From 134f7e1cb59b7c1bd4f2eadfebe7f65da1264988 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Fri, 23 Oct 2020 18:37:37 +0200 Subject: added start on get-anchors code path --- handler.go | 15 +++++++++++++-- instance.go | 28 +++++++++++++++------------- reqres.go | 14 ++++++++++++++ server/main.go | 2 +- 4 files changed, 43 insertions(+), 16 deletions(-) diff --git a/handler.go b/handler.go index 27b2fd9..42f9e23 100644 --- a/handler.go +++ b/handler.go @@ -120,9 +120,20 @@ func getEntries(ctx context.Context, i *instance, w http.ResponseWriter, r *http } // getAnchors provides a list of configured trust anchors -func getAnchors(ctx context.Context, i *instance, w http.ResponseWriter, r *http.Request) (int, error) { +func getAnchors(_ context.Context, i *instance, w http.ResponseWriter, _ *http.Request) (int, error) { glog.Info("in getAnchors") - return http.StatusOK, nil // TODO + data := NewGetAnchorsResponse(i.anchorsPool.RawCertificates()) + json, err := json.Marshal(&data) + if err != nil { + return http.StatusInternalServerError, fmt.Errorf("failed json-encoding GetAnchorsResponse: %v", err) + } + + w.Header().Set("Content-Type", "application/json") + _, err = w.Write(json) + if err != nil { + return http.StatusInternalServerError, fmt.Errorf("failed writing get-anchors response: %v", err) + } + return http.StatusOK, nil } // getProofByHash provides an inclusion proof based on a given leaf hash diff --git a/instance.go b/instance.go index 3f53e5f..c8aaca3 100644 --- a/instance.go +++ b/instance.go @@ -14,23 +14,25 @@ import ( // instance groups information about a specific STFE instance. type instance struct { - prefix string - logID int64 - client trillian.TrillianLogClient - deadline time.Duration - anchors ctfe.CertValidationOpts - timesource ctutil.TimeSource + prefix string + logID int64 + client trillian.TrillianLogClient + deadline time.Duration + anchors ctfe.CertValidationOpts + anchorsPool ctfe.PEMCertPool // TODO: merge anchors and anchorsPool + timesource ctutil.TimeSource } // NewInstance returns a new STFE instance -func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts) *instance { +func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts, anchorsPool ctfe.PEMCertPool) *instance { return &instance{ - prefix: prefix, - logID: id, - client: client, - deadline: deadline, - timesource: timesource, - anchors: anchors, + prefix: prefix, + logID: id, + client: client, + deadline: deadline, + timesource: timesource, + anchors: anchors, + anchorsPool: anchorsPool, } } diff --git a/reqres.go b/reqres.go index c384d02..a12892e 100644 --- a/reqres.go +++ b/reqres.go @@ -11,6 +11,7 @@ import ( "github.com/google/certificate-transparency-go/tls" "github.com/google/certificate-transparency-go/trillian/ctfe" + "github.com/google/certificate-transparency-go/x509" "github.com/google/trillian" ) @@ -50,6 +51,11 @@ type GetProofByHashResponse struct { InclusionProof string `json:"inclusion_proof"` // base64-encoded StItem } +// GetAnchorsResponse +type GetAnchorsResponse struct { + Certificates []string `json:"certificates"` +} + // NewAddEntryRequest parses and sanitizes the JSON-encoded add-entry // parameters from an incoming HTTP post. The resulting AddEntryRequest is // well-formed, but not necessarily trusted (further sanitization is needed). @@ -142,6 +148,14 @@ func NewGetProofByHashResponse(treeSize uint64, inclusionProof *trillian.Proof) }, nil } +func NewGetAnchorsResponse(anchors []*x509.Certificate) GetAnchorsResponse { + certificates := make([]string, 0, len(anchors)) + for _, certificate := range anchors { + certificates = append(certificates, base64.StdEncoding.EncodeToString(certificate.Raw)) + } + return GetAnchorsResponse{Certificates: certificates} +} + // VerifyAddEntryRequest determines whether a well-formed AddEntryRequest should // be inserted into the log. If so, the serialized leaf value is returned. func VerifyAddEntryRequest(a ctfe.CertValidationOpts, r AddEntryRequest) ([]byte, error) { diff --git a/server/main.go b/server/main.go index f52433b..53df7ee 100644 --- a/server/main.go +++ b/server/main.go @@ -48,7 +48,7 @@ func main() { glog.Infof("%v", cert_pool.Subjects()) glog.Info("Creating STFE server instance") - stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors) + stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors, *cert_pool) stfe_server.AddEndpoints(mux) glog.Infof("Serving on %v%v", *httpEndpoint, *prefix) -- cgit v1.2.3