get rough implementation of go signing server working

2010-11-14 21:51:52 -08:00 · 2010-11-14 21:51:52 -08:00 · 0050e553ec
parent a37301b73d
commit 0050e553ec
3 changed files with 75 additions and 5 deletions
--- a/server/go/sigserver/camsigd.go
+++ b/server/go/sigserver/camsigd.go
@ -12,6 +12,8 @@ import (
 	"os"
 )

+var gpgPath *string = flag.String("gpg-path", "/usr/bin/gpg", "Path to the gpg binary.")
+
 var flagRing *string = flag.String("keyring", "./test/test-keyring.gpg",
 	"GnuPG public keyring file to use.")

--- a/server/go/sigserver/client.pl
+++ b/server/go/sigserver/client.pl
@ -41,7 +41,7 @@ my $req = POST("$server/camli/sig/sign",
 my $ua = LWP::UserAgent->new;
 my $res = $ua->request($req);
 unless ($res->is_success) {
-    die "Failure: " . $res->status_line;
+    die "Failure: " . $res->status_line . ": " . $res->content;
 }

 print $res->content;
--- a/server/go/sigserver/sign.go
+++ b/server/go/sigserver/sign.go
@ -1,8 +1,15 @@
 package main

 import (
+	"exec"
+	"fmt"
 	"http"
 	"http_util"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+	"unicode"
 )

 func handleSign(conn http.ResponseWriter, req *http.Request) {
@ -15,13 +22,74 @@ func handleSign(conn http.ResponseWriter, req *http.Request) {

 	json := req.FormValue("json")
 	if json == "" {
-		http_util.BadRequestError(conn, "No json parameter")
+		http_util.BadRequestError(conn, "Missing json parameter.")
 		return
 	}

-	keyId := req.FormValue("keyid")
-	if keyId == "" {
-		http_util.BadRequestError(conn, "No keyid parameter")
+	var keyId int
+	numScanned, err := fmt.Sscanf(req.FormValue("keyid"), "%x", &keyId)
+	if numScanned != 1 {
+		http_util.BadRequestError(conn, "Couldn't parse keyid parameter.")
 		return
 	}
+
+	trimmedJson := strings.TrimRightFunc(json, unicode.IsSpace)
+	if len(trimmedJson) == 0 || trimmedJson[len(trimmedJson)-1] != '}' {
+		http_util.BadRequestError(conn, "json parameter lacks trailing '}'.")
+		return
+	}
+	trimmedJson = trimmedJson[0:len(trimmedJson)-2]
+
+	cmd, err := exec.Run(
+		*gpgPath,
+		[]string{
+			"--no-default-keyring",
+			"--keyring", *flagRing,
+			"--secret-keyring", *flagSecretRing,
+			"--local-user", fmt.Sprintf("%x", keyId),
+			"--detach-sign",
+			"--armor",
+			"-"},
+		os.Environ(),
+		".",
+		exec.Pipe,  // stdin
+		exec.Pipe,  // stdout
+		exec.Pipe)  // stderr
+	if err != nil {
+		http_util.BadRequestError(conn, "Failed to run gpg.")
+		return
+	}
+
+	_, err = cmd.Stdin.WriteString(trimmedJson)
+	if err != nil {
+		http_util.BadRequestError(conn, "Failed to write to gpg.")
+		return
+	}
+	cmd.Stdin.Close()
+
+	outputBytes, err := ioutil.ReadAll(cmd.Stdout)
+	if err != nil {
+		http_util.BadRequestError(conn, "Failed to read from gpg.")
+		return
+	}
+	output := string(outputBytes)
+
+	errOutput, err := ioutil.ReadAll(cmd.Stderr)
+	if len(errOutput) > 0 {
+		log.Printf("Got error: %q", string(errOutput))
+	}
+
+	cmd.Close()
+
+	index1 := strings.Index(output, "\n\n")
+	index2 := strings.Index(output, "\n-----")
+	if (index1 == -1 || index2 == -1) {
+		http_util.BadRequestError(conn, "Failed to parse signature from gpg.")
+		return
+	}
+	inner := output[index1+2:index2]
+	signature := strings.Replace(inner, "\n", "", -1)
+
+	signedJson := fmt.Sprintf("%s,\"camliSig\":\"%s\"}\n", trimmedJson, signature)
+	conn.Write([]byte(signedJson))
 }