From ee01d8235ce09e08fd0378f2b04d10bdb7d85f78 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Fri, 27 Mar 2015 03:06:19 +0100
Subject: Handle multiple signing nodes

---
 src/sign.erl | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'src/sign.erl')

diff --git a/src/sign.erl b/src/sign.erl
index 167987d..f252001 100644
--- a/src/sign.erl
+++ b/src/sign.erl
@@ -109,25 +109,30 @@ public_key(#'RSAPrivateKey'{modulus = Mod, publicExponent = Exp}) ->
     #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}.
 
 
-remote_sign_request(URL, Request) ->
+remote_sign_request([], _Request) ->
+    none;
+remote_sign_request([URL|RestURLs], Request) ->
     case plop_httputil:request("signing", URL, [{"Content-Type", "text/json"}], list_to_binary(mochijson2:encode(Request))) of
+        {error, Error} ->
+            lager:info("request error: ~p", [Error]),
+            remote_sign_request(RestURLs, Request);
         {failure, _StatusLine, _RespHeaders, _Body}  ->
             lager:debug("auth check failed"),
-            none;
+            remote_sign_request(RestURLs, Request);
         {success, {_HttpVersion, StatusCode, _ReasonPhrase}, _RespHeaders, Body} when StatusCode == 200 ->
             lager:debug("auth check succeeded"),
             case (catch mochijson2:decode(Body)) of
                 {error, E} ->
                     lager:error("json parse error: ~p", [E]),
-                    none;
+                    remote_sign_request(RestURLs, Request);
                 {struct, PropList} ->
                     base64:decode(proplists:get_value(<<"result">>, PropList))
             end;
         {noauth, _StatusLine, _RespHeaders, _Body} ->
             lager:debug("no auth"),
-            none;
+            remote_sign_request(RestURLs, Request);
         _ ->
-            none
+            remote_sign_request(RestURLs, Request)
     end.
 
 %%%%%%%%%%%%%%%%%%%%
@@ -136,12 +141,12 @@ remote_sign_request(URL, Request) ->
 sign_sct(Data = <<_Version:8,
                   ?CERTIFICATE_TIMESTAMP:8,
                   _/binary>>) ->
-    case application:get_env(plop, signing_node) of
-        {ok, URLBase} ->
+    case application:get_env(plop, signing_nodes) of
+        {ok, URLBases} ->
             Request = {[{plop_version, 1},
                         {data, base64:encode(Data)}
                        ]},
-            remote_sign_request(URLBase ++ "sct", Request);
+            remote_sign_request([URLBase ++ "sct" || URLBase <- URLBases], Request);
         undefined ->
             call(?MODULE, {sign, Data})
     end.
@@ -149,12 +154,12 @@ sign_sct(Data = <<_Version:8,
 sign_sth(Data = <<_Version:8,
                   ?TREE_HASH:8,
                   _/binary>>) ->
-    case application:get_env(plop, signing_node) of
-        {ok, URLBase} ->
+    case application:get_env(plop, signing_nodes) of
+        {ok, URLBases} ->
             Request = {[{plop_version, 1},
                         {data, base64:encode(Data)}
                        ]},
-            remote_sign_request(URLBase ++ "sth", Request);
+            remote_sign_request([URLBase ++ "sth" || URLBase <- URLBases], Request);
         undefined ->
             call(?MODULE, {sign, Data})
     end.
-- 
cgit v1.1