1
//! Parsing implementation for networkstatus documents.
2
//!
3
//! In Tor, a networkstatus documents describes a complete view of the
4
//! relays in the network: how many there are, how to contact them,
5
//! and so forth.
6
//!
7
//! A networkstatus document can either be a "votes" -- an authority's
8
//! view of the network, used as input to the voting process -- or a
9
//! "consensus" -- a combined view of the network based on multiple
10
//! authorities' votes, and signed by multiple authorities.
11
//!
12
//! A consensus document can itself come in two different flavors: a
13
//! "ns"-flavored consensus has references to router descriptors, and
14
//! a "microdesc"-flavored consensus has references to
15
//! microdescriptors.
16
//!
17
//! To keep an up-to-date view of the network, clients download
18
//! microdescriptor-flavored consensuses periodically, and then
19
//! download whatever microdescriptors the consensus lists that the
20
//! client doesn't already have.
21
//!
22
//! For full information about the network status format, see
23
//! [dir-spec.txt](https://spec.torproject.org/dir-spec).
24
//!
25
//! # Limitations
26
//!
27
//! NOTE: The consensus format has changes time, using a
28
//! "consensus-method" mechanism.  This module is does not yet handle all
29
//! all historical consensus-methods.
30
//!
31
//! NOTE: This module _does_ parse some fields that are not in current
32
//! use, like relay nicknames, and the "published" times on
33
//! microdescriptors. We should probably decide whether we actually
34
//! want to do this.
35
//!
36
//! TODO: This module doesn't implement vote parsing at all yet.
37
//!
38
//! TODO: This module doesn't implement ns-flavored consensuses.
39
//!
40
//! TODO: More testing is needed!
41
//!
42
//! TODO: There should be accessor functions for most of the fields here.
43
//! As with the other tor-netdoc types, I'm deferring those till I know what
44
//! they should be.
45

            
46
mod rs;
47

            
48
#[cfg(feature = "build_docs")]
49
mod build;
50

            
51
use crate::doc::authcert::{AuthCert, AuthCertKeyIds};
52
use crate::parse::keyword::Keyword;
53
use crate::parse::parser::{Section, SectionRules, SectionRulesBuilder};
54
use crate::parse::tokenize::{Item, ItemResult, NetDocReader};
55
use crate::types::misc::*;
56
use crate::util::private::Sealed;
57
use crate::util::PeekableIterator;
58
use crate::{Error, NetdocErrorKind as EK, Pos, Result};
59
use std::collections::{HashMap, HashSet};
60
use std::{net, result, time};
61
use tor_error::internal;
62
use tor_protover::Protocols;
63

            
64
use bitflags::bitflags;
65
use digest::Digest;
66
use once_cell::sync::Lazy;
67
use tor_checkable::{timed::TimerangeBound, ExternallySigned};
68
use tor_llcrypto as ll;
69
use tor_llcrypto::pk::rsa::RsaIdentity;
70

            
71
use serde::{Deserialize, Deserializer};
72

            
73
#[cfg(feature = "build_docs")]
74
pub use build::ConsensusBuilder;
75
#[cfg(feature = "build_docs")]
76
pub use rs::build::RouterStatusBuilder;
77

            
78
pub use rs::MdConsensusRouterStatus;
79
#[cfg(feature = "ns_consensus")]
80
pub use rs::NsConsensusRouterStatus;
81
use void::ResultVoidExt as _;
82

            
83
/// The lifetime of a networkstatus document.
84
///
85
/// In a consensus, this type describes when the consensus may safely
86
/// be used.  In a vote, this type describes the proposed lifetime for a
87
/// consensus.
88
#[derive(Clone, Debug)]
89
pub struct Lifetime {
90
    /// Time at which the document becomes valid
91
    valid_after: time::SystemTime,
92
    /// Time after which there is expected to be a better version
93
    /// of this consensus
94
    fresh_until: time::SystemTime,
95
    /// Time after which this consensus is expired.
96
    ///
97
    /// (In practice, Tor clients will keep using documents for a while
98
    /// after this expiration time, if no better one can be found.)
99
    valid_until: time::SystemTime,
100
}
101

            
102
impl Lifetime {
103
    /// Construct a new Lifetime.
104
10309
    pub fn new(
105
10309
        valid_after: time::SystemTime,
106
10309
        fresh_until: time::SystemTime,
107
10309
        valid_until: time::SystemTime,
108
10309
    ) -> Result<Self> {
109
10309
        if valid_after < fresh_until && fresh_until < valid_until {
110
10309
            Ok(Lifetime {
111
10309
                valid_after,
112
10309
                fresh_until,
113
10309
                valid_until,
114
10309
            })
115
        } else {
116
            Err(EK::InvalidLifetime.err())
117
        }
118
10309
    }
119
    /// Return time when this consensus first becomes valid.
120
    ///
121
    /// (You might see a consensus a little while before this time,
122
    /// since voting tries to finish up before the.)
123
79571
    pub fn valid_after(&self) -> time::SystemTime {
124
79571
        self.valid_after
125
79571
    }
126
    /// Return time when this consensus is no longer fresh.
127
    ///
128
    /// You can use the consensus after this time, but there is (or is
129
    /// supposed to be) a better one by this point.
130
39856
    pub fn fresh_until(&self) -> time::SystemTime {
131
39856
        self.fresh_until
132
39856
    }
133
    /// Return the time when this consensus is no longer valid.
134
    ///
135
    /// You should try to get a better consensus after this time,
136
    /// though it's okay to keep using this one if no more recent one
137
    /// can be found.
138
5640
    pub fn valid_until(&self) -> time::SystemTime {
139
5640
        self.valid_until
140
5640
    }
141
    /// Return true if this consensus is officially valid at the provided time.
142
470
    pub fn valid_at(&self, when: time::SystemTime) -> bool {
143
470
        self.valid_after <= when && when <= self.valid_until
144
470
    }
145

            
146
    /// Return the voting period implied by this lifetime.
147
    ///
148
    /// (The "voting period" is the amount of time in between when a consensus first
149
    /// becomes valid, and when the next consensus is expected to become valid)
150
39292
    pub fn voting_period(&self) -> time::Duration {
151
39292
        let valid_after = self.valid_after();
152
39292
        let fresh_until = self.fresh_until();
153
39292
        fresh_until
154
39292
            .duration_since(valid_after)
155
39292
            .expect("Mis-formed lifetime")
156
39292
    }
157
}
158

            
159
/// A set of named network parameters.
160
///
161
/// These are used to describe current settings for the Tor network,
162
/// current weighting parameters for path selection, and so on.  They're
163
/// encoded with a space-separated K=V format.
164
///
165
/// A `NetParams<i32>` is part of the validated directory manager configuration,
166
/// where it is built (in the builder-pattern sense) from a transparent HashMap.
167
#[derive(Debug, Clone, Default, Eq, PartialEq)]
168
pub struct NetParams<T> {
169
    /// Map from keys to values.
170
    params: HashMap<String, T>,
171
}
172

            
173
impl<T> NetParams<T> {
174
    /// Create a new empty list of NetParams.
175
    #[allow(unused)]
176
14954
    pub fn new() -> Self {
177
14954
        NetParams {
178
14954
            params: HashMap::new(),
179
14954
        }
180
14954
    }
181
    /// Retrieve a given network parameter, if it is present.
182
142775
    pub fn get<A: AsRef<str>>(&self, v: A) -> Option<&T> {
183
142775
        self.params.get(v.as_ref())
184
142775
    }
185
    /// Return an iterator over all key value pairs in an arbitrary order.
186
15728
    pub fn iter(&self) -> impl Iterator<Item = (&String, &T)> {
187
15728
        self.params.iter()
188
15728
    }
189
    /// Set or replace the value of a network parameter.
190
7630
    pub fn set(&mut self, k: String, v: T) {
191
7630
        self.params.insert(k, v);
192
7630
    }
193
}
194

            
195
impl<K: Into<String>, T> FromIterator<(K, T)> for NetParams<T> {
196
5728
    fn from_iter<I: IntoIterator<Item = (K, T)>>(i: I) -> Self {
197
5728
        NetParams {
198
5745
            params: i.into_iter().map(|(k, v)| (k.into(), v)).collect(),
199
5728
        }
200
5728
    }
201
}
202

            
203
impl<T> std::iter::Extend<(String, T)> for NetParams<T> {
204
1046
    fn extend<I: IntoIterator<Item = (String, T)>>(&mut self, iter: I) {
205
1046
        self.params.extend(iter);
206
1046
    }
207
}
208

            
209
impl<'de, T> Deserialize<'de> for NetParams<T>
210
where
211
    T: Deserialize<'de>,
212
{
213
    fn deserialize<D>(deserializer: D) -> std::result::Result<Self, D::Error>
214
    where
215
        D: Deserializer<'de>,
216
    {
217
        let params = HashMap::deserialize(deserializer)?;
218
        Ok(NetParams { params })
219
    }
220
}
221

            
222
/// A list of subprotocol versions that implementors should/must provide.
223
///
224
/// Each consensus has two of these: one for relays, and one for clients.
225
#[allow(dead_code)]
226
#[derive(Debug, Clone, Default)]
227
pub struct ProtoStatus {
228
    /// Set of protocols that are recommended; if we're missing a protocol
229
    /// in this list we should warn the user.
230
    recommended: Protocols,
231
    /// Set of protocols that are required; if we're missing a protocol
232
    /// in this list we should refuse to start.
233
    required: Protocols,
234
}
235

            
236
/// A recognized 'flavor' of consensus document.
237
#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]
238
#[non_exhaustive]
239
pub enum ConsensusFlavor {
240
    /// A "microdesc"-flavored consensus.  This is the one that
241
    /// clients and relays use today.
242
    Microdesc,
243
    /// A "networkstatus"-flavored consensus.  It's used for
244
    /// historical and network-health purposes.  Instead of listing
245
    /// microdescriptor digests, it lists digests of full relay
246
    /// descriptors.
247
    Ns,
248
}
249

