allowed client configuration without certificate chain (2)

Missed a few files.

3 files changed, 12 insertions, 5 deletions

diff --git a/client/client.go b/client/client.go
index 159a5df..5f24fdc 100644
--- a/client/client.go
+++ b/client/client.go
@@ -44,9 +44,10 @@ func NewClient(log *descriptor.Log, client *http.Client, useHttp bool, chain []*
 // NewClientFromPath loads necessary data from file before creating a new
 // client, namely, a pem-encoded certificate chain, a pem-encoded ed25519
 // private key, and a json-encoded list of log operators (see descriptor).
+// Chain and key paths may be left out by passing the empty string: "".
 func NewClientFromPath(logId, chainPath, keyPath, operatorsPath string, cli *http.Client, useHttp bool) (*Client, error) {
 	c, err := x509util.LoadChain(chainPath)
-	if err != nil {
+	if err != nil && chainPath != "" {
 		return nil, err
 	}
 
@@ -112,6 +113,8 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI
 	return item, nil
 }
 
+// GetSth fetches and verifies the most recent STH.  Safe to use without a
+// client chain and corresponding private key.
 func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) {
 	req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-sth", nil)
 	if err != nil {
@@ -135,6 +138,8 @@ func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) {
 	return item, nil
 }
 
+// GetConsistencyProof fetches and verifies a consistency proof between two
+// STHs.  Safe to use without a client chain and corresponding private key.
 func (c *Client) GetConsistencyProof(ctx context.Context, first, second *stfe.StItem) (*stfe.StItem, error) {
 	req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-consistency-proof", nil)
 	if err != nil {
@@ -160,6 +165,8 @@ func (c *Client) GetConsistencyProof(ctx context.Context, first, second *stfe.St
 	return item, nil
 }
 
+// GetProofByHash fetches and verifies an inclusion proof for a leaf against an
+// STH.  Safe to use without a client chain and corresponding private key.
 func (c *Client) GetProofByHash(ctx context.Context, treeSize uint64, rootHash, leaf []byte) (*stfe.StItem, error) {
 	leafHash := rfc6962.DefaultHasher.HashLeaf(leaf)
 	req, err := http.NewRequest("GET", c.protocol()+c.Log.BaseUrl+"/get-proof-by-hash", nil)
@@ -190,6 +197,8 @@ func (c *Client) GetEntries(ctx context.Context, start, end uint64) (*stfe.StIte
 	return nil, fmt.Errorf("TODO: Client.GetEntries()")
 }
 
+// GetAnchors fetches the log's trust anchors.  Safe to use without a client
+// chain and corresponding private key.
 func (c *Client) GetAnchors(ctx context.Context, start, end uint64) ([]*x509.Certificate, error) {
 	return nil, fmt.Errorf("TODO: Client.GetAnchors()")
 }
diff --git a/client/get-consistency-proof/main.go b/client/get-consistency-proof/main.go
index acf116e..316bbdc 100644
--- a/client/get-consistency-proof/main.go
+++ b/client/get-consistency-proof/main.go
@@ -15,7 +15,6 @@ import (
 var (
 	operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators")
 	logId     = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier")
-	chain     = flag.String("chain", "../../server/testdata/x509/end-entity.pem", "path to pem-encoded certificate chain that the log accepts")
 	first     = flag.String("first", "AAEgB9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPMAAAF1jnn7fwAAAAAAAAAxICCqLJn4QWYd0aRIRjDWGf4GWalDIb/iH60jSSX89WgvAAAAQF9XPFRdM56KaelHFFg1RqjTw1yFL085zHhdNkLeZh9BCXxVTByqrHEMngAkY69EX45aJMWh9NymmPau0qoigA8=", "first base64-encoded StItem of type StFormatSignedTreeHeadV1")
 	second    = flag.String("second", "AAEgB9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPMAAAF1jsZrygAAAAAAAABFIL7Zz0WEolql7o7G496Izl7Qy/l2Qd/Pwc87W8jFPoL6AAAAQHc7ttIDUKuMJR7uqCLb3qqAxiwEN5KLt/7IblT7f+QaKq4BqqI3cO6vT3eMSZMHZDd4EkgvkAwo1o7IsA4N8Qc=", "second base64-encoded StItem of type StFormatSignedTreeHeadV1")
 )
@@ -23,7 +22,7 @@ var (
 func main() {
 	flag.Parse()
 
-	cli, err := client.NewClientFromPath(*logId, *chain, "", *operators, &http.Client{}, true)
+	cli, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true)
 	if err != nil {
 		glog.Fatal(err)
 	}
diff --git a/client/get-proof-by-hash/main.go b/client/get-proof-by-hash/main.go
index 04dd7dc..964bcda 100644
--- a/client/get-proof-by-hash/main.go
+++ b/client/get-proof-by-hash/main.go
@@ -16,7 +16,6 @@ import (
 var (
 	operators      = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators")
 	logId          = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier")
-	chain          = flag.String("chain", "../../server/testdata/x509/end-entity.pem", "path to pem-encoded certificate chain that the log accepts")
 	signedTreeHead = flag.String("sth", "AAEgB9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPMAAAF1jnn7fwAAAAAAAAAxICCqLJn4QWYd0aRIRjDWGf4GWalDIb/iH60jSSX89WgvAAAAQF9XPFRdM56KaelHFFg1RqjTw1yFL085zHhdNkLeZh9BCXxVTByqrHEMngAkY69EX45aJMWh9NymmPau0qoigA8=", "base64-encoded StItem of type StFormatSignedTreeHeadV1")
 	entry          = flag.String("entry", "AAUBOCAsYkIyzdIhdxKU37sxCsoACg32rItmtpbZDvBv3vtkow==", "base64-encoded StItem of type StFormatChecksumV1")
 )
@@ -24,7 +23,7 @@ var (
 func main() {
 	flag.Parse()
 
-	cli, err := client.NewClientFromPath(*logId, *chain, "", *operators, &http.Client{}, true)
+	cli, err := client.NewClientFromPath(*logId, "", "", *operators, &http.Client{}, true)
 	if err != nil {
 		glog.Fatal(err)
 	}