From dd19521190f39a8b1704adb724f5f812040f91e4 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 27 Oct 2020 15:16:24 +0100 Subject: decoupled log instance and info Makes things a bit more modular. As part of this process I also replaced ct/x509 with crypto/x509, which already suits our needs. --- instance.go | 88 ++++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 58 insertions(+), 30 deletions(-) (limited to 'instance.go') diff --git a/instance.go b/instance.go index c8aaca3..d4fc004 100644 --- a/instance.go +++ b/instance.go @@ -1,53 +1,81 @@ package stfe import ( + "crypto" + "crypto/x509" + "fmt" "time" + "encoding/base64" "net/http" "github.com/golang/glog" "github.com/google/trillian" - - "github.com/google/certificate-transparency-go/trillian/ctfe" - ctutil "github.com/google/certificate-transparency-go/trillian/util" ) -// instance groups information about a specific STFE instance. -type instance struct { - prefix string - logID int64 - client trillian.TrillianLogClient - deadline time.Duration - anchors ctfe.CertValidationOpts - anchorsPool ctfe.PEMCertPool // TODO: merge anchors and anchorsPool - timesource ctutil.TimeSource +// Instance is an instance of a particular log front-end +type Instance struct { + LogParameters *LogParameters + Client trillian.TrillianLogClient + Deadline time.Duration +} + +// LogParameters is a collection of log parameters +type LogParameters struct { + LogId []byte // used externally by everyone + TreeId int64 // used internally by Trillian + Prefix string + AnchorPool *x509.CertPool // for chain verification + AnchorList []*x509.Certificate // for access to the raw certificates + Signer crypto.Signer +} + +// NewInstance returns an initialized Instance +func NewInstance(lp *LogParameters, client trillian.TrillianLogClient, deadline time.Duration, mux *http.ServeMux) (*Instance, error) { + i := &Instance{ + LogParameters: lp, + Client: client, + Deadline: deadline, + } + i.registerHandlers(mux) + return i, nil } -// NewInstance returns a new STFE instance -func NewInstance(prefix string, id int64, client trillian.TrillianLogClient, deadline time.Duration, timesource ctutil.TimeSource, anchors ctfe.CertValidationOpts, anchorsPool ctfe.PEMCertPool) *instance { - return &instance{ - prefix: prefix, - logID: id, - client: client, - deadline: deadline, - timesource: timesource, - anchors: anchors, - anchorsPool: anchorsPool, +// NewLogParameters returns an initialized LogParameters +func NewLogParameters(logId []byte, treeId int64, prefix string, anchorPath string) (*LogParameters, error) { + anchorList, anchorPool, err := LoadTrustAnchors(anchorPath) + if err != nil { + return nil, err } + + return &LogParameters{ + LogId: logId, + TreeId: treeId, + Prefix: prefix, + AnchorPool: anchorPool, + AnchorList: anchorList, + }, nil +} + +func (i *Instance) String() string { + return fmt.Sprintf("%s Deadline(%v)\n", i.LogParameters, i.Deadline) +} + +func (p *LogParameters) String() string { + return fmt.Sprintf("LogId(%s) TreeId(%d) Prefix(%s) NumAnchors(%d)", base64.StdEncoding.EncodeToString(p.LogId), p.TreeId, p.Prefix, len(p.AnchorList)) } -// addEndpoints registers STFE handler functions for the respective HTTP paths -func (i *instance) AddEndpoints(mux *http.ServeMux) { +func (i *Instance) registerHandlers(mux *http.ServeMux) { for _, endpoint := range []struct { path string handler appHandler }{ - {i.prefix + "/add-entry", appHandler{instance: i, handler: addEntry, endpoint: "add-entry", method: http.MethodPost}}, - {i.prefix + "/get-entries", appHandler{instance: i, handler: getEntries, endpoint: "get-entries", method: http.MethodGet}}, - {i.prefix + "/get-anchors", appHandler{instance: i, handler: getAnchors, endpoint: "get-anchors", method: http.MethodGet}}, - {i.prefix + "/get-proof-by-hash", appHandler{instance: i, handler: getProofByHash, endpoint: "get-proof-by-hash", method: http.MethodGet}}, - {i.prefix + "/get-consistency-proof", appHandler{instance: i, handler: getConsistencyProof, endpoint: "get-consistency-proof", method: http.MethodGet}}, - {i.prefix + "/get-sth", appHandler{instance: i, handler: getSth, endpoint: "get-sth", method: http.MethodGet}}, + {i.LogParameters.Prefix + "/add-entry", appHandler{instance: i, handler: addEntry, endpoint: "add-entry", method: http.MethodPost}}, + {i.LogParameters.Prefix + "/get-entries", appHandler{instance: i, handler: getEntries, endpoint: "get-entries", method: http.MethodGet}}, + {i.LogParameters.Prefix + "/get-anchors", appHandler{instance: i, handler: getAnchors, endpoint: "get-anchors", method: http.MethodGet}}, + {i.LogParameters.Prefix + "/get-proof-by-hash", appHandler{instance: i, handler: getProofByHash, endpoint: "get-proof-by-hash", method: http.MethodGet}}, + {i.LogParameters.Prefix + "/get-consistency-proof", appHandler{instance: i, handler: getConsistencyProof, endpoint: "get-consistency-proof", method: http.MethodGet}}, + {i.LogParameters.Prefix + "/get-sth", appHandler{instance: i, handler: getSth, endpoint: "get-sth", method: http.MethodGet}}, } { glog.Infof("adding handler for %v", endpoint.path) mux.Handle(endpoint.path, endpoint.handler) -- cgit v1.2.3