aboutsummaryrefslogtreecommitdiff
path: root/instance.go
diff options
context:
space:
mode:
Diffstat (limited to 'instance.go')
-rw-r--r--instance.go141
1 files changed, 49 insertions, 92 deletions
diff --git a/instance.go b/instance.go
index 2c108aa..b0a2d9e 100644
--- a/instance.go
+++ b/instance.go
@@ -9,31 +9,12 @@ import (
"crypto/sha256"
"crypto/x509"
"encoding/base64"
- "io/ioutil"
"net/http"
- "github.com/golang/glog"
"github.com/google/trillian"
"github.com/system-transparency/stfe/x509util"
)
-type Endpoint string
-
-const (
- EndpointAddEntry = Endpoint("add-entry")
- EndpointGetEntries = Endpoint("get-entries")
- EndpointGetAnchors = Endpoint("get-anchors")
- EndpointGetProofByHash = Endpoint("get-proof-by-hash")
- EndpointGetConsistencyProof = Endpoint("get-consistency-proof")
- EndpointGetSth = Endpoint("get-sth")
-)
-
-// Path joins a number of components to form a full endpoint path, e.g., base
-// ("example.com"), prefix ("st/v1"), and the endpoint itself ("get-sth").
-func (e Endpoint) Path(components ...string) string {
- return strings.Join(append(components, string(e)), "/")
-}
-
// Instance is an instance of a particular log front-end
type Instance struct {
LogParameters *LogParameters
@@ -55,6 +36,18 @@ type LogParameters struct {
HashType crypto.Hash // hash function used by Trillian
}
+// Endpoint is a named HTTP API endpoint
+type Endpoint string
+
+const (
+ EndpointAddEntry = Endpoint("add-entry")
+ EndpointGetEntries = Endpoint("get-entries")
+ EndpointGetAnchors = Endpoint("get-anchors")
+ EndpointGetProofByHash = Endpoint("get-proof-by-hash")
+ EndpointGetConsistencyProof = Endpoint("get-consistency-proof")
+ EndpointGetSth = Endpoint("get-sth")
+)
+
func (i Instance) String() string {
return fmt.Sprintf("%s Deadline(%v)\n", i.LogParameters, i.Deadline)
}
@@ -63,103 +56,67 @@ func (p LogParameters) String() string {
return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) NumAnchors(%d)", base64.StdEncoding.EncodeToString(p.LogId), p.TreeId, p.Prefix, len(p.AnchorList))
}
-func (i *LogParameters) id() string {
- return base64.StdEncoding.EncodeToString(i.LogId)
+func (e Endpoint) String() string {
+ return string(e)
}
-// NewInstance returns a new STFE Instance
-func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline time.Duration, mux *http.ServeMux) (*Instance, error) {
- i := &Instance{
+// NewInstance creates a new STFE instance
+func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline time.Duration, mux *http.ServeMux) *Instance {
+ return &Instance{
LogParameters: lp,
Client: client,
Deadline: deadline,
}
- i.registerHandlers(mux)
- return i, nil
}
-// NewLogParameters initializes log parameters, assuming ed25519 signatures.
-func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) {
- anchorList, anchorPool, err := loadTrustAnchors(anchorPath)
+// NewLogParameters creates new log parameters. Note that the signer is
+// assumed to be an ed25519 signing key. Could be fixed at some point.
