From 0e2d1423e8863279d187429ee4fb80b371816d42 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Wed, 4 Nov 2020 12:17:59 +0100
Subject: allowed configuration of max-range and max-chain

---
 instance.go    | 6 +++---
 server/main.go | 4 +++-
 x509.go        | 4 ++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/instance.go b/instance.go
index 178b058..d5c47c9 100644
--- a/instance.go
+++ b/instance.go
@@ -54,7 +54,7 @@ func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline
 }
 
 // NewLogParameters initializes log parameters, assuming ed25519 signatures.
-func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) (*LogParameters, error) {
+func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string, maxRange, maxChain int64) (*LogParameters, error) {
 	anchorList, anchorPool, err := LoadTrustAnchors(anchorPath)
 	if err != nil {
 		return nil, err
@@ -77,8 +77,8 @@ func NewLogParameters(treeId int64, prefix string, anchorPath, keyPath string) (
 		LogId:      logId,
 		TreeId:     treeId,
 		Prefix:     prefix,
-		MaxRange:   2, // TODO: allow configuration
-		MaxChain:   3, // TODO: allow configuration
+		MaxRange:   maxRange,
+		MaxChain:   maxChain,
 		AnchorPool: anchorPool,
 		AnchorList: anchorList,
 		Signer:     key,
diff --git a/server/main.go b/server/main.go
index 3bc9dce..aea2239 100644
--- a/server/main.go
+++ b/server/main.go
@@ -21,6 +21,8 @@ var (
 	rpcDeadline  = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
 	anchorPath   = flag.String("anchor_path", "testdata/x509/root.pem", "path to a file containing PEM-encoded X.509 root certificates")
 	keyPath      = flag.String("key_path", "testdata/log/private.key", "path to a PEM-encoded ed25519 signing key")
+	maxRange     = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request")
+	maxChain     = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor")
 )
 
 func main() {
@@ -38,7 +40,7 @@ func main() {
 	mux := http.NewServeMux()
 	http.Handle("/", mux)
 
-	lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath)
+	lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath, *maxRange, *maxChain)
 	if err != nil {
 		glog.Fatalf("failed setting up log parameters: %v", err)
 	}
diff --git a/x509.go b/x509.go
index 014344d..16cc8c6 100644
--- a/x509.go
+++ b/x509.go
@@ -170,9 +170,9 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif
 	}
 
 	opts := x509.VerifyOptions{
-		Roots:     lp.AnchorPool,
+		Roots:         lp.AnchorPool,
 		Intermediates: intermediatePool,
-		KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld
+		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld
 	}
 
 	chains, err := certificate.Verify(opts)
-- 
cgit v1.2.3