// LoadACLGuard restores a set of rules saved with Save. It replaces any rules
// in the ACLGuard with the rules it loaded. In the process, it also checks the
// signature created during the Save process.
func LoadACLGuard(key *Verifier, config ACLGuardDetails) (Guard, error) {
b, err := ioutil.ReadFile(config.GetSignedAclsPath())
if err != nil {
return nil, err
}
var sigACL SignedACLSet
if err := proto.Unmarshal(b, &sigACL); err != nil {
return nil, err
}
ok, err := key.Verify(sigACL.SerializedAclset, ACLGuardSigningContext, sigACL.Signature)
if err != nil {
return nil, err
}
if !ok {
return nil, errors.New("the signature on the file didn't pass verification")
}
var acls ACLSet
if err := proto.Unmarshal(sigACL.SerializedAclset, &acls); err != nil {
return nil, err
}
a := &ACLGuard{Config: config, Key: key}
a.ACL = acls.Entries
return a, nil
}
func (s *ApiServer) FixJobs() error {
log.Println("purging all jobs...")
prefix := store.TableJobFeed
_, err := store.ForwardTableScan(s.mdb, prefix, func(i int, k, v []byte) error {
job := &pb.FeedJob{}
if err := proto.Unmarshal(v, job); err != nil {
return err
}
if job.RemoteKey == "" {
return s.mdb.Delete(k)
}
return nil
})
if err != nil {
return err
}
prefix = store.TableJobRunning
_, err = store.ForwardTableScan(s.mdb, prefix, func(i int, k, v []byte) error {
job := &pb.FeedJob{}
if err := proto.Unmarshal(v, job); err != nil {
return err
}
if job.RemoteKey == "" {
return s.mdb.Delete(k)
}
return nil
})
if err != nil {
return err
}
return nil
}
// BreakOutBlockData decomposes a blockData into its payloads and signatures.
// since a BlockData contains a slice of Envelopes, this functions returns slices of Payloads and Envelope.Signatures.
// the Payload/Signature pair has the same array index
func BreakOutBlockData(blockData *pb.BlockData) ([]*pb.Payload, [][]byte, error) {
var err error
var envelopeSignatures [][]byte
var payloads []*pb.Payload
var envelope *pb.Envelope
var payload *pb.Payload
for _, envelopeBytes := range blockData.Data {
envelope = &pb.Envelope{}
err = proto.Unmarshal(envelopeBytes, envelope)
if err != nil {
return nil, nil, err
}
payload = &pb.Payload{}
err = proto.Unmarshal(envelope.Payload, payload)
if err != nil {
return nil, nil, err
}
envelopeSignatures = append(envelopeSignatures, envelope.Signature)
payloads = append(payloads, payload)
}
return payloads, envelopeSignatures, nil
} // BreakOutBlockData
func (d *Decoder) block() (*OSMPBF.BlobHeader, *OSMPBF.Blob, error) {
// BlobHeaderLength
headerSizeBuf := make([]byte, 4)
if _, err := io.ReadFull(d.r, headerSizeBuf); err != nil {
return nil, nil, err
}
headerSize := binary.BigEndian.Uint32(headerSizeBuf)
// BlobHeader
headerBuf := make([]byte, headerSize)
if _, err := io.ReadFull(d.r, headerBuf); err != nil {
return nil, nil, err
}
blobHeader := new(OSMPBF.BlobHeader)
if err := proto.Unmarshal(headerBuf, blobHeader); err != nil {
return nil, nil, err
}
// Blob
blobBuf := make([]byte, blobHeader.GetDatasize())
_, err := io.ReadFull(d.r, blobBuf)
if err != nil {
return nil, nil, err
}
blob := new(OSMPBF.Blob)
if err := proto.Unmarshal(blobBuf, blob); err != nil {
return nil, nil, err
}
return blobHeader, blob, nil
}
// Apply applies the rule to the given Envelope, replying with the Action to take for the message
func (cf *configFilter) Apply(message *cb.Envelope) (filter.Action, filter.Committer) {
msgData := &cb.Payload{}
err := proto.Unmarshal(message.Payload, msgData)
if err != nil {
return filter.Forward, nil
}
if msgData.Header == nil || msgData.Header.ChainHeader == nil || msgData.Header.ChainHeader.Type != int32(cb.HeaderType_CONFIGURATION_TRANSACTION) {
return filter.Forward, nil
}
config := &cb.ConfigurationEnvelope{}
err = proto.Unmarshal(msgData.Data, config)
if err != nil {
return filter.Reject, nil
}
err = cf.configManager.Validate(config)
if err != nil {
return filter.Reject, nil
}
return filter.Accept, &configCommitter{
manager: cf.configManager,
configEnvelope: config,
}
}
func (s *ApiServer) FixTooMuchJobs() error {
log.Println("too much jobs: purging peridoc jobs...")
