config";
JLOG(j_.error()) << "Malformed validator_token in config";
return false;
}
if (mo->revoked())
{
JLOG (j_.warn()) <<
"Configured manifest revokes public key";
JLOG(j_.warn()) << "Configured manifest revokes public key";
}
if (applyManifest (std::move(*mo)) ==
ManifestDisposition::invalid)
if (applyManifest(std::move(*mo)) == ManifestDisposition::invalid)
{
JLOG (j_.error()) << "Manifest in config was rejected";
JLOG(j_.error()) << "Manifest in config was rejected";
return false;
}
}
if (! configRevocation.empty())
if (!configRevocation.empty())
{
std::string revocationStr;
revocationStr.reserve (
std::accumulate (configRevocation.cbegin(), configRevocation.cend(), std::size_t(0),
[] (std::size_t init, std::string const& s)
{
return init + s.size();
}));
revocationStr.reserve(std::accumulate(
configRevocation.cbegin(),
configRevocation.cend(),
std::size_t(0),
[](std::size_t init, std::string const& s) {
return init + s.size();
}));
for (auto const& line : configRevocation)
revocationStr += beast::rfc2616::trim(line);
auto mo = deserializeManifest(base64_decode(revocationStr));
if (! mo || ! mo->revoked() ||
applyManifest (std::move(*mo)) == ManifestDisposition::invalid)
if (!mo || !mo->revoked() ||
applyManifest(std::move(*mo)) == ManifestDisposition::invalid)
{
JLOG (j_.error()) << "Invalid validator key revocation in config";
JLOG(j_.error()) << "Invalid validator key revocation in config";
return false;
}
}
@@ -540,13 +550,15 @@ ManifestCache::load (
return true;
}
void ManifestCache::save (
DatabaseCon& dbCon, std::string const& dbTable,
std::function <bool (PublicKey const&)> isTrusted)
void
ManifestCache::save(
DatabaseCon& dbCon,
std::string const& dbTable,
std::function<bool(PublicKey const&)> isTrusted)
{
std::lock_guard lock{apply_mutex_};
auto db = dbCon.checkoutDb ();
auto db = dbCon.checkoutDb();
soci::transaction tr(*db);
*db << "DELETE FROM " << dbTable;
@@ -556,11 +568,9 @@ void ManifestCache::save (
{
// Save all revocation manifests,
// but only save trusted non-revocation manifests.
if (! v.second.revoked() && ! isTrusted (v.second.masterKey))
if (!v.second.revoked() && !isTrusted(v.second.masterKey))
{
JLOG(j_.info())
<< "Untrusted manifest in cache not saved to db";
JLOG(j_.info()) << "Untrusted manifest in cache not saved to db";
continue;
}
@@ -568,10 +578,9 @@ void ManifestCache::save (
// Do not reuse blob because manifest ecdsa signatures vary in length
// but blob write length is expected to be >= the last write
soci::blob rawData(*db);
convert (v.second.serialized, rawData);
*db << sql,
soci::use (rawData);
convert(v.second.serialized, rawData);
*db << sql, soci::use(rawData);
}
tr.commit ();
}
tr.commit();
}
} // namespace ripple