            
250
impl ConsensusFlavor {
251
    /// Return the name of this consensus flavor.
252
1269
    pub fn name(&self) -> &'static str {
253
1269
        match self {
254
            ConsensusFlavor::Ns => "ns",
255
1269
            ConsensusFlavor::Microdesc => "microdesc",
256
        }
257
1269
    }
258
    /// Try to find the flavor whose name is `name`.
259
    ///
260
    /// For historical reasons, an unnamed flavor indicates an "Ns"
261
    /// document.
262
343
    pub fn from_opt_name(name: Option<&str>) -> Result<Self> {
263
343
        match name {
264
341
            Some("microdesc") => Ok(ConsensusFlavor::Microdesc),
265
2
            Some("ns") | None => Ok(ConsensusFlavor::Ns),
266
            Some(other) => {
267
                Err(EK::BadDocumentType.with_msg(format!("unrecognized flavor {:?}", other)))
268
            }
269
        }
270
343
    }
271
}
272

            
273
/// The signature of a single directory authority on a networkstatus document.
274
#[allow(dead_code)]
275
#[cfg_attr(
276
    feature = "dangerous-expose-struct-fields",
277
    visible::StructFields(pub),
278
    non_exhaustive
279
)]
280
#[derive(Debug, Clone)]
281
pub struct Signature {
282
    /// The name of the digest algorithm used to make the signature.
283
    ///
284
    /// Currently sha1 and sh256 are recognized.  Here we only support
285
    /// sha256.
286
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
287
    digestname: String,
288
    /// Fingerprints of the keys for the authority that made
289
    /// this signature.
290
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
291
    key_ids: AuthCertKeyIds,
292
    /// The signature itself.
293
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
294
    signature: Vec<u8>,
295
}
296

            
297
/// A collection of signatures that can be checked on a networkstatus document
298
#[allow(dead_code)]
299
#[cfg_attr(
300
    feature = "dangerous-expose-struct-fields",
301
    visible::StructFields(pub),
302
    non_exhaustive
303
)]
304
#[derive(Debug, Clone)]
305
pub struct SignatureGroup {
306
    /// The sha256 of the document itself
307
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
308
    sha256: Option<[u8; 32]>,
309
    /// The sha1 of the document itself
310
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
311
    sha1: Option<[u8; 20]>,
312
    /// The signatures listed on the document.
313
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
314
    signatures: Vec<Signature>,
315
}
316

            
317
/// A shared random value produced by the directory authorities.
318
#[derive(
319
    Debug, Clone, Copy, Eq, PartialEq, derive_more::From, derive_more::Into, derive_more::AsRef,
320
)]
321
// (This doesn't need to use CtByteArray; we don't really need to compare these.)
322
pub struct SharedRandVal([u8; 32]);
323

            
324
/// A shared-random value produced by the directory authorities,
325
/// along with meta-information about that value.
326
#[allow(dead_code)]
327
#[cfg_attr(
328
    feature = "dangerous-expose-struct-fields",
329
    visible::StructFields(pub),
330
    visibility::make(pub),
331
    non_exhaustive
332
)]
333
#[derive(Debug, Clone)]
334
pub struct SharedRandStatus {
335
    /// How many authorities revealed shares that contributed to this value.
336
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
337
    n_reveals: u8,
338
    /// The current random value.
339
    ///
340
    /// The properties of the secure shared-random system guarantee
341
    /// that this value isn't predictable before it first becomes
342
    /// live, and that a hostile party could not have forced it to
343
    /// have any more than a small number of possible random values.
344
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
345
    value: SharedRandVal,
346

            
347
    /// The time when this SharedRandVal becomes (or became) the latest.
348
    ///
349
    /// (This is added per proposal 342, assuming that gets accepted.)
350
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
351
    timestamp: Option<time::SystemTime>,
352
}
353

            
354
/// Parts of the networkstatus header that are present in every networkstatus.
355
///
356
/// NOTE: this type is separate from the header parts that are only in
357
/// votes or only in consensuses, even though we don't implement votes yet.
358
#[allow(dead_code)]
359
#[cfg_attr(
360
    feature = "dangerous-expose-struct-fields",
361
    visible::StructFields(pub),
362
    visibility::make(pub),
363
    non_exhaustive
364
)]
365
#[derive(Debug, Clone)]
366
struct CommonHeader {
367
    /// What kind of consensus document is this?  Absent in votes and
368
    /// in ns-flavored consensuses.
369
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
370
    flavor: ConsensusFlavor,
371
    /// Over what time is this consensus valid?  (For votes, this is
372
    /// the time over which the voted-upon consensus should be valid.)
373
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
374
    lifetime: Lifetime,
375
    /// List of recommended Tor client versions.
376
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
377
    client_versions: Vec<String>,
378
    /// List of recommended Tor relay versions.
379
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
380
    relay_versions: Vec<String>,
381
    /// Lists of recommended and required subprotocol versions for clients
382
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
383
    client_protos: ProtoStatus,
384
    /// Lists of recommended and required subprotocol versions for relays
385
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
386
    relay_protos: ProtoStatus,
387
    /// Declared parameters for tunable settings about how to the
388
    /// network should operator. Some of these adjust timeouts and
389
    /// whatnot; some features things on and off.
390
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
391
    params: NetParams<i32>,
392
    /// How long in seconds should voters wait for votes and
393
    /// signatures (respectively) to propagate?
394
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
395
    voting_delay: Option<(u32, u32)>,
396
}
397

            
398
/// The header of a consensus networkstatus.
399
#[allow(dead_code)]
400
#[cfg_attr(
401
    feature = "dangerous-expose-struct-fields",
402
    visible::StructFields(pub),
403
    visibility::make(pub),
404
    non_exhaustive
405
)]
406
#[derive(Debug, Clone)]
407
struct ConsensusHeader {
408
    /// Header fields common to votes and consensuses
409
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
410
    hdr: CommonHeader,
411
    /// What "method" was used to produce this consensus?  (A
412
    /// consensus method is a version number used by authorities to
413
    /// upgrade the consensus algorithm.)
414
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
415
    consensus_method: u32,
416
    /// Global shared-random value for the previous shared-random period.
417
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
418
    shared_rand_prev: Option<SharedRandStatus>,
419
    /// Global shared-random value for the current shared-random period.
420
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
421
    shared_rand_cur: Option<SharedRandStatus>,
422
}
423

            
424
/// Description of an authority's identity and address.
425
///
426
/// (Corresponds to a dir-source line.)
427
#[allow(dead_code)]
428
#[cfg_attr(
429
    feature = "dangerous-expose-struct-fields",
430
    visible::StructFields(pub),
431
    visibility::make(pub),
432
    non_exhaustive
433
)]
434
#[derive(Debug, Clone)]
435
struct DirSource {
436
    /// human-readable nickname for this authority.
437
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
438
    nickname: String,
439
    /// Fingerprint for the _authority_ identity key of this
440
    /// authority.
441
    ///
442
    /// This is the same key as the one that signs the authority's
443
    /// certificates.
444
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
445
    identity: RsaIdentity,
446
    /// IP address for the authority
447
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
448
    ip: net::IpAddr,
449
    /// HTTP directory port for this authority
450
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
451
    dir_port: u16,
452
    /// OR port for this authority.
453
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
454
    or_port: u16,
455
}
456

            
457
bitflags! {
458
    /// A set of recognized directory flags on a single relay.
459
    ///
460
    /// These flags come from a consensus directory document, and are
461
    /// used to describe what the authorities believe about the relay.
462
    /// If the document contained any flags that we _didn't_ recognize,
463
    /// they are not listed in this type.
464
    ///
465
    /// The bit values used to represent the flags have no meaning;
466
    /// they may change between releases of this crate.  Relying on their
467
    /// values may void your semver guarantees.
468
    #[derive(Clone, Copy, Debug)]
469
    pub struct RelayFlags: u16 {
470
        /// Is this a directory authority?
471
        const AUTHORITY = (1<<0);
472
        /// Is this relay marked as a bad exit?
473
        ///
474
        /// Bad exits can be used as intermediate relays, but not to
475
        /// deliver traffic.
476
        const BAD_EXIT = (1<<1);
477
        /// Is this relay marked as an exit for weighting purposes?
478
        const EXIT = (1<<2);
479
        /// Is this relay considered "fast" above a certain threshold?
480
        const FAST = (1<<3);
481
        /// Is this relay suitable for use as a guard relay?
482
        ///
483
        /// Clients choose their their initial relays from among the set
484
        /// of Guard relays.
485
        const GUARD = (1<<4);
486
        /// Does this relay participate on the onion service directory
487
        /// ring?
488
        const HSDIR = (1<<5);
489
        /// Set if this relay is considered "middle only", not suitable to run
490
        /// as an exit or guard relay.
491
        ///
492
        /// Note that this flag is only used by authorities as part of
493
        /// the voting process; clients do not and should not act
494
        /// based on whether it is set.
495
        const MIDDLE_ONLY = (1<<6);
496
        /// If set, there is no consensus for the ed25519 key for this relay.
497
        const NO_ED_CONSENSUS = (1<<7);
498
        /// Is this relay considered "stable" enough for long-lived circuits?
499
        const STABLE = (1<<8);
500
        /// Set if the authorities are requesting a fresh descriptor for
501
        /// this relay.
502
        const STALE_DESC = (1<<9);
503
        /// Set if this relay is currently running.
504
        ///
505
        /// This flag can appear in votes, but in consensuses, every relay
506
        /// is assumed to be running.
507
        const RUNNING = (1<<10);
508
        /// Set if this relay is considered "valid" -- allowed to be on
509
        /// the network.
510
        ///
511
        /// This flag can appear in votes, but in consensuses, every relay
512
        /// is assumed to be valid.
513
        const VALID = (1<<11);
514
        /// Set if this relay supports a currently recognized version of the
515
        /// directory protocol.
516
        const V2DIR = (1<<12);
517
    }
518
}
519

            
520
/// Recognized weight fields on a single relay in a consensus
521
#[non_exhaustive]
522
#[derive(Debug, Clone, Copy)]
523
pub enum RelayWeight {
524
    /// An unmeasured weight for a relay.
525
    Unmeasured(u32),
526
    /// An measured weight for a relay.
527
    Measured(u32),
528
}
529

