Skip to content

Commit

Permalink
Update modified time when ETag check succeeded (#475)
Browse files Browse the repository at this point in the history
IB-7029

Signed-off-by: Raul Metsma <raul@metsma.ee>
  • Loading branch information
metsma authored Jun 7, 2022
1 parent 73a53dc commit d9fd053
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 13 deletions.
5 changes: 2 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ jobs:
container: ${{ matrix.container }}
strategy:
matrix:
container: ['fedora:33']
container: ['fedora:33', 'fedora:34']
env:
MAKEFLAGS: -j3
steps:
Expand All @@ -77,8 +77,7 @@ jobs:
- name: Install Deps
run: |
dnf install -y \
cmake openssl-devel xerces-c-devel \
xml-security-c-devel zlib-devel vim-common \
gcc-c++ cmake openssl-devel xerces-c-devel xml-security-c-devel zlib-devel vim-common \
https://www.codesynthesis.com/download/xsd/4.0/linux-gnu/x86_64/xsd-4.0.0-1.x86_64.rpm
- name: Build
run: |
Expand Down
16 changes: 7 additions & 9 deletions src/crypto/TSL.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -284,8 +284,8 @@ TSL TSL::parseTSL(const string &url, const vector<X509Cert> &certs,
THROW("TSL %s (%llu) is expired", territory.c_str(), tsl.sequenceNumber());
if((CONF(TSLOnlineDigest)) && (File::modifiedTime(path) < (time(nullptr) - (60 * 60 * 24))))
{
tsl.validateETag(url, timeout);
File::updateModifiedTime(path, time(nullptr));
if(tsl.validateETag(url, timeout))
File::updateModifiedTime(path, time(nullptr));
}
DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber());
return tsl;
Expand Down Expand Up @@ -603,25 +603,22 @@ void TSL::validate(const vector<X509Cert> &certs)
* @param timeout Time to wait for downloading
* @throws Exception if ETag does not match cached ETag and TSL loading should be triggered
*/
void TSL::validateETag(const string &url, int timeout)
bool TSL::validateETag(const string &url, int timeout)
{
Connect::Result r;
try {
r = Connect(url, "HEAD", timeout).exec({{"Accept-Encoding", "gzip"}});
if(!r.isOK())
return;
return false;
} catch(const Exception &e) {
debugException(e);
DEBUG("Failed to get ETag %s", url.c_str());
return;
return false;
}

map<string,string>::const_iterator it = r.headers.find("ETag");
if(it == r.headers.cend())
{
validateRemoteDigest(url, timeout);
return;
}
return validateRemoteDigest(url, timeout);

DEBUG("Remote ETag: %s", it->second.c_str());
ifstream is(File::encodeName(path + ".etag"));
Expand All @@ -632,6 +629,7 @@ void TSL::validateETag(const string &url, int timeout)
DEBUG("Cached ETag: %s", etag.c_str());
if(etag != it->second)
THROW("Remote ETag does not match");
return true;
}

bool TSL::validateRemoteDigest(const string &url, int timeout)
Expand Down
2 changes: 1 addition & 1 deletion src/crypto/TSL.h
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class TSL
private:
std::vector<std::string> pivotURLs() const;
std::vector<X509Cert> signingCerts() const;
void validateETag(const std::string &url, int timeout);
bool validateETag(const std::string &url, int timeout);
bool validateRemoteDigest(const std::string &url, int timeout);

static void debugException(const Exception &e);
Expand Down

0 comments on commit d9fd053

Please sign in to comment.