diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-03 12:14:51 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-03 12:14:51 +0100 |
commit | 4bef11c59c3e28f0f587b710d56d98c0f26591ad (patch) | |
tree | feabd35c4f5d94df62117d0fb19df756a0f9011d | |
parent | 6d3eb5bd4c9f5f3ec4cfdcf18e48ab86a6c247bf (diff) |
added get-sth client without signature verification
-rw-r--r-- | client/client.go | 38 | ||||
-rw-r--r-- | client/get-sth/main.go | 39 | ||||
-rw-r--r-- | verify.go | 4 |
3 files changed, 78 insertions, 3 deletions
diff --git a/client/client.go b/client/client.go index 551eff7..34fa8a2 100644 --- a/client/client.go +++ b/client/client.go @@ -49,7 +49,7 @@ func NewClientFromPath(logId, chainPath, keyPath, operatorsPath string, cli *htt } k, err := stfe.LoadEd25519SigningKey(keyPath) - if err != nil { + if err != nil && keyPath != "" { return nil, err } @@ -119,8 +119,24 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI } func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) { - glog.V(2).Info("creating get-sth request") - return nil, fmt.Errorf("TODO") + req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-sth", nil) + if err != nil { + return nil, fmt.Errorf("failed creating http request: %v", err) + } + glog.V(2).Infof("created request: %s %s", req.Method, req.URL) + + item, err := c.doRequestWithStItemResponse(ctx, req) + if err != nil { + return nil, err + } + if item.Format != stfe.StFormatSignedTreeHeadV1 { + return nil, fmt.Errorf("bad StItem format: %v", item.Format) + } + if err := item.SignedTreeHeadV1.Verify(c.Log.Scheme, c.Log.PublicKey); err != nil { + return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err) + } + glog.V(2).Infof("get-sth request succeeded") + return item, nil } func (c *Client) GetConsistencyProof(ctx context.Context, first, second uint64) (*stfe.StItem, error) { @@ -171,6 +187,22 @@ func (c *Client) doRequest(ctx context.Context, req *http.Request, out interface return nil } +func (c *Client) doRequestWithStItemResponse(ctx context.Context, req *http.Request) (*stfe.StItem, error) { + var itemStr string + if err := c.doRequest(ctx, req, &itemStr); err != nil { + return nil, err + } + b, err := base64.StdEncoding.DecodeString(itemStr) + if err != nil { + return nil, fmt.Errorf("failed decoding base64 body: %v", err) + } + var item stfe.StItem + if err := item.Unmarshal(b); err != nil { + return nil, fmt.Errorf("failed decoding StItem: %v", err) + } + return &item, nil +} + // protocol returns a protocol string that preceeds the log's base url func (c *Client) protocol() string { if c.useHttp { diff --git a/client/get-sth/main.go b/client/get-sth/main.go new file mode 100644 index 0000000..6f0075b --- /dev/null +++ b/client/get-sth/main.go @@ -0,0 +1,39 @@ +package main + +import ( + "context" + "flag" + "fmt" + + "net/http" + + "github.com/golang/glog" + "github.com/system-transparency/stfe/client" +) + +var ( + operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators") + logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier") + chain = flag.String("chain", "../../server/testdata/chain/ee.pem", "path to pem-encoded certificate chain that the log accepts") +) + +func main() { + flag.Parse() + + client, err := client.NewClientFromPath(*logId, *chain, "", *operators, &http.Client{}, true) + if err != nil { + glog.Fatal(err) + } + sth, err := client.GetSth(context.Background()) + if err != nil { + glog.Fatalf("get-sth failed: %v", err) + } + + str, err := sth.MarshalB64() + if err != nil { + glog.Fatalf("failed encoding valid signed tree head: %v", err) + } + fmt.Println(str) + + glog.Flush() +} @@ -30,3 +30,7 @@ func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, mess return fmt.Errorf("Unsupported public key: %s", t) } } + +func (sth *SignedTreeHeadV1) Verify(scheme tls.SignatureScheme, publicKey []byte) error { + return fmt.Errorf("TODO: verify signature") +} |