aboutsummaryrefslogtreecommitdiff
path: root/descriptor
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-01-29 17:29:34 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2021-01-29 17:29:34 +0100
commit7dfa743dce780659bd2e71130d91d51e93b1f68e (patch)
treea05f44a93ae28f6cdf3c4b19817a2d53c2370f61 /descriptor
parent20903a5fb26e90ef4b94d157927c3e82bb1893c2 (diff)
replaced x509 with namespace on the client-side
Diffstat (limited to 'descriptor')
-rw-r--r--descriptor/descriptor.go23
-rw-r--r--descriptor/descriptor_test.go43
-rw-r--r--descriptor/stfe.json26
3 files changed, 49 insertions, 43 deletions
diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go
index 1879cd8..efe2cf1 100644
--- a/descriptor/descriptor.go
+++ b/descriptor/descriptor.go
@@ -4,12 +4,11 @@ import (
"bytes"
"fmt"
- "crypto"
- "crypto/tls"
- "crypto/x509"
"encoding/base64"
"encoding/json"
"io/ioutil"
+
+ "github.com/system-transparency/stfe/namespace"
)
// Operator is an stfe log operator that runs zero or more logs
@@ -21,12 +20,9 @@ type Operator struct {
// Log is a collection of immutable stfe log parameters
type Log struct {
- Id []byte `json:"id"` // H(PublicKey)
- PublicKey []byte `json:"public_key"` // DER-encoded SubjectPublicKeyInfo
- Scheme tls.SignatureScheme `json:"signature_scheme"` // Signature schemes used by the log (RFC 8446, §4.2.3)
- Schemes []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3)
- MaxChain uint8 `json:"max_chain"` // maximum certificate chain length
- BaseUrl string `json:"base_url"` // E.g., example.com/st/v1
+ Id []byte `json:"id"` // Serialized namespace
+ BaseUrl string `json:"base_url"` // E.g., example.com/st/v1
+ // TODO: List of supported namespace types?
}
func FindLog(ops []Operator, logId []byte) (*Log, error) {
@@ -53,7 +49,10 @@ func LoadOperators(path string) ([]Operator, error) {
return ops, nil
}
-// Key parses the log's public key
-func (l *Log) Key() (crypto.PublicKey, error) {
- return x509.ParsePKIXPublicKey(l.PublicKey)
+func (l *Log) Namespace() (*namespace.Namespace, error) {
+ var n namespace.Namespace
+ if err := n.Unmarshal(l.Id); err != nil {
+ return nil, fmt.Errorf("invalid namespace: %v", err)
+ }
+ return &n, nil
}
diff --git a/descriptor/descriptor_test.go b/descriptor/descriptor_test.go
index d01fc66..22641ca 100644
--- a/descriptor/descriptor_test.go
+++ b/descriptor/descriptor_test.go
@@ -4,14 +4,12 @@ import (
"fmt"
"testing"
- "crypto/sha256"
- "crypto/tls"
"encoding/base64"
"encoding/json"
)
const (
- operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=","public_key":"MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=","signature_scheme":2055,"signature_schemes":[2055],"max_chain":3,"base_url":"example.com/st/v1"}]}]`
+ operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=","base_url":"example.com/st/v1"}]}]`
)
func TestMarshal(t *testing.T) {
@@ -52,7 +50,7 @@ func TestFindLog(t *testing.T) {
logId []byte
wantError bool
}{
- {makeOperatorList(), deb64("B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM="), false},
+ {makeOperatorList(), deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="), false},
{makeOperatorList(), []byte{0, 1, 2, 3}, true},
} {
_, err := FindLog(table.ops, table.logId)
@@ -62,24 +60,39 @@ func TestFindLog(t *testing.T) {
}
}
+func TestNamespace(t *testing.T) {
+ for _, table := range []struct {
+ description string
+ id []byte
+ wantErr bool
+ }{
+ {
+ description: "invalid: not a namespace",
+ id: []byte{0,1,2,3},
+ wantErr: true,
+ },
+ {
+ description: "valid",
+ id: deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="),
+ },
+ }{
+ l := &Log{ Id: table.id, BaseUrl: "example.com/st/v1" }
+ _, err := l.Namespace()
+ if got, want := err != nil, table.wantErr; got != want {
+ t.Errorf("wanted error %v but got %v in test %q: %v", got, want, table.description, err)
+ return
+ }
+ }
+}
+
func makeOperatorList() []Operator {
- pub := deb64("MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=")
- h := sha256.New()
- h.Write(pub)
- id := h.Sum(nil)
return []Operator{
Operator{
Name: "Test operator",
Email: "test@example.com",
Logs: []*Log{
&Log{
- Id: id,
- PublicKey: pub,
- Scheme: tls.Ed25519,
- Schemes: []tls.SignatureScheme{
- tls.Ed25519,
- },
- MaxChain: 3,
+ Id: deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="),
BaseUrl: "example.com/st/v1",
},
},
diff --git a/descriptor/stfe.json b/descriptor/stfe.json
index d987c47..34f884b 100644
--- a/descriptor/stfe.json
+++ b/descriptor/stfe.json
@@ -1,18 +1,12 @@
[
- {
- "name": "Test operator",
- "email": "test@example.com",
- "logs": [
- {
- "max_chain": 3,
- "id": "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=",
- "signature_schemes": [
- 2055
- ],
- "base_url": "localhost:6965/st/v1",
- "signature_scheme": 2055,
- "public_key": "MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0="
- }
- ]
- }
+ {
+ "name": "Test operator",
+ "email":"test@example.com",
+ "logs": [
+ {
+ "id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=",
+ "base_url":"localhost:6965/st/v1"
+ }
+ ]
+ }
]