aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--handler.go15
-rw-r--r--instance.go28
-rw-r--r--reqres.go14
-rw-r--r--server/main.go2
4 files changed, 43 insertions, 16 deletions
diff --git a/handler.go b/handler.go
index 27b2fd9..42f9e23 100644
--- a/handler.go
+++ b/handler.go
@@ -120,9 +120,20 @@ func getEntries(ctx context.Context, i *instance, w http.ResponseWriter, r *http
}
// getAnchors provides a list of configured trust anchors
-func getAnchors(ctx context.Context, i *instance, w http.ResponseWriter, r *http.Request) (int, error) {
+func getAnchors(_ context.Context, i *instance, w http.ResponseWriter, _ *http.Request) (int, error) {
glog.Info("in getAnchors")
- return http.StatusOK, nil // TODO
+ data := NewGetAnchorsResponse(i.anchorsPool.RawCertificates())
+ json, err := json.Marshal(&data)
+ if err != nil {
+ return http.StatusInternalServerError, fmt.Errorf("failed json-encoding GetAnchorsResponse: %v", err)
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ _, err = w.Write(json)
+ if err != nil {
+ return http.StatusInternalServerError, fmt.Errorf("failed writing get-anchors response: %v", err)
+ }
+ return http.StatusOK, nil
}
// getProofByHash provides an inclusion proof based on a given leaf hash
diff --git a/instance.go b/instance.go
index 3f53e5f..c8aaca3 100644
--- a/instance.go
+++ b/instance.go
@@ -14,23 +14,25 @@ import (
// instance groups information about a specific STFE instance.
type instance struct {
- prefix string
- logID int64
- client trillian.TrillianLogClient
- deadline time.Duration
- anchors ctfe.CertValidationOpts
- timesource ctutil.TimeSource
+ prefix string
+ logID int64
+ client trillian.TrillianLogClient
+ deadline time.Duration
+ anchors ctfe.CertValidationOpts
+ anchorsPool ctfe.PEMCertPool // TODO: merge anchors and anchorsPool
+ timesource ctutil.TimeSource
}
// NewInstance returns a new STFE instance
-func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts) *instance {
+func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts, anchorsPool ctfe.PEMCertPool) *instance {
return &instance{
- prefix: prefix,
- logID: id,
- client: client,
- deadline: deadline,
- timesource: timesource,
- anchors: anchors,
+ prefix: prefix,
+ logID: id,
+ client: client,
+ deadline: deadline,
+ timesource: timesource,
+ anchors: anchors,
+ anchorsPool: anchorsPool,
}
}
diff --git a/reqres.go b/reqres.go
index c384d02..a12892e 100644
--- a/reqres.go
+++ b/reqres.go
@@ -11,6 +11,7 @@ import (
"github.com/google/certificate-transparency-go/tls"
"github.com/google/certificate-transparency-go/trillian/ctfe"
+ "github.com/google/certificate-transparency-go/x509"
"github.com/google/trillian"
)
@@ -50,6 +51,11 @@ type GetProofByHashResponse struct {
InclusionProof string `json:"inclusion_proof"` // base64-encoded StItem
}
+// GetAnchorsResponse
+type GetAnchorsResponse struct {
+ Certificates []string `json:"certificates"`
+}
+
// NewAddEntryRequest parses and sanitizes the JSON-encoded add-entry
// parameters from an incoming HTTP post. The resulting AddEntryRequest is
// well-formed, but not necessarily trusted (further sanitization is needed).
@@ -142,6 +148,14 @@ func NewGetProofByHashResponse(treeSize uint64, inclusionProof *trillian.Proof)
}, nil
}
+func NewGetAnchorsResponse(anchors []*x509.Certificate) GetAnchorsResponse {
+ certificates := make([]string, 0, len(anchors))
+ for _, certificate := range anchors {
+ certificates = append(certificates, base64.StdEncoding.EncodeToString(certificate.Raw))
+ }
+ return GetAnchorsResponse{Certificates: certificates}
+}
+
// VerifyAddEntryRequest determines whether a well-formed AddEntryRequest should
// be inserted into the log. If so, the serialized leaf value is returned.
func VerifyAddEntryRequest(a ctfe.CertValidationOpts, r AddEntryRequest) ([]byte, error) {
diff --git a/server/main.go b/server/main.go
index f52433b..53df7ee 100644
--- a/server/main.go
+++ b/server/main.go
@@ -48,7 +48,7 @@ func main() {
glog.Infof("%v", cert_pool.Subjects())
glog.Info("Creating STFE server instance")
- stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors)
+ stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors, *cert_pool)
stfe_server.AddEndpoints(mux)
glog.Infof("Serving on %v%v", *httpEndpoint, *prefix)