prefix := store.TableJobFeed
_, err := store.ForwardTableScan(s.mdb, prefix, func(i int, k, v []byte) error {
job := &pb.FeedJob{}
if err := proto.Unmarshal(v, job); err != nil {
return err
}
if int(job.MaxLimit) == 99 {
return s.mdb.Delete(k)
}
return nil
})
if err != nil {
return err
}
prefix = store.TableJobRunning
_, err = store.ForwardTableScan(s.mdb, prefix, func(i int, k, v []byte) error {
job := &pb.FeedJob{}
if err := proto.Unmarshal(v, job); err != nil {
return err
}
if int(job.MaxLimit) == 99 {
return s.mdb.Delete(k)
}
return nil
})
if err != nil {
return err
}
return nil
}
func updateReceiver(t *testing.T, resultch chan byte, errorch chan error, client ab.AtomicBroadcastClient) {
logger.Info("{Update Receiver} Creating a ledger update delivery stream.")
dstream, err := client.Deliver(context.Background())
if err != nil {
errorch <- fmt.Errorf("Failed to get Deliver stream: %s", err)
return
}
dstream.Send(&ab.DeliverUpdate{Type: &ab.DeliverUpdate_Seek{Seek: &ab.SeekInfo{Start: ab.SeekInfo_NEWEST, WindowSize: 10, ChainID: provisional.TestChainID}}})
logger.Info("{Update Receiver} Listening to ledger updates.")
for i := 0; i < 2; i++ {
m, inerr := dstream.Recv()
if inerr != nil {
errorch <- fmt.Errorf("Failed to receive consensus: %s", inerr)
return
}
b := m.Type.(*ab.DeliverResponse_Block)
logger.Info("{Update Receiver} Received a ledger update.")
for i, tx := range b.Block.Data.Data {
pl := &cb.Payload{}
e := &cb.Envelope{}
merr1 := proto.Unmarshal(tx, e)
merr2 := proto.Unmarshal(e.Payload, pl)
if merr1 == nil && merr2 == nil {
logger.Infof("{Update Receiver} %d - %v", i+1, pl.Data)
}
}
resultch <- UPDATE
}
logger.Info("{Update Receiver} Exiting...")
}
// Decrypts a proto using an AEAD. Unmarshals the result into dst. The result
// should only be considered written if this function returns true.
func DecryptProto(aead cipher.AEAD, msg string, additionalData []byte, dst proto.Message) bool {
msgBytes, err := base64.RawURLEncoding.DecodeString(msg)
if err != nil {
glog.V(2).Infof("Tried to decrypt proto with invalid base64: %v", err)
return false
}
var msgProto pb.EncryptedMessage
err = proto.Unmarshal(msgBytes, &msgProto)
if err != nil {
glog.V(2).Infof("Tried to decrypt proto with invalid pb.EncryptedMessage: %v", err)
return false
}
// Decrypt in-place.
plaintext := msgProto.Ciphertext
plaintext, err = aead.Open(plaintext[:0], msgProto.Nonce, msgProto.Ciphertext, additionalData)
if err != nil {
glog.V(2).Infof("Failed to decrypt data: %v", err)
return false
}
err = proto.Unmarshal(plaintext, dst)
if err != nil {
glog.V(2).Infof("Failed to decrypt proto: %v", err)
return false
}
return true
}
// Decodes a message byte buffer into a proto response, error code or nil
// Resulting object depends on response type.
