Commit 8279bbfe authored by Stephane Glondu's avatar Stephane Glondu

Do no longer rely on Ocsipersist for decryption tokens

parent 010c6a65
......@@ -106,6 +106,15 @@ let set_partial_decryptions uuid pds =
write_file ~uuid "partial_decryptions.json"
[string_of_partial_decryptions pds]
let get_decryption_tokens uuid =
match%lwt read_file ~uuid "decryption_tokens.json" with
| Some [x] -> return @@ Some (decryption_tokens_of_string x)
| _ -> return_none
let set_decryption_tokens uuid pds =
write_file ~uuid "decryption_tokens.json"
[string_of_decryption_tokens pds]
let get_raw_election uuid =
match%lwt read_file ~uuid "election.json" with
| Some [x] -> return (Some x)
......
......@@ -42,6 +42,9 @@ val set_election_date : election_date -> uuid -> datetime -> unit Lwt.t
val get_partial_decryptions : uuid -> partial_decryptions Lwt.t
val set_partial_decryptions : uuid -> partial_decryptions -> unit Lwt.t
val get_decryption_tokens : uuid -> decryption_tokens option Lwt.t
val set_decryption_tokens : uuid -> decryption_tokens -> unit Lwt.t
val get_auth_config : uuid -> (string * (string * string list)) list Lwt.t
val get_raw_election : uuid -> string option Lwt.t
......
......@@ -83,6 +83,7 @@ type election_state =
]
type partial_decryptions = (int * string) list
type decryption_tokens = string list
(** {1 Types related to elections being prepared} *)
......
......@@ -42,9 +42,6 @@ module PString = String
open Eliom_service
open Eliom_registration
(* Table with tokens given to trustees (in threshold mode) to decrypt *)
let election_tokens_decrypt = Ocsipersist.open_table "site_tokens_decrypt"
module T = Web_templates
let raw_find_election uuid =
......@@ -224,20 +221,10 @@ let validate_election uuid se =
Web_persist.set_election_state uuid `Open >>
Web_persist.set_election_date `Validation uuid (now ())
let cleanup_table ?uuid_s table =
let table = Ocsipersist.open_table table in
match uuid_s with
| None ->
let%lwt indexes = Ocsipersist.fold_step (fun k _ accu ->
return (k :: accu)) table []
in
Lwt_list.iter_s (Ocsipersist.remove table) indexes
| Some u -> Ocsipersist.remove table u
let delete_sensitive_data uuid =
let uuid_s = raw_string_of_uuid uuid in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "state.json") in
let%lwt () = cleanup_table ~uuid_s "site_tokens_decrypt" in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "decryption_tokens.json") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "partial_decryptions.json") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "extended_records.jsons") in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "credential_mappings.jsons") in
......@@ -1228,7 +1215,6 @@ let () =
let () =
Any.register ~service:election_admin
(fun (uuid, ()) () ->
let uuid_s = raw_string_of_uuid uuid in
let%lwt w = find_election uuid in
let%lwt metadata = Web_persist.get_election_metadata uuid in
let%lwt site_user = Web_state.get_site_user () in
......@@ -1236,14 +1222,14 @@ let () =
| Some u when metadata.e_owner = Some u ->
let%lwt state = Web_persist.get_election_state uuid in
let get_tokens_decrypt () =
try%lwt
Ocsipersist.find election_tokens_decrypt uuid_s
with Not_found ->
match%lwt Web_persist.get_decryption_tokens uuid with
| Some x -> return x
| None ->
match metadata.e_trustees with
| None -> failwith "missing trustees in get_tokens_decrypt"
| Some ts ->
let%lwt ts = Lwt_list.map_s (fun _ -> generate_token ()) ts in
Ocsipersist.add election_tokens_decrypt uuid_s ts >>
Web_persist.set_decryption_tokens uuid ts >>
return ts
in
T.election_admin w metadata state get_tokens_decrypt () >>= Html5.send
......@@ -1548,14 +1534,14 @@ let () =
)
let find_trustee_id uuid token =
try%lwt
let%lwt tokens = Ocsipersist.find election_tokens_decrypt (raw_string_of_uuid uuid) in
match%lwt Web_persist.get_decryption_tokens uuid with
| None -> return (try int_of_string token with _ -> 0)
| Some tokens ->
let rec find i = function
| [] -> raise Not_found
| t :: ts -> if t = token then i else find (i+1) ts
in
return (find 1 tokens)
with Not_found -> return (try int_of_string token with _ -> 0)
let () =
Any.register ~service:election_tally_trustees
......@@ -1690,7 +1676,7 @@ let handle_election_tally_release (uuid, ()) () =
in
let%lwt () = Web_persist.set_election_state uuid `Tallied in
let%lwt () = Web_persist.set_election_date `Tally uuid (now ()) in
let%lwt () = Ocsipersist.remove election_tokens_decrypt uuid_s in
let%lwt () = cleanup_file (!spool_dir / uuid_s / "decryption_tokens.json") in
redir_preapply election_home (uuid, ()) ()
) else forbidden ()
)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment