diff options
| author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-04 12:17:59 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-11-04 12:17:59 +0100 |
| commit | 0e2d1423e8863279d187429ee4fb80b371816d42 (patch) | |
| tree | 485e4cd22c88ddb3d15fb3954c702e8a3b42c8cc | |
| parent | e7d80645f5f3795183ff6062a6529ea226d8ef47 (diff) | |
allowed configuration of max-range and max-chain
| -rw-r--r-- | instance.go | 6 | ||||
| -rw-r--r-- | server/main.go | 4 | ||||
| -rw-r--r-- | x509.go | 4 |
3 files changed, 8 insertions, 6 deletions
diff --git a/instance.go b/instance.go index 178b058..d5c47c9 100644 --- a/instance.go +++ b/instance.go @@ -54,7 +54,7 @@ func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline } // NewLogParameters initializes log parameters, assuming ed25519 signatures. -func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) (*LogParameters, error) { +func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) { anchorList, anchorPool, err := LoadTrustAnchors(anchorPath) if err != nil { return nil, err @@ -77,8 +77,8 @@ func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) ( LogId: logId, TreeId: treeId, Prefix: prefix, - MaxRange: 2, // TODO: allow configuration - MaxChain: 3, // TODO: allow configuration + MaxRange: maxRange, + MaxChain: maxChain, AnchorPool: anchorPool, AnchorList: anchorList, Signer: key, diff --git a/server/main.go b/server/main.go index 3bc9dce..aea2239 100644 --- a/server/main.go +++ b/server/main.go @@ -21,6 +21,8 @@ var ( rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") anchorPath = flag.String("anchor_path", "testdata/x509/root.pem", "path to a file containing PEM-encoded X.509 root certificates") keyPath = flag.String("key_path", "testdata/log/private.key", "path to a PEM-encoded ed25519 signing key") + maxRange = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request") + maxChain = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor") ) func main() { @@ -38,7 +40,7 @@ func main() { mux := http.NewServeMux() http.Handle("/", mux) - lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath) + lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath, *maxRange, *maxChain) if err != nil { glog.Fatalf("failed setting up log parameters: %v", err) } @@ -170,9 +170,9 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif } opts := x509.VerifyOptions{ - Roots: lp.AnchorPool, + Roots: lp.AnchorPool, Intermediates: intermediatePool, - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld } chains, err := certificate.Verify(opts) |