From 0284a7460f03799452f4743a0032f2ae1564a3e8 Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Wed, 27 Jan 2021 19:59:47 +0100
Subject: started replacing x509 with namespace

---
 reqres.go | 64 ++++++++++++++++++++++++---------------------------------------
 1 file changed, 24 insertions(+), 40 deletions(-)

(limited to 'reqres.go')

diff --git a/reqres.go b/reqres.go
index 14729ea..9df94e3 100644
--- a/reqres.go
+++ b/reqres.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"strconv"
 
-	"crypto/tls"
 	"encoding/json"
 	"io/ioutil"
 	"net/http"
@@ -14,10 +13,8 @@ import (
 
 // AddEntryRequest is a collection of add-entry input parameters
 type AddEntryRequest struct {
-	Item            []byte   `json:"item"`             // tls-serialized StItem
-	Signature       []byte   `json:"signature"`        // serialized signature using the signature scheme below
-	SignatureScheme uint16   `json:"signature_scheme"` // rfc 8446, §4.2.3
-	Chain           [][]byte `json:"chain"`            // der-encoded X.509 certificates
+	Item      []byte `json:"item"`      // tls-serialized StItem
+	Signature []byte `json:"signature"` // serialized signature using the signature scheme below
 }
 
 // GetEntriesRequest is a collection of get-entry input parameters
@@ -44,40 +41,30 @@ type GetConsistencyProofRequest struct {
 type GetEntryResponse AddEntryRequest
 
 // newAddEntryRequest parses and sanitizes the JSON-encoded add-entry
-// parameters from an incoming HTTP post.  The serialized leaf value and
-// associated appendix is returned if the submitted data is valid: well-formed,
-// signed using a supported scheme, and chains back to a valid trust anchor.
-func (lp *LogParameters) newAddEntryRequest(r *http.Request) ([]byte, []byte, error) {
+// parameters from an incoming HTTP post.  The request is returned if it is
+// a checksumV1 entry that is signed by a valid namespace.
+func (lp *LogParameters) newAddEntryRequest(r *http.Request) (*AddEntryRequest, error) {
 	var entry AddEntryRequest
 	if err := unpackJsonPost(r, &entry); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	// Try decoding as ChecksumV1 StItem
 	var item StItem
 	if err := item.Unmarshal(entry.Item); err != nil {
-		return nil, nil, fmt.Errorf("StItem(%s): %v", item.Format, err)
+		return nil, fmt.Errorf("StItem(%s): %v", item.Format, err)
 	}
 	if item.Format != StFormatChecksumV1 {
-		return nil, nil, fmt.Errorf("invalid StItem format: %s", item.Format)
-	}
-
-	// Check that there is a valid trust anchor
-	chain, err := lp.buildChainFromDerList(entry.Chain)
-	if err != nil {
-		return nil, nil, fmt.Errorf("invalid certificate chain: %v", err)
-	}
-
-	// Check that there is a valid signature
-	if err := lp.verifySignature(chain[0], tls.SignatureScheme(entry.SignatureScheme), entry.Item, entry.Signature); err != nil {
-		return nil, nil, fmt.Errorf("invalid signature: %v", err)
+		return nil, fmt.Errorf("invalid StItem format: %s", item.Format)
 	}
 
-	extra, err := NewAppendix(chain, entry.Signature, entry.SignatureScheme).Marshal()
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed marshaling appendix: %v", err)
+	// Check that namespace is valid for item
+	if namespace, ok := lp.Namespaces.Find(&item.ChecksumV1.Namespace); !ok {
+		return nil, fmt.Errorf("unknown namespace: %s", item.ChecksumV1.Namespace.String())
+	} else if err := namespace.Verify(entry.Item, entry.Signature); err != nil {
+		return nil, fmt.Errorf("invalid namespace: %v", err)
 	}
-	return entry.Item, extra, nil
+	return &entry, nil
 }
 
 // newGetEntriesRequest parses and sanitizes the URL-encoded get-entries
@@ -149,15 +136,7 @@ func (lp *LogParameters) newGetConsistencyProofRequest(httpRequest *http.Request
 
 // newGetEntryResponse assembles a log entry and its appendix
 func (lp *LogParameters) newGetEntryResponse(leaf, appendix []byte) (*GetEntryResponse, error) {
-	var app Appendix
-	if err := app.Unmarshal(appendix); err != nil {
-		return nil, err
-	}
-	chain := make([][]byte, 0, len(app.Chain))
-	for _, c := range app.Chain {
-		chain = append(chain, c.Data)
-	}
-	return &GetEntryResponse{leaf, app.Signature, app.SignatureScheme, chain}, nil
+	return &GetEntryResponse{leaf, appendix}, nil // TODO: remove me
 }
 
 // newGetEntriesResponse assembles a get-entries response
@@ -175,11 +154,16 @@ func (lp *LogParameters) newGetEntriesResponse(leaves []*trillian.LogLeaf) ([]*G
 
 // newGetAnchorsResponse assembles a get-anchors response
 func (lp *LogParameters) newGetAnchorsResponse() [][]byte {
-	certificates := make([][]byte, 0, len(lp.AnchorList))
-	for _, certificate := range lp.AnchorList {
-		certificates = append(certificates, certificate.Raw)
+	namespaces := make([][]byte, 0, len(lp.Namespaces.List()))
+	for _, namespace := range lp.Namespaces.List() {
+		raw, err := namespace.Marshal()
+		if err != nil {
+			fmt.Printf("TODO: fix me and entire func\n")
+			continue
+		}
+		namespaces = append(namespaces, raw)
 	}
-	return certificates
+	return namespaces
 }
 
 // unpackJsonPost unpacks a json-encoded HTTP POST request into `unpack`
-- 
cgit v1.2.3