aboutsummaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/.gitignore1
-rw-r--r--server/README.md60
-rw-r--r--server/main.go165
3 files changed, 0 insertions, 226 deletions
diff --git a/server/.gitignore b/server/.gitignore
deleted file mode 100644
index 254defd..0000000
--- a/server/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-server
diff --git a/server/README.md b/server/README.md
deleted file mode 100644
index 71bb3ac..0000000
--- a/server/README.md
+++ /dev/null
@@ -1,60 +0,0 @@
-# Run Trillian + STFE locally
-Trillian uses a database. So, we will need to set that up. It is documented
-[here](https://github.com/google/trillian#mysql-setup), and how to check that it
-is setup properly
-[here](https://github.com/google/certificate-transparency-go/blob/master/trillian/docs/ManualDeployment.md#data-storage).
-
-Other than the database we need the Trillian log signer, Trillian log server,
-and STFE server.
-```
-$ go install github.com/google/trillian/cmd/trillian_log_signer
-$ go install github.com/google/trillian/cmd/trillian_log_server
-$ go install
-```
-
-Start Trillian log signer:
-```
-trillian_log_signer --logtostderr -v 9 --force_master --rpc_endpoint=localhost:6961 --http_endpoint=localhost:6964 --num_sequencers 1 --sequencer_interval 100ms --batch_size 100
-```
-
-Start Trillian log server:
-```
-trillian_log_server --logtostderr -v 9 --rpc_endpoint=localhost:6962 --http_endpoint=localhost:6963
-```
-
-As described in more detail
-[here](https://github.com/google/certificate-transparency-go/blob/master/trillian/docs/ManualDeployment.md#trillian-services),
-we need to provision a Merkle tree once:
-```
-$ go install github.com/google/trillian/cmd/createtree
-$ createtree --admin_server localhost:6962
-<tree id>
-```
-
-Hang on to `<tree id>`. Our STFE server will use it when talking to the
-Trillian log server to specify which Merkle tree we are working against.
-
-(If you take a look in the `Trees` table you will see that the tree has been
-provisioned.)
-
-We will also need a public key-pair and log identifier for the STFE server.
-```
-$ go install github.com/system-transparency/stfe/types/cmd/new-namespace
-sk: <sk>
-vk: <vk>
-ed25519_v1: <namespace>
-```
-
-The log's identifier is `<namespace>` and contains the public verification key
-`<vk>`. The log's corresponding secret signing key is `<sk>`.
-
-Start STFE server:
-```
-$ ./server --logtostderr -v 9 --http_endpoint localhost:6965 --log_rpc_server localhost:6962 --trillian_id <tree id> --key <sk>
-```
-
-If the log is responsive on, e.g., `GET http://localhost:6965/st/v1/get-latest-sth` you
-may want to try running
-`github.com/system-transparency/stfe/client/cmd/example.sh`. You need to
-configure the log's id though for verification to work (flag `log_id`, which
-should be set to the `<namespace>` output above).
diff --git a/server/main.go b/server/main.go
deleted file mode 100644
index 1fecb43..0000000
--- a/server/main.go
+++ /dev/null
@@ -1,165 +0,0 @@
-// Package main provides an STFE server binary
-package main
-
-import (
- "context"
- "crypto"
- "crypto/ed25519"
- "encoding/hex"
- "flag"
- "fmt"
- "net/http"
- "os"
- "os/signal"
- "strings"
- "sync"
- "syscall"
- "time"
-
- "github.com/golang/glog"
- "github.com/google/trillian"
- "github.com/prometheus/client_golang/prometheus/promhttp"
- "github.com/system-transparency/stfe"
- "github.com/system-transparency/stfe/types"
- "google.golang.org/grpc"
-)
-
-var (
- httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients")
- rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients")
- prefix = flag.String("prefix", "st/v0", "a prefix that proceeds each endpoint path")
- trillianID = flag.Int64("trillian_id", 0, "log identifier in the Trillian database")
- deadline = flag.Duration("deadline", time.Second*10, "deadline for backend requests")
- key = flag.String("key", "", "hex-encoded Ed25519 signing key")
- witnesses = flag.String("witnesses", "", "comma-separated list of trusted witness verification keys in hex")
- maxRange = flag.Int64("max_range", 10, "maximum number of entries that can be retrived in a single request")
- interval = flag.Duration("interval", time.Second*30, "interval used to rotate the log's cosigned STH")
-)
-
-func main() {
- flag.Parse()
- defer glog.Flush()
-
- // wait for clean-up before exit
- var wg sync.WaitGroup
- defer wg.Wait()
- ctx, cancel := context.WithCancel(context.Background())
- defer cancel()
-
- glog.V(3).Infof("configuring stfe instance...")
