From ee01d8235ce09e08fd0378f2b04d10bdb7d85f78 Mon Sep 17 00:00:00 2001 From: Magnus Ahltorp Date: Fri, 27 Mar 2015 03:06:19 +0100 Subject: Handle multiple signing nodes --- src/plop.erl | 3 +++ src/plop_httputil.erl | 47 ++++++++++++++++++++++++++--------------------- src/sign.erl | 27 ++++++++++++++++----------- 3 files changed, 45 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/plop.erl b/src/plop.erl index cfb62fc..21a7bae 100644 --- a/src/plop.erl +++ b/src/plop.erl @@ -199,6 +199,9 @@ send_http_request(TreeLeafHash, URL, Headers, RequestBody) -> RequestId = make_ref(), spawn(fun () -> case plop_httputil:request("leafhash " ++ mochihex:to_hex(TreeLeafHash), URL, Headers, RequestBody) of + {error, Error} -> + lager:info("request error: ~p", [Error]), + drop; {failure, _StatusLine, _RespHeaders, _Body} -> lager:debug("auth check failed"), drop; diff --git a/src/plop_httputil.erl b/src/plop_httputil.erl index a7be8b5..2d840aa 100644 --- a/src/plop_httputil.erl +++ b/src/plop_httputil.erl @@ -27,24 +27,29 @@ request(DebugTag, URL, Headers, RequestBody) -> #hackney_url{path = Path} = ParsedURL, lager:debug("~s: sending http request to ~p", [DebugTag, URL]), - {ok, ConnRef} = hackney:connect(ParsedURL, [{ssl_options, [{cacertfile, CACertFile}]}]), - lager:debug("~s: connected to ~p", - [DebugTag, URL]), - {ok, StatusCode, RespHeaders, ClientRef} = - hackney:send_request(ConnRef, - {post, Path, - add_auth("POST", Path, Headers, - RequestBody), - RequestBody}), - lager:debug("~s: received headers for ~p: ~p", - [DebugTag, URL, RespHeaders]), - {ok, Body} = hackney:body(ClientRef), - Stoptime = os:timestamp(), - hackney:close(ClientRef), - lager:debug("~s: received body for ~p: time ~p", - [DebugTag, URL, timer:now_diff(Stoptime, Starttime)]), - StatusLine = {none, StatusCode, none}, - AuthHeader = get_auth_header(hackney_headers:new(RespHeaders)), - {http_auth:verify_auth(AuthHeader, "REPLY", - binary_to_list(Path), Body), - StatusLine, RespHeaders, Body}. + case hackney:connect(ParsedURL, + [{ssl_options, [{cacertfile, CACertFile}]}]) of + {ok, ConnRef} -> + lager:debug("~s: connected to ~p", + [DebugTag, URL]), + {ok, StatusCode, RespHeaders, ClientRef} = + hackney:send_request(ConnRef, + {post, Path, + add_auth("POST", Path, Headers, + RequestBody), + RequestBody}), + lager:debug("~s: received headers for ~p: ~p", + [DebugTag, URL, RespHeaders]), + {ok, Body} = hackney:body(ClientRef), + Stoptime = os:timestamp(), + hackney:close(ClientRef), + lager:debug("~s: received body for ~p: time ~p", + [DebugTag, URL, timer:now_diff(Stoptime, Starttime)]), + StatusLine = {none, StatusCode, none}, + AuthHeader = get_auth_header(hackney_headers:new(RespHeaders)), + {http_auth:verify_auth(AuthHeader, "REPLY", + binary_to_list(Path), Body), + StatusLine, RespHeaders, Body}; + {error, Error} -> + {error, Error} + end. diff --git a/src/sign.erl b/src/sign.erl index 167987d..f252001 100644 --- a/src/sign.erl +++ b/src/sign.erl @@ -109,25 +109,30 @@ public_key(#'RSAPrivateKey'{modulus = Mod, publicExponent = Exp}) -> #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}. -remote_sign_request(URL, Request) -> +remote_sign_request([], _Request) -> + none; +remote_sign_request([URL|RestURLs], Request) -> case plop_httputil:request("signing", URL, [{"Content-Type", "text/json"}], list_to_binary(mochijson2:encode(Request))) of + {error, Error} -> + lager:info("request error: ~p", [Error]), + remote_sign_request(RestURLs, Request); {failure, _StatusLine, _RespHeaders, _Body} -> lager:debug("auth check failed"), - none; + remote_sign_request(RestURLs, Request); {success, {_HttpVersion, StatusCode, _ReasonPhrase}, _RespHeaders, Body} when StatusCode == 200 -> lager:debug("auth check succeeded"), case (catch mochijson2:decode(Body)) of {error, E} -> lager:error("json parse error: ~p", [E]), - none; + remote_sign_request(RestURLs, Request); {struct, PropList} -> base64:decode(proplists:get_value(<<"result">>, PropList)) end; {noauth, _StatusLine, _RespHeaders, _Body} -> lager:debug("no auth"), - none; + remote_sign_request(RestURLs, Request); _ -> - none + remote_sign_request(RestURLs, Request) end. %%%%%%%%%%%%%%%%%%%% @@ -136,12 +141,12 @@ remote_sign_request(URL, Request) -> sign_sct(Data = <<_Version:8, ?CERTIFICATE_TIMESTAMP:8, _/binary>>) -> - case application:get_env(plop, signing_node) of - {ok, URLBase} -> + case application:get_env(plop, signing_nodes) of + {ok, URLBases} -> Request = {[{plop_version, 1}, {data, base64:encode(Data)} ]}, - remote_sign_request(URLBase ++ "sct", Request); + remote_sign_request([URLBase ++ "sct" || URLBase <- URLBases], Request); undefined -> call(?MODULE, {sign, Data}) end. @@ -149,12 +154,12 @@ sign_sct(Data = <<_Version:8, sign_sth(Data = <<_Version:8, ?TREE_HASH:8, _/binary>>) -> - case application:get_env(plop, signing_node) of - {ok, URLBase} -> + case application:get_env(plop, signing_nodes) of + {ok, URLBases} -> Request = {[{plop_version, 1}, {data, base64:encode(Data)} ]}, - remote_sign_request(URLBase ++ "sth", Request); + remote_sign_request([URLBase ++ "sth" || URLBase <- URLBases], Request); undefined -> call(?MODULE, {sign, Data}) end. -- cgit v1.1