func decode(buf []byte, resp proto.Message) (err error) {
var code uint8
var respbuf []byte
if len(buf) < 1 {
err = ErrInvalidResponseCode
return
}
code = buf[0]
if len(buf) > 1 {
respbuf = buf[1:]
} else {
respbuf = make([]byte, 0)
}
switch code {
case MsgRpbErrorResp:
errResp := &RpbErrorResp{}
if err = proto.Unmarshal(respbuf, errResp); err == nil {
err = errors.New(string(errResp.Errmsg))
}
case MsgRpbPingResp, MsgRpbSetClientIdResp, MsgRpbSetBucketResp, MsgRpbDelResp:
resp = nil
default:
err = proto.Unmarshal(respbuf, resp)
}
return
}
func Unboxing(data []byte) (interface{}, error) {
if len(data) < 1 {
return nil, fmt.Errorf("warning: bad frame")
}
bagId := data[0]
data = data[1:]
switch bagId {
case BAG_ID_MSG:
if len(data) < 1 {
return nil, fmt.Errorf("warning: bad message frame")
}
upMsg := new(Msg)
if err := proto.Unmarshal(data, upMsg); err != nil {
return nil, fmt.Errorf("parse msg err %v", err)
}
return upMsg, nil
case BAG_ID_ACK:
ack := new(Ack)
if err := proto.Unmarshal(data, ack); err != nil {
return nil, fmt.Errorf("parse ack err %v", err)
}
return ack, nil
case BAG_ID_CMD:
cmd := new(Cmd)
if err := proto.Unmarshal(data, cmd); err != nil {
return nil, fmt.Errorf("parse cmd err %v", err)
}
return cmd, nil
default:
return nil, fmt.Errorf("warning: unknown bag id: %v", bagId)
}
}
// UnmarshalKey deserializes a Verifier.
func UnmarshalKey(material []byte) (*Verifier, error) {
var ck CryptoKey
if err := proto.Unmarshal(material, &ck); err != nil {
return nil, err
}
if *ck.Version != CryptoVersion_CRYPTO_VERSION_1 {
return nil, newError("bad version")
}
if *ck.Purpose != CryptoKey_VERIFYING {
return nil, newError("bad purpose")
}
if *ck.Algorithm != CryptoKey_ECDSA_SHA {
return nil, newError("bad algorithm")
}
var ecvk ECDSA_SHA_VerifyingKeyV1
if err := proto.Unmarshal(ck.Key, &ecvk); err != nil {
return nil, err
}
ec, err := unmarshalECDSASHAVerifyingKeyV1(&ecvk)
if err != nil {
return nil, err
}
return &Verifier{ec}, nil
}
func (scf *systemChainFilter) Apply(env *cb.Envelope) (filter.Action, filter.Committer) {
msgData := &cb.Payload{}
err := proto.Unmarshal(env.Payload, msgData)
if err != nil {
return filter.Forward, nil
}
if msgData.Header == nil || msgData.Header.ChainHeader == nil || msgData.Header.ChainHeader.Type != int32(cb.HeaderType_ORDERER_TRANSACTION) {
return filter.Forward, nil
}
configTx := &cb.Envelope{}
err = proto.Unmarshal(msgData.Data, configTx)
if err != nil {
return filter.Reject, nil
}
status := scf.cc.systemChain().authorizeAndInspect(configTx)
if status != cb.Status_SUCCESS {
return filter.Reject, nil
}
return filter.Accept, &systemChainCommitter{
cc: scf.cc,
configTx: configTx,
}
}
func NewBackendAB(backend *Backend) *BackendAB {
// XXX All the code below is a hacky shim until sbft can be adapter to the new multichain interface
it, _ := backend.ledger.Iterator(ab.SeekInfo_OLDEST, 0)
block, status := it.Next()
if status != cb.Status_SUCCESS {
panic("Error getting a block from the ledger")
}
env := &cb.Envelope{}
err := proto.Unmarshal(block.Data.Data[0], env)
if err != nil {
panic(err)
}
payload := &cb.Payload{}
err = proto.Unmarshal(env.Payload, payload)
if err != nil {
panic(err)
}
manager := &xxxSupportManager{
chainID: payload.Header.ChainHeader.ChainID,
support: &xxxSupport{reader: backend.ledger},
}
// XXX End hackiness
bab := &BackendAB{
backend: backend,
deliverserver: deliver.NewHandlerImpl(manager, 1000),
}
return bab
}
func (sc *systemChain) authorize(configEnvelope *cb.ConfigurationEnvelope) cb.Status {
creationConfigItem := &cb.ConfigurationItem{}
err := proto.Unmarshal(configEnvelope.Items[0].ConfigurationItem, creationConfigItem)
if err != nil {
logger.Debugf("Failing to validate chain creation because of unmarshaling error: %s", err)
return cb.Status_BAD_REQUEST
}
if creationConfigItem.Key != utils.CreationPolicyKey {