- instance, err := setupInstanceFromFlags()
- if err != nil {
- glog.Errorf("setupInstance: %v", err)
- return
- }
-
- glog.V(3).Infof("spawning SthSource")
- go func() {
- wg.Add(1)
- defer wg.Done()
- instance.SthSource.Run(ctx)
- glog.Errorf("SthSource shutdown")
- cancel() // must have SthSource running
- }()
-
- glog.V(3).Infof("spawning await")
- server := http.Server{Addr: *httpEndpoint}
- go await(ctx, func() {
- wg.Add(1)
- defer wg.Done()
- ctxInner, _ := context.WithTimeout(ctx, time.Second*60)
- glog.Infof("Shutting down HTTP server...")
- server.Shutdown(ctxInner)
- glog.V(3).Infof("HTTP server shutdown")
- glog.Infof("Shutting down spawned go routines...")
- cancel()
- })
-
- glog.Infof("Serving on %v/%v", *httpEndpoint, *prefix)
- if err = server.ListenAndServe(); err != http.ErrServerClosed {
- glog.Errorf("ListenAndServe: %v", err)
- }
-}
-
-// SetupInstance sets up a new STFE instance from flags
-func setupInstanceFromFlags() (*stfe.Instance, error) {
- // Trillian gRPC connection
- dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(*deadline)}
- conn, err := grpc.Dial(*rpcBackend, dialOpts...)
- if err != nil {
- return nil, fmt.Errorf("Dial: %v", err)
- }
- client := trillian.NewTrillianLogClient(conn)
- // HTTP multiplexer
- mux := http.NewServeMux()
- http.Handle("/", mux)
- // Prometheus metrics
- glog.V(3).Infof("Adding prometheus handler on path: /metrics")
- http.Handle("/metrics", promhttp.Handler())
- // Trusted witnesses
- witnesses, err := newWitnessMap(*witnesses)
- if err != nil {
- return nil, fmt.Errorf("newWitnessMap: %v", err)
- }
- // Secret signing key
- sk, err := hex.DecodeString(*key)
- if err != nil {
- return nil, fmt.Errorf("sk: DecodeString: %v", err)
- }
- // Setup log parameters
- lp := &stfe.LogParameters{
- LogId: hex.EncodeToString([]byte(ed25519.PrivateKey(sk).Public().(ed25519.PublicKey))),
- TreeId: *trillianID,
- Prefix: *prefix,
- MaxRange: *maxRange,
- Deadline: *deadline,
- Interval: *interval,
- HashType: crypto.SHA256,
- Signer: ed25519.PrivateKey(sk),
- Witnesses: witnesses,
- }
- // Setup STH source
- source, err := stfe.NewActiveSthSource(client, lp)
- if err != nil {
- return nil, fmt.Errorf("NewActiveSthSource: %v", err)
- }
- // Setup log instance
- i := &stfe.Instance{client, lp, source}
- for _, handler := range i.Handlers() {
- glog.V(3).Infof("adding handler: %s", handler.Path())
- mux.Handle(handler.Path(), handler)
- }
- return i, nil
-}
-
-// newWitnessMap creates a new map of trusted witnesses
-func newWitnessMap(witnesses string) (map[[types.HashSize]byte][types.VerificationKeySize]byte, error) {
- w := make(map[[types.HashSize]byte][types.VerificationKeySize]byte)
- if len(witnesses) > 0 {
- for _, witness := range strings.Split(witnesses, ",") {
- b, err := hex.DecodeString(witness)
- if err != nil {
- return nil, fmt.Errorf("DecodeString: %v", err)
- }
-
- var vk [types.VerificationKeySize]byte
- if n := copy(vk[:], b); n != types.VerificationKeySize {
- return nil, fmt.Errorf("Invalid verification key size: %v", n)
- }
- w[*types.Hash(vk[:])] = vk
- }
- }
- return w, nil
-}
-
-// await waits for a shutdown signal and then runs a clean-up function
-func await(ctx context.Context, done func()) {
- sigs := make(chan os.Signal, 1)
- signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
- select {
- case <-sigs:
- case <-ctx.Done():
- }
- glog.V(3).Info("received shutdown signal")
- done()
-}