            
530
impl RelayWeight {
531
    /// Return true if this weight is the result of a successful measurement
532
19327
    pub fn is_measured(&self) -> bool {
533
19327
        matches!(self, RelayWeight::Measured(_))
534
19327
    }
535
    /// Return true if this weight is nonzero
536
18011
    pub fn is_nonzero(&self) -> bool {
537
18011
        !matches!(self, RelayWeight::Unmeasured(0) | RelayWeight::Measured(0))
538
18011
    }
539
}
540

            
541
/// All information about a single authority, as represented in a consensus
542
#[allow(dead_code)]
543
#[cfg_attr(
544
    feature = "dangerous-expose-struct-fields",
545
    visible::StructFields(pub),
546
    visibility::make(pub),
547
    non_exhaustive
548
)]
549
#[derive(Debug, Clone)]
550
struct ConsensusVoterInfo {
551
    /// Contents of the dirsource line about an authority
552
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
553
    dir_source: DirSource,
554
    /// Human-readable contact information about the authority
555
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
556
    contact: String,
557
    /// Digest of the vote that the authority cast to contribute to
558
    /// this consensus.
559
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
560
    vote_digest: Vec<u8>,
561
}
562

            
563
/// The signed footer of a consensus netstatus.
564
#[allow(dead_code)]
565
#[cfg_attr(
566
    feature = "dangerous-expose-struct-fields",
567
    visible::StructFields(pub),
568
    visibility::make(pub),
569
    non_exhaustive
570
)]
571
#[derive(Debug, Clone)]
572
struct Footer {
573
    /// Weights to be applied to certain classes of relays when choosing
574
    /// for different roles.
575
    ///
576
    /// For example, we want to avoid choosing exits for non-exit
577
    /// roles when overall the proportion of exits is small.
578
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
579
    weights: NetParams<i32>,
580
}
581

            
582
/// Trait to parse a single relay as listed in a consensus document.
583
///
584
/// TODO(nickm): I'd rather not have this trait be public, but I haven't yet
585
/// figured out how to make it private.
586
pub trait ParseRouterStatus: Sized + Sealed {
587
    /// Parse this object from a `Section` object containing its
588
    /// elements.
589
    fn from_section(sec: &Section<'_, NetstatusKwd>) -> Result<Self>;
590

            
591
    /// Return the networkstatus consensus flavor in which this
592
    /// routerstatus appears.
593
    fn flavor() -> ConsensusFlavor;
594
}
595

            
596
/// Represents a single relay as listed in a consensus document.
597
///
598
/// Not implementable outside of the `tor-netdoc` crate.
599
pub trait RouterStatus: Sealed {
600
    /// A digest of the document that's identified by this RouterStatus.
601
    type DocumentDigest: Clone;
602

            
603
    /// Return RSA identity for the relay described by this RouterStatus
604
    fn rsa_identity(&self) -> &RsaIdentity;
605

            
606
    /// Return the digest of the document identified by this
607
    /// routerstatus.
608
    fn doc_digest(&self) -> &Self::DocumentDigest;
609
}
610

            
611
/// A single microdescriptor consensus netstatus
612
///
613
/// TODO: This should possibly turn into a parameterized type, to represent
614
/// votes and ns consensuses.
615
#[allow(dead_code)]
616
#[cfg_attr(
617
    feature = "dangerous-expose-struct-fields",
618
    visible::StructFields(pub),
619
    non_exhaustive
620
)]
621
#[derive(Debug, Clone)]
622
pub struct Consensus<RS> {
623
    /// Part of the header shared by all consensus types.
624
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
625
    header: ConsensusHeader,
626
    /// List of voters whose votes contributed to this consensus.
627
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
628
    voters: Vec<ConsensusVoterInfo>,
629
    /// A list of routerstatus entries for the relays on the network,
630
    /// with one entry per relay.
631
    ///
632
    /// These are currently ordered by the router's RSA identity, but this is not
633
    /// to be relied on, since we may want to even abolish RSA at some point!
634
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
635
    relays: Vec<RS>,
636
    /// Footer for the consensus object.
637
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
638
    footer: Footer,
639
}
640

            
641
/// A consensus document that lists relays along with their
642
/// microdescriptor documents.
643
pub type MdConsensus = Consensus<MdConsensusRouterStatus>;
644

            
645
/// An MdConsensus that has been parsed and checked for timeliness,
646
/// but not for signatures.
647
pub type UnvalidatedMdConsensus = UnvalidatedConsensus<MdConsensusRouterStatus>;
648

            
649
/// An MdConsensus that has been parsed but not checked for signatures
650
/// and timeliness.
651
pub type UncheckedMdConsensus = UncheckedConsensus<MdConsensusRouterStatus>;
652

            
653
#[cfg(feature = "ns_consensus")]
654
/// A consensus document that lists relays along with their
655
/// router descriptor documents.
656
pub type NsConsensus = Consensus<NsConsensusRouterStatus>;
657

            
658
#[cfg(feature = "ns_consensus")]
659
/// An NsConsensus that has been parsed and checked for timeliness,
660
/// but not for signatures.
661
pub type UnvalidatedNsConsensus = UnvalidatedConsensus<NsConsensusRouterStatus>;
662

            
663
#[cfg(feature = "ns_consensus")]
664
/// An NsConsensus that has been parsed but not checked for signatures
665
/// and timeliness.
666
pub type UncheckedNsConsensus = UncheckedConsensus<NsConsensusRouterStatus>;
667

            
668
impl<RS> Consensus<RS> {
669
    /// Return the Lifetime for this consensus.
670
60455
    pub fn lifetime(&self) -> &Lifetime {
671
60455
        &self.header.hdr.lifetime
672
60455
    }
673

            
674
    /// Return a slice of all the routerstatus entries in this consensus.
675
35298481
    pub fn relays(&self) -> &[RS] {
676
35298481
        &self.relays[..]
677
35298481
    }
678

            
679
    /// Return a mapping from keywords to integers representing how
680
    /// to weight different kinds of relays in different path positions.
681
7510
    pub fn bandwidth_weights(&self) -> &NetParams<i32> {
682
7510
        &self.footer.weights
683
7510
    }
684

            
685
    /// Return the map of network parameters that this consensus advertises.
686
7512
    pub fn params(&self) -> &NetParams<i32> {
687
7512
        &self.header.hdr.params
688
7512
    }
689

            
690
    /// Return the latest shared random value, if the consensus
691
    /// contains one.
692
29854
    pub fn shared_rand_cur(&self) -> Option<&SharedRandStatus> {
693
29854
        self.header.shared_rand_cur.as_ref()
694
29854
    }
695

            
696
    /// Return the previous shared random value, if the consensus
697
    /// contains one.
698
29854
    pub fn shared_rand_prev(&self) -> Option<&SharedRandStatus> {
699
29854
        self.header.shared_rand_prev.as_ref()
700
29854
    }
701

            
702
    /// Return a [`ProtoStatus`] that lists the network's current requirements and
703
    /// recommendations for the list of protocols that every relay must implement.  
704
135
    pub fn relay_protocol_status(&self) -> &ProtoStatus {
705
135
        &self.header.hdr.relay_protos
706
135
    }
707

            
708
    /// Return a [`ProtoStatus`] that lists the network's current requirements and
709
    /// recommendations for the list of protocols that every client must implement.
710
    pub fn client_protocol_status(&self) -> &ProtoStatus {
711
        &self.header.hdr.client_protos
712
    }
713
}
714

            
715
decl_keyword! {
716
    /// Keywords that can be used in votes and consensuses.
717
    // TODO: This is public because otherwise we can't use it in the
718
    // ParseRouterStatus crate.  But I'd rather find a way to make it
719
    // private.
720
    #[non_exhaustive]
721
    #[allow(missing_docs)]
722
    pub NetstatusKwd {
723
        // Header
724
        "network-status-version" => NETWORK_STATUS_VERSION,
725
        "vote-status" => VOTE_STATUS,
726
        "consensus-methods" => CONSENSUS_METHODS,
727
        "consensus-method" => CONSENSUS_METHOD,
728
        "published" => PUBLISHED,
729
        "valid-after" => VALID_AFTER,
730
        "fresh-until" => FRESH_UNTIL,
731
        "valid-until" => VALID_UNTIL,
732
        "voting-delay" => VOTING_DELAY,
733
        "client-versions" => CLIENT_VERSIONS,
734
        "server-versions" => SERVER_VERSIONS,
735
        "known-flags" => KNOWN_FLAGS,
736
        "flag-thresholds" => FLAG_THRESHOLDS,
737
        "recommended-client-protocols" => RECOMMENDED_CLIENT_PROTOCOLS,
738
        "required-client-protocols" => REQUIRED_CLIENT_PROTOCOLS,
739
        "recommended-relay-protocols" => RECOMMENDED_RELAY_PROTOCOLS,
740
        "required-relay-protocols" => REQUIRED_RELAY_PROTOCOLS,
741
        "params" => PARAMS,
742
        "bandwidth-file-headers" => BANDWIDTH_FILE_HEADERS,
743
        "bandwidth-file-digest" => BANDWIDTH_FILE_DIGEST,
744
        // "package" is now ignored.
745

            
746
        // header in consensus, voter section in vote?
747
        "shared-rand-previous-value" => SHARED_RAND_PREVIOUS_VALUE,
748
        "shared-rand-current-value" => SHARED_RAND_CURRENT_VALUE,
749

            
750
        // Voter section (both)
751
        "dir-source" => DIR_SOURCE,
752
        "contact" => CONTACT,
753

            
754
        // voter section (vote, but not consensus)
755
        "legacy-dir-key" => LEGACY_DIR_KEY,
756
        "shared-rand-participate" => SHARED_RAND_PARTICIPATE,
757
        "shared-rand-commit" => SHARED_RAND_COMMIT,
758

            
759
        // voter section (consensus, but not vote)
760
        "vote-digest" => VOTE_DIGEST,
761

            
762
        // voter cert beginning (but only the beginning)
763
        "dir-key-certificate-version" => DIR_KEY_CERTIFICATE_VERSION,
764

            
765
        // routerstatus
766
        "r" => RS_R,
767
        "a" => RS_A,
768
        "s" => RS_S,
769
        "v" => RS_V,
770
        "pr" => RS_PR,
771
        "w" => RS_W,
772
        "p" => RS_P,
773
        "m" => RS_M,
774
        "id" => RS_ID,
775

