aboutsummaryrefslogtreecommitdiff
path: root/instance.go
diff options
context:
space:
mode:
Diffstat (limited to 'instance.go')
-rw-r--r--instance.go22
1 files changed, 20 insertions, 2 deletions
diff --git a/instance.go b/instance.go
index 7a353fe..6732698 100644
--- a/instance.go
+++ b/instance.go
@@ -8,6 +8,7 @@ import (
"crypto/sha256"
"crypto/x509"
"encoding/base64"
+ "io/ioutil"
"net/http"
"github.com/golang/glog"
@@ -61,12 +62,16 @@ func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline
// NewLogParameters initializes log parameters, assuming ed25519 signatures.
func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) {
- anchorList, anchorPool, err := x509util.LoadTrustAnchors(anchorPath)
+ anchorList, anchorPool, err := loadTrustAnchors(anchorPath)
if err != nil {
return nil, err
}
- key, err := x509util.LoadEd25519SigningKey(keyPath)
+ pem, err := ioutil.ReadFile(keyPath)
+ if err != nil {
+ return nil, fmt.Errorf("failed reading %s: %v", keyPath, err)
+ }
+ key, err := x509util.NewEd25519PrivateKey(pem)
if err != nil {
return nil, err
}
@@ -109,3 +114,16 @@ func (i *Instance) registerHandlers(mux *http.ServeMux) {
mux.Handle(endpoint.path, endpoint.handler)
}
}
+
+// loadTrustAnchors loads a list of PEM-encoded certificates from file
+func loadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) {
+ pem, err := ioutil.ReadFile(path)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed reading trust anchors: %v", err)
+ }
+ anchorList, err := x509util.NewCertificateList(pem)
+ if err != nil || len(anchorList) == 0 {
+ return nil, nil, fmt.Errorf("failed parsing trust anchors: %v", err)
+ }
+ return anchorList, x509util.NewCertPool(anchorList), nil
+}