logger.Debugf("Failing to validate chain creation because first configuration item was not the CreationPolicy")
return cb.Status_BAD_REQUEST
}
creationPolicy := &ab.CreationPolicy{}
err = proto.Unmarshal(creationConfigItem.Value, creationPolicy)
if err != nil {
logger.Debugf("Failing to validate chain creation because first configuration item could not unmarshal to a CreationPolicy: %s", err)
return cb.Status_BAD_REQUEST
}
ok := false
for _, chainCreatorPolicy := range sc.support.SharedConfig().ChainCreators() {
if chainCreatorPolicy == creationPolicy.Policy {
ok = true
break
}
}
if !ok {
logger.Debugf("Failed to validate chain creation because chain creation policy is not authorized for chain creation")
return cb.Status_FORBIDDEN
}
policy, ok := sc.support.PolicyManager().GetPolicy(creationPolicy.Policy)
if !ok {
logger.Debugf("Failed to get policy for chain creation despite it being listed as an authorized policy")
return cb.Status_INTERNAL_SERVER_ERROR
}
// XXX actually do policy signature validation
_ = policy
var remainingBytes []byte
for i, item := range configEnvelope.Items {
if i == 0 {
// Do not include the creation policy
continue
}
remainingBytes = append(remainingBytes, item.ConfigurationItem...)
}
configHash := util.ComputeCryptoHash(remainingBytes)
if !bytes.Equal(configHash, creationPolicy.Digest) {
logger.Debugf("Validly signed chain creation did not contain correct digest for remaining configuration %x vs. %x", configHash, creationPolicy.Digest)
return cb.Status_BAD_REQUEST
}
return cb.Status_SUCCESS
}
// execute an opaque request which corresponds to an OBC Transaction
func (op *obcBatch) execute(seqNo uint64, raw []byte) {
reqs := &RequestBlock{}
if err := proto.Unmarshal(raw, reqs); err != nil {
logger.Warningf("Batch replica %d could not unmarshal request block: %s", op.pbft.id, err)
return
}
var txs []*pb.Transaction
for _, req := range reqs.Requests {
tx := &pb.Transaction{}
if err := proto.Unmarshal(req.Payload, tx); err != nil {
logger.Warningf("Batch replica %d could not unmarshal transaction: %s", op.pbft.id, err)
continue
}
logger.Debugf("Batch replica %d executing request with transaction %s from outstandingReqs, seqNo=%d", op.pbft.id, tx.Uuid, seqNo)
if outstanding, pending := op.reqStore.remove(req); !outstanding || !pending {
logger.Debugf("Batch replica %d missing transaction %s outstanding=%v, pending=%v", op.pbft.id, tx.Uuid, outstanding, pending)
}
txs = append(txs, tx)
op.deduplicator.Execute(req)
}
meta, _ := proto.Marshal(&Metadata{seqNo})
logger.Debugf("Batch replica %d received exec for seqNo %d containing %d transactions", op.pbft.id, seqNo, len(txs))
op.stack.Execute(meta, txs) // This executes in the background, we will receive an executedEvent once it completes
}
func TestMsg(t *testing.T) {
recMsg := &OSMsg{Fromu: proto.String("jack"), Tou: proto.String("tom"), Content: proto.String("first")}
b, err := proto.Marshal(recMsg)
if checkerr(err) {
return
}
buf := proto.NewBuffer(b)
err = proto.Unmarshal(b, &msg)
if checkerr(err) {
return
}
fmt.Println(msg)
fmt.Println(msg.String())
err = proto.Unmarshal(buf.Bytes(), &osmsg)
if checkerr(err) {
return
}
fmt.Println(osmsg)
fmt.Println(osmsg.String())
a := []int{1, 2}
a1 := a[:1]
fmt.Println(a, a1)
a1 = append(a1, 3)
fmt.Println(a, a1)
a1 = append(a1, 4)
fmt.Println(a, a1)
a1[1] = 10
fmt.Println(a, a1)
}
// execute an opaque request which corresponds to an OBC Transaction
func (op *obcBatch) execute(seqNo uint64, raw []byte) {
reqs := &RequestBlock{}
if err := proto.Unmarshal(raw, reqs); err != nil {
logger.Warningf("Batch replica %d could not unmarshal request block: %s", op.pbft.id, err)
return
}
logger.Debugf("Batch replica %d received exec for seqNo %d", op.pbft.id, seqNo)
var txs []*pb.Transaction
for _, req := range reqs.Requests {
tx := &pb.Transaction{}
if err := proto.Unmarshal(req.Payload, tx); err != nil {