            
776
        // footer
777
        "directory-footer" => DIRECTORY_FOOTER,
778
        "bandwidth-weights" => BANDWIDTH_WEIGHTS,
779
        "directory-signature" => DIRECTORY_SIGNATURE,
780
    }
781
}
782

            
783
/// Shared parts of rules for all kinds of netstatus headers
784
49
static NS_HEADER_RULES_COMMON_: Lazy<SectionRulesBuilder<NetstatusKwd>> = Lazy::new(|| {
785
    use NetstatusKwd::*;
786
49
    let mut rules = SectionRules::builder();
787
49
    rules.add(NETWORK_STATUS_VERSION.rule().required().args(1..=2));
788
49
    rules.add(VOTE_STATUS.rule().required().args(1..));
789
49
    rules.add(VALID_AFTER.rule().required());
790
49
    rules.add(FRESH_UNTIL.rule().required());
791
49
    rules.add(VALID_UNTIL.rule().required());
792
49
    rules.add(VOTING_DELAY.rule().args(2..));
793
49
    rules.add(CLIENT_VERSIONS.rule());
794
49
    rules.add(SERVER_VERSIONS.rule());
795
49
    rules.add(KNOWN_FLAGS.rule().required());
796
49
    rules.add(RECOMMENDED_CLIENT_PROTOCOLS.rule().args(1..));
797
49
    rules.add(RECOMMENDED_RELAY_PROTOCOLS.rule().args(1..));
798
49
    rules.add(REQUIRED_CLIENT_PROTOCOLS.rule().args(1..));
799
49
    rules.add(REQUIRED_RELAY_PROTOCOLS.rule().args(1..));
800
49
    rules.add(PARAMS.rule());
801
49
    rules
802
49
});
803
/// Rules for parsing the header of a consensus.
804
49
static NS_HEADER_RULES_CONSENSUS: Lazy<SectionRules<NetstatusKwd>> = Lazy::new(|| {
805
    use NetstatusKwd::*;
806
49
    let mut rules = NS_HEADER_RULES_COMMON_.clone();
807
49
    rules.add(CONSENSUS_METHOD.rule().args(1..=1));
808
49
    rules.add(SHARED_RAND_PREVIOUS_VALUE.rule().args(2..));
809
49
    rules.add(SHARED_RAND_CURRENT_VALUE.rule().args(2..));
810
49
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
811
49
    rules.build()
812
49
});
813
/*
814
/// Rules for parsing the header of a vote.
815
static NS_HEADER_RULES_VOTE: SectionRules<NetstatusKwd> = {
816
    use NetstatusKwd::*;
817
    let mut rules = NS_HEADER_RULES_COMMON_.clone();
818
    rules.add(CONSENSUS_METHODS.rule().args(1..));
819
    rules.add(FLAG_THRESHOLDS.rule());
820
    rules.add(BANDWIDTH_FILE_HEADERS.rule());
821
    rules.add(BANDWIDTH_FILE_DIGEST.rule().args(1..));
822
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
823
    rules
824
};
825
/// Rules for parsing a single voter's information in a vote.
826
static NS_VOTERINFO_RULES_VOTE: SectionRules<NetstatusKwd> = {
827
    use NetstatusKwd::*;
828
    let mut rules = SectionRules::new();
829
    rules.add(DIR_SOURCE.rule().required().args(6..));
830
    rules.add(CONTACT.rule().required());
831
    rules.add(LEGACY_DIR_KEY.rule().args(1..));
832
    rules.add(SHARED_RAND_PARTICIPATE.rule().no_args());
833
    rules.add(SHARED_RAND_COMMIT.rule().may_repeat().args(4..));
834
    rules.add(SHARED_RAND_PREVIOUS_VALUE.rule().args(2..));
835
    rules.add(SHARED_RAND_CURRENT_VALUE.rule().args(2..));
836
    // then comes an entire cert: When we implement vote parsing,
837
    // we should use the authcert code for handling that.
838
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
839
    rules
840
};
841
 */
842
/// Rules for parsing a single voter's information in a consensus
843
49
static NS_VOTERINFO_RULES_CONSENSUS: Lazy<SectionRules<NetstatusKwd>> = Lazy::new(|| {
844
    use NetstatusKwd::*;
845
49
    let mut rules = SectionRules::builder();
846
49
    rules.add(DIR_SOURCE.rule().required().args(6..));
847
49
    rules.add(CONTACT.rule().required());
848
49
    rules.add(VOTE_DIGEST.rule().required());
849
49
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
850
49
    rules.build()
851
49
});
852
/// Shared rules for parsing a single routerstatus
853
49
static NS_ROUTERSTATUS_RULES_COMMON_: Lazy<SectionRulesBuilder<NetstatusKwd>> = Lazy::new(|| {
854
    use NetstatusKwd::*;
855
49
    let mut rules = SectionRules::builder();
856
49
    rules.add(RS_A.rule().may_repeat().args(1..));
857
49
    rules.add(RS_S.rule().required());
858
49
    rules.add(RS_V.rule());
859
49
    rules.add(RS_PR.rule().required());
860
49
    rules.add(RS_W.rule());
861
49
    rules.add(RS_P.rule().args(2..));
862
49
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
863
49
    rules
864
49
});
865

            
866
/// Rules for parsing a single routerstatus in an NS consensus
867
2
static NS_ROUTERSTATUS_RULES_NSCON: Lazy<SectionRules<NetstatusKwd>> = Lazy::new(|| {
868
    use NetstatusKwd::*;
869
2
    let mut rules = NS_ROUTERSTATUS_RULES_COMMON_.clone();
870
2
    rules.add(RS_R.rule().required().args(8..));
871
2
    rules.build()
872
2
});
873

            
874
/*
875
/// Rules for parsing a single routerstatus in a vote
876
static NS_ROUTERSTATUS_RULES_VOTE: SectionRules<NetstatusKwd> = {
877
    use NetstatusKwd::*;
878
        let mut rules = NS_ROUTERSTATUS_RULES_COMMON_.clone();
879
        rules.add(RS_R.rule().required().args(8..));
880
        rules.add(RS_M.rule().may_repeat().args(2..));
881
        rules.add(RS_ID.rule().may_repeat().args(2..)); // may-repeat?
882
        rules
883
    };
884
*/
885
/// Rules for parsing a single routerstatus in a microdesc consensus
886
49
static NS_ROUTERSTATUS_RULES_MDCON: Lazy<SectionRules<NetstatusKwd>> = Lazy::new(|| {
887
    use NetstatusKwd::*;
888
49
    let mut rules = NS_ROUTERSTATUS_RULES_COMMON_.clone();
889
49
    rules.add(RS_R.rule().required().args(6..));
890
49
    rules.add(RS_M.rule().required().args(1..));
891
49
    rules.build()
892
49
});
893
/// Rules for parsing consensus fields from a footer.
894
49
static NS_FOOTER_RULES: Lazy<SectionRules<NetstatusKwd>> = Lazy::new(|| {
895
    use NetstatusKwd::*;
896
49
    let mut rules = SectionRules::builder();
897
49
    rules.add(DIRECTORY_FOOTER.rule().required().no_args());
898
49
    // consensus only
899
49
    rules.add(BANDWIDTH_WEIGHTS.rule());
900
49
    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());
901
49
    rules.build()
902
49
});
903

            
904
impl ProtoStatus {
905
    /// Construct a ProtoStatus from two chosen keywords in a section.
906
686
    fn from_section(
907
686
        sec: &Section<'_, NetstatusKwd>,
908
686
        recommend_token: NetstatusKwd,
909
686
        required_token: NetstatusKwd,
910
686
    ) -> Result<ProtoStatus> {
911
        /// Helper: extract a Protocols entry from an item's arguments.
912
1372
        fn parse(t: Option<&Item<'_, NetstatusKwd>>) -> Result<Protocols> {
913
1372
            if let Some(item) = t {
914
1372
                item.args_as_str()
915
1372
                    .parse::<Protocols>()
916
1372
                    .map_err(|e| EK::BadArgument.at_pos(item.pos()).with_source(e))
917
            } else {
918
                Ok(Protocols::new())
919
            }
920
1372
        }
921

            
922
686
        let recommended = parse(sec.get(recommend_token))?;
923
686
        let required = parse(sec.get(required_token))?;
924
686
        Ok(ProtoStatus {
925
686
            recommended,
926
686
            required,
927
686
        })
928
686
    }
929

            
930
    /// Return the protocols that are listed as "required" in this `ProtoStatus`.
931
    ///
932
    /// Implementations may assume that relays on the network implement all the
933
    /// protocols in the relays' required-protocols list.  Implementations should
934
    /// refuse to start if they do not implement all the protocols on their own
935
    /// (client or relay) required-protocols list.
936
141
    pub fn required_protocols(&self) -> &Protocols {
937
141
        &self.required
938
141
    }
939

            
940
    /// Return the protocols that are listed as "recommended" in this `ProtoStatus`.
941
    ///
942
    /// Implementations should warn if they do not implement all the protocols
943
    /// on their own (client or relay) recommended-protocols list.
944
    pub fn recommended_protocols(&self) -> &Protocols {
945
        &self.recommended
946
    }
947
}
948

            
949
impl<T> std::str::FromStr for NetParams<T>
950
where
951
    T: std::str::FromStr,
952
    T::Err: std::error::Error,
953
{
954
    type Err = Error;
955
12316
    fn from_str(s: &str) -> Result<Self> {
956
        /// Helper: parse a single K=V pair.
957
14446
        fn parse_pair<U>(p: &str) -> Result<(String, U)>
958
14446
        where
959
14446
            U: std::str::FromStr,
960
14446
            U::Err: std::error::Error,
961
14446
        {
962
14446
            let parts: Vec<_> = p.splitn(2, '=').collect();
963
14446
            if parts.len() != 2 {
964
                return Err(EK::BadArgument
965
                    .at_pos(Pos::at(p))
966
                    .with_msg("Missing = in key=value list"));
967
14446
            }
968
14446
            let num = parts[1].parse::<U>().map_err(|e| {
969
8
                EK::BadArgument
970
8
                    .at_pos(Pos::at(parts[1]))
971
8
                    .with_msg(e.to_string())
972
14446
            })?;
973
14438
            Ok((parts[0].to_string(), num))
974
14446
        }
975

