Index: hockeypuck-pcic-1.0/packaging/src/gopkg.in/hockeypuck/hkp.v1/storage/storage.go =================================================================== --- hockeypuck-pcic-1.0.orig/packaging/src/gopkg.in/hockeypuck/hkp.v1/storage/storage.go +++ hockeypuck-pcic-1.0/packaging/src/gopkg.in/hockeypuck/hkp.v1/storage/storage.go @@ -23,6 +23,11 @@ import ( "io" "time" + "io/ioutil" + "os" + "os/exec" + "strings" + "gopkg.in/errgo.v1" "gopkg.in/hockeypuck/openpgp.v1" @@ -184,12 +189,73 @@ func firstMatch(results []*openpgp.Prima func UpsertKey(storage Storage, pubkey *openpgp.PrimaryKey) (kc KeyChange, err error) { var lastKey *openpgp.PrimaryKey + var errMsg = "" + lastKeys, err := storage.FetchKeys([]string{pubkey.RFingerprint}) if err == nil { // match primary fingerprint -- someone might have reused a subkey somewhere lastKey, err = firstMatch(lastKeys, pubkey.RFingerprint) } + + // -*- hockeypuck_pcic patch starts -*- + + // We will be checking the received key, whether or not it is + // found in the DB. For that reason, to avoid clobbering err, + // we store its result in new_key_not_found (to be used a + // couple of lines below) + new_key_not_found := false if IsNotFound(err) { + new_key_not_found = true + } + + // Temporary file to be used for communication with Sequoia + // for attestation validation + f, err := ioutil.TempFile("", "hkp-*") + if err != nil { + return nil, errgo.Newf("Could not create temporary file") + } + + defer f.Close() + defer os.Remove(f.Name()) + + // Clearly bad style: Open a predictably-named log file to + // record our modifications. In production code, this has to + // be eviscerated! + log_f, err := os.OpenFile("/tmp/modif.log", os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600) + if err != nil { + return nil, errgo.Newf("Could not append to modification log") + } + defer log_f.Close() + + // Write the ASCII-armored key certificate to check to the temporary file. + openpgp.WriteArmoredPackets(f, []*openpgp.PrimaryKey{pubkey}) + + out, err := exec.Command("/usr/local/bin/filter_certs", "--file", f.Name() ).Output() + out_str := strings.TrimSpace(string(out)) + if err != nil { + errMsg = strings.Join([]string{errMsg, + fmt.Sprintf("Error verifying with an external command: %q\n", err)}, + "\n") + log_f.WriteString(errMsg) + return KeyNotChanged{}, errgo.New(errMsg) + } + + // The filter returns an ASCII-armored key certificate as + // STDOUT. Parse it back into a openpgp.PrimaryKey. + new_kr, err := openpgp.ReadArmorKeys( strings.NewReader(out_str) ) + if err != nil { + return KeyNotChanged{}, nil + } + + pubkeys := new_kr.MustParse() + if len(pubkeys) != 1 { + return KeyNotChanged{}, errgo.Newf("Unexpected answer: Verification answer should contain a single key (has %d)", len(pubkeys)) + } + pubkey = pubkeys[0] + + // -*- hockeypuck_pcic patch ends -*- + + if new_key_not_found { _, err = storage.Insert([]*openpgp.PrimaryKey{pubkey}) if err != nil { return nil, errgo.Mask(err)