From a5a0a3c8944f7cd6b5b72aaf2b9c41c7b3c40358 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Mon, 20 Feb 2017 20:48:36 +0000
Subject: [PATCH] core: updates can now be downloaded (and SHA256 hash checked)

---
 src/common/CMakeLists.txt               |   2 +
 src/common/download.cpp                 | 138 ++++++++++++++++++++++++
 src/common/download.h                   |  36 +++++++
 src/cryptonote_core/cryptonote_core.cpp |  30 ++++++
 4 files changed, 206 insertions(+)
 create mode 100644 src/common/download.cpp
 create mode 100644 src/common/download.h

diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 8f25a43d1..eb4d4c25d 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -30,6 +30,7 @@ set(common_sources
   base58.cpp
   command_line.cpp
   dns_utils.cpp
+  download.cpp
   util.cpp
   i18n.cpp
   password.cpp
@@ -50,6 +51,7 @@ set(common_private_headers
   command_line.h
   common_fwd.h
   dns_utils.h
+  download.h
   http_connection.h
   int-util.h
   pod-class.h
diff --git a/src/common/download.cpp b/src/common/download.cpp
new file mode 100644
index 000000000..c5ee797d0
--- /dev/null
+++ b/src/common/download.cpp
@@ -0,0 +1,138 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <string>
+#include <boost/filesystem.hpp>
+#include <boost/asio.hpp>
+#include <boost/thread/thread.hpp>
+#include "cryptonote_config.h"
+#include "include_base_utils.h"
+#include "net/http_client.h"
+#include "download.h"
+
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "net.dl"
+
+namespace tools
+{
+  static bool download_thread(const std::string &path, const std::string &url)
+  {
+    try
+    {
+      MINFO("Downloading " << url << " to " << path);
+      std::ofstream f;
+      f.open(path, std::ios_base::binary | std::ios_base::out | std::ios_base::trunc);
+      if (!f.good()) {
+        MERROR("Failed to open file " << path);
+        return false;
+      }
+      class download_client: public epee::net_utils::http::http_simple_client
+      {
+      public:
+        download_client(std::ofstream &f): f(f) {}
+        virtual ~download_client() { f.close(); }
+        virtual bool handle_target_data(std::string &piece_of_transfer)
+        {
+          try
+          {
+            f << piece_of_transfer;
+            return f.good();
+          }
+          catch (const std::exception &e)
+          {
+            MERROR("Error writing data: " << e.what());
+            return false;
+          }
+        }
+      private:
+        std::ofstream &f;
+      } client(f);
+      epee::net_utils::http::url_content u_c;
+      if (!epee::net_utils::parse_url(url, u_c))
+      {
+        MWARNING("Failed to parse URL " << url);
+        return false;
+      }
+      if (u_c.host.empty())
+      {
+        MWARNING("Failed to determine address from URL " << url);
+        return false;
+      }
+      uint16_t port = u_c.port ? u_c.port : 80;
+      MDEBUG("Connecting to " << u_c.host << ":" << port);
+      client.set_server(u_c.host, std::to_string(port), boost::none);
+      if (!client.connect(std::chrono::seconds(30)))
+      {
+        MERROR("Failed to connect to " << url);
+        return false;
+      }
+      MDEBUG("GETting " << u_c.uri);
+      const epee::net_utils::http::http_response_info *info = NULL;
+      if (!client.invoke_get(u_c.uri, std::chrono::seconds(30), "", &info))
+      {
+        MERROR("Failed to connect to " << url);
+        client.disconnect();
+        return false;
+      }
+      if (!info)
+      {
+        MERROR("Failed invoking GET command to " << url << ", no status info returned");
+        client.disconnect();
+        return false;
+      }
+      MDEBUG("response code: " << info->m_response_code);
+      MDEBUG("response comment: " << info->m_response_comment);
+      MDEBUG("response body: " << info->m_body);
+      for (const auto &f: info->m_additional_fields)
+        MDEBUG("additional field: " << f.first << ": " << f.second);
+      if (info->m_response_code != 200)
+      {
+        MERROR("Status code " << info->m_response_code);
+        client.disconnect();
+        return false;
+      }
+      client.disconnect();
+      f.close();
+      MDEBUG("Download complete");
+      return true;
+    }
+    catch (const std::exception &e)
+    {
+      MERROR("Exception in download thread: " << e.what());
+      return false;
+    }
+  }
+
+  bool download(const std::string &path, const std::string &url)
+  {
+    bool success;
+    std::unique_ptr<boost::thread> thread(new boost::thread([&](){ success = download_thread(path, url); }));
+    thread->join();
+    return success;
+  }
+}
diff --git a/src/common/download.h b/src/common/download.h
new file mode 100644
index 000000000..ab7644689
--- /dev/null
+++ b/src/common/download.h
@@ -0,0 +1,36 @@
+// Copyright (c) 2017, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#pragma once 
+
+#include <string>
+
+namespace tools
+{
+  bool download(const std::string &path, const std::string &url);
+}
diff --git a/src/cryptonote_core/cryptonote_core.cpp b/src/cryptonote_core/cryptonote_core.cpp
index 7ed01ca1d..fd509b603 100644
--- a/src/cryptonote_core/cryptonote_core.cpp
+++ b/src/cryptonote_core/cryptonote_core.cpp
@@ -36,6 +36,7 @@ using namespace epee;
 #include "common/command_line.h"
 #include "common/util.h"
 #include "common/updates.h"
+#include "common/download.h"
 #include "warnings.h"
 #include "crypto/crypto.h"
 #include "cryptonote_config.h"
@@ -1090,6 +1091,35 @@ namespace cryptonote
     if (check_updates_level == UPDATES_NOTIFY)
       return true;
 
+    std::string filename;
+    const char *slash = strrchr(url.c_str(), '/');
+    if (slash)
+      filename = slash + 1;
+    else
+      filename = std::string(software) + "-update-" + version;
+    boost::filesystem::path path(epee::string_tools::get_current_module_folder());
+    path /= filename;
+    if (!tools::download(path.string(), url))
+    {
+      MERROR("Failed to download " << url);
+      return false;
+    }
+    crypto::hash file_hash;
+    if (!tools::sha256sum(path.string(), file_hash))
+    {
+      MERROR("Failed to hash " << path);
+      return false;
+    }
+    if (hash != epee::string_tools::pod_to_hex(file_hash))
+    {
+      MERROR("Download from " << url << " does not match the expected hash");
+      return false;
+    }
+    MGINFO("New version downloaded to " << path);
+
+    if (check_updates_level == UPDATES_DOWNLOAD)
+      return true;
+
     MERROR("Download/update not implemented yet");
     return true;
   }