diff options
Diffstat (limited to 'instance.go')
-rw-r--r-- | instance.go | 42 |
1 files changed, 15 insertions, 27 deletions
diff --git a/instance.go b/instance.go index 122cb67..f013153 100644 --- a/instance.go +++ b/instance.go @@ -6,12 +6,10 @@ import ( "strings" "time" - "crypto/sha256" - "crypto/x509" "net/http" "github.com/google/trillian" - "github.com/system-transparency/stfe/x509util" + "github.com/system-transparency/stfe/namespace" ) // Instance is an instance of a particular log front-end @@ -23,14 +21,12 @@ type Instance struct { // LogParameters is a collection of log parameters type LogParameters struct { - LogId []byte // used externally by everyone - TreeId int64 // used internally by Trillian - Prefix string // e.g., "test" for <base>/test - MaxRange int64 // max entries per get-entries request - MaxChain int64 // max submitter certificate chain length - AnchorPool *x509.CertPool // for chain verification - AnchorList []*x509.Certificate // for access to the raw certificates - KeyUsage []x509.ExtKeyUsage // which extended key usages are accepted + LogId []byte // used externally by everyone + TreeId int64 // used internally by Trillian + Prefix string // e.g., "test" for <base>/test + MaxRange int64 // max entries per get-entries request + MaxChain int64 // max submitter certificate chain length + Namespaces *namespace.NamespacePool // trust namespaces Signer crypto.Signer HashType crypto.Hash // hash function used by Trillian } @@ -52,7 +48,7 @@ func (i Instance) String() string { } func (lp LogParameters) String() string { - return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) MaxRange(%d) MaxChain(%d) NumAnchors(%d)", lp.id(), lp.TreeId, lp.Prefix, lp.MaxRange, lp.MaxChain, len(lp.AnchorList)) + return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) MaxRange(%d) MaxChain(%d) NumAnchors(%d)", lp.id(), lp.TreeId, lp.Prefix, lp.MaxRange, lp.MaxChain, len(lp.Namespaces.List())) } func (e Endpoint) String() string { @@ -70,34 +66,26 @@ func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline // NewLogParameters creates new log parameters. Note that the signer is // assumed to be an ed25519 signing key. Could be fixed at some point. -func NewLogParameters(treeId int64, prefix string, anchors []*x509.Certificate, signer crypto.Signer, maxRange, maxChain int64) (*LogParameters, error) { +func NewLogParameters(signer crypto.Signer, logId *namespace.Namespace, treeId int64, prefix string, namespaces *namespace.NamespacePool, maxRange int64) (*LogParameters, error) { if signer == nil { return nil, fmt.Errorf("need a signer but got none") } - if len(anchors) < 1 { - return nil, fmt.Errorf("need at least one trust anchor") - } if maxRange < 1 { return nil, fmt.Errorf("max range must be at least one") } - if maxChain < 1 { - return nil, fmt.Errorf("max chain must be at least one") + if len(namespaces.List()) < 1 { + return nil, fmt.Errorf("need at least one trusted namespace") } - pub, err := x509.MarshalPKIXPublicKey(signer.Public()) + lid, err := logId.Marshal() if err != nil { - return nil, fmt.Errorf("failed DER encoding SubjectPublicKeyInfo: %v", err) + return nil, fmt.Errorf("failed encoding log identifier: %v", err) } - hasher := sha256.New() - hasher.Write(pub) return &LogParameters{ - LogId: hasher.Sum(nil), + LogId: lid, TreeId: treeId, Prefix: prefix, MaxRange: maxRange, - MaxChain: maxChain, - AnchorPool: x509util.NewCertPool(anchors), - AnchorList: anchors, - KeyUsage: []x509.ExtKeyUsage{}, // placeholder, must be tested if used + Namespaces: namespaces, Signer: signer, HashType: crypto.SHA256, // STFE assumes RFC 6962 hashing }, nil |