From 9b38f5a034486c27eaf81062ecdd86a72667e2b0 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Fri, 23 Oct 2020 18:01:10 +0200 Subject: added basic trust-anchor code path Pretty much the bare minimum to load trust anchors from file and check that the submitter's certificate chains back to something valid. --- server/main.go | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'server/main.go') diff --git a/server/main.go b/server/main.go index 53ac8e6..f52433b 100644 --- a/server/main.go +++ b/server/main.go @@ -12,15 +12,18 @@ import ( "github.com/system-transparency/stfe" "google.golang.org/grpc" + "github.com/google/certificate-transparency-go/trillian/ctfe" ctutil "github.com/google/certificate-transparency-go/trillian/util" + "github.com/google/certificate-transparency-go/x509" ) var ( - httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients") - rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients") - prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path") - trillianID = flag.Int64("trillianID", 5991359069696313945, "log identifier in the Trillian database") - rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") + httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients") + rpcBackend = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients") + prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path") + trillianID = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database") + rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") + anchorsPemFile = flag.String("anchors_file", "testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates") ) func main() { @@ -37,8 +40,15 @@ func main() { mux := http.NewServeMux() http.Handle("/", mux) + // TODO: proper setup + glog.Info("Loading trust anchors") + cert_pool := ctfe.NewPEMCertPool() + cert_pool.AppendCertsFromPEMFile(*anchorsPemFile) + anchors := ctfe.NewCertValidationOpts(cert_pool, time.Now(), true, false, nil, nil, false, []x509.ExtKeyUsage{}) + glog.Infof("%v", cert_pool.Subjects()) + glog.Info("Creating STFE server instance") - stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource)) + stfe_server := stfe.NewInstance(*prefix, *trillianID, trillian.NewTrillianLogClient(conn), *rpcDeadline, new(ctutil.SystemTimeSource), anchors) stfe_server.AddEndpoints(mux) glog.Infof("Serving on %v%v", *httpEndpoint, *prefix) -- cgit v1.2.3