/** * Insert/delete entries in supplier_keys, while updating the database. * * Dear future security auditors: This is important. * * @param Channel $chan) * @param TreeUpdate[] $updates * @return bool */ protected function processTreeUpdates(Channel $chan, TreeUpdate ...$updates) : bool { $this->db->beginTransaction(); foreach ($updates as $update) { // Insert the new node in the database: $treeUpdateID = (int) $this->db->insertGet('airship_tree_updates', ['channel' => $chan->getName(), 'channelupdateid' => $update->getChannelId(), 'data' => $update->getNodeJSON(), 'merkleroot' => $update->getRoot()], 'treeupdateid'); // Update the JSON files separately: if ($update->isCreateKey()) { $this->insertKey($chan, $update); self::$continuumLogger->store(LogLevel::INFO, 'New public key', ['action' => 'KEYGGDRASIL', 'supplier' => $update->getSupplierName(), 'publicKey' => $update->getPublicKeyString(), 'merkleRoot' => $update->getRoot(), 'data' => $this->getLogData($update)]); } elseif ($update->isRevokeKey()) { $this->revokeKey($chan, $update); self::$continuumLogger->store(LogLevel::INFO, 'Public key revoked', ['action' => 'KEYGGDRASIL', 'supplier' => $update->getSupplierName(), 'publicKey' => $update->getPublicKeyString(), 'merkleRoot' => $update->getRoot(), 'data' => $this->getLogData($update)]); } else { $this->updatePackageQueue($update, $treeUpdateID); self::$continuumLogger->store(LogLevel::INFO, 'New package metadata', ['action' => 'KEYGGDRASIL', 'supplier' => $update->getSupplierName(), 'merkleRoot' => $update->getRoot(), 'data' => $this->getLogData($update)]); } } return $this->db->commit(); }