updated server package such that it uses namespaces

2 files changed, 30 insertions, 34 deletions

diff --git a/instance.go b/instance.go
index f013153..3ca14b8 100644
--- a/instance.go
+++ b/instance.go
@@ -25,7 +25,6 @@ type LogParameters struct {
 	TreeId     int64                    // used internally by Trillian
 	Prefix     string                   // e.g., "test" for <base>/test
 	MaxRange   int64                    // max entries per get-entries request
-	MaxChain   int64                    // max submitter certificate chain length
 	Namespaces *namespace.NamespacePool // trust namespaces
 	Signer     crypto.Signer
 	HashType   crypto.Hash // hash function used by Trillian
@@ -48,7 +47,7 @@ func (i Instance) String() string {
 }
 
 func (lp LogParameters) String() string {
-	return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) MaxRange(%d) MaxChain(%d) NumAnchors(%d)", lp.id(), lp.TreeId, lp.Prefix, lp.MaxRange, lp.MaxChain, len(lp.Namespaces.List()))
+	return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) MaxRange(%d) Namespaces(%d)", lp.id(), lp.TreeId, lp.Prefix, lp.MaxRange, len(lp.Namespaces.List()))
 }
 
 func (e Endpoint) String() string {
diff --git a/server/main.go b/server/main.go
index a82faa2..8f5ab48 100644
--- a/server/main.go
+++ b/server/main.go
@@ -3,18 +3,18 @@ package main
 
 import (
 	"flag"
-	"fmt"
+	"strings"
 	"time"
 
-	"crypto/x509"
-	"io/ioutil"
+	"crypto/ed25519"
+	"encoding/base64"
 	"net/http"
 
 	"github.com/golang/glog"
 	"github.com/google/trillian"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/system-transparency/stfe"
-	"github.com/system-transparency/stfe/x509util"
+	"github.com/system-transparency/stfe/namespace"
 	"google.golang.org/grpc"
 )
 
@@ -24,10 +24,9 @@ var (
 	prefix       = flag.String("prefix", "st/v1", "a prefix that proceeds each endpoint path")
 	trillianID   = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database")
 	rpcDeadline  = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
-	anchorPath   = flag.String("anchor_path", "../x509util/testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates")
-	keyPath      = flag.String("key_path", "../x509util/testdata/log.key", "path to a PEM-encoded ed25519 signing key")
+	key          = flag.String("key", "8gzezwrU/2eTrO6tEYyLKsoqn5V54URvKIL9cTE7jUYUqXVX4neJvcBq/zpSAYPsZFG1woh0OGBzQbi9UP9MZw==", "base64-encoded Ed25519 signing key")
+	namespaces   = flag.String("namespaces", "AAEgHOQFUkKNWpjYAhNKTyWCzahlI7RDtf5123kHD2LACj0=,AAEgLqrWb9JwQUTk/SwTNDdMH8aRmy3mbmhwEepO5WSgb+A=", "comma-separated list of trusted namespaces in base64 (default: testdata.Ed25519{Vk,Vk2})")
 	maxRange     = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request")
-	maxChain     = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor")
 )
 
 func main() {
@@ -48,23 +47,37 @@ func main() {
 	glog.Info("Adding prometheus handler on path: /metrics")
 	http.Handle("/metrics", promhttp.Handler())
 
-	glog.Infof("Loading trust anchors from file: %s", *anchorPath)
-	anchors, err := loadCertificates(*anchorPath)
+	glog.Infof("Creating namespace pool")
+	var anchors []*namespace.Namespace
+	for _, b64 := range strings.Split(*namespaces, ",") {
+		b, err := base64.StdEncoding.DecodeString(b64)
+		if err != nil {
+			glog.Fatalf("invalid namespace: %s: %v", b64, err)
+		}
+		var namespace namespace.Namespace
+		if err := namespace.Unmarshal(b); err != nil {
+			glog.Fatalf("invalid namespace: %s: %v", b64, err)
+		}
+		anchors = append(anchors, &namespace)
+	}
+	pool, err := namespace.NewNamespacePool(anchors)
 	if err != nil {
-		glog.Fatalf("no trust anchors: %v", err)
+		glog.Fatalf("invalid namespace pool: %v", err)
 	}
 
-	glog.Infof("Loading Ed25519 signing key from file: %s", *keyPath)
-	pem, err := ioutil.ReadFile(*keyPath)
+	glog.Infof("Creating log signer and identifier")
+	sk, err := base64.StdEncoding.DecodeString(*key)
 	if err != nil {
-		glog.Fatalf("no signing key: %v", err)
+		glog.Fatalf("invalid signing key: %v", err)
 	}
-	signer, err := x509util.NewEd25519PrivateKey(pem)
+	signer := ed25519.PrivateKey(sk)
+	logId, err := namespace.NewNamespaceEd25519V1([]byte(ed25519.PrivateKey(sk).Public().(ed25519.PublicKey)))
 	if err != nil {
-		glog.Fatalf("no signing key: %v", err)
+		glog.Fatalf("failed creating log id from secret key: %v", err)
 	}
 
-	lp, err := stfe.NewLogParameters(*trillianID, *prefix, anchors, signer, *maxRange, *maxChain)
+	glog.Infof("Initializing log parameters")
+	lp, err := stfe.NewLogParameters(signer, logId, *trillianID, *prefix, pool, *maxRange)
 	if err != nil {
 		glog.Fatalf("failed setting up log parameters: %v", err)
 	}
@@ -85,19 +98,3 @@ func main() {
 
 	glog.Flush()
 }
-
-// loadCertificates loads a non-empty list of PEM-encoded certificates from file
-func loadCertificates(path string) ([]*x509.Certificate, error) {
-	pem, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, fmt.Errorf("failed reading %s: %v", path, err)
-	}
-	anchors, err := x509util.NewCertificateList(pem)
-	if err != nil {
-		return nil, fmt.Errorf("failed parsing: %v", err)
-	}
-	if len(anchors) == 0 {
-		return nil, fmt.Errorf("no trust anchors")
-	}
-	return anchors, nil
-}