diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-12-01 20:42:21 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-12-01 20:42:21 +0100 |
commit | b540f681b4cdf740f9b8d1e584fd2b107fc1b090 (patch) | |
tree | 26f2f9c3df8a563463c19621cb9f812978c90af3 /instance.go | |
parent | 12af3f2e8fad65534b83260967ea7463df6ca652 (diff) |
started to clean-up instance
Things like opening files is better place in the server package. Any
code that is difficult to test should also not be in the STFE package.
Diffstat (limited to 'instance.go')
-rw-r--r-- | instance.go | 141 |
1 files changed, 49 insertions, 92 deletions
diff --git a/instance.go b/instance.go index 2c108aa..b0a2d9e 100644 --- a/instance.go +++ b/instance.go @@ -9,31 +9,12 @@ import ( "crypto/sha256" "crypto/x509" "encoding/base64" - "io/ioutil" "net/http" - "github.com/golang/glog" "github.com/google/trillian" "github.com/system-transparency/stfe/x509util" ) -type Endpoint string - -const ( - EndpointAddEntry = Endpoint("add-entry") - EndpointGetEntries = Endpoint("get-entries") - EndpointGetAnchors = Endpoint("get-anchors") - EndpointGetProofByHash = Endpoint("get-proof-by-hash") - EndpointGetConsistencyProof = Endpoint("get-consistency-proof") - EndpointGetSth = Endpoint("get-sth") -) - -// Path joins a number of components to form a full endpoint path, e.g., base -// ("example.com"), prefix ("st/v1"), and the endpoint itself ("get-sth"). -func (e Endpoint) Path(components ...string) string { - return strings.Join(append(components, string(e)), "/") -} - // Instance is an instance of a particular log front-end type Instance struct { LogParameters *LogParameters @@ -55,6 +36,18 @@ type LogParameters struct { HashType crypto.Hash // hash function used by Trillian } +// Endpoint is a named HTTP API endpoint +type Endpoint string + +const ( + EndpointAddEntry = Endpoint("add-entry") + EndpointGetEntries = Endpoint("get-entries") + EndpointGetAnchors = Endpoint("get-anchors") + EndpointGetProofByHash = Endpoint("get-proof-by-hash") + EndpointGetConsistencyProof = Endpoint("get-consistency-proof") + EndpointGetSth = Endpoint("get-sth") +) + func (i Instance) String() string { return fmt.Sprintf("%s Deadline(%v)\n", i.LogParameters, i.Deadline) } @@ -63,103 +56,67 @@ func (p LogParameters) String() string { return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) NumAnchors(%d)", base64.StdEncoding.EncodeToString(p.LogId), p.TreeId, p.Prefix, len(p.AnchorList)) } -func (i *LogParameters) id() string { - return base64.StdEncoding.EncodeToString(i.LogId) +func (e Endpoint) String() string { + return string(e) } -// NewInstance returns a new STFE Instance -func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline time.Duration, mux *http.ServeMux) (*Instance, error) { - i := &Instance{ +// NewInstance creates a new STFE instance +func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline time.Duration, mux *http.ServeMux) *Instance { + return &Instance{ LogParameters: lp, Client: client, Deadline: deadline, } - i.registerHandlers(mux) - return i, nil } -// NewLogParameters initializes log parameters, assuming ed25519 signatures. -func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) { - anchorList, anchorPool, err := loadTrustAnchors(anchorPath) +// NewLogParameters creates new log parameters. Note that the signer is +// assumed to be an ed25519 signing key. Could be fixed at some point. +func NewLogParameters(treeId int64, prefix string, anchors []*x509.Certificate, signer crypto.Signer, maxRange, maxChain int64) (*LogParameters, error) { + pub, err := x509.MarshalPKIXPublicKey(signer.Public()) if err != nil { - return nil, err - } - - pem, err := ioutil.ReadFile(keyPath) - if err != nil { - return nil, fmt.Errorf("failed reading %s: %v", keyPath, err) + return