logger.Warningf("Batch replica %d could not unmarshal transaction: %s", op.pbft.id, err)
continue
}
// TODO, this is a really and inefficient way to do this, but because reqs aren't comparable, they cannot be retrieved from the map directly
for oreq := range op.outstandingReqs {
if reflect.DeepEqual(oreq, req) {
delete(op.outstandingReqs, oreq)
break
}
}
txs = append(txs, tx)
}
meta, _ := proto.Marshal(&Metadata{seqNo})
op.stack.Execute(meta, txs) // This executes in the background, we will receive an executedEvent once it completes
}
// Unseal decrypts data that has been sealed by the Seal() operation, but only
// if the policy specified during the Seal() operation is satisfied.
func (tt *TPMTao) Unseal(sealed []byte) (data []byte, policy string, err error) {
// The sealed data is a HybridSealedData.
var h HybridSealedData
if err := proto.Unmarshal(sealed, &h); err != nil {
return nil, "", err
}
unsealed, err := tpm.Unseal(tt.tpmfile, h.SealedKey, tt.srkAuth[:])
if err != nil {
return nil, "", err
}
defer ZeroBytes(unsealed)
var ck CryptoKey
if err := proto.Unmarshal(unsealed, &ck); err != nil {
return nil, "", err
}
defer ZeroBytes(ck.Key)
crypter, err := UnmarshalCrypterProto(&ck)
if err != nil {
return nil, "", err
}
defer ZeroBytes(crypter.aesKey)
defer ZeroBytes(crypter.hmacKey)
m, err := crypter.Decrypt(h.EncryptedData)
if err != nil {
return nil, "", err
}
return m, SealPolicyDefault, nil
}
func (_ singleTaskDecoder) DecodeToText(data []byte) (string, error) {
var task single.Task
var profileExtension single.ProfileExtension
err := proto.Unmarshal(data, &task)
if err != nil {
return "", err
}
if task.Profile != nil && task.Profile.Extension != nil &&
task.Profile.Extension.TypeUrl ==
"type.googleapis.com/bacs.problem.single.ProfileExtension" {
ext := task.Profile.Extension
task.Profile = nil
err = proto.Unmarshal(ext.Value, &profileExtension)
if err != nil {
return "", err
}
}
text := proto.MarshalTextString(&task)
profileExtensionText := proto.MarshalTextString(&profileExtension)
if profileExtensionText != "" {
text += "\n"
text += profileExtensionText
}
return text, nil
}
func OnEvent(name string, msg []string) {
switch msg[0] {
case "BMATCHEDWIN":
fmt.Println("event: win")
params := &UrlParam{}
if err := proto.Unmarshal([]byte(msg[1]), params); err != nil {
fmt.Println(err.Error())
} else {
fmt.Println("params:", params)
}
default:
event := msg[1]
switch event {
case "IMPRESSION":
case "CLICK":
case "CONVERSION":
default:
return
}
fmt.Println("event: ", event)
params := &UrlParam{}
if err := proto.Unmarshal([]byte(msg[2]), params); err != nil {
fmt.Println(err.Error())
} else {
fmt.Println("params:", params)
}
}
}
//账号服务器接收消息
func ReciveAccountResult(conn net.Conn) {
const MAXLEN = 1024
buf := make([]byte, MAXLEN)
for true {
n, _ := conn.Read(buf)
_, head_pid := GetHead(buf)
if n > MAXLEN || n < 8 {
//fmt.Println("recive error n> MAXLEN")
return
}
switch head_pid {
case 1:
result := new(protocol.Account_RegisterResult)
if err := proto.Unmarshal(buf[8:n], result); err == nil {
switch result.GetResult() {
case 0:
fmt.Println("注册成功\n")
case 1:
fmt.Println("注册失败\n")
case 4:
fmt.Println("注册名被占用\n")
default:
}
}
case 2:
result := new(protocol.Account_LoginResult)
//fmt.Println("buf:", buf, "n:", n)
if err := proto.Unmarshal(buf[8:n], result); err == nil {
switch result.GetResult() {
case 5:
fmt.Println("登录成功\t", "player id:", result.GetPlayerId(), "游戏地址服务器:", result.GetGameserver(), "\n")
result.GetPlayerId()
fout, _ := os.Create("account.txt")
defer fout.Close()
fout.WriteString(strconv.Itoa(int(result.GetPlayerId())))
conn.Close()
case 2:
fmt.Println("登录失败\n")
case 6:
fmt.Println("禁止登录\n")
default:
}
}
case 3:
result := new(protocol.Account_ServerListResult)
if err := proto.Unmarshal(buf[8:n], result); err == nil {
fmt.Println("服务器列表", result.GetServerInfo())
}
}
time.Sleep(5 * time.Millisecond)
}
}
// protobuf of latency summary info.
