overhaul msva perl implementation

[monkeysphere-validation-agent.git] / msva

#!/usr/bin/perl -wT

# Monkeysphere Validation Agent, Perl version
# Copyright © 2010 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

use warnings;
use strict;

{
  package MSVA;

  use parent qw(HTTP::Server::Simple::CGI);
  require Crypt::GPG;
  require Crypt::X509;

  use JSON;
  use POSIX qw(strftime);

  my %dispatch = (
                  '/' => { handler => \&noop,
                           methods => { 'GET' => 1 },
                         },
                  '/reviewcert' => { handler => \&reviewcert,
                                     methods => { 'POST' => 1 },
                                   },
                  '/extracerts' => { handler => \&extracerts,
                                     methods => { 'POST' => 1 },
                                   },
                 );

  my %loglevels = (
                   'silent' => 1,
                   'quiet' => 2,
                   'fatal' => 3,
                   'error' => 4,
                   'info' => 5,
                   'verbose' => 6,
                   'debug' => 7,
                   'debug1' => 7,
                   'debug2' => 8,
                   'debug3' => 9,
                  );

  sub msvalog {
#    my $self = shift;
    my $msglevel = shift;

    my $level = $loglevels{lc($ENV{MSVA_LOG_LEVEL})};
    $level = $loglevels{info} if (! defined $level);

    if ($loglevels{lc($msglevel)} <= $level) {
      printf STDERR @_;
    }
  };

  sub new {
    my $class = shift;
    # start the server on port 8901
    my $self = $class->SUPER::new(8901);

    $self->{_gpg} = new Crypt::GPG;

    bless ($self, $class);
    return $self;
  }

  sub noop {
    my $self = shift;
    my $cgi = shift;
    return '200 OK', { available => JSON::true,
                       protoversion => 1,
                       server => "MSVA-Perl 0.1" };
  }

  sub handle_request {
    my $self = shift;
    my $cgi  = shift;

    # FIXME: check SO_PEERCRED -- if this was a TCP socket, Linux
    # might not be able to support SO_PEERCRED (even on the loopback),
    # though apparently some kernels (Solaris?) are able to.

    # another option in Linux would be to parse the contents of
    # /proc/net/tcp to find the uid of the peer process based on that
    # information.

    my $path = $cgi->path_info();
    my $handler = $dispatch{$path};

    if (ref($handler) eq "HASH") {
      if (! exists $handler->{methods}->{$cgi->request_method()}) {
        printf("HTTP/1.0 405 Method not allowed\r\nAllow: %s\r\nDate: %s\r\n",
               join(', ', keys(%{$handler->{methods}})),
               strftime("%a, %d %b %Y %H:%M:%S %z", localtime(time())));
      } elsif (ref($handler->{handler}) ne "CODE") {
        printf("HTTP/1.0 500 Server Error\r\nDate: %s\r\n",
               strftime("%a, %d %b %Y %H:%M:%S %z", localtime(time())));
      } else {
        my $data = {};
        my $ctype = $cgi->content_type();
        msvalog('info', "Got %s %s (Content-Type: %s)\n", $cgi->request_method(), $path, defined $ctype ? $ctype : '**none supplied**');
        if (defined $ctype) {
          my @ctypes = split(/; */, $ctype);
          $ctype = shift @ctypes;
          if ($ctype eq 'application/json') {
            $data = from_json($cgi->param('POSTDATA'));
          }
        };

        my ($status, $object) = $handler->{handler}($data);
        my $ret = to_json($object);
        msvalog('info', "returning: %s\n", $ret);
        printf("HTTP/1.0 %s\r\nDate: %s\r\nContent-Type: application/json\r\n\r\n%s",
               $status,
               strftime("%a, %d %b %Y %H:%M:%S %z", localtime(time())),
               $ret);
      }
    } else {
      printf("HTTP/1.0 404 Not Found -- not handled by Monkeysphere validation agent\r\nContent-Type: text/plain\r\nDate: %s\r\n\r\nHTTP/1.0 404 Not Found -- the path:\r\n   %s\r\nis not handled by the MonkeySphere validation agent.\r\nPlease try one of the following paths instead:\r\n\r\n%s\r\n",
             strftime("%a, %d %b %Y %H:%M:%S %z", localtime(time())),
             $path, ' * '.join("\r\n * ", keys %dispatch) );
    }
  }

  sub reviewcert {
    my $data  = shift;
    return if !ref $data;

    my $uid = $data->{context}.'://'.$data->{uid};

    my $cert = Crypt::X509->new(cert => join('', map(chr, @{$data->{pkc}->{data}})));

    msvalog('info', "cert subject: %s\n", $cert->subject_cn());
    msvalog('info', "cert issuer: %s\n", $cert->issuer_cn());

    my $ret = { valid => JSON::true,
                message => sprintf('tried to validate "%s" through the OpenPGP Web of Trust', $uid) };
    my $status = '200 match found, authentication details to follow';

    return $status, $ret;
  }

  sub extracerts {
    my $data = shift;

    return '500 not yet implemented', { };
  }

  1;
}

my $server = MSVA->new();
$server->run();