            
976
12316
        let params = s
977
12316
            .split(' ')
978
23531
            .filter(|p| !p.is_empty())
979
12316
            .map(parse_pair)
980
12316
            .collect::<Result<HashMap<_, _>>>()?;
981
12308
        Ok(NetParams { params })
982
12316
    }
983
}
984

            
985
impl CommonHeader {
986
    /// Extract the CommonHeader members from a single header section.
987
347
    fn from_section(sec: &Section<'_, NetstatusKwd>) -> Result<CommonHeader> {
988
        use NetstatusKwd::*;
989

            
990
        {
991
            // this unwrap is safe because if there is not at least one
992
            // token in the section, the section is unparsable.
993
            #[allow(clippy::unwrap_used)]
994
347
            let first = sec.first_item().unwrap();
995
347
            if first.kwd() != NETWORK_STATUS_VERSION {
996
2
                return Err(EK::UnexpectedToken
997
2
                    .with_msg(first.kwd().to_str())
998
2
                    .at_pos(first.pos()));
999
345
            }
        }
345
        let ver_item = sec.required(NETWORK_STATUS_VERSION)?;
345
        let version: u32 = ver_item.parse_arg(0)?;
345
        if version != 3 {
2
            return Err(EK::BadDocumentVersion.with_msg(version.to_string()));
343
        }
343
        let flavor = ConsensusFlavor::from_opt_name(ver_item.arg(1))?;
343
        let valid_after = sec
343
            .required(VALID_AFTER)?
343
            .args_as_str()
343
            .parse::<Iso8601TimeSp>()?
343
            .into();
343
        let fresh_until = sec
343
            .required(FRESH_UNTIL)?
343
            .args_as_str()
343
            .parse::<Iso8601TimeSp>()?
343
            .into();
343
        let valid_until = sec
343
            .required(VALID_UNTIL)?
343
            .args_as_str()
343
            .parse::<Iso8601TimeSp>()?
343
            .into();
343
        let lifetime = Lifetime::new(valid_after, fresh_until, valid_until)?;
343
        let client_versions = sec
343
            .maybe(CLIENT_VERSIONS)
343
            .args_as_str()
343
            .unwrap_or("")
343
            .split(',')
343
            .map(str::to_string)
343
            .collect();
343
        let relay_versions = sec
343
            .maybe(SERVER_VERSIONS)
343
            .args_as_str()
343
            .unwrap_or("")
343
            .split(',')
343
            .map(str::to_string)
343
            .collect();
343
        let client_protos = ProtoStatus::from_section(
343
            sec,
343
            RECOMMENDED_CLIENT_PROTOCOLS,
343
            REQUIRED_CLIENT_PROTOCOLS,
343
        )?;
343
        let relay_protos =
343
            ProtoStatus::from_section(sec, RECOMMENDED_RELAY_PROTOCOLS, REQUIRED_RELAY_PROTOCOLS)?;
343
        let params = sec.maybe(PARAMS).args_as_str().unwrap_or("").parse()?;
343
        let voting_delay = if let Some(tok) = sec.get(VOTING_DELAY) {
343
            let n1 = tok.parse_arg(0)?;
343
            let n2 = tok.parse_arg(1)?;
343
            Some((n1, n2))
        } else {
            None
        };
343
        Ok(CommonHeader {
343
            flavor,
343
            lifetime,
343
            client_versions,
343
            relay_versions,
343
            client_protos,
343
            relay_protos,
343
            params,
343
            voting_delay,
343
        })
347
    }
}
impl SharedRandStatus {
    /// Parse a current or previous shared rand value from a given
    /// SharedRandPreviousValue or SharedRandCurrentValue.
10
    fn from_item(item: &Item<'_, NetstatusKwd>) -> Result<Self> {
10
        match item.kwd() {
8
            NetstatusKwd::SHARED_RAND_PREVIOUS_VALUE | NetstatusKwd::SHARED_RAND_CURRENT_VALUE => {}
            _ => {
2
                return Err(Error::from(internal!(
2
                    "wrong keyword {:?} on shared-random value",
2
                    item.kwd()
2
                ))
2
                .at_pos(item.pos()))
            }
        }
8
        let n_reveals: u8 = item.parse_arg(0)?;
8
        let val: B64 = item.parse_arg(1)?;
8
        let value = SharedRandVal(val.into_array()?);
        // Added in proposal 342
8
        let timestamp = item
8
            .parse_optional_arg::<Iso8601TimeNoSp>(2)?
8
            .map(Into::into);
8
        Ok(SharedRandStatus {
8
            n_reveals,
8
            value,
8
            timestamp,
8
        })
10
    }
    /// Return the actual shared random value.
752
    pub fn value(&self) -> &SharedRandVal {
752
        &self.value
752
    }
    /// Return the timestamp (if any) associated with this `SharedRandValue`.
1410
    pub fn timestamp(&self) -> Option<std::time::SystemTime> {
1410
        self.timestamp
1410
    }
}
impl ConsensusHeader {
    /// Parse the ConsensusHeader members from a provided section.
347
    fn from_section(sec: &Section<'_, NetstatusKwd>) -> Result<ConsensusHeader> {
        use NetstatusKwd::*;
347
        let status: &str = sec.required(VOTE_STATUS)?.arg(0).unwrap_or("");
347
        if status != "consensus" {
            return Err(EK::BadDocumentType.err());
347
        }
        // We're ignoring KNOWN_FLAGS in the consensus.
347
        let hdr = CommonHeader::from_section(sec)?;
343
        let consensus_method: u32 = sec.required(CONSENSUS_METHOD)?.parse_arg(0)?;
343
        let shared_rand_prev = sec
343
            .get(SHARED_RAND_PREVIOUS_VALUE)
343
            .map(SharedRandStatus::from_item)
343
            .transpose()?;
343
        let shared_rand_cur = sec
343
            .get(SHARED_RAND_CURRENT_VALUE)
343
            .map(SharedRandStatus::from_item)
343
            .transpose()?;
343
        Ok(ConsensusHeader {
343
            hdr,
343
            consensus_method,
343
            shared_rand_prev,
343
            shared_rand_cur,
343
        })
347
    }
}
impl DirSource {
    /// Parse a "dir-source" item
1029
    fn from_item(item: &Item<'_, NetstatusKwd>) -> Result<Self> {
1029
        if item.kwd() != NetstatusKwd::DIR_SOURCE {
            return Err(
                Error::from(internal!("Bad keyword {:?} on dir-source", item.kwd()))
                    .at_pos(item.pos()),
            );
1029
        }
1029
        let nickname = item.required_arg(0)?.to_string();
1029
        let identity = item.parse_arg::<Fingerprint>(1)?.into();
1029
        let ip = item.parse_arg(3)?;
1029
        let dir_port = item.parse_arg(4)?;
1029
        let or_port = item.parse_arg(5)?;
1029
        Ok(DirSource {
1029
            nickname,
1029
            identity,
1029
            ip,
1029
            dir_port,
1029
            or_port,
1029
        })
1029
    }
}
impl ConsensusVoterInfo {
    /// Parse a single ConsensusVoterInfo from a voter info section.
1029
    fn from_section(sec: &Section<'_, NetstatusKwd>) -> Result<ConsensusVoterInfo> {
        use NetstatusKwd::*;
        // this unwrap should be safe because if there is not at least one
        // token in the section, the section is unparsable.
        #[allow(clippy::unwrap_used)]
1029
        let first = sec.first_item().unwrap();
1029
        if first.kwd() != DIR_SOURCE {
            return Err(Error::from(internal!(
                "Wrong keyword {:?} at start of voter info",
                first.kwd()
            ))
            .at_pos(first.pos()));
1029
        }
1029
        let dir_source = DirSource::from_item(sec.required(DIR_SOURCE)?)?;
1029
        let contact = sec.required(CONTACT)?.args_as_str().to_string();
1029
        let vote_digest = sec.required(VOTE_DIGEST)?.parse_arg::<B16>(0)?.into();
1029

            
1029
        Ok(ConsensusVoterInfo {
1029
            dir_source,
1029
            contact,
1029
            vote_digest,
1029
        })
1029
    }
}
impl std::str::FromStr for RelayFlags {
    type Err = void::Void;
15729
    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
15729
        Ok(match s {
15729
            "Authority" => RelayFlags::AUTHORITY,
14710
            "BadExit" => RelayFlags::BAD_EXIT,
14710
            "Exit" => RelayFlags::EXIT,
12858
            "Fast" => RelayFlags::FAST,
11008
            "Guard" => RelayFlags::GUARD,
9158
            "HSDir" => RelayFlags::HSDIR,
7308
            "MiddleOnly" => RelayFlags::MIDDLE_ONLY,
7308
            "NoEdConsensus" => RelayFlags::NO_ED_CONSENSUS,
7308
            "Stable" => RelayFlags::STABLE,
5552
            "StaleDesc" => RelayFlags::STALE_DESC,
5552
            "Running" => RelayFlags::RUNNING,
3702
            "Valid" => RelayFlags::VALID,
1852
            "V2Dir" => RelayFlags::V2DIR,
2
            _ => RelayFlags::empty(),
        })
15729
    }
}
impl RelayFlags {
    /// Parse a relay-flags entry from an "s" line.
1852
    fn from_item(item: &Item<'_, NetstatusKwd>) -> Result<RelayFlags> {
1852
        if item.kwd() != NetstatusKwd::RS_S {
            return Err(
                Error::from(internal!("Wrong keyword {:?} for S line", item.kwd()))
                    .at_pos(item.pos()),
            );
1852
        }
1852
        // These flags are implicit.
1852
        let mut flags: RelayFlags = RelayFlags::RUNNING | RelayFlags::VALID;
1852