nil, fmt.Errorf("failed DER encoding SubjectPublicKeyInfo: %v", err) } - key, err := x509util.NewEd25519PrivateKey(pem) - if err != nil { - return nil, err + if maxRange < 1 { + return nil, fmt.Errorf("invalid max range: must be at least 1") } - - pub, err := x509.MarshalPKIXPublicKey(key.Public()) - if err != nil { - return nil, fmt.Errorf("failed DER encoding SubjectPublicKeyInfo: %v", err) + if maxChain < 1 { + return nil, fmt.Errorf("invalid max chain: must be at least 1") } hasher := sha256.New() hasher.Write(pub) - logId := hasher.Sum(nil) - return &LogParameters{ - LogId: logId, + LogId: hasher.Sum(nil), TreeId: treeId, Prefix: prefix, MaxRange: maxRange, MaxChain: maxChain, - AnchorPool: anchorPool, - AnchorList: anchorList, + AnchorPool: x509util.NewCertPool(anchors), + AnchorList: anchors, KeyUsage: []x509.ExtKeyUsage{}, // placeholder, must be tested if used - Signer: key, - HashType: crypto.SHA256, + Signer: signer, + HashType: crypto.SHA256, // STFE assumes RFC 6962 hashing }, nil } -func (i *Instance) registerHandlers(mux *http.ServeMux) { - for _, endpoint := range []struct { - path string - handler handler - }{ - { - EndpointAddEntry.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: addEntry, endpoint: EndpointAddEntry, method: http.MethodPost}, - }, - { - EndpointGetEntries.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: getEntries, endpoint: EndpointGetEntries, method: http.MethodGet}, - }, - { - EndpointGetAnchors.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: getAnchors, endpoint: EndpointGetAnchors, method: http.MethodGet}, - }, - { - EndpointGetProofByHash.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: getProofByHash, endpoint: EndpointGetProofByHash, method: http.MethodGet}, - }, - { - EndpointGetConsistencyProof.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: getConsistencyProof, endpoint: EndpointGetConsistencyProof, method: http.MethodGet}, - }, - { - EndpointGetSth.Path("", i.LogParameters.Prefix), - handler{instance: i, handler: getSth, endpoint: EndpointGetSth, method: http.MethodGet}, - }, - } { - glog.Infof("adding handler for %v", endpoint.path) - mux.Handle(endpoint.path, endpoint.handler) - } +// Path joins a number of components to form a full endpoint path, e.g., base +// ("example.com"), prefix ("st/v1"), and the endpoint itself ("get-sth"). +func (e Endpoint) Path(components ...string) string { + return strings.Join(append(components, string(e)), "/") } -// loadTrustAnchors loads a list of PEM-encoded certificates from file -func loadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) { - pem, err := ioutil.ReadFile(path) - if err != nil { - return nil, nil, fmt.Errorf("failed reading trust anchors: %v", err) - } - anchorList, err := x509util.NewCertificateList(pem) - if err != nil || len(anchorList) == 0 { - return nil, nil, fmt.Errorf("failed parsing trust anchors: %v", err) +// TODO: id() docdoc +func (i *LogParameters) id() string { + return base64.StdEncoding.EncodeToString(i.LogId) +} + +// Handlers returns a list of STFE handlers +func (i *Instance) Handlers() []Handler { + return []Handler{ + Handler{instance: i, handler: addEntry, endpoint: EndpointAddEntry, method: http.MethodPost}, + Handler{instance: i, handler: getEntries, endpoint: EndpointGetEntries, method: http.MethodGet}, + Handler{instance: i, handler: getAnchors, endpoint: EndpointGetAnchors, method: http.MethodGet}, + Handler{instance: i, handler: getProofByHash, endpoint: EndpointGetProofByHash, method: http.MethodGet}, + Handler{instance: i, handler: getConsistencyProof, endpoint: EndpointGetConsistencyProof, method: http.MethodGet}, + Handler{instance: i, handler: getSth, endpoint: EndpointGetSth, method: http.MethodGet}, } - return anchorList, x509util.NewCertPool(anchorList), nil } |