aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 12:14:51 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 12:14:51 +0100
commit4bef11c59c3e28f0f587b710d56d98c0f26591ad (patch)
treefeabd35c4f5d94df62117d0fb19df756a0f9011d
parent6d3eb5bd4c9f5f3ec4cfdcf18e48ab86a6c247bf (diff)
added get-sth client without signature verification
-rw-r--r--client/client.go38
-rw-r--r--client/get-sth/main.go39
-rw-r--r--verify.go4
3 files changed, 78 insertions, 3 deletions
diff --git a/client/client.go b/client/client.go
index 551eff7..34fa8a2 100644
--- a/client/client.go
+++ b/client/client.go
@@ -49,7 +49,7 @@ func NewClientFromPath(logId, chainPath, keyPath, operatorsPath string, cli *htt
}
k, err := stfe.LoadEd25519SigningKey(keyPath)
- if err != nil {
+ if err != nil && keyPath != "" {
return nil, err
}
@@ -119,8 +119,24 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI
}
func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) {
- glog.V(2).Info("creating get-sth request")
- return nil, fmt.Errorf("TODO")
+ req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-sth", nil)
+ if err != nil {
+ return nil, fmt.Errorf("failed creating http request: %v", err)
+ }
+ glog.V(2).Infof("created request: %s %s", req.Method, req.URL)
+
+ item, err := c.doRequestWithStItemResponse(ctx, req)
+ if err != nil {
+ return nil, err
+ }
+ if item.Format != stfe.StFormatSignedTreeHeadV1 {
+ return nil, fmt.Errorf("bad StItem format: %v", item.Format)
+ }
+ if err := item.SignedTreeHeadV1.Verify(c.Log.Scheme, c.Log.PublicKey); err != nil {
+ return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err)
+ }
+ glog.V(2).Infof("get-sth request succeeded")
+ return item, nil
}
func (c *Client) GetConsistencyProof(ctx context.Context, first, second uint64) (*stfe.StItem, error) {
@@ -171,6 +187,22 @@ func (c *Client) doRequest(ctx context.Context, req *http.Request, out interface
return nil
}
+func (c *Client) doRequestWithStItemResponse(ctx context.Context, req *http.Request) (*stfe.StItem, error) {
+ var itemStr string
+ if err := c.doRequest(ctx, req, &itemStr); err != nil {
+ return nil, err
+ }
+ b, err := base64.StdEncoding.DecodeString(itemStr)
+ if err != nil {
+ return nil, fmt.Errorf("failed decoding base64 body: %v", err)
+ }
+ var item stfe.StItem
+ if err := item.Unmarshal(b); err != nil {
+ return nil, fmt.Errorf("failed decoding StItem: %v", err)
+ }
+ return &item, nil
+}
+
// protocol returns a protocol string that preceeds the log's base url
func (c *Client) protocol() string {
if c.useHttp {
diff --git a/client/get-sth/main.go b/client/get-sth/main.go
new file mode 100644
index 0000000..6f0075b
--- /dev/null
+++ b/client/get-sth/main.go
@@ -0,0 +1,39 @@
+package main
+
+import (
+ "context"
+ "flag"
+ "fmt"
+
+ "net/http"
+
+ "github.com/golang/glog"
+ "github.com/system-transparency/stfe/client"
+)
+
+var (
+ operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators")
+ logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier")
+ chain = flag.String("chain", "../../server/testdata/chain/ee.pem", "path to pem-encoded certificate chain that the log accepts")
+)
+
+func main() {
+ flag.Parse()
+
+ client, err := client.NewClientFromPath(*logId, *chain, "", *operators, &http.Client{}, true)
+ if err != nil {
+ glog.Fatal(err)
+ }
+ sth, err := client.GetSth(context.Background())
+ if err != nil {
+ glog.Fatalf("get-sth failed: %v", err)
+ }
+
+ str, err := sth.MarshalB64()
+ if err != nil {
+ glog.Fatalf("failed encoding valid signed tree head: %v", err)
+ }
+ fmt.Println(str)
+
+ glog.Flush()
+}
diff --git a/verify.go b/verify.go
index fbcf6df..50bd923 100644
--- a/verify.go
+++ b/verify.go
@@ -30,3 +30,7 @@ func (sdi *SignedDebugInfoV1) Verify(scheme tls.SignatureScheme, publicKey, mess
return fmt.Errorf("Unsupported public key: %s", t)
}
}
+
+func (sth *SignedTreeHeadV1) Verify(scheme tls.SignatureScheme, publicKey []byte) error {
+ return fmt.Errorf("TODO: verify signature")
+}