diff options
| author | Karen Arutyunov <karen@codesynthesis.com> | 2016-04-14 17:59:24 +0300 |
|---|---|---|
| committer | Karen Arutyunov <karen@codesynthesis.com> | 2016-05-04 20:47:45 +0300 |
| commit | b13332c991ce2695626eaca367dd8208b174c9ca (patch) | |
| tree | 809dc321b47d5ef9c72935637f94bf5b84ed640d /bpkg/rep-info.cxx | |
| parent | c9831f760a83e36a3a2ac84b1bd3f573e47ef195 (diff) | |
Add support for repository authentication
Diffstat (limited to 'bpkg/rep-info.cxx')
| -rw-r--r-- | bpkg/rep-info.cxx | 61 |
1 files changed, 53 insertions, 8 deletions
diff --git a/bpkg/rep-info.cxx b/bpkg/rep-info.cxx index d2157af..9cad4fd 100644 --- a/bpkg/rep-info.cxx +++ b/bpkg/rep-info.cxx @@ -9,7 +9,9 @@ #include <bpkg/manifest> #include <bpkg/manifest-serializer> +#include <bpkg/auth> #include <bpkg/fetch> +#include <bpkg/package> #include <bpkg/diagnostics> #include <bpkg/manifest-utility> @@ -30,21 +32,64 @@ namespace bpkg repository_location rl (parse_location (args.next ())); // Fetch everything we will need before printing anything. Ignore - // unknown manifest entries unless we are dumping them. + // unknown manifest entries unless we are dumping them. First fetch + // the repositories list and authenticate the base's certificate. // - package_manifests pms (fetch_packages (o, rl, !o.manifest ())); + pair<repository_manifests, string/*checksum*/> rmc ( + fetch_repositories (o, rl, !o.manifest ())); - repository_manifests rms; + repository_manifests& rms (rmc.first); - try + bool a (o.auth () != auth::none && + (o.auth () == auth::all || rl.remote ())); + + const optional<string> cert_pem (rms.back ().certificate); + shared_ptr<const certificate> cert; + + if (a) { - rms = fetch_repositories (o, rl, pms.sha256sum, !o.manifest ()); + dir_path d (o.directory ()); + cert = authenticate_certificate ( + o, + o.directory_specified () && d.empty () ? nullptr : &d, + cert_pem, + rl); + + a = !cert->dummy (); } - catch (const checksum_mismatch&) - { - fail << "repository files checksum mismatch for " + + // Now fetch the packages list and make sure it matches the repositories + // we just fetched. + // + pair<package_manifests, string/*checksum*/> pmc ( + fetch_packages (o, rl, !o.manifest ())); + + package_manifests& pms (pmc.first); + + if (rmc.second != pms.sha256sum) + fail << "repositories manifest file checksum mismatch for " << rl.canonical_name () << info << "try again"; + + if (a) + { + signature_manifest sm (fetch_signature (o, rl, true)); + + if (sm.sha256sum != pmc.second) + fail << "packages manifest file checksum mismatch for " + << rl.canonical_name () << + info << "try again"; + + dir_path d (o.directory ()); + assert (cert != nullptr); + + authenticate_repository ( + o, + o.directory_specified () && d.empty () ? nullptr : &d, + cert_pem, + *cert, + sm, + rl); } // Now print. |