diff options
author | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-10-23 18:01:10 +0200 |
---|---|---|
committer | Rasmus Dahlberg <rasmus.dahlberg@kau.se> | 2020-10-23 18:01:10 +0200 |
commit | 9b38f5a034486c27eaf81062ecdd86a72667e2b0 (patch) | |
tree | f2c7a4e4c485214f81aa66882ea69f93c1aa85d1 /server/main.go | |
parent | 7d62710808a38102c09c4f18b1309bf63051db5e (diff) |
added basic trust-anchor code path
Pretty much the bare minimum to load trust anchors from file and check
that the submitter's certificate chains back to something valid.
Diffstat (limited to 'server/main.go')
-rw-r--r-- | server/main.go | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/server/main.go b/server/main.go index 53ac8e6..f52433b 100644 --- a/server/main.go +++ b/server/main.go @@ -12,15 +12,18 @@ import ( "github.com/system-transparency/stfe" "google.golang.org/grpc" + "github.com/google/certificate-transparency-go/trillian/ctfe" ctutil "github.com/google/certificate-transparency-go/trillian/util" + "github.com/google/certificate-transparency-go/x509" ) var ( - httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients") - rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients") - prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path") - trillianID = flag.Int64("trillianID", 5991359069696313945, "log identifier in the Trillian database") - rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") + httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients") + rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients") + prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path") + trillianID = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database") + rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") + anchorsPemFile = flag.String("anchors_file", "testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates") ) func main() { @@ -37,8 +40,15 @@ func main() { mux := http.NewServeMux() http.Handle("/", mux) + // TODO: proper setup + glog.Info("Loading trust anchors") + cert_pool := ctfe.NewPEMCertPool() + cert_pool.AppendCertsFromPEMFile(*anchorsPemFile) + anchors := ctfe.NewCertValidationOpts(cert_pool, time.Now(), true, false, nil, nil, false, []x509.ExtKeyUsage{}) + glog.Infof("%v", cert_pool.Subjects()) + glog.Info("Creating STFE server instance") - stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource)) + stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors) stfe_server.AddEndpoints(mux) glog.Infof("Serving on %v%v", *httpEndpoint, *prefix) |