func TestDataCompletenessSummary(t *testing.T) {
setup(t)
defer teardown()
// Load test data.
if err := routes.DoAllStatusOk(testServer.URL); err != nil {
t.Error(err)
}
r := wt.Request{ID: wt.L(), URL: "/data/completeness/summary", Accept: "application/x-protobuf"}
var b []byte
var err error
if b, err = r.Do(testServer.URL); err != nil {
t.Error(err)
}
var f mtrpb.DataCompletenessSummaryResult
if err = proto.Unmarshal(b, &f); err != nil {
t.Error(err)
}
if len(f.Result) != 1 {
t.Error("expected 1 result.")
}
d := f.Result[0]
if d.SiteID != "TAUP" {
t.Errorf("expected TAUP got %s", d.SiteID)
}
if d.TypeID != "completeness.gnss.1hz" {
t.Errorf("expected gnss.1hz got %s", d.TypeID)
}
if d.Seconds == 0 {
t.Error("unexpected zero seconds")
}
r.URL = "/data/completeness/summary?typeID=completeness.gnss.1hz"
if b, err = r.Do(testServer.URL); err != nil {
t.Error(err)
}
f.Reset()
if err = proto.Unmarshal(b, &f); err != nil {
t.Error(err)
}
if len(f.Result) != 1 {
t.Errorf("expected 1 result got %d results", len(f.Result))
}
}
func DecodeUnknownMessage(buf []byte) (proto.Message, error) {
sdm := new(SelfDescribingMessage)
err := proto.Unmarshal(buf, sdm)
if err != nil {
return nil, err
}
msg := GetSDMMessageType(sdm)
err = proto.Unmarshal(sdm.GetData(), msg)
return msg, err
}
// Deserializes the data from possibly multiple packets,
// currently only for pb.RpbListKeysResp.
func (c *Client) mp_response(conn *net.TCPConn) (response [][]byte, err error) {
defer c.releaseConn(conn)
var (
partial *pb.RpbListKeysResp
msgcode byte
)
for {
// Read the response from Riak
msgbuf, err := c.read(conn, 5)
if err != nil {
return nil, err
}
// Check the length
if len(msgbuf) < 5 {
return nil, BadResponseLength
}
// Read the message length, read the rest of the message if necessary
msglen := int(msgbuf[0])<<24 + int(msgbuf[1])<<16 + int(msgbuf[2])<<8 + int(msgbuf[3])
pbmsg, err := c.read(conn, msglen-1)
if err != nil {
return nil, err
}
// Deserialize, by default the calling method should provide the expected RbpXXXResp
msgcode = msgbuf[4]
if msgcode == rpbListKeysResp {
partial = &pb.RpbListKeysResp{}
err = proto.Unmarshal(pbmsg, partial)
if err != nil {
return nil, err
}
response = append(response, partial.Keys...)
if partial.Done != nil {
break
}
} else if msgcode == rpbErrorResp {
errResp := &pb.RpbErrorResp{}
err = proto.Unmarshal(pbmsg, errResp)
if err == nil {
err = errors.New(string(errResp.Errmsg))
} else {
err = fmt.Errorf("Cannot deserialize error response from Riak - %v", err)
}
return nil, err
} else {
return nil, err
}
}
return
}
// ReloadIfModified reads all persistent policy data from disk if the file
// timestamp is more recent than the last time it was read.
