Generate for each role own key

Signed-off-by: Serhiy Stetskovych <patriotyk@gmail.com>
advancedtelematic · Dec 11, 2018 · e90f1e7 · e90f1e7
1 parent 409075a
commit e90f1e7
Show file tree

Hide file tree

Showing 11 changed files with 281 additions and 144 deletions.
diff --git a/src/aktualizr_repo/CMakeLists.txt b/src/aktualizr_repo/CMakeLists.txt
@@ -1,6 +1,6 @@
 
-set(AKTUALIZR_REPO_SRC repo.cc)
-set(AKTUALIZR_REPO_HDR repo.h)
+set(AKTUALIZR_REPO_SRC repo.cc director_repo.cc image_repo.cc uptane_repo.cc)
+set(AKTUALIZR_REPO_HDR repo.h director_repo.h image_repo.h uptane_repo.h)
 
 set(AKTUALIZR_REPO_LIBS
     aktualizr_static_lib

diff --git a/src/aktualizr_repo/director_repo.cc b/src/aktualizr_repo/director_repo.cc
@@ -0,0 +1,40 @@
+#include "director_repo.h"
+
+void DirectorRepo::addTarget(const std::string &target_name, const Json::Value &target, const std::string &hardware_id,
+                             const std::string &ecu_serial) {
+  const boost::filesystem::path current = path_ / "repo/director/targets.json";
+  const boost::filesystem::path staging = path_ / "repo/director/staging/targets.json";
+
+  Json::Value director_targets;
+  if (boost::filesystem::exists(staging)) {
+    director_targets = Utils::parseJSONFile(staging);
+  } else if (boost::filesystem::exists(current)) {
+    director_targets = Utils::parseJSONFile(current)["signed"];
+  } else {
+    throw std::runtime_error(std::string("targets.json not found at ") + staging.c_str() + " or " + current.c_str() +
+                             "!");
+  }
+  director_targets["targets"][target_name] = target;
+  director_targets["targets"][target_name]["custom"]["ecuIdentifiers"][ecu_serial]["hardwareId"] = hardware_id;
+  director_targets["version"] = (Utils::parseJSONFile(current)["signed"]["version"].asUInt()) + 1;
+  Utils::writeFile(staging, Utils::jsonToCanonicalStr(director_targets));
+}
+
+void DirectorRepo::signTargets() {
+  const boost::filesystem::path current = path_ / "repo/director/targets.json";
+  const boost::filesystem::path staging = path_ / "repo/director/staging/targets.json";
+  Json::Value targets_unsigned;
+
+  if (boost::filesystem::exists(staging)) {
+    targets_unsigned = Utils::parseJSONFile(staging);
+  } else if (boost::filesystem::exists(current)) {
+    targets_unsigned = Utils::parseJSONFile(current)["signed"];
+  } else {
+    throw std::runtime_error(std::string("targets.json not found at ") + staging.c_str() + " or " + current.c_str() +
+                             "!");
+  }
+
+  Utils::writeFile(path_ / "repo/director/targets.json",
+                   Utils::jsonToCanonicalStr(signTuf(keys_[Uptane::Role::Targets()], targets_unsigned)));
+  boost::filesystem::remove(path_ / "repo/director/staging/targets.json");
+}
diff --git a/src/aktualizr_repo/director_repo.h b/src/aktualizr_repo/director_repo.h
@@ -0,0 +1,15 @@
+#ifndef DIRECTOR_REPO_H_
+#define DIRECTOR_REPO_H_
+
+#include "repo.h"
+
+class DirectorRepo : public Repo {
+ public:
+  DirectorRepo(boost::filesystem::path path, const std::string &expires, std::string correlation_id)
+      : Repo(RepoType::Type::kDirector, std::move(path), expires, std::move(correlation_id)) {}
+  void addTarget(const std::string &target_name, const Json::Value &target, const std::string &hardware_id,
+                 const std::string &ecu_serial);
+  void signTargets();
+};
+
+#endif  // DIRECTOR_REPO_H_
diff --git a/src/aktualizr_repo/image_repo.cc b/src/aktualizr_repo/image_repo.cc
@@ -0,0 +1,47 @@
+#include "image_repo.h"
+
+void ImageRepo::addImage(const boost::filesystem::path &image_path) {
+  boost::filesystem::path repo_dir(path_ / "repo/image");
+
+  boost::filesystem::path targets_path = repo_dir / "targets";
+  boost::filesystem::create_directories(targets_path);
