diff options
| -rw-r--r-- | instance.go | 6 | ||||
| -rw-r--r-- | server/main.go | 4 | ||||
| -rw-r--r-- | x509.go | 4 |
3 files changed, 8 insertions, 6 deletions
diff --git a/instance.go b/instance.go index 178b058..d5c47c9 100644 --- a/instance.go +++ b/instance.go @@ -54,7 +54,7 @@ func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline } // NewLogParameters initializes log parameters, assuming ed25519 signatures. -func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) (*LogParameters, error) { +func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) { anchorList, anchorPool, err := LoadTrustAnchors(anchorPath) if err != nil { return nil, err @@ -77,8 +77,8 @@ func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) ( LogId: logId, TreeId: treeId, Prefix: prefix, - MaxRange: 2, // TODO: allow configuration - MaxChain: 3, // TODO: allow configuration + MaxRange: maxRange, + MaxChain: maxChain, AnchorPool: anchorPool, AnchorList: anchorList, Signer: key, diff --git a/server/main.go b/server/main.go index 3bc9dce..aea2239 100644 --- a/server/main.go +++ b/server/main.go @@ -21,6 +21,8 @@ var ( rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") anchorPath = flag.String("anchor_path", "testdata/x509/root.pem", "path to a file containing PEM-encoded X.509 root certificates") keyPath = flag.String("key_path", "testdata/log/private.key", "path to a PEM-encoded ed25519 signing key") + maxRange = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request") + maxChain = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor") ) func main() { @@ -38,7 +40,7 @@ func main() { mux := http.NewServeMux() http.Handle("/", mux) - lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath) + lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath, *maxRange, *maxChain) if err != nil { glog.Fatalf("failed setting up log parameters: %v", err) } @@ -170,9 +170,9 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif } opts := x509.VerifyOptions{ - Roots: lp.AnchorPool, + Roots: lp.AnchorPool, Intermediates: intermediatePool, - KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld } chains, err := certificate.Verify(opts) |