func (g *DatalogGuard) ReloadIfModified() error {
if g.Key == nil {
return nil
}
file, err := os.Open(g.Config.GetSignedRulesPath())
if err != nil {
return err
}
defer file.Close()
// before parsing, check the timestamp
info, err := file.Stat()
if err != nil {
return err
}
if !info.ModTime().After(g.modTime) {
return nil
}
serialized, err := ioutil.ReadAll(file)
if err != nil {
return err
}
var sdb SignedDatalogRules
if err := proto.Unmarshal(serialized, &sdb); err != nil {
return err
}
if ok, err := g.Key.Verify(sdb.SerializedRules, DatalogRulesSigningContext, sdb.Signature); !ok {
if err != nil {
return err
}
return newError("datalog rule signature did not verify")
}
var db DatalogRules
if err := proto.Unmarshal(sdb.SerializedRules, &db); err != nil {
return err
}
// Only clear the rules set, since g.assert already skips datalog rules that
// are already present in the engine.
g.db.Rules = nil
g.modTime = info.ModTime()
for _, rule := range db.Rules {
r, err := auth.UnmarshalForm(rule)
if err != nil {
return err
}
err = g.assert(r)
if err != nil {
return err
}
}
return nil
}
func TestCorruptedCiphertext(t *testing.T) {
c, err := GenerateCrypter()
if err != nil {
t.Fatal(err.Error())
}
data := []byte("Test data to encrypt")
crypted, err := c.Encrypt(data)
if err != nil {
t.Fatal(err.Error())
}
var ed EncryptedData
if err := proto.Unmarshal(crypted, &ed); err != nil {
t.Fatal("Could not unmarshal the encrypted data")
}
// Read random data for the ciphertext.
if _, err := rand.Read(ed.Ciphertext); err != nil {
t.Fatal("Could not read random data into the ciphertext")
}
crypted2, err := proto.Marshal(&ed)
if err != nil {
t.Fatal("Could not marshal the corrupted ciphertext")
}
if _, err := c.Decrypt(crypted2); err == nil {
t.Fatal("Incorrectly succeeded at decrypting corrupted ciphertext")
}
// Corrupt each bit individually and make sure the test fails for any
// single bit flip. The range is over the first ciphertext, but this is
// identical to the range of the unmarshalled ciphertext in this loop.
for i := range ed.Ciphertext {
var ed2 EncryptedData
if err := proto.Unmarshal(crypted, &ed2); err != nil {
t.Fatal("Could not unmarshal the encrypted data a second time")
}
// Corrupt a single bit in the ciphertext.
ed2.Ciphertext[i] ^= ed2.Ciphertext[i]
crypted3, err := proto.Marshal(&ed2)
if err != nil {
t.Fatal("Could not marshal a second corrupted ciphertext")
}
if _, err := c.Decrypt(crypted3); err == nil {
t.Fatal("Incorrectly succeeded at decrypting a second corrupted ciphertext")
}
}
}
func ParseProto(id uint16, buf []byte, pb proto.Message) error {
switch id {
case share.S2C_RPC:
rpc := &s2c.Rpc{}
if err := proto.Unmarshal(buf, rpc); err != nil {
return err
}
return proto.Unmarshal(rpc.GetData(), pb)
}
return fmt.Errorf("unknown msg")
}
func (op *obcBatch) processMessage(ocMsg *pb.Message, senderHandle *pb.PeerID) events.Event {
if ocMsg.Type == pb.Message_CHAIN_TRANSACTION {
req := op.txToReq(ocMsg.Payload)
return op.submitToLeader(req)
}
if ocMsg.Type != pb.Message_CONSENSUS {
logger.Errorf("Unexpected message type: %s", ocMsg.Type)
return nil
}
batchMsg := &BatchMessage{}
err := proto.Unmarshal(ocMsg.Payload, batchMsg)
if err != nil {
logger.Errorf("Error unmarshaling message: %s", err)
return nil
}
if req := batchMsg.GetRequest(); req != nil {
if !op.deduplicator.IsNew(req) {
logger.Warningf("Replica %d ignoring request as it is too old", op.pbft.id)
return nil
}
op.logAddTxFromRequest(req)
op.reqStore.storeOutstanding(req)
if (op.pbft.primary(op.pbft.view) == op.pbft.id) && op.pbft.activeView {
return op.leaderProcReq(req)
}
op.startTimerIfOutstandingRequests()
return nil
} else if pbftMsg := batchMsg.GetPbftMessage(); pbftMsg != nil {
senderID, err := getValidatorID(senderHandle) // who sent this?
