-
Notifications
You must be signed in to change notification settings - Fork 162
/
handlers.go
82 lines (77 loc) · 2.99 KB
/
handlers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
// Copyright 2019 Anapaya Systems
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package trust
import (
"github.com/scionproto/scion/go/lib/common"
"github.com/scionproto/scion/go/lib/ctrl/cert_mgmt"
"github.com/scionproto/scion/go/lib/infra"
"github.com/scionproto/scion/go/lib/infra/messenger"
"github.com/scionproto/scion/go/lib/log"
"github.com/scionproto/scion/go/proto"
)
// AckNotFound is sent as the error description if the crypto material is
// not found.
const AckNotFound string = "not found"
// chainReqHandler contains the state of a handler for a specific Certificate
// Chain Request message, received via the Messenger's ListenAndServe method.
type chainReqHandler struct {
request *infra.Request
provider CryptoProvider
}
func (h *chainReqHandler) Handle() *infra.HandlerResult {
if h.request == nil {
log.Error("[TrustStore:chainReqHandler] Request is nil")
return infra.MetricsErrInternal
}
logger := log.FromCtx(h.request.Context())
chainReq, ok := h.request.Message.(*cert_mgmt.ChainReq)
if !ok {
logger.Error("[TrustStore:chainReqHandler] wrong message type, expected cert_mgmt.ChainReq",
"msg", h.request.Message, "type", common.TypeOf(h.request.Message))
return infra.MetricsErrInternal
}
logger.Debug("[TrustStore:chainReqHandler] Received request", "chainReq", chainReq,
"peer", h.request.Peer)
rw, ok := infra.ResponseWriterFromContext(h.request.Context())
if !ok {
logger.Warn("[TrustStore:chainReqHandler] Unable to service request, " +
"no ResponseWriter found")
return infra.MetricsErrInternal
}
sendAck := messenger.SendAckHelper(h.request.Context(), rw)
opts := infra.ChainOpts{
TrustStoreOpts: infra.TrustStoreOpts{
LocalOnly: chainReq.CacheOnly,
},
AllowInactiveTRC: true,
}
raw, err := h.provider.GetRawChain(h.request.Context(), chainReq.IA(), chainReq.Version,
opts, h.request.Peer)
if err != nil {
// FIXME(roosd): We should send a negative response.
logger.Error("[TrustStore:chainReqHandler] Unable to retrieve chain", "err", err)
sendAck(proto.Ack_ErrCode_reject, AckNotFound)
return infra.MetricsErrTrustStore(err)
}
chainMessage := &cert_mgmt.Chain{
RawChain: raw,
}
if err = rw.SendCertChainReply(h.request.Context(), chainMessage); err != nil {
logger.Error("[TrustStore:chainReqHandler] Messenger API error", "err", err)
return infra.MetricsErrMsger(err)
}
logger.Debug("[TrustStore:chainReqHandler] Replied with chain",
"ia", chainReq.IA(), "version", chainReq.Version, "peer", h.request.Peer)
return infra.MetricsResultOk
}