            
1852
        let mut prev: Option<&str> = None;
15731
        for s in item.args() {
15731
            if let Some(p) = prev {
13879
                if p >= s {
                    // Arguments out of order.
2
                    return Err(EK::BadArgument
2
                        .at_pos(item.pos())
2
                        .with_msg("Flags out of order"));
13877
                }
1852
            }
15729
            let fl = s.parse().void_unwrap();
15729
            flags |= fl;
15729
            prev = Some(s);
        }
1850
        Ok(flags)
1852
    }
}
impl Default for RelayWeight {
2
    fn default() -> RelayWeight {
2
        RelayWeight::Unmeasured(0)
2
    }
}
impl RelayWeight {
    /// Parse a routerweight from a "w" line.
1862
    fn from_item(item: &Item<'_, NetstatusKwd>) -> Result<RelayWeight> {
1862
        if item.kwd() != NetstatusKwd::RS_W {
6
            return Err(
6
                Error::from(internal!("Wrong keyword {:?} on W line", item.kwd()))
6
                    .at_pos(item.pos()),
6
            );
1856
        }
1856
        let params: NetParams<u32> = item.args_as_str().parse()?;
1854
        let bw = params.params.get("Bandwidth");
1854
        let unmeas = params.params.get("Unmeasured");
1854
        let bw = match bw {
2
            None => return Ok(RelayWeight::Unmeasured(0)),
1852
            Some(b) => *b,
1852
        };
1852

            
1852
        match unmeas {
2
            None | Some(0) => Ok(RelayWeight::Measured(bw)),
1850
            Some(1) => Ok(RelayWeight::Unmeasured(bw)),
            _ => Err(EK::BadArgument
                .at_pos(item.pos())
                .with_msg("unmeasured value")),
        }
1862
    }
}
impl Footer {
    /// Parse a directory footer from a footer section.
335
    fn from_section(sec: &Section<'_, NetstatusKwd>) -> Result<Footer> {
        use NetstatusKwd::*;
335
        sec.required(DIRECTORY_FOOTER)?;
335
        let weights = sec
335
            .maybe(BANDWIDTH_WEIGHTS)
335
            .args_as_str()
335
            .unwrap_or("")
335
            .parse()?;
333
        Ok(Footer { weights })
335
    }
}
/// Result of checking a single authority signature.
enum SigCheckResult {
    /// The signature checks out.  Great!
    Valid,
    /// The signature is invalid; no additional information could make it
    /// valid.
    Invalid,
    /// We can't check the signature because we don't have a
    /// certificate with the right signing key.
    MissingCert,
}
impl Signature {
    /// Parse a Signature from a directory-signature section
999
    fn from_item(item: &Item<'_, NetstatusKwd>) -> Result<Signature> {
999
        if item.kwd() != NetstatusKwd::DIRECTORY_SIGNATURE {
            return Err(Error::from(internal!(
                "Wrong keyword {:?} for directory signature",
                item.kwd()
            ))
            .at_pos(item.pos()));
999
        }
999
        let (alg, id_fp, sk_fp) = if item.n_args() > 2 {
            (
993
                item.required_arg(0)?,
993
                item.required_arg(1)?,
993
                item.required_arg(2)?,
            )
        } else {
6
            ("sha1", item.required_arg(0)?, item.required_arg(1)?)
        };
999
        let digestname = alg.to_string();
999
        let id_fingerprint = id_fp.parse::<Fingerprint>()?.into();
999
        let sk_fingerprint = sk_fp.parse::<Fingerprint>()?.into();
999
        let key_ids = AuthCertKeyIds {
999
            id_fingerprint,
999
            sk_fingerprint,
999
        };
999
        let signature = item.obj("SIGNATURE")?;
999
        Ok(Signature {
999
            digestname,
999
            key_ids,
999
            signature,
999
        })
999
    }
    /// Return true if this signature has the identity key and signing key
    /// that match a given cert.
705
    fn matches_cert(&self, cert: &AuthCert) -> bool {
705
        cert.key_ids() == &self.key_ids
705
    }
    /// If possible, find the right certificate for checking this signature
    /// from among a slice of certificates.
1041
    fn find_cert<'a>(&self, certs: &'a [AuthCert]) -> Option<&'a AuthCert> {
1121
        certs.iter().find(|&c| self.matches_cert(c))
1041
    }
    /// Try to check whether this signature is a valid signature of a
    /// provided digest, given a slice of certificates that might contain
    /// its signing key.
159
    fn check_signature(&self, signed_digest: &[u8], certs: &[AuthCert]) -> SigCheckResult {
159
        match self.find_cert(certs) {
51
            None => SigCheckResult::MissingCert,
108
            Some(cert) => {
108
                let key = cert.signing_key();
108
                match key.verify(signed_digest, &self.signature[..]) {
108
                    Ok(()) => SigCheckResult::Valid,
                    Err(_) => SigCheckResult::Invalid,
                }
            }
        }
159
    }
}
/// A Consensus object that has been parsed, but not checked for
/// signatures and timeliness.
pub type UncheckedConsensus<RS> = TimerangeBound<UnvalidatedConsensus<RS>>;
impl<RS: RouterStatus + ParseRouterStatus> Consensus<RS> {
    /// Return a new ConsensusBuilder for building test consensus objects.
    ///
    /// This function is only available when the `build_docs` feature has
    /// been enabled.
    #[cfg(feature = "build_docs")]
7477
    pub fn builder() -> ConsensusBuilder<RS> {
7477
        ConsensusBuilder::new(RS::flavor())
7477
    }
    /// Try to parse a single networkstatus document from a string.
34
    pub fn parse(s: &str) -> Result<(&str, &str, UncheckedConsensus<RS>)> {
34
        let mut reader = NetDocReader::new(s)?;
34
        Self::parse_from_reader(&mut reader).map_err(|e| e.within(s))
34
    }
    /// Extract a voter-info section from the reader; return
    /// Ok(None) when we are out of voter-info sections.
112
    fn take_voterinfo(
112
        r: &mut NetDocReader<'_, NetstatusKwd>,
112
    ) -> Result<Option<ConsensusVoterInfo>> {
        use NetstatusKwd::*;
112
        match r.peek() {
            None => return Ok(None),
112
            Some(e) if e.is_ok_with_kwd_in(&[RS_R, DIRECTORY_FOOTER]) => return Ok(None),
84
            _ => (),
84
        };
84

            
84
        let mut first_dir_source = true;
84
        // TODO: Extract this pattern into a "pause at second"???
84
        // Pause at the first 'r', or the second 'dir-source'.
336
        let mut p = r.pause_at(|i| match i {
            Err(_) => false,
336
            Ok(item) => {
336
                item.kwd() == RS_R
308
                    || if item.kwd() == DIR_SOURCE {
140
                        let was_first = first_dir_source;
140
                        first_dir_source = false;
140
                        !was_first
                    } else {
168
                        false
                    }
            }
336
        });
84
        let voter_sec = NS_VOTERINFO_RULES_CONSENSUS.parse(&mut p)?;
84
        let voter = ConsensusVoterInfo::from_section(&voter_sec)?;
84
        Ok(Some(voter))
112
    }
    /// Extract the footer (but not signatures) from the reader.
20
    fn take_footer(r: &mut NetDocReader<'_, NetstatusKwd>) -> Result<Footer> {
        use NetstatusKwd::*;
60
        let mut p = r.pause_at(|i| i.is_ok_with_kwd_in(&[DIRECTORY_SIGNATURE]));
20
        let footer_sec = NS_FOOTER_RULES.parse(&mut p)?;
20
        let footer = Footer::from_section(&footer_sec)?;
18
        Ok(footer)
20
    }
    /// Extract a routerstatus from the reader.  Return Ok(None) if we're
    /// out of routerstatus entries.
162
    fn take_routerstatus(r: &mut NetDocReader<'_, NetstatusKwd>) -> Result<Option<(Pos, RS)>> {
        use NetstatusKwd::*;
162
        match r.peek() {
            None => return Ok(None),
162
            Some(e) if e.is_ok_with_kwd_in(&[DIRECTORY_FOOTER]) => return Ok(None),
142
            _ => (),
142
        };
142

            
142
        let pos = r.pos();
142

            
142
        let mut first_r = true;
1104
        let mut p = r.pause_at(|i| match i {
            Err(_) => false,
1104
            Ok(item) => {
1104
                item.kwd() == DIRECTORY_FOOTER
1082
                    || if item.kwd() == RS_R {
262
                        let was_first = first_r;
262
                        first_r = false;
262
                        !was_first
                    } else {
820
                        false
                    }
            }
1104
        });
142
        let rules = match RS::flavor() {
126
            ConsensusFlavor::Microdesc => &NS_ROUTERSTATUS_RULES_MDCON,
16
            ConsensusFlavor::Ns => &NS_ROUTERSTATUS_RULES_NSCON,
        };
142
        let rs_sec = rules.parse(&mut p)?;
142
        let rs = RS::from_section(&rs_sec)?;
136
        Ok(Some((pos, rs)))
162
    }
    /// Extract an entire UncheckedConsensus from a reader.
    ///
    /// Returns the signed portion of the string, the remainder of the
    /// string, and an UncheckedConsensus.
34
    fn parse_from_reader<'a>(
34
        r: &mut NetDocReader<'a, NetstatusKwd>,
34
    ) -> Result<(&'a str, &'a str, UncheckedConsensus<RS>)> {
        use NetstatusKwd::*;
28
        let (header, start_pos) = {
486
            let mut h = r.pause_at(|i| i.is_ok_with_kwd_in(&[DIR_SOURCE]));
34
            let header_sec = NS_HEADER_RULES_CONSENSUS.parse(&mut h)?;
            // Unwrapping should be safe because above `.parse` would have
            // returned an Error
            #[allow(clippy::unwrap_used)]
32
            let pos = header_sec.first_item().unwrap().offset_in(r.str()).unwrap();
32
            (ConsensusHeader::from_section(&header_sec)?, pos)
28
        };
28
        if RS::flavor() != header.hdr.flavor {
            return Err(EK::BadDocumentType.with_msg(format!(
                "Expected {:?}, got {:?}",
                RS::flavor(),
                header.hdr.flavor
            )));
28
        }
28

