/**
* Verifies that the Merkle root exists, matches this package and version,
* and has the same checksum as the one we calculated.
*
* @param InstallFile $file
* @return bool
*/
public function verifyMerkleRoot(InstallFile $file) : bool
{
$debugArgs = ['supplier' => $this->supplier->getName(), 'name' => $this->package];
$db = \Airship\get_database();
$merkle = $db->row('SELECT * FROM airship_tree_updates WHERE merkleroot = ?', $file->getMerkleRoot());
if (empty($merkle)) {
$this->log('Merkle root not found in tree', LogLevel::DEBUG, $debugArgs);
// Not found in Keyggdrasil
return false;
}
$data = \Airship\parseJSON($merkle['data'], true);
$instType = \strtolower($this->type);
$keyggdrasilType = \strtolower($data['pkg_type']);
if (!\hash_equals($instType, $keyggdrasilType)) {
$this->log('Wrong package type', LogLevel::DEBUG, $debugArgs);
// Wrong package type
return false;
}
if (!\hash_equals($this->supplier->getName(), $data['supplier'])) {
$this->log('Wrong supplier', LogLevel::DEBUG, $debugArgs);
// Wrong supplier
return false;
}
if (!\hash_equals($this->package, $data['name'])) {
$this->log('Wrong package', LogLevel::DEBUG, $debugArgs);
// Wrong package
return false;
}
// Finally, we verify that the checksum matches the entry in our Merkle tree:
return \hash_equals($file->getHash(), $data['checksum']);
}