aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-04 12:10:33 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-04 12:10:33 +0100
commite7d80645f5f3795183ff6062a6529ea226d8ef47 (patch)
treed5cbc9431270df7c8f96def1b77ad6b4ba604373
parent80c77449756c102381278d7ebeeb7b448cd6a16a (diff)
added certificate chain length checking
-rw-r--r--instance.go2
-rw-r--r--x509.go13
2 files changed, 10 insertions, 5 deletions
diff --git a/instance.go b/instance.go
index 461ab6c..178b058 100644
--- a/instance.go
+++ b/instance.go
@@ -27,6 +27,7 @@ type LogParameters struct {
TreeId int64 // used internally by Trillian
Prefix string
MaxRange int64 // max entries per get-entries request
+ MaxChain int64 // max submitter certificate chain length
AnchorPool *x509.CertPool // for chain verification
AnchorList []*x509.Certificate // for access to the raw certificates
Signer crypto.Signer
@@ -77,6 +78,7 @@ func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) (
TreeId: treeId,
Prefix: prefix,
MaxRange: 2, // TODO: allow configuration
+ MaxChain: 3, // TODO: allow configuration
AnchorPool: anchorPool,
AnchorList: anchorList,
Signer: key,
diff --git a/x509.go b/x509.go
index b8e2885..014344d 100644
--- a/x509.go
+++ b/x509.go
@@ -180,13 +180,16 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif
return nil, fmt.Errorf("chain verification failed: %v", err)
}
if len(chains) == 0 {
- return nil, fmt.Errorf("chain verification failed: no chain")
+ return nil, fmt.Errorf("bad certificate chain length: empty")
}
- chain := chains[0] // if we found multiple paths just pick the first one
- // TODO: check that len(chain) is OK
-
- return chain, nil
+ // there might be several valid chains
+ for _, chain := range chains {
+ if int64(len(chain)) <= lp.MaxChain {
+ return chain, nil // just pick the first valid chain
+ }
+ }
+ return nil, fmt.Errorf("bad certificate chain length: too large")
}
// verifySignature checks if signature is valid for some serialized data. The