From 36743a05a39f449628b153f1051bd854cf4ed6aa Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Thu, 5 Nov 2020 16:07:22 +0100 Subject: moved package from stfe/server/descriptor to stfe/descriptor --- client/add-entry/main.go | 2 +- client/client.go | 2 +- client/get-consistency-proof/main.go | 2 +- client/get-proof-by-hash/main.go | 2 +- client/get-sth/main.go | 2 +- descriptor/descriptor.go | 62 +++++++++++++++++++++++ descriptor/descriptor_test.go | 96 ++++++++++++++++++++++++++++++++++++ descriptor/stfe.json | 18 +++++++ server/descriptor/descriptor.go | 67 ------------------------- server/descriptor/descriptor_test.go | 96 ------------------------------------ server/descriptor/stfe.json | 18 ------- 11 files changed, 181 insertions(+), 186 deletions(-) create mode 100644 descriptor/descriptor.go create mode 100644 descriptor/descriptor_test.go create mode 100644 descriptor/stfe.json delete mode 100644 server/descriptor/descriptor.go delete mode 100644 server/descriptor/descriptor_test.go delete mode 100644 server/descriptor/stfe.json diff --git a/client/add-entry/main.go b/client/add-entry/main.go index 463b65c..084bdad 100644 --- a/client/add-entry/main.go +++ b/client/add-entry/main.go @@ -13,7 +13,7 @@ import ( ) var ( - operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators") + operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators") logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier") chain = flag.String("chain", "../../server/testdata/x509/chain.pem", "path to pem-encoded certificate chain that the log accepts") key = flag.String("key", "../../server/testdata/x509/end-entity.key", "path to ed25519 private key that corresponds to the chain's end-entity certificate") diff --git a/client/client.go b/client/client.go index a95fc77..88ccf2f 100644 --- a/client/client.go +++ b/client/client.go @@ -16,7 +16,7 @@ import ( "github.com/golang/glog" "github.com/google/trillian/merkle/rfc6962" "github.com/system-transparency/stfe" - "github.com/system-transparency/stfe/server/descriptor" + "github.com/system-transparency/stfe/descriptor" "github.com/system-transparency/stfe/x509util" "golang.org/x/net/context/ctxhttp" ) diff --git a/client/get-consistency-proof/main.go b/client/get-consistency-proof/main.go index f5cb57a..72fa804 100644 --- a/client/get-consistency-proof/main.go +++ b/client/get-consistency-proof/main.go @@ -13,7 +13,7 @@ import ( ) var ( - operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators") + operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators") logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier") chain = flag.String("chain", "../../server/testdata/x509/end-entity.pem", "path to pem-encoded certificate chain that the log accepts") first = flag.String("first", "AAEgB9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPMAAAF1jnn7fwAAAAAAAAAxICCqLJn4QWYd0aRIRjDWGf4GWalDIb/iH60jSSX89WgvAAAAQF9XPFRdM56KaelHFFg1RqjTw1yFL085zHhdNkLeZh9BCXxVTByqrHEMngAkY69EX45aJMWh9NymmPau0qoigA8=", "first base64-encoded StItem of type StFormatSignedTreeHeadV1") diff --git a/client/get-proof-by-hash/main.go b/client/get-proof-by-hash/main.go index 842dbcd..897a8aa 100644 --- a/client/get-proof-by-hash/main.go +++ b/client/get-proof-by-hash/main.go @@ -14,7 +14,7 @@ import ( ) var ( - operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators") + operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators") logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier") chain = flag.String("chain", "../../server/testdata/x509/end-entity.pem", "path to pem-encoded certificate chain that the log accepts") signedTreeHead = flag.String("sth", "AAEgB9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPMAAAF1jnn7fwAAAAAAAAAxICCqLJn4QWYd0aRIRjDWGf4GWalDIb/iH60jSSX89WgvAAAAQF9XPFRdM56KaelHFFg1RqjTw1yFL085zHhdNkLeZh9BCXxVTByqrHEMngAkY69EX45aJMWh9NymmPau0qoigA8=", "base64-encoded StItem of type StFormatSignedTreeHeadV1") diff --git a/client/get-sth/main.go b/client/get-sth/main.go index 8db64d5..7bfcc71 100644 --- a/client/get-sth/main.go +++ b/client/get-sth/main.go @@ -12,7 +12,7 @@ import ( ) var ( - operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators") + operators = flag.String("operators", "../../descriptor/stfe.json", "path to json-encoded list of log operators") logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier") chain = flag.String("chain", "../../server/testdata/x509/end-entity.pem", "path to pem-encoded certificate chain that the log accepts") ) diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go new file mode 100644 index 0000000..267a401 --- /dev/null +++ b/descriptor/descriptor.go @@ -0,0 +1,62 @@ +package descriptor + +import ( + "bytes" + "fmt" + + "crypto" + "crypto/tls" + "crypto/x509" + "encoding/base64" + "encoding/json" + "io/ioutil" +) + +// Operator is an stfe log operator that runs zero or more logs +type Operator struct { + Name string `json:"name"` + Email string `json:"email"` + Logs []*Log `json:"logs"` +} + +// Log is a collection of immutable stfe log parameters +type Log struct { + Id []byte `json:"id"` // H(PublicKey) + PublicKey []byte `json:"public_key"` // DER-encoded SubjectPublicKeyInfo + Scheme tls.SignatureScheme `json:"signature_scheme"` // Signature schemes used by the log (RFC 8446, §4.2.3) + Schemes []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3) + MaxChain uint8 `json:"max_chain"` // maximum certificate chain length + BaseUrl string `json:"base_url"` // E.g., example.com/st/v1 +} + +func FindLog(ops []Operator, logId []byte) (*Log, error) { + for _, op := range ops { + for _, log := range op.Logs { + if bytes.Equal(logId, log.Id) { + return log, nil + } + } + } + return nil, fmt.Errorf("no such log: %s", base64.StdEncoding.EncodeToString(logId)) +} + +// LoadOperators loads a list of json-encoded log operators from a given path +func LoadOperators(path string) ([]Operator, error) { + blob, err := ioutil.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed reading log operators: %v", err) + } + var ops []Operator + if err := json.Unmarshal(blob, &ops); err != nil { + return nil, fmt.Errorf("failed decoding log operators: %v", err) + } + return ops, nil +} + +func (l *Log) Key() crypto.PublicKey { + k, err := x509.ParsePKIXPublicKey(l.PublicKey) + if err != nil { + panic("TODO: make a new function and parse public key there") + } + return k +} diff --git a/descriptor/descriptor_test.go b/descriptor/descriptor_test.go new file mode 100644 index 0000000..d01fc66 --- /dev/null +++ b/descriptor/descriptor_test.go @@ -0,0 +1,96 @@ +package descriptor + +import ( + "fmt" + "testing" + + "crypto/sha256" + "crypto/tls" + "encoding/base64" + "encoding/json" +) + +const ( + operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=","public_key":"MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=","signature_scheme":2055,"signature_schemes":[2055],"max_chain":3,"base_url":"example.com/st/v1"}]}]` +) + +func TestMarshal(t *testing.T) { + for _, table := range []struct { + in []Operator + want string + }{ + {makeOperatorList(), operatorListJson}, + } { + b, err := json.Marshal(table.in) + if err != nil { + t.Errorf("operator list marshaling failed: %v", err) + } + if string(b) != table.want { + t.Errorf("\nwant %s\n got %s", table.want, string(b)) + } + } + +} + +func TestUnmarshal(t *testing.T) { + for _, table := range []struct { + in []byte + want error + }{ + {[]byte(operatorListJson), nil}, + } { + var op []Operator + if err := json.Unmarshal(table.in, &op); err != table.want { + t.Errorf("wanted err=%v, got %v", table.want, err) + } + } +} + +func TestFindLog(t *testing.T) { + for _, table := range []struct { + ops []Operator + logId []byte + wantError bool + }{ + {makeOperatorList(), deb64("B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM="), false}, + {makeOperatorList(), []byte{0, 1, 2, 3}, true}, + } { + _, err := FindLog(table.ops, table.logId) + if (err != nil) != table.wantError { + t.Errorf("wanted log not found for id: %v", table.logId) + } + } +} + +func makeOperatorList() []Operator { + pub := deb64("MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=") + h := sha256.New() + h.Write(pub) + id := h.Sum(nil) + return []Operator{ + Operator{ + Name: "Test operator", + Email: "test@example.com", + Logs: []*Log{ + &Log{ + Id: id, + PublicKey: pub, + Scheme: tls.Ed25519, + Schemes: []tls.SignatureScheme{ + tls.Ed25519, + }, + MaxChain: 3, + BaseUrl: "example.com/st/v1", + }, + }, + }, + } +} + +func deb64(s string) []byte { + b, err := base64.StdEncoding.DecodeString(s) + if err != nil { + panic(fmt.Sprintf("failed decoding base64: %v", err)) + } + return b +} diff --git a/descriptor/stfe.json b/descriptor/stfe.json new file mode 100644 index 0000000..d987c47 --- /dev/null +++ b/descriptor/stfe.json @@ -0,0 +1,18 @@ +[ + { + "name": "Test operator", + "email": "test@example.com", + "logs": [ + { + "max_chain": 3, + "id": "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", + "signature_schemes": [ + 2055 + ], + "base_url": "localhost:6965/st/v1", + "signature_scheme": 2055, + "public_key": "MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=" + } + ] + } +] diff --git a/server/descriptor/descriptor.go b/server/descriptor/descriptor.go deleted file mode 100644 index 295e03f..0000000 --- a/server/descriptor/descriptor.go +++ /dev/null @@ -1,67 +0,0 @@ -package descriptor - -import ( - "bytes" - "fmt" - - "crypto" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "encoding/json" - "io/ioutil" -) - -const ( - // Location is an url to a json-encoded list of stfe log operators - Location = "https://github.com/system-transparency/stfe/tree/main/server/descriptor/stfe.json" -) - -// Operator is an stfe log operator that runs zero or more logs -type Operator struct { - Name string `json:"name"` - Email string `json:"email"` - Logs []*Log `json:"logs"` -} - -// Log is a collection of immutable stfe log parameters -type Log struct { - Id []byte `json:"id"` // H(PublicKey) - PublicKey []byte `json:"public_key"` // DER-encoded SubjectPublicKeyInfo - Scheme tls.SignatureScheme `json:"signature_scheme"` // Signature schemes used by the log (RFC 8446, §4.2.3) - Schemes []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3) - MaxChain uint8 `json:"max_chain"` // maximum certificate chain length - BaseUrl string `json:"base_url"` // E.g., example.com/st/v1 -} - -func FindLog(ops []Operator, logId []byte) (*Log, error) { - for _, op := range ops { - for _, log := range op.Logs { - if bytes.Equal(logId, log.Id) { - return log, nil - } - } - } - return nil, fmt.Errorf("no such log: %s", base64.StdEncoding.EncodeToString(logId)) -} - -// LoadOperators loads a list of json-encoded log operators from a given path -func LoadOperators(path string) ([]Operator, error) { - blob, err := ioutil.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("failed reading log operators: %v", err) - } - var ops []Operator - if err := json.Unmarshal(blob, &ops); err != nil { - return nil, fmt.Errorf("failed decoding log operators: %v", err) - } - return ops, nil -} - -func (l *Log) Key() crypto.PublicKey { - k, err := x509.ParsePKIXPublicKey(l.PublicKey) - if err != nil { - panic("TODO: make a new function and parse public key there") - } - return k -} diff --git a/server/descriptor/descriptor_test.go b/server/descriptor/descriptor_test.go deleted file mode 100644 index d01fc66..0000000 --- a/server/descriptor/descriptor_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package descriptor - -import ( - "fmt" - "testing" - - "crypto/sha256" - "crypto/tls" - "encoding/base64" - "encoding/json" -) - -const ( - operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=","public_key":"MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=","signature_scheme":2055,"signature_schemes":[2055],"max_chain":3,"base_url":"example.com/st/v1"}]}]` -) - -func TestMarshal(t *testing.T) { - for _, table := range []struct { - in []Operator - want string - }{ - {makeOperatorList(), operatorListJson}, - } { - b, err := json.Marshal(table.in) - if err != nil { - t.Errorf("operator list marshaling failed: %v", err) - } - if string(b) != table.want { - t.Errorf("\nwant %s\n got %s", table.want, string(b)) - } - } - -} - -func TestUnmarshal(t *testing.T) { - for _, table := range []struct { - in []byte - want error - }{ - {[]byte(operatorListJson), nil}, - } { - var op []Operator - if err := json.Unmarshal(table.in, &op); err != table.want { - t.Errorf("wanted err=%v, got %v", table.want, err) - } - } -} - -func TestFindLog(t *testing.T) { - for _, table := range []struct { - ops []Operator - logId []byte - wantError bool - }{ - {makeOperatorList(), deb64("B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM="), false}, - {makeOperatorList(), []byte{0, 1, 2, 3}, true}, - } { - _, err := FindLog(table.ops, table.logId) - if (err != nil) != table.wantError { - t.Errorf("wanted log not found for id: %v", table.logId) - } - } -} - -func makeOperatorList() []Operator { - pub := deb64("MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=") - h := sha256.New() - h.Write(pub) - id := h.Sum(nil) - return []Operator{ - Operator{ - Name: "Test operator", - Email: "test@example.com", - Logs: []*Log{ - &Log{ - Id: id, - PublicKey: pub, - Scheme: tls.Ed25519, - Schemes: []tls.SignatureScheme{ - tls.Ed25519, - }, - MaxChain: 3, - BaseUrl: "example.com/st/v1", - }, - }, - }, - } -} - -func deb64(s string) []byte { - b, err := base64.StdEncoding.DecodeString(s) - if err != nil { - panic(fmt.Sprintf("failed decoding base64: %v", err)) - } - return b -} diff --git a/server/descriptor/stfe.json b/server/descriptor/stfe.json deleted file mode 100644 index d987c47..0000000 --- a/server/descriptor/stfe.json +++ /dev/null @@ -1,18 +0,0 @@ -[ - { - "name": "Test operator", - "email": "test@example.com", - "logs": [ - { - "max_chain": 3, - "id": "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", - "signature_schemes": [ - 2055 - ], - "base_url": "localhost:6965/st/v1", - "signature_scheme": 2055, - "public_key": "MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=" - } - ] - } -] -- cgit v1.2.3