+func NewLogParameters(treeId int64, prefix string, anchors []*x509.Certificate, signer crypto.Signer, maxRange, maxChain int64) (*LogParameters, error) {
+ pub, err := x509.MarshalPKIXPublicKey(signer.Public())
if err != nil {
- return nil, err
- }
-
- pem, err := ioutil.ReadFile(keyPath)
- if err != nil {
- return nil, fmt.Errorf("failed reading %s: %v", keyPath, err)
+ return nil, fmt.Errorf("failed DER encoding SubjectPublicKeyInfo: %v", err)
}
- key, err := x509util.NewEd25519PrivateKey(pem)
- if err != nil {
- return nil, err
+ if maxRange < 1 {
+ return nil, fmt.Errorf("invalid max range: must be at least 1")
}
-
- pub, err := x509.MarshalPKIXPublicKey(key.Public())
- if err != nil {
- return nil, fmt.Errorf("failed DER encoding SubjectPublicKeyInfo: %v", err)
+ if maxChain < 1 {
+ return nil, fmt.Errorf("invalid max chain: must be at least 1")
}
hasher := sha256.New()
hasher.Write(pub)
- logId := hasher.Sum(nil)
-
return &LogParameters{
- LogId: logId,
+ LogId: hasher.Sum(nil),
TreeId: treeId,
Prefix: prefix,
MaxRange: maxRange,
MaxChain: maxChain,
- AnchorPool: anchorPool,
- AnchorList: anchorList,
+ AnchorPool: x509util.NewCertPool(anchors),
+ AnchorList: anchors,
KeyUsage: []x509.ExtKeyUsage{}, // placeholder, must be tested if used
- Signer: key,
- HashType: crypto.SHA256,
+ Signer: signer,
+ HashType: crypto.SHA256, // STFE assumes RFC 6962 hashing
}, nil
}
-func (i *Instance) registerHandlers(mux *http.ServeMux) {
- for _, endpoint := range []struct {
- path string
- handler handler
- }{
- {
- EndpointAddEntry.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: addEntry, endpoint: EndpointAddEntry, method: http.MethodPost},
- },
- {
- EndpointGetEntries.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: getEntries, endpoint: EndpointGetEntries, method: http.MethodGet},
- },
- {
- EndpointGetAnchors.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: getAnchors, endpoint: EndpointGetAnchors, method: http.MethodGet},
- },
- {
- EndpointGetProofByHash.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: getProofByHash, endpoint: EndpointGetProofByHash, method: http.MethodGet},
- },
- {
- EndpointGetConsistencyProof.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: getConsistencyProof, endpoint: EndpointGetConsistencyProof, method: http.MethodGet},
- },
- {
- EndpointGetSth.Path("", i.LogParameters.Prefix),
- handler{instance: i, handler: getSth, endpoint: EndpointGetSth, method: http.MethodGet},
- },
- } {
- glog.Infof("adding handler for %v", endpoint.path)
- mux.Handle(endpoint.path, endpoint.handler)
- }
+// Path joins a number of components to form a full endpoint path, e.g., base
+// ("example.com"), prefix ("st/v1"), and the endpoint itself ("get-sth").
+func (e Endpoint) Path(components ...string) string {
+ return strings.Join(append(components, string(e)), "/")
}
-// loadTrustAnchors loads a list of PEM-encoded certificates from file
-func loadTrustAnchors(path string) ([]*x509.Certificate, *x509.CertPool, error) {
- pem, err := ioutil.ReadFile(path)
- if err != nil {
- return nil, nil, fmt.Errorf("failed reading trust anchors: %v", err)
- }
- anchorList, err := x509util.NewCertificateList(pem)
- if err != nil || len(anchorList) == 0 {
- return nil, nil, fmt.Errorf("failed parsing trust anchors: %v", err)
+// TODO: id() docdoc
+func (i *LogParameters) id() string {
+ return base64.StdEncoding.EncodeToString(i.LogId)
+}
+
+// Handlers returns a list of STFE handlers
+func (i *Instance) Handlers() []Handler {
+ return []Handler{
+ Handler{instance: i, handler: addEntry, endpoint: EndpointAddEntry, method: http.MethodPost},
+ Handler{instance: i, handler: getEntries, endpoint: EndpointGetEntries, method: http.MethodGet},
+ Handler{instance: i, handler: getAnchors, endpoint: EndpointGetAnchors, method: http.MethodGet},
+ Handler{instance: i, handler: getProofByHash, endpoint: EndpointGetProofByHash, method: http.MethodGet},
+ Handler{instance: i, handler: getConsistencyProof, endpoint: EndpointGetConsistencyProof, method: http.MethodGet},
+ Handler{instance: i, handler: getSth, endpoint: EndpointGetSth, method: http.MethodGet},
}
- return anchorList, x509util.NewCertPool(anchorList), nil
}