+  if (image_path != targets_path / image_path.filename()) {
+    boost::filesystem::copy_file(image_path, targets_path / image_path.filename(),
+                                 boost::filesystem::copy_option::overwrite_if_exists);
+  }
+  std::string image = Utils::readFile(image_path);
+
+  Json::Value targets = Utils::parseJSONFile(repo_dir / "targets.json")["signed"];
+  std::string target_name = image_path.filename().string();
+  targets["targets"][target_name]["length"] = Json::UInt64(image.size());
+  targets["targets"][target_name]["hashes"]["sha256"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha256digest(image)));
+  targets["targets"][target_name]["hashes"]["sha512"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha512digest(image)));
+  targets["version"] = (targets["version"].asUInt()) + 1;
+
+  std::string signed_targets = Utils::jsonToCanonicalStr(signTuf(keys_[Uptane::Role::Targets()], targets));
+  Utils::writeFile(repo_dir / "targets.json", signed_targets);
+
+  Json::Value snapshot = Utils::parseJSONFile(repo_dir / "snapshot.json")["signed"];
+  snapshot["version"] = (snapshot["version"].asUInt()) + 1;
+  snapshot["meta"]["targets.json"]["hashes"]["sha256"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha256digest(signed_targets)));
+  snapshot["meta"]["targets.json"]["hashes"]["sha512"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha512digest(signed_targets)));
+  snapshot["meta"]["targets.json"]["length"] = static_cast<Json::UInt>(signed_targets.length());
+  snapshot["meta"]["targets.json"]["version"] = targets["version"].asUInt();
+  std::string signed_snapshot = Utils::jsonToCanonicalStr(signTuf(keys_[Uptane::Role::Snapshot()], snapshot));
+  Utils::writeFile(repo_dir / "snapshot.json", signed_snapshot);
+
+  Json::Value timestamp = Utils::parseJSONFile(repo_dir / "timestamp.json")["signed"];
+  timestamp["version"] = (timestamp["version"].asUInt()) + 1;
+  timestamp["meta"]["snapshot.json"]["hashes"]["sha256"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha256digest(signed_snapshot)));
+  timestamp["meta"]["snapshot.json"]["hashes"]["sha512"] =
+      boost::algorithm::to_lower_copy(boost::algorithm::hex(Crypto::sha512digest(signed_snapshot)));
+  timestamp["meta"]["snapshot.json"]["length"] = static_cast<Json::UInt>(signed_snapshot.length());
+  timestamp["meta"]["snapshot.json"]["version"] = snapshot["version"].asUInt();
+  Utils::writeFile(repo_dir / "timestamp.json",
+                   Utils::jsonToCanonicalStr(signTuf(keys_[Uptane::Role::Timestamp()], timestamp)));
+}
diff --git a/src/aktualizr_repo/image_repo.h b/src/aktualizr_repo/image_repo.h
@@ -0,0 +1,13 @@
+#ifndef IMAGE_REPO_H_
+#define IMAGE_REPO_H_
+
+#include "repo.h"
+
+class ImageRepo : public Repo {
+ public:
+  ImageRepo(boost::filesystem::path path, const std::string &expires, std::string correlation_id)
+      : Repo(RepoType::Type::kImage, std::move(path), expires, std::move(correlation_id)) {}
+  void addImage(const boost::filesystem::path &image_path);
+};
+
+#endif  // IMAGE_REPO_H_
diff --git a/src/aktualizr_repo/main.cc b/src/aktualizr_repo/main.cc
@@ -3,7 +3,7 @@
 #include <string>
 
 #include "logging/logging.h"
-#include "repo.h"
+#include "uptane_repo.h"
 
 namespace po = boost::program_options;
 
@@ -49,7 +49,7 @@ int main(int argc, char **argv) {
       if (vm.count("correlationid") != 0) {
         correlation_id = vm["correlationid"].as<std::string>();
       }
-      Repo repo(vm["path"].as<boost::filesystem::path>(), expiration_time, correlation_id);
+      UptaneRepo repo(vm["path"].as<boost::filesystem::path>(), expiration_time, correlation_id);
       std::string command = vm["command"].as<std::string>();
       if (command == "generate") {
         std::string key_type_arg = vm["keytype"].as<std::string>();