From 7dfa743dce780659bd2e71130d91d51e93b1f68e Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Fri, 29 Jan 2021 17:29:34 +0100 Subject: replaced x509 with namespace on the client-side --- descriptor/descriptor.go | 23 +++++++++++------------ descriptor/descriptor_test.go | 43 ++++++++++++++++++++++++++++--------------- descriptor/stfe.json | 26 ++++++++++---------------- 3 files changed, 49 insertions(+), 43 deletions(-) (limited to 'descriptor') diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go index 1879cd8..efe2cf1 100644 --- a/descriptor/descriptor.go +++ b/descriptor/descriptor.go @@ -4,12 +4,11 @@ import ( "bytes" "fmt" - "crypto" - "crypto/tls" - "crypto/x509" "encoding/base64" "encoding/json" "io/ioutil" + + "github.com/system-transparency/stfe/namespace" ) // Operator is an stfe log operator that runs zero or more logs @@ -21,12 +20,9 @@ type Operator struct { // Log is a collection of immutable stfe log parameters type Log struct { - Id []byte `json:"id"` // H(PublicKey) - PublicKey []byte `json:"public_key"` // DER-encoded SubjectPublicKeyInfo - Scheme tls.SignatureScheme `json:"signature_scheme"` // Signature schemes used by the log (RFC 8446, §4.2.3) - Schemes []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3) - MaxChain uint8 `json:"max_chain"` // maximum certificate chain length - BaseUrl string `json:"base_url"` // E.g., example.com/st/v1 + Id []byte `json:"id"` // Serialized namespace + BaseUrl string `json:"base_url"` // E.g., example.com/st/v1 + // TODO: List of supported namespace types? } func FindLog(ops []Operator, logId []byte) (*Log, error) { @@ -53,7 +49,10 @@ func LoadOperators(path string) ([]Operator, error) { return ops, nil } -// Key parses the log's public key -func (l *Log) Key() (crypto.PublicKey, error) { - return x509.ParsePKIXPublicKey(l.PublicKey) +func (l *Log) Namespace() (*namespace.Namespace, error) { + var n namespace.Namespace + if err := n.Unmarshal(l.Id); err != nil { + return nil, fmt.Errorf("invalid namespace: %v", err) + } + return &n, nil } diff --git a/descriptor/descriptor_test.go b/descriptor/descriptor_test.go index d01fc66..22641ca 100644 --- a/descriptor/descriptor_test.go +++ b/descriptor/descriptor_test.go @@ -4,14 +4,12 @@ import ( "fmt" "testing" - "crypto/sha256" - "crypto/tls" "encoding/base64" "encoding/json" ) const ( - operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=","public_key":"MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=","signature_scheme":2055,"signature_schemes":[2055],"max_chain":3,"base_url":"example.com/st/v1"}]}]` + operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=","base_url":"example.com/st/v1"}]}]` ) func TestMarshal(t *testing.T) { @@ -52,7 +50,7 @@ func TestFindLog(t *testing.T) { logId []byte wantError bool }{ - {makeOperatorList(), deb64("B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM="), false}, + {makeOperatorList(), deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="), false}, {makeOperatorList(), []byte{0, 1, 2, 3}, true}, } { _, err := FindLog(table.ops, table.logId) @@ -62,24 +60,39 @@ func TestFindLog(t *testing.T) { } } +func TestNamespace(t *testing.T) { + for _, table := range []struct { + description string + id []byte + wantErr bool + }{ + { + description: "invalid: not a namespace", + id: []byte{0,1,2,3}, + wantErr: true, + }, + { + description: "valid", + id: deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="), + }, + }{ + l := &Log{ Id: table.id, BaseUrl: "example.com/st/v1" } + _, err := l.Namespace() + if got, want := err != nil, table.wantErr; got != want { + t.Errorf("wanted error %v but got %v in test %q: %v", got, want, table.description, err) + return + } + } +} + func makeOperatorList() []Operator { - pub := deb64("MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=") - h := sha256.New() - h.Write(pub) - id := h.Sum(nil) return []Operator{ Operator{ Name: "Test operator", Email: "test@example.com", Logs: []*Log{ &Log{ - Id: id, - PublicKey: pub, - Scheme: tls.Ed25519, - Schemes: []tls.SignatureScheme{ - tls.Ed25519, - }, - MaxChain: 3, + Id: deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="), BaseUrl: "example.com/st/v1", }, }, diff --git a/descriptor/stfe.json b/descriptor/stfe.json index d987c47..34f884b 100644 --- a/descriptor/stfe.json +++ b/descriptor/stfe.json @@ -1,18 +1,12 @@ [ - { - "name": "Test operator", - "email": "test@example.com", - "logs": [ - { - "max_chain": 3, - "id": "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", - "signature_schemes": [ - 2055 - ], - "base_url": "localhost:6965/st/v1", - "signature_scheme": 2055, - "public_key": "MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=" - } - ] - } + { + "name": "Test operator", + "email":"test@example.com", + "logs": [ + { + "id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=", + "base_url":"localhost:6965/st/v1" + } + ] + } ] -- cgit v1.2.3