            
28
        let mut voters = Vec::new();
112
        while let Some(voter) = Self::take_voterinfo(r)? {
84
            voters.push(voter);
84
        }
28
        let mut relays: Vec<RS> = Vec::new();
162
        while let Some((pos, routerstatus)) = Self::take_routerstatus(r)? {
136
            if let Some(prev) = relays.last() {
110
                if prev.rsa_identity() >= routerstatus.rsa_identity() {
2
                    return Err(EK::WrongSortOrder.at_pos(pos));
108
                }
26
            }
134
            relays.push(routerstatus);
        }
20
        relays.shrink_to_fit();
20
        let footer = Self::take_footer(r)?;
18
        let consensus = Consensus {
18
            header,
18
            voters,
18
            relays,
18
            footer,
18
        };
18

            
18
        // Find the signatures.
18
        let mut first_sig: Option<Item<'_, NetstatusKwd>> = None;
18
        let mut signatures = Vec::new();
72
        for item in &mut *r {
54
            let item = item?;
54
            if item.kwd() != DIRECTORY_SIGNATURE {
                return Err(EK::UnexpectedToken
                    .with_msg(item.kwd().to_str())
                    .at_pos(item.pos()));
54
            }
54
            let sig = Signature::from_item(&item)?;
54
            if first_sig.is_none() {
18
                first_sig = Some(item);
36
            }
54
            signatures.push(sig);
        }
18
        let end_pos = match first_sig {
            None => return Err(EK::MissingToken.with_msg("directory-signature")),
            // Unwrap should be safe because `first_sig` was parsed from `r`
            #[allow(clippy::unwrap_used)]
18
            Some(sig) => sig.offset_in(r.str()).unwrap() + "directory-signature ".len(),
18
        };
18

            
18
        // Find the appropriate digest.
18
        let signed_str = &r.str()[start_pos..end_pos];
18
        let remainder = &r.str()[end_pos..];
18
        let (sha256, sha1) = match RS::flavor() {
2
            ConsensusFlavor::Ns => (
2
                None,
2
                Some(ll::d::Sha1::digest(signed_str.as_bytes()).into()),
2
            ),
16
            ConsensusFlavor::Microdesc => (
16
                Some(ll::d::Sha256::digest(signed_str.as_bytes()).into()),
16
                None,
16
            ),
        };
18
        let siggroup = SignatureGroup {
18
            sha256,
18
            sha1,
18
            signatures,
18
        };
18

            
18
        let unval = UnvalidatedConsensus {
18
            consensus,
18
            siggroup,
18
            n_authorities: None,
18
        };
18
        let lifetime = unval.consensus.header.hdr.lifetime.clone();
18
        let delay = unval.consensus.header.hdr.voting_delay.unwrap_or((0, 0));
18
        let dist_interval = time::Duration::from_secs(delay.1.into());
18
        let starting_time = lifetime.valid_after - dist_interval;
18
        let timebound = TimerangeBound::new(unval, starting_time..lifetime.valid_until);
18
        Ok((signed_str, remainder, timebound))
34
    }
}
/// A Microdesc consensus whose signatures have not yet been checked.
///
/// To validate this object, call set_n_authorities() on it, then call
/// check_signature() on that result with the set of certs that you
/// have.  Make sure only to provide authority certificates representing
/// real authorities!
#[cfg_attr(
    feature = "dangerous-expose-struct-fields",
    visible::StructFields(pub),
    non_exhaustive
)]
#[derive(Debug, Clone)]
pub struct UnvalidatedConsensus<RS> {
    /// The consensus object. We don't want to expose this until it's
    /// validated.
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
    consensus: Consensus<RS>,
    /// The signatures that need to be validated before we can call
    /// this consensus valid.
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
    siggroup: SignatureGroup,
    /// The total number of authorities that we believe in.  We need
    /// this information in order to validate the signatures, since it
    /// determines how many signatures we need to find valid in `siggroup`.
    #[cfg_attr(docsrs, doc(cfg(feature = "dangerous-expose-struct-fields")))]
    n_authorities: Option<u16>,
}
impl<RS> UnvalidatedConsensus<RS> {
    /// Tell the unvalidated consensus how many authorities we believe in.
    ///
    /// Without knowing this number, we can't validate the signature.
    #[must_use]
14
    pub fn set_n_authorities(self, n_authorities: u16) -> Self {
14
        UnvalidatedConsensus {
14
            n_authorities: Some(n_authorities),
14
            ..self
14
        }
14
    }
    /// Return an iterator of all the certificate IDs that we might use
    /// to validate this consensus.
8
    pub fn signing_cert_ids(&self) -> impl Iterator<Item = AuthCertKeyIds> {
8
        match self.key_is_correct(&[]) {
            Ok(()) => Vec::new(),
8
            Err(missing) => missing,
        }
8
        .into_iter()
8
    }
    /// Return the lifetime of this unvalidated consensus
10
    pub fn peek_lifetime(&self) -> &Lifetime {
10
        self.consensus.lifetime()
10
    }
    /// Return true if a client who believes in exactly the provided
    /// set of authority IDs might might consider this consensus to be
    /// well-signed.
    ///
    /// (This is the case if the consensus claims to be signed by more than
    /// half of the authorities in the list.)
20
    pub fn authorities_are_correct(&self, authorities: &[&RsaIdentity]) -> bool {
20
        self.siggroup.could_validate(authorities)
20
    }
    /// Return the number of relays in this unvalidated consensus.
    ///
    /// This function is unstable. It is only enabled if the crate was
    /// built with the `experimental-api` feature.
    #[cfg(feature = "experimental-api")]
    pub fn n_relays(&self) -> usize {
        self.consensus.relays.len()
    }
    /// Modify the list of relays in this unvalidated consensus.
    ///
    /// A use case for this is long-lasting custom directories. To ensure Arti can still quickly
    /// build circuits when the directory gets old, a tiny churn file can be regularly obtained,
    /// listing no longer available Tor nodes, which can then be removed from the consensus.
    ///
    /// This function is unstable. It is only enabled if the crate was
    /// built with the `experimental-api` feature.
    #[cfg(feature = "experimental-api")]
    pub fn modify_relays<F>(&mut self, func: F)
    where
        F: FnOnce(&mut Vec<RS>),
    {
        func(&mut self.consensus.relays);
    }
}
impl<RS> ExternallySigned<Consensus<RS>> for UnvalidatedConsensus<RS> {
    type Key = [AuthCert];
    type KeyHint = Vec<AuthCertKeyIds>;
    type Error = Error;
24
    fn key_is_correct(&self, k: &Self::Key) -> result::Result<(), Self::KeyHint> {
24
        let (n_ok, missing) = self.siggroup.list_missing(k);
24
        match self.n_authorities {
24
            Some(n) if n_ok > (n / 2) as usize => Ok(()),
42
            _ => Err(missing.iter().map(|cert| cert.key_ids).collect()),
        }
24
    }
8
    fn is_well_signed(&self, k: &Self::Key) -> result::Result<(), Self::Error> {
8
        match self.n_authorities {
            None => Err(Error::from(internal!(
                "Didn't set authorities on consensus"
            ))),
8
            Some(authority) => {
8
                if self.siggroup.validate(authority, k) {
6
                    Ok(())
                } else {
2
                    Err(EK::BadSignature.err())
                }
            }
        }
8
    }
10
    fn dangerously_assume_wellsigned(self) -> Consensus<RS> {
10
        self.consensus
10
    }
}
impl SignatureGroup {
    // TODO: these functions are pretty similar and could probably stand to be
    // refactored a lot.
    /// Helper: Return a pair of the number of possible authorities'
    /// signatures in this object for which we _could_ find certs, and
    /// a list of the signatures we couldn't find certificates for.
294
    fn list_missing(&self, certs: &[AuthCert]) -> (usize, Vec<&Signature>) {
294
        let mut ok: HashSet<RsaIdentity> = HashSet::new();
294
        let mut missing = Vec::new();
1176
        for sig in &self.signatures {
882
            let id_fingerprint = &sig.key_ids.id_fingerprint;
882
            if ok.contains(id_fingerprint) {
                continue;
882
            }
882
            if sig.find_cert(certs).is_some() {
163
                ok.insert(*id_fingerprint);
163
                continue;
719
            }
719

            
719
            missing.push(sig);
        }
294
        (ok.len(), missing)
294
    }
    /// Given a list of authority identity key fingerprints, return true if
    /// this signature group is _potentially_ well-signed according to those
    /// authorities.
245
    fn could_validate(&self, authorities: &[&RsaIdentity]) -> bool {
245
        let mut signed_by: HashSet<RsaIdentity> = HashSet::new();
980
        for sig in &self.signatures {
735
            let id_fp = &sig.key_ids.id_fingerprint;
735
            if signed_by.contains(id_fp) {
                // Already found this in the list.
                continue;
735
            }
735
            if authorities.contains(&id_fp) {
392
                signed_by.insert(*id_fp);
392
            }
        }
245
        signed_by.len() > (authorities.len() / 2)
245
    }
    /// Return true if the signature group defines a valid signature.
    ///
    /// A signature is valid if it signed by more than half of the
    /// authorities.  This API requires that `n_authorities` is the number of
    /// authorities we believe in, and that every cert in `certs` belongs
    /// to a real authority.
53
    fn validate(&self, n_authorities: u16, certs: &[AuthCert]) -> bool {
53
        // A set of the authorities (by identity) who have have signed
53
        // this document.  We use a set here in case `certs` has more
53
        // than one certificate for a single authority.
53
        let mut ok: HashSet<RsaIdentity> = HashSet::new();
212
        for sig in &self.signatures {
159
            let id_fingerprint = &sig.key_ids.id_fingerprint;
159
            if ok.contains(id_fingerprint) {
                // We already checked at least one signature using this
                // authority's identity fingerprint.
                continue;
159
            }
159
            let d: Option<&[u8]> = match sig.digestname.as_ref() {
168
                "sha256" => self.sha256.as_ref().map(|a| &a[..]),
9
                "sha1" => self.sha1.as_ref().map(|a| &a[..]),
                _ => None, // We don't know how to find this digest.
            };
159
            if d.is_none() {
                // We don't support this kind of digest for this kind
                // of document.
                continue;
159
            }
159

