From 134f7e1cb59b7c1bd4f2eadfebe7f65da1264988 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Fri, 23 Oct 2020 18:37:37 +0200
Subject: added start on get-anchors code path

---
 handler.go     | 15 +++++++++++++--
 instance.go    | 28 +++++++++++++++-------------
 reqres.go      | 14 ++++++++++++++
 server/main.go |  2 +-
 4 files changed, 43 insertions(+), 16 deletions(-)

diff --git a/handler.go b/handler.go
index 27b2fd9..42f9e23 100644
--- a/handler.go
+++ b/handler.go
@@ -120,9 +120,20 @@ func getEntries(ctx context.Context, i *instance, w http.ResponseWriter, r *http
 }
 
 // getAnchors provides a list of configured trust anchors
-func getAnchors(ctx context.Context, i *instance, w http.ResponseWriter, r *http.Request) (int, error) {
+func getAnchors(_ context.Context, i *instance, w http.ResponseWriter, _ *http.Request) (int, error) {
 	glog.Info("in getAnchors")
-	return http.StatusOK, nil // TODO
+	data := NewGetAnchorsResponse(i.anchorsPool.RawCertificates())
+	json, err := json.Marshal(&data)
+	if err != nil {
+		return http.StatusInternalServerError, fmt.Errorf("failed json-encoding GetAnchorsResponse: %v", err)
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	_, err = w.Write(json)
+	if err != nil {
+		return http.StatusInternalServerError, fmt.Errorf("failed writing get-anchors response: %v", err)
+	}
+	return http.StatusOK, nil
 }
 
 // getProofByHash provides an inclusion proof based on a given leaf hash
diff --git a/instance.go b/instance.go
index 3f53e5f..c8aaca3 100644
--- a/instance.go
+++ b/instance.go
@@ -14,23 +14,25 @@ import (
 
 // instance groups information about a specific STFE instance.
 type instance struct {
-	prefix     string
-	logID      int64
-	client     trillian.TrillianLogClient
-	deadline   time.Duration
-	anchors    ctfe.CertValidationOpts
-	timesource ctutil.TimeSource
+	prefix      string
+	logID       int64
+	client      trillian.TrillianLogClient
+	deadline    time.Duration
+	anchors     ctfe.CertValidationOpts
+	anchorsPool ctfe.PEMCertPool // TODO: merge anchors and anchorsPool
+	timesource  ctutil.TimeSource
 }
 
 // NewInstance returns a new STFE instance
-func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts) *instance {
+func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts, anchorsPool ctfe.PEMCertPool) *instance {
 	return &instance{
-		prefix:     prefix,
-		logID:      id,
-		client:     client,
-		deadline:   deadline,
-		timesource: timesource,
-		anchors:    anchors,
+		prefix:      prefix,
+		logID:       id,
+		client:      client,
+		deadline:    deadline,
+		timesource:  timesource,
+		anchors:     anchors,
+		anchorsPool: anchorsPool,
 	}
 }
 
diff --git a/reqres.go b/reqres.go
index c384d02..a12892e 100644
--- a/reqres.go
+++ b/reqres.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/google/certificate-transparency-go/tls"
 	"github.com/google/certificate-transparency-go/trillian/ctfe"
+	"github.com/google/certificate-transparency-go/x509"
 	"github.com/google/trillian"
 )
 
@@ -50,6 +51,11 @@ type GetProofByHashResponse struct {
 	InclusionProof string `json:"inclusion_proof"` // base64-encoded StItem
 }
 
+// GetAnchorsResponse
+type GetAnchorsResponse struct {
+	Certificates []string `json:"certificates"`
+}
+
 // NewAddEntryRequest parses and sanitizes the JSON-encoded add-entry
 // parameters from an incoming HTTP post.  The resulting AddEntryRequest is
 // well-formed, but not necessarily trusted (further sanitization is needed).
@@ -142,6 +148,14 @@ func NewGetProofByHashResponse(treeSize uint64, inclusionProof *trillian.Proof)
 	}, nil
 }
 
+func NewGetAnchorsResponse(anchors []*x509.Certificate) GetAnchorsResponse {
+	certificates := make([]string, 0, len(anchors))
+	for _, certificate := range anchors {
+		certificates = append(certificates, base64.StdEncoding.EncodeToString(certificate.Raw))
+	}
+	return GetAnchorsResponse{Certificates: certificates}
+}
+
 // VerifyAddEntryRequest determines whether a well-formed AddEntryRequest should
 // be inserted into the log.  If so, the serialized leaf value is returned.
 func VerifyAddEntryRequest(a ctfe.CertValidationOpts, r AddEntryRequest) ([]byte, error) {
diff --git a/server/main.go b/server/main.go
index f52433b..53df7ee 100644
--- a/server/main.go
+++ b/server/main.go
@@ -48,7 +48,7 @@ func main() {
 	glog.Infof("%v", cert_pool.Subjects())
 
 	glog.Info("Creating STFE server instance")
-	stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors)
+	stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors, *cert_pool)
 	stfe_server.AddEndpoints(mux)
 
 	glog.Infof("Serving on %v%v", *httpEndpoint, *prefix)
-- 
cgit v1.2.3