From c0deb87e9de6041a023c80cf50a7870ce563a852 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 24 Jan 2009 21:12:48 +0100 Subject: [PATCH] Make libfides quiet unless FIDES_DEBUG is defined to true. --- lib/fides.cc | 50 ++++++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/lib/fides.cc b/lib/fides.cc index e035e84..dab667e 100644 --- a/lib/fides.cc +++ b/lib/fides.cc @@ -33,6 +33,12 @@ #include "fides.h" +#ifndef FIDES_DEBUG +#define FIDES_DEBUG false +#endif + +#define debug if(FIDES_DEBUG) + using namespace std; // Global state @@ -295,7 +301,7 @@ fides::certificate *fides::certificate_from_string(const string &data) { // Fides main functions fides::fides(const string &dir): homedir(dir) { - cerr << "Fides initialising\n"; + debug cerr << "Fides initialising\n"; // Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides if(homedir.empty()) @@ -330,7 +336,7 @@ fides::fides(const string &dir): homedir(dir) { } vector files = dirlist(keydir); for(size_t i = 0; i < files.size(); ++i) { - cerr << "Loading key " << files[i] << '\n'; + debug cerr << "Loading key " << files[i] << '\n'; publickey *key = new publickey(); key->load(keydir + files[i]); @@ -341,10 +347,10 @@ fides::fides(const string &dir): homedir(dir) { files = dirlist(certdir); for(size_t i = 0; i < files.size(); ++i) { - cerr << "Loading certificate " << files[i] << '\n'; + debug cerr << "Loading certificate " << files[i] << '\n'; certificate *cert = certificate_load(certdir + files[i]); if(false && !cert->validate()) { - cerr << "Bad certificate!\n"; + cerr << "Bad certificate in database: " << cert->to_string() << '\n'; continue; } certs[hexdecode(files[i])] = cert; @@ -358,7 +364,7 @@ fides::fides(const string &dir): homedir(dir) { } fides::~fides() { - cerr << "Fides exitting\n"; + debug cerr << "Fides exitting\n"; for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) delete i->second; for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) @@ -445,7 +451,7 @@ void fides::import_all(istream &in) { if(!line.compare(0, 9, "-----END ")) { fides::publickey *key = new publickey(); key->from_string(pem); - cerr << "Imported key " << hexencode(key->fingerprint()) << '\n'; + debug cerr << "Imported key " << hexencode(key->fingerprint()) << '\n'; merge(key); is_pem = false; } else { @@ -455,7 +461,7 @@ void fides::import_all(istream &in) { } fides::certificate *cert = certificate_from_string(line); - cerr << "Importing certificate " << hexencode(cert->fingerprint()) << '\n'; + debug cerr << "Importing certificate " << hexencode(cert->fingerprint()) << '\n'; merge(cert); } } @@ -511,7 +517,7 @@ void fides::update_trust() { // loop over all keys whose certificates need to be checked for(i = tocheck.begin(); i != tocheck.end(); ++i) { - cerr << "Trust for key " << hexencode((*i)->fingerprint()) << " set to " << (*i)->trust << '\n'; + debug cerr << "Trust for key " << hexencode((*i)->fingerprint()) << " set to " << (*i)->trust << '\n'; // except if this key is not trusted @@ -535,7 +541,7 @@ void fides::update_trust() { // except for keys we already checked if(checked.find(other) != checked.end()) { - cerr << "Skipping trust certificate for already checked key: " << matches[j]->to_string() << '\n'; + debug cerr << "Skipping trust certificate for already checked key: " << matches[j]->to_string() << '\n'; continue; } @@ -556,7 +562,7 @@ void fides::update_trust() { void fides::merge(publickey *key) { if(keys.find(key->fingerprint()) != keys.end()) { - cerr << "Key already known\n"; + debug cerr << "Key already known\n"; return; } @@ -570,14 +576,14 @@ void fides::merge(certificate *cert) { // If we already know this certificate, drop it. if(certs.find(cert->fingerprint()) != certs.end()) { - cerr << "Certificate already known\n"; + debug cerr << "Certificate already known\n"; return; } // If the certificate does not validate, drop it. if(!cert->validate()) { // TODO: this should not happen, be wary of DoS attacks - cerr << "Certificate invalid\n"; + cerr << "Trying to merge invalid certificate: " << cert->to_string() << '\n'; return; } @@ -593,15 +599,15 @@ void fides::merge(certificate *cert) { others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { // TODO: this should not happen, be wary of DoS attacks - cerr << "Certificate has same timestamp as another timestamp!\n"; + debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older certificate!\n"; // save new cert first certificate_save(cert, certdir + hexencode(cert->fingerprint())); certs[cert->fingerprint()] = cert; @@ -622,15 +628,15 @@ void fides::merge(certificate *cert) { others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { // TODO: this should not happen, be wary of DoS attacks - cerr << "Certificate has same timestamp as another timestamp!\n"; + debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older certificate!\n"; // delete old one rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str()); certs.erase(others[0]->fingerprint()); @@ -646,15 +652,15 @@ void fides::merge(certificate *cert) { others = find_certificates(cert->signer, string("^") + cert->statement + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { // TODO: this should not happen, be wary of DoS attacks - cerr << "Certificate has same timestamp as another timestamp!\n"; + debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older certificate!\n"; // delete old one rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str()); certs.erase(others[0]->fingerprint()); @@ -664,7 +670,7 @@ void fides::merge(certificate *cert) { return; } - cerr << "Certificate is new\n"; + debug cerr << "Certificate is new\n"; certs[cert->fingerprint()] = cert; certificate_save(cert, certdir + hexencode(cert->fingerprint())); } -- 2.20.1