Commit 8279bbfe authored by Stephane Glondu's avatar Stephane Glondu

Do no longer rely on Ocsipersist for decryption tokens

parent 010c6a65
...@@ -106,6 +106,15 @@ let set_partial_decryptions uuid pds = ...@@ -106,6 +106,15 @@ let set_partial_decryptions uuid pds =
write_file ~uuid "partial_decryptions.json" write_file ~uuid "partial_decryptions.json"
[string_of_partial_decryptions pds] [string_of_partial_decryptions pds]
let get_decryption_tokens uuid =
match%lwt read_file ~uuid "decryption_tokens.json" with
| Some [x] -> return @@ Some (decryption_tokens_of_string x)
| _ -> return_none
let set_decryption_tokens uuid pds =
write_file ~uuid "decryption_tokens.json"
[string_of_decryption_tokens pds]
let get_raw_election uuid = let get_raw_election uuid =
match%lwt read_file ~uuid "election.json" with match%lwt read_file ~uuid "election.json" with
| Some [x] -> return (Some x) | Some [x] -> return (Some x)
......
...@@ -42,6 +42,9 @@ val set_election_date : election_date -> uuid -> datetime -> unit Lwt.t ...@@ -42,6 +42,9 @@ val set_election_date : election_date -> uuid -> datetime -> unit Lwt.t
val get_partial_decryptions : uuid -> partial_decryptions Lwt.t val get_partial_decryptions : uuid -> partial_decryptions Lwt.t
val set_partial_decryptions : uuid -> partial_decryptions -> unit Lwt.t val set_partial_decryptions : uuid -> partial_decryptions -> unit Lwt.t
val get_decryption_tokens : uuid -> decryption_tokens option Lwt.t
val set_decryption_tokens : uuid -> decryption_tokens -> unit Lwt.t
val get_auth_config : uuid -> (string * (string * string list)) list Lwt.t val get_auth_config : uuid -> (string * (string * string list)) list Lwt.t
val get_raw_election : uuid -> string option Lwt.t val get_raw_election : uuid -> string option Lwt.t
......
...@@ -83,6 +83,7 @@ type election_state = ...@@ -83,6 +83,7 @@ type election_state =
] ]
type partial_decryptions = (int * string) list type partial_decryptions = (int * string) list
type decryption_tokens = string list
(** {1 Types related to elections being prepared} *) (** {1 Types related to elections being prepared} *)
......
...@@ -42,9 +42,6 @@ module PString = String ...@@ -42,9 +42,6 @@ module PString = String
open Eliom_service open Eliom_service
open Eliom_registration open Eliom_registration
(* Table with tokens given to trustees (in threshold mode) to decrypt *)
let election_tokens_decrypt = Ocsipersist.open_table "site_tokens_decrypt"
module T = Web_templates module T = Web_templates
let raw_find_election uuid = let raw_find_election uuid =
...@@ -224,20 +221,10 @@ let validate_election uuid se = ...@@ -224,20 +221,10 @@ let validate_election uuid se =
Web_persist.set_election_state uuid `Open >> Web_persist.set_election_state uuid `Open >>
Web_persist.set_election_date `Validation uuid (now ()) Web_persist.set_election_date `Validation uuid (now ())
let cleanup_table ?uuid_s table =
let table = Ocsipersist.open_table table in
match uuid_s with
| None ->
let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
return (k :: accu)) table []
in
Lwt_list.iter_s (Ocsipersist.remove table) indexes
| Some u -> Ocsipersist.remove table u
let delete_sensitive_data uuid = let delete_sensitive_data uuid =
let uuid_s = raw_string_of_uuid uuid in let uuid_s = raw_string_of_uuid uuid in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "state.json") in let%lwt () = cleanup_file (!spool_dir / uuid_s / "state.json") in
