aboutsummaryrefslogtreecommitdiff
path: root/server/main.go
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-10-23 18:01:10 +0200
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-10-23 18:01:10 +0200
commit9b38f5a034486c27eaf81062ecdd86a72667e2b0 (patch)
treef2c7a4e4c485214f81aa66882ea69f93c1aa85d1 /server/main.go
parent7d62710808a38102c09c4f18b1309bf63051db5e (diff)
added basic trust-anchor code path
Pretty much the bare minimum to load trust anchors from file and check that the submitter's certificate chains back to something valid.
Diffstat (limited to 'server/main.go')
-rw-r--r--server/main.go22
1 files changed, 16 insertions, 6 deletions
diff --git a/server/main.go b/server/main.go
index 53ac8e6..f52433b 100644
--- a/server/main.go
+++ b/server/main.go
@@ -12,15 +12,18 @@ import (
"github.com/system-transparency/stfe"
"google.golang.org/grpc"
+ "github.com/google/certificate-transparency-go/trillian/ctfe"
ctutil "github.com/google/certificate-transparency-go/trillian/util"
+ "github.com/google/certificate-transparency-go/x509"
)
var (
- httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients")
- rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients")
- prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path")
- trillianID = flag.Int64("trillianID", 5991359069696313945, "log identifier in the Trillian database")
- rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
+ httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients")
+ rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients")
+ prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path")
+ trillianID = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database")
+ rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
+ anchorsPemFile = flag.String("anchors_file", "testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates")
)
func main() {
@@ -37,8 +40,15 @@ func main() {
mux := http.NewServeMux()
http.Handle("/", mux)
+ // TODO: proper setup
+ glog.Info("Loading trust anchors")
+ cert_pool := ctfe.NewPEMCertPool()
+ cert_pool.AppendCertsFromPEMFile(*anchorsPemFile)
+ anchors := ctfe.NewCertValidationOpts(cert_pool, time.Now(), true, false, nil, nil, false, []x509.ExtKeyUsage{})
+ glog.Infof("%v", cert_pool.Subjects())
+
glog.Info("Creating STFE server instance")
- stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource))
+ stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors)
stfe_server.AddEndpoints(mux)
glog.Infof("Serving on %v%v", *httpEndpoint, *prefix)