1 files changed, 40 insertions, 0 deletions

diff --git a/server/descriptor/descriptor.go b/server/descriptor/descriptor.go
new file mode 100644
index 0000000..ba90289
--- /dev/null
+++ b/server/descriptor/descriptor.go
@@ -0,0 +1,40 @@
+package descriptor
+
+import (
+	"bytes"
+	"fmt"
+
+	"crypto/tls"
+	"encoding/base64"
+)
+
+const (
+	// Location is an url to a json-encoded list of stfe log operators
+	Location = "https://github.com/system-transparency/stfe/tree/main/server/descriptor/stfe.json"
+)
+
+// Operator is an stfe log operator that runs zero or more logs
+type Operator struct {
+	Name  string `json:"name"`
+	Email string `json:"email"`
+	Logs  []*Log `json:"logs"`
+}
+
+// Log is a collection of immutable stfe log parameters
+type Log struct {
+	Id        []byte                `json:"id"`                // H(PublicKey)
+	PublicKey []byte                `json:"public_key"`        // DER-encoded SubjectPublicKeyInfo
+	Scheme    tls.SignatureScheme   `json:"signature_scheme"`  // Signature schemes used by the log (RFC 8446, §4.2.3)
+	Schemes   []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3)
+	MaxChain  uint8                 `json:"max_chain"`         // maximum certificate chain length
+	BaseUrl   string                `json:"base_url"`          // E.g., example.com/st/v1
+}
+
+func (op *Operator) FindLog(logId []byte) (*Log, error) {
+	for _, log := range op.Logs {
+		if bytes.Equal(logId, log.Id) {
+			return log, nil
+		}
+	}
+	return nil, fmt.Errorf("no such log: %s", base64.StdEncoding.EncodeToString(logId))
+}