let%lwt () = cleanup_table ~uuid_s "site_tokens_decrypt" in let%lwt () = cleanup_file (!spool_dir / uuid_s / "decryption_tokens.json") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "partial_decryptions.json") in let%lwt () = cleanup_file (!spool_dir / uuid_s / "partial_decryptions.json") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "extended_records.jsons") in let%lwt () = cleanup_file (!spool_dir / uuid_s / "extended_records.jsons") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "credential_mappings.jsons") in let%lwt () = cleanup_file (!spool_dir / uuid_s / "credential_mappings.jsons") in
...@@ -1228,7 +1215,6 @@ let () = ...@@ -1228,7 +1215,6 @@ let () =
let () = let () =
Any.register ~service:election_admin Any.register ~service:election_admin
(fun (uuid, ()) () -> (fun (uuid, ()) () ->
let uuid_s = raw_string_of_uuid uuid in
let%lwt w = find_election uuid in let%lwt w = find_election uuid in
let%lwt metadata = Web_persist.get_election_metadata uuid in let%lwt metadata = Web_persist.get_election_metadata uuid in
let%lwt site_user = Web_state.get_site_user () in let%lwt site_user = Web_state.get_site_user () in
...@@ -1236,14 +1222,14 @@ let () = ...@@ -1236,14 +1222,14 @@ let () =
| Some u when metadata.e_owner = Some u -> | Some u when metadata.e_owner = Some u ->
let%lwt state = Web_persist.get_election_state uuid in let%lwt state = Web_persist.get_election_state uuid in
let get_tokens_decrypt () = let get_tokens_decrypt () =
try%lwt match%lwt Web_persist.get_decryption_tokens uuid with
Ocsipersist.find election_tokens_decrypt uuid_s | Some x -> return x
with Not_found -> | None ->
match metadata.e_trustees with match metadata.e_trustees with
| None -> failwith "missing trustees in get_tokens_decrypt" | None -> failwith "missing trustees in get_tokens_decrypt"
| Some ts -> | Some ts ->
let%lwt ts = Lwt_list.map_s (fun _ -> generate_token ()) ts in let%lwt ts = Lwt_list.map_s (fun _ -> generate_token ()) ts in
Ocsipersist.add election_tokens_decrypt uuid_s ts >> Web_persist.set_decryption_tokens uuid ts >>
return ts return ts
in in
T.election_admin w metadata state get_tokens_decrypt () >>= Html5.send T.election_admin w metadata state get_tokens_decrypt () >>= Html5.send
...@@ -1548,14 +1534,14 @@ let () = ...@@ -1548,14 +1534,14 @@ let () =
) )
let find_trustee_id uuid token = let find_trustee_id uuid token =
try%lwt match%lwt Web_persist.get_decryption_tokens uuid with
let%lwt tokens = Ocsipersist.find election_tokens_decrypt (raw_string_of_uuid uuid) in | None -> return (try int_of_string token with _ -> 0)
| Some tokens ->
let rec find i = function let rec find i = function
| [] -> raise Not_found | [] -> raise Not_found
| t :: ts -> if t = token then i else find (i+1) ts | t :: ts -> if t = token then i else find (i+1) ts
in in
return (find 1 tokens) return (find 1 tokens)
with Not_found -> return (try int_of_string token with _ -> 0)
let () = let () =
Any.register ~service:election_tally_trustees Any.register ~service:election_tally_trustees
...@@ -1690,7 +1676,7 @@ let handle_election_tally_release (uuid, ()) () = ...@@ -1690,7 +1676,7 @@ let handle_election_tally_release (uuid, ()) () =
in in
let%lwt () = Web_persist.set_election_state uuid `Tallied in let%lwt () = Web_persist.set_election_state uuid `Tallied in
let%lwt () = Web_persist.set_election_date `Tally uuid (now ()) in let%lwt () = Web_persist.set_election_date `Tally uuid (now ()) in
let%lwt () = Ocsipersist.remove election_tokens_decrypt uuid_s in let%lwt () = cleanup_file (!spool_dir / uuid_s / "decryption_tokens.json") in
redir_preapply election_home (uuid, ()) () redir_preapply election_home (uuid, ()) ()
) else forbidden () ) else forbidden ()
) )
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment