aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--client/client.go8
-rw-r--r--client/get-consistency-proof/main.go9
-rw-r--r--client/get-proof-by-hash/main.go4
-rw-r--r--descriptor/descriptor.go9
4 files changed, 19 insertions, 11 deletions
diff --git a/client/client.go b/client/client.go
index 88ccf2f..159a5df 100644
--- a/client/client.go
+++ b/client/client.go
@@ -104,7 +104,9 @@ func (c *Client) AddEntry(ctx context.Context, name, checksum []byte) (*stfe.StI
return nil, fmt.Errorf("bad StItem format: %v", item.Format)
}
- if err := VerifySignedDebugInfoV1(item, c.Log.Scheme, c.Log.Key(), leaf); err != nil {
+ if k, err := c.Log.Key(); err != nil {
+ return nil, fmt.Errorf("bad public key: %v", err)
+ } else if err := VerifySignedDebugInfoV1(item, c.Log.Scheme, k, leaf); err != nil {
return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err)
}
return item, nil
@@ -125,7 +127,9 @@ func (c *Client) GetSth(ctx context.Context) (*stfe.StItem, error) {
return nil, fmt.Errorf("bad StItem format: %v", item.Format)
}
- if err := VerifySignedTreeHeadV1(item, c.Log.Scheme, c.Log.Key()); err != nil {
+ if k, err := c.Log.Key(); err != nil {
+ return nil, fmt.Errorf("bad public key: %v", err)
+ } else if err := VerifySignedTreeHeadV1(item, c.Log.Scheme, k); err != nil {
return nil, fmt.Errorf("bad SignedDebugInfoV1 signature: %v", err)
}
return item, nil
diff --git a/client/get-consistency-proof/main.go b/client/get-consistency-proof/main.go
index 72fa804..acf116e 100644
--- a/client/get-consistency-proof/main.go
+++ b/client/get-consistency-proof/main.go
@@ -28,11 +28,16 @@ func main() {
glog.Fatal(err)
}
+ k, err := cli.Log.Key()
+ if err != nil {
+ glog.Fatalf("bad public key: %v", err)
+ }
+
var sth1 stfe.StItem
if err := sth1.UnmarshalB64(*first); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
- if err := client.VerifySignedTreeHeadV1(&sth1, cli.Log.Scheme, cli.Log.Key()); err != nil {
+ if err := client.VerifySignedTreeHeadV1(&sth1, cli.Log.Scheme, k); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
glog.V(3).Info("verified first sth")
@@ -41,7 +46,7 @@ func main() {
if err := sth2.UnmarshalB64(*second); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
- if err := client.VerifySignedTreeHeadV1(&sth2, cli.Log.Scheme, cli.Log.Key()); err != nil {
+ if err := client.VerifySignedTreeHeadV1(&sth2, cli.Log.Scheme, k); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
glog.V(3).Info("verified second sth")
diff --git a/client/get-proof-by-hash/main.go b/client/get-proof-by-hash/main.go
index 897a8aa..04dd7dc 100644
--- a/client/get-proof-by-hash/main.go
+++ b/client/get-proof-by-hash/main.go
@@ -33,7 +33,9 @@ func main() {
if err := sth.UnmarshalB64(*signedTreeHead); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
- if err := client.VerifySignedTreeHeadV1(&sth, cli.Log.Scheme, cli.Log.Key()); err != nil {
+ if k, err := cli.Log.Key(); err != nil {
+ glog.Fatalf("bad public key: %v", err)
+ } else if err := client.VerifySignedTreeHeadV1(&sth, cli.Log.Scheme, k); err != nil {
glog.Fatalf("bad signed tree head: %v", err)
}
glog.V(3).Info("verified sth")
diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go
index 267a401..1879cd8 100644
--- a/descriptor/descriptor.go
+++ b/descriptor/descriptor.go
@@ -53,10 +53,7 @@ func LoadOperators(path string) ([]Operator, error) {
return ops, nil
}
-func (l *Log) Key() crypto.PublicKey {
- k, err := x509.ParsePKIXPublicKey(l.PublicKey)
- if err != nil {
- panic("TODO: make a new function and parse public key there")
- }
- return k
+// Key parses the log's public key
+func (l *Log) Key() (crypto.PublicKey, error) {
+ return x509.ParsePKIXPublicKey(l.PublicKey)
}