            
159
            // Unwrap should be safe because of above `d.is_none()` check
159
            #[allow(clippy::unwrap_used)]
159
            match sig.check_signature(d.as_ref().unwrap(), certs) {
108
                SigCheckResult::Valid => {
108
                    ok.insert(*id_fingerprint);
108
                }
51
                _ => continue,
            }
        }
53
        ok.len() > (n_authorities / 2) as usize
53
    }
}
#[cfg(test)]
mod test {
    // @@ begin test lint list maintained by maint/add_warning @@
    #![allow(clippy::bool_assert_comparison)]
    #![allow(clippy::clone_on_copy)]
    #![allow(clippy::dbg_macro)]
    #![allow(clippy::mixed_attributes_style)]
    #![allow(clippy::print_stderr)]
    #![allow(clippy::print_stdout)]
    #![allow(clippy::single_char_pattern)]
    #![allow(clippy::unwrap_used)]
    #![allow(clippy::unchecked_duration_subtraction)]
    #![allow(clippy::useless_vec)]
    #![allow(clippy::needless_pass_by_value)]
    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
    use super::*;
    use hex_literal::hex;
    const CERTS: &str = include_str!("../../testdata/authcerts2.txt");
    const CONSENSUS: &str = include_str!("../../testdata/mdconsensus1.txt");
    #[cfg(feature = "ns_consensus")]
    const NS_CERTS: &str = include_str!("../../testdata/authcerts3.txt");
    #[cfg(feature = "ns_consensus")]
    const NS_CONSENSUS: &str = include_str!("../../testdata/nsconsensus1.txt");
    fn read_bad(fname: &str) -> String {
        use std::fs;
        use std::path::PathBuf;
        let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
        path.push("testdata");
        path.push("bad-mdconsensus");
        path.push(fname);
        fs::read_to_string(path).unwrap()
    }
    #[test]
    fn parse_and_validate_md() -> Result<()> {
        use std::net::SocketAddr;
        use tor_checkable::{SelfSigned, Timebound};
        let mut certs = Vec::new();
        for cert in AuthCert::parse_multiple(CERTS)? {
            let cert = cert?.check_signature()?.dangerously_assume_timely();
            certs.push(cert);
        }
        let auth_ids: Vec<_> = certs.iter().map(|c| &c.key_ids().id_fingerprint).collect();
        assert_eq!(certs.len(), 3);
        let (_, _, consensus) = MdConsensus::parse(CONSENSUS)?;
        let consensus = consensus.dangerously_assume_timely().set_n_authorities(3);
        // The set of authorities we know _could_ validate this cert.
        assert!(consensus.authorities_are_correct(&auth_ids));
        // A subset would also work.
        assert!(consensus.authorities_are_correct(&auth_ids[0..1]));
        {
            // If we only believe in an authority that isn't listed,
            // that won't work.
            let bad_auth_id = (*b"xxxxxxxxxxxxxxxxxxxx").into();
            assert!(!consensus.authorities_are_correct(&[&bad_auth_id]));
        }
        let missing = consensus.key_is_correct(&[]).err().unwrap();
        assert_eq!(3, missing.len());
        assert!(consensus.key_is_correct(&certs).is_ok());
        let missing = consensus.key_is_correct(&certs[0..1]).err().unwrap();
        assert_eq!(2, missing.len());
        // here is a trick that had better not work.
        let same_three_times = vec![certs[0].clone(), certs[0].clone(), certs[0].clone()];
        let missing = consensus.key_is_correct(&same_three_times).err().unwrap();
        assert_eq!(2, missing.len());
        assert!(consensus.is_well_signed(&same_three_times).is_err());
        assert!(consensus.key_is_correct(&certs).is_ok());
        let consensus = consensus.check_signature(&certs)?;
        assert_eq!(6, consensus.relays().len());
        let r0 = &consensus.relays()[0];
        assert_eq!(
            r0.md_digest(),
            &hex!("73dabe0a0468f4f7a67810a18d11e36731bb1d2ec3634db459100609f3b3f535")
        );
        assert_eq!(
            r0.rsa_identity().as_bytes(),
            &hex!("0a3057af2910415794d8ea430309d9ac5f5d524b")
        );
        assert!(!r0.weight().is_measured());
        assert!(!r0.weight().is_nonzero());
        let pv = &r0.protovers();
        assert!(pv.supports_subver("HSDir", 2));
        assert!(!pv.supports_subver("HSDir", 3));
        let ip4 = "127.0.0.1:5002".parse::<SocketAddr>().unwrap();
        let ip6 = "[::1]:5002".parse::<SocketAddr>().unwrap();
        assert!(r0.orport_addrs().any(|a| a == &ip4));
        assert!(r0.orport_addrs().any(|a| a == &ip6));
        Ok(())
    }
    #[test]
    #[cfg(feature = "ns_consensus")]
    fn parse_and_validate_ns() -> Result<()> {
        use tor_checkable::{SelfSigned, Timebound};
        let mut certs = Vec::new();
        for cert in AuthCert::parse_multiple(NS_CERTS)? {
            let cert = cert?.check_signature()?.dangerously_assume_timely();
            certs.push(cert);
        }
        let auth_ids: Vec<_> = certs.iter().map(|c| &c.key_ids().id_fingerprint).collect();
        assert_eq!(certs.len(), 3);
        let (_, _, consensus) = NsConsensus::parse(NS_CONSENSUS)?;
        let consensus = consensus.dangerously_assume_timely().set_n_authorities(3);
        // The set of authorities we know _could_ validate this cert.
        assert!(consensus.authorities_are_correct(&auth_ids));
        // A subset would also work.
        assert!(consensus.authorities_are_correct(&auth_ids[0..1]));
        assert!(consensus.key_is_correct(&certs).is_ok());
        let _consensus = consensus.check_signature(&certs)?;
        Ok(())
    }
    #[test]
    fn test_bad() {
        use crate::Pos;
        fn check(fname: &str, e: &Error) {
            let content = read_bad(fname);
            let res = MdConsensus::parse(&content);
            assert!(res.is_err());
            assert_eq!(&res.err().unwrap(), e);
        }
        check(
            "bad-flags",
            &EK::BadArgument
                .at_pos(Pos::from_line(27, 1))
                .with_msg("Flags out of order"),
        );
        check(
            "bad-md-digest",
            &EK::BadArgument
                .at_pos(Pos::from_line(40, 3))
                .with_msg("Invalid base64"),
        );
        check(
            "bad-weight",
            &EK::BadArgument
                .at_pos(Pos::from_line(67, 141))
                .with_msg("invalid digit found in string"),
        );
        check(
            "bad-weights",
            &EK::BadArgument
                .at_pos(Pos::from_line(51, 13))
                .with_msg("invalid digit found in string"),
        );
        check(
            "wrong-order",
            &EK::WrongSortOrder.at_pos(Pos::from_line(52, 1)),
        );
        check(
            "wrong-start",
            &EK::UnexpectedToken
                .with_msg("vote-status")
                .at_pos(Pos::from_line(1, 1)),
        );
        check("wrong-version", &EK::BadDocumentVersion.with_msg("10"));
    }
    fn gettok(s: &str) -> Result<Item<'_, NetstatusKwd>> {
        let mut reader = NetDocReader::new(s)?;
        let tok = reader.next().unwrap();
        assert!(reader.next().is_none());
        tok
    }
    #[test]
    fn test_weight() {
        let w = gettok("w Unmeasured=1 Bandwidth=6\n").unwrap();
        let w = RelayWeight::from_item(&w).unwrap();
        assert!(!w.is_measured());
        assert!(w.is_nonzero());
        let w = gettok("w Bandwidth=10\n").unwrap();
        let w = RelayWeight::from_item(&w).unwrap();
        assert!(w.is_measured());
        assert!(w.is_nonzero());
        let w = RelayWeight::default();
        assert!(!w.is_measured());
        assert!(!w.is_nonzero());
        let w = gettok("w Mustelid=66 Cheato=7 Unmeasured=1\n").unwrap();
        let w = RelayWeight::from_item(&w).unwrap();
        assert!(!w.is_measured());
        assert!(!w.is_nonzero());
        let w = gettok("r foo\n").unwrap();
        let w = RelayWeight::from_item(&w);
        assert!(w.is_err());
        let w = gettok("r Bandwidth=6 Unmeasured=Frog\n").unwrap();
        let w = RelayWeight::from_item(&w);
        assert!(w.is_err());
        let w = gettok("r Bandwidth=6 Unmeasured=3\n").unwrap();
        let w = RelayWeight::from_item(&w);
        assert!(w.is_err());
    }
    #[test]
    fn test_netparam() {
        let p = "Hello=600 Goodbye=5 Fred=7"
            .parse::<NetParams<u32>>()
            .unwrap();
        assert_eq!(p.get("Hello"), Some(&600_u32));
        let p = "Hello=Goodbye=5 Fred=7".parse::<NetParams<u32>>();
        assert!(p.is_err());
        let p = "Hello=Goodbye Fred=7".parse::<NetParams<u32>>();
        assert!(p.is_err());
    }
    #[test]
    fn test_sharedrand() {
        let sr =
            gettok("shared-rand-previous-value 9 5LodY4yWxFhTKtxpV9wAgNA9N8flhUCH0NqQv1/05y4\n")
                .unwrap();
        let sr = SharedRandStatus::from_item(&sr).unwrap();
        assert_eq!(sr.n_reveals, 9);
        assert_eq!(
            sr.value.0,
            hex!("e4ba1d638c96c458532adc6957dc0080d03d37c7e5854087d0da90bf5ff4e72e")
        );
        assert!(sr.timestamp.is_none());
        let sr2 = gettok(
            "shared-rand-current-value 9 \
                    5LodY4yWxFhTKtxpV9wAgNA9N8flhUCH0NqQv1/05y4 2022-01-20T12:34:56\n",
        )
        .unwrap();
        let sr2 = SharedRandStatus::from_item(&sr2).unwrap();
        assert_eq!(sr2.n_reveals, sr.n_reveals);
        assert_eq!(sr2.value.0, sr.value.0);
        assert_eq!(
            sr2.timestamp.unwrap(),
            humantime::parse_rfc3339("2022-01-20T12:34:56Z").unwrap()
        );
        let sr = gettok("foo bar\n").unwrap();
        let sr = SharedRandStatus::from_item(&sr);
        assert!(sr.is_err());
    }
}