From 7dfa743dce780659bd2e71130d91d51e93b1f68e Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Fri, 29 Jan 2021 17:29:34 +0100
Subject: replaced x509 with namespace on the client-side

---
 descriptor/descriptor.go      | 23 +++++++++++------------
 descriptor/descriptor_test.go | 43 ++++++++++++++++++++++++++++---------------
 descriptor/stfe.json          | 26 ++++++++++----------------
 3 files changed, 49 insertions(+), 43 deletions(-)

(limited to 'descriptor')

diff --git a/descriptor/descriptor.go b/descriptor/descriptor.go
index 1879cd8..efe2cf1 100644
--- a/descriptor/descriptor.go
+++ b/descriptor/descriptor.go
@@ -4,12 +4,11 @@ import (
 	"bytes"
 	"fmt"
 
-	"crypto"
-	"crypto/tls"
-	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"io/ioutil"
+
+	"github.com/system-transparency/stfe/namespace"
 )
 
 // Operator is an stfe log operator that runs zero or more logs
@@ -21,12 +20,9 @@ type Operator struct {
 
 // Log is a collection of immutable stfe log parameters
 type Log struct {
-	Id        []byte                `json:"id"`                // H(PublicKey)
-	PublicKey []byte                `json:"public_key"`        // DER-encoded SubjectPublicKeyInfo
-	Scheme    tls.SignatureScheme   `json:"signature_scheme"`  // Signature schemes used by the log (RFC 8446, §4.2.3)
-	Schemes   []tls.SignatureScheme `json:"signature_schemes"` // Signature schemes that submitters can use (RFC 8446, §4.2.3)
-	MaxChain  uint8                 `json:"max_chain"`         // maximum certificate chain length
-	BaseUrl   string                `json:"base_url"`          // E.g., example.com/st/v1
+	Id      []byte `json:"id"`       // Serialized namespace
+	BaseUrl string `json:"base_url"` // E.g., example.com/st/v1
+	// TODO: List of supported namespace types?
 }
 
 func FindLog(ops []Operator, logId []byte) (*Log, error) {
@@ -53,7 +49,10 @@ func LoadOperators(path string) ([]Operator, error) {
 	return ops, nil
 }
 
-// Key parses the log's public key
-func (l *Log) Key() (crypto.PublicKey, error) {
-	return x509.ParsePKIXPublicKey(l.PublicKey)
+func (l *Log) Namespace() (*namespace.Namespace, error) {
+	var n namespace.Namespace
+	if err := n.Unmarshal(l.Id); err != nil {
+		return nil, fmt.Errorf("invalid namespace: %v", err)
+	}
+	return &n, nil
 }
diff --git a/descriptor/descriptor_test.go b/descriptor/descriptor_test.go
index d01fc66..22641ca 100644
--- a/descriptor/descriptor_test.go
+++ b/descriptor/descriptor_test.go
@@ -4,14 +4,12 @@ import (
 	"fmt"
 	"testing"
 
-	"crypto/sha256"
-	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 )
 
 const (
-	operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=","public_key":"MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=","signature_scheme":2055,"signature_schemes":[2055],"max_chain":3,"base_url":"example.com/st/v1"}]}]`
+	operatorListJson = `[{"name":"Test operator","email":"test@example.com","logs":[{"id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=","base_url":"example.com/st/v1"}]}]`
 )
 
 func TestMarshal(t *testing.T) {
@@ -52,7 +50,7 @@ func TestFindLog(t *testing.T) {
 		logId     []byte
 		wantError bool
 	}{
-		{makeOperatorList(), deb64("B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM="), false},
+		{makeOperatorList(), deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="), false},
 		{makeOperatorList(), []byte{0, 1, 2, 3}, true},
 	} {
 		_, err := FindLog(table.ops, table.logId)
@@ -62,24 +60,39 @@ func TestFindLog(t *testing.T) {
 	}
 }
 
+func TestNamespace(t *testing.T) {
+	for _, table := range []struct {
+		description string
+		id []byte
+		wantErr bool
+	}{
+		{
+			description: "invalid: not a namespace",
+			id: []byte{0,1,2,3},
+			wantErr: true,
+		},
+		{
+			description: "valid",
+			id: deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="),
+		},
+	}{
+		l := &Log{ Id: table.id, BaseUrl: "example.com/st/v1" }
+		_, err := l.Namespace()
+		if got, want := err != nil, table.wantErr; got != want {
+			t.Errorf("wanted error %v but got %v in test %q: %v", got, want, table.description, err)
+			return
+		}
+	}
+}
+
 func makeOperatorList() []Operator {
-	pub := deb64("MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0=")
-	h := sha256.New()
-	h.Write(pub)
-	id := h.Sum(nil)
 	return []Operator{
 		Operator{
 			Name:  "Test operator",
 			Email: "test@example.com",
 			Logs: []*Log{
 				&Log{
-					Id:        id,
-					PublicKey: pub,
-					Scheme:    tls.Ed25519,
-					Schemes: []tls.SignatureScheme{
-						tls.Ed25519,
-					},
-					MaxChain: 3,
+					Id:        deb64("AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc="),
 					BaseUrl:  "example.com/st/v1",
 				},
 			},
diff --git a/descriptor/stfe.json b/descriptor/stfe.json
index d987c47..34f884b 100644
--- a/descriptor/stfe.json
+++ b/descriptor/stfe.json
@@ -1,18 +1,12 @@
 [
-    {
-        "name": "Test operator",
-        "email": "test@example.com",
-        "logs": [
-            {
-                "max_chain": 3,
-                "id": "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=",
-                "signature_schemes": [
-                    2055
-                ],
-                "base_url": "localhost:6965/st/v1",
-                "signature_scheme": 2055,
-                "public_key": "MCowBQYDK2VwAyEAqM4b/SHOCRId9xgiCPn8D8r6+Nrk9JTZZqW6vj7TGa0="
-            }
-        ]
-    }
+	{
+		"name": "Test operator",
+		"email":"test@example.com",
+		"logs": [
+			{
+				"id":"AAEgFKl1V+J3ib3Aav86UgGD7GRRtcKIdDhgc0G4vVD/TGc=",
+				"base_url":"localhost:6965/st/v1"
+			}
+		]
+	}
 ]
-- 
cgit v1.2.3