From b13332c991ce2695626eaca367dd8208b174c9ca Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Thu, 14 Apr 2016 17:59:24 +0300
Subject: Add support for repository authentication

---
 bpkg/rep-info.cxx | 61 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 53 insertions(+), 8 deletions(-)

(limited to 'bpkg/rep-info.cxx')

diff --git a/bpkg/rep-info.cxx b/bpkg/rep-info.cxx
index d2157af..9cad4fd 100644
--- a/bpkg/rep-info.cxx
+++ b/bpkg/rep-info.cxx
@@ -9,7 +9,9 @@
 #include <bpkg/manifest>
 #include <bpkg/manifest-serializer>
 
+#include <bpkg/auth>
 #include <bpkg/fetch>
+#include <bpkg/package>
 #include <bpkg/diagnostics>
 #include <bpkg/manifest-utility>
 
@@ -30,21 +32,64 @@ namespace bpkg
     repository_location rl (parse_location (args.next ()));
 
     // Fetch everything we will need before printing anything. Ignore
-    // unknown manifest entries unless we are dumping them.
+    // unknown manifest entries unless we are dumping them. First fetch
+    // the repositories list and authenticate the base's certificate.
     //
-    package_manifests pms (fetch_packages (o, rl, !o.manifest ()));
+    pair<repository_manifests, string/*checksum*/> rmc (
+      fetch_repositories (o, rl, !o.manifest ()));
 
-    repository_manifests rms;
+    repository_manifests& rms (rmc.first);
 
-    try
+    bool a (o.auth () != auth::none &&
+            (o.auth () == auth::all || rl.remote ()));
+
+    const optional<string> cert_pem (rms.back ().certificate);
+    shared_ptr<const certificate> cert;
+
+    if (a)
     {
-      rms = fetch_repositories (o, rl, pms.sha256sum, !o.manifest ());
+      dir_path d (o.directory ());
+      cert = authenticate_certificate (
+        o,
+        o.directory_specified () && d.empty () ? nullptr : &d,
+        cert_pem,
+        rl);
+
+      a = !cert->dummy ();
     }
-    catch (const checksum_mismatch&)
-    {
-      fail << "repository files checksum mismatch for "
+
+    // Now fetch the packages list and make sure it matches the repositories
+    // we just fetched.
+    //
+    pair<package_manifests, string/*checksum*/> pmc (
+      fetch_packages (o, rl, !o.manifest ()));
+
+    package_manifests& pms (pmc.first);
+
+    if (rmc.second != pms.sha256sum)
+      fail << "repositories manifest file checksum mismatch for "
            << rl.canonical_name () <<
         info << "try again";
+
+    if (a)
+    {
+      signature_manifest sm (fetch_signature (o, rl, true));
+
+      if (sm.sha256sum != pmc.second)
+        fail << "packages manifest file checksum mismatch for "
+             << rl.canonical_name () <<
+          info << "try again";
+
+      dir_path d (o.directory ());
+      assert (cert != nullptr);
+
+      authenticate_repository (
+        o,
+        o.directory_specified () && d.empty () ? nullptr : &d,
+        cert_pem,
+        *cert,
+        sm,
+        rl);
     }
 
     // Now print.
-- 
cgit v1.1