| package main |
| |
| import ( |
| "context" |
| "encoding/hex" |
| "fmt" |
| "sync" |
| "time" |
| |
| pb "code.hackerspace.pl/hscloud/bgpwtf/cccampix/proto" |
| "code.hackerspace.pl/hscloud/bgpwtf/cccampix/verifier/model" |
| "github.com/golang/glog" |
| "google.golang.org/grpc/codes" |
| "google.golang.org/grpc/status" |
| ) |
| |
| type pgp struct { |
| pgpc pb.PGPEncryptorClient |
| } |
| |
| func newPGP(pgpc pb.PGPEncryptorClient) (*pgp, error) { |
| return &pgp{ |
| pgpc: pgpc, |
| }, nil |
| } |
| |
| func (p *pgp) Name() string { |
| return "PGP" |
| } |
| |
| func (p *pgp) NextRun(now time.Time, lastRun bool) time.Time { |
| if lastRun { |
| return now.Add(1 * time.Minute) |
| } |
| return now.Add(15 * time.Minute) |
| } |
| |
| func (p *pgp) RunAll(ctx context.Context, m model.Model) error { |
| keys, err := m.GetPGPKeysRequiringAttention(ctx) |
| if err != nil { |
| return fmt.Errorf("GetPGPKeysRequiringAttention: %v", err) |
| } |
| |
| if len(keys) == 0 { |
| return nil |
| } |
| |
| s := make(chan struct{}, 20) |
| errC := make(chan error, len(keys)) |
| knownC := make(chan *model.PeerPGPKey, len(keys)) |
| unknownC := make(chan *model.PeerPGPKey, len(keys)) |
| |
| var wg sync.WaitGroup |
| wg.Add(len(keys)) |
| |
| for _, key := range keys { |
| go func(k *model.PeerPGPKey) { |
| s <- struct{}{} |
| defer func() { |
| wg.Done() |
| <-s |
| }() |
| |
| glog.Infof("PGP: Processing %v", *k) |
| |
| // HACK(q3k) |
| if k.State == "known" { |
| knownC <- k |
| return |
| } |
| |
| fp, err := hex.DecodeString(k.Fingerprint) |
| if err != nil { |
| errC <- fmt.Errorf("could not decode fingerprint %q: %v", k.Fingerprint, err) |
| return |
| } |
| |
| req := &pb.KeyInfoRequest{ |
| Fingerprint: fp, |
| Caching: pb.KeyInfoRequest_CACHING_FORCE_REMOTE, |
| } |
| |
| _, err = p.pgpc.KeyInfo(ctx, req) |
| s, ok := status.FromError(err) |
| switch { |
| case err == nil: |
| knownC <- k |
| case ok && s.Code() == codes.NotFound: |
| unknownC <- k |
| default: |
| errC <- err |
| } |
| }(key) |
| } |
| |
| wg.Wait() |
| close(errC) |
| close(knownC) |
| close(unknownC) |
| |
| pcr := []*model.PeerCheckResult{} |
| |
| positive := []string{} |
| for p := range knownC { |
| positive = append(positive, p.Fingerprint) |
| pcr = append(pcr, &model.PeerCheckResult{ |
| PeerASN: p.PeerASN, |
| CheckName: "pgp", |
| Time: time.Now(), |
| Status: model.PeerCheckStatus_Okay, |
| }) |
| } |
| negative := []string{} |
| for n := range unknownC { |
| negative = append(negative, n.Fingerprint) |
| pcr = append(pcr, &model.PeerCheckResult{ |
| PeerASN: n.PeerASN, |
| CheckName: "pgp", |
| Time: time.Now(), |
| Status: model.PeerCheckStatus_Failed, |
| Message: fmt.Sprintf("key %q not found on keyservers", n.Fingerprint), |
| }) |
| } |
| |
| glog.Infof("%v, %v", positive, negative) |
| |
| if len(positive) > 0 || len(negative) > 0 { |
| err := m.ValidatePGPKeys(ctx, positive, negative) |
| if err != nil { |
| return fmt.Errorf("ValidatePGPKeys(%v, %v): %v", positive, negative, err) |
| } |
| } |
| |
| if len(pcr) > 0 { |
| err = m.SubmitPeerCheckResults(ctx, "pgp", pcr) |
| if err != nil { |
| return err |
| } |
| } |
| |
| errs := []error{} |
| for err := range errC { |
| errs = append(errs, err) |
| } |
| |
| if len(errs) > 0 { |
| glog.Errorf("Errors while processing keys: %v", errs) |
| return fmt.Errorf("Errors ocurred while processing keys") |
| } |
| |
| return nil |
| |
| } |