if err != nil {
panic("Cannot map sender's PeerID to a valid replica ID")
}
msg := &Message{}
err = proto.Unmarshal(pbftMsg, msg)
if err != nil {
logger.Errorf("Error unpacking payload from message: %s", err)
return nil
}
return pbftMessageEvent{
msg: msg,
sender: senderID,
}
}
logger.Errorf("Unknown request: %+v", batchMsg)
return nil
}
func (c *context) Call(service, method string, in, out appengine_internal.ProtoMessage, opts *appengine_internal.CallOptions) error {
req, err := proto.Marshal(in)
if err != nil {
return fmt.Errorf("error marshalling request: %v", err)
}
remReq := &pb.Request{
ServiceName: proto.String(service),
Method: proto.String(method),
Request: req,
// NOTE: RequestId is unused in the server.
}
req, err = proto.Marshal(remReq)
if err != nil {
return fmt.Errorf("proto.Marshal: %v", err)
}
// TODO: Respect opts.Timeout?
resp, err := c.client.Post(c.url, "application/octet-stream", bytes.NewReader(req))
if err != nil {
return fmt.Errorf("error sending request: %v", err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("bad response %d; body: %q", resp.StatusCode, body)
}
if err != nil {
return fmt.Errorf("failed reading response: %v", err)
}
remResp := &pb.Response{}
if err := proto.Unmarshal(body, remResp); err != nil {
return fmt.Errorf("error unmarshalling response: %v", err)
}
if ae := remResp.GetApplicationError(); ae != nil {
return &appengine_internal.APIError{
Code: ae.GetCode(),
Detail: ae.GetDetail(),
Service: service,
}
}
if remResp.Response == nil {
return fmt.Errorf("unexpected response: %s", proto.MarshalTextString(remResp))
}
return proto.Unmarshal(remResp.Response, out)
}
func authenticateDeliveryWithGroupSignature(account *Account, del *pond.Delivery) (*pond.Reply, bool) {
revPath := filepath.Join(account.RevocationPath(), fmt.Sprintf("%08x", *del.Generation))
revBytes, err := ioutil.ReadFile(revPath)
if err == nil {
var revocation pond.SignedRevocation
if err := proto.Unmarshal(revBytes, &revocation); err != nil {
log.Printf("Failed to parse revocation from file %s: %s", revPath, err)
return &pond.Reply{Status: pond.Reply_INTERNAL_ERROR.Enum()}, false
}
// maxRevocationBytes is the maximum number of bytes that we'll
// take up in extra revocations.
const maxRevocationBytes = 14000
revLength := len(revBytes)
var extraRevocations []*pond.SignedRevocation
for gen := *del.Generation + 1; revLength < maxRevocationBytes; gen++ {
revPath := filepath.Join(account.RevocationPath(), fmt.Sprintf("%08x", gen))
revBytes, err := ioutil.ReadFile(revPath)
if err != nil {
break
}
var revocation pond.SignedRevocation
if err := proto.Unmarshal(revBytes, &revocation); err != nil {
log.Printf("Failed to parse revocation from file %s: %s", revPath, err)
break
}
extraRevocations = append(extraRevocations, &revocation)
revLength += len(revBytes)
}
return &pond.Reply{Status: pond.Reply_GENERATION_REVOKED.Enum(), Revocation: &revocation, ExtraRevocations: extraRevocations}, false
}
sha := sha256.New()
sha.Write(del.Message)
digest := sha.Sum(nil)
sha.Reset()
group := account.Group()
if group == nil {
return &pond.Reply{Status: pond.Reply_INTERNAL_ERROR.Enum()}, false
}
if !group.Verify(digest, sha, del.GroupSignature) {
return &pond.Reply{Status: pond.Reply_DELIVERY_SIGNATURE_INVALID.Enum()}, false
}
return nil, true
}
