From b540f681b4cdf740f9b8d1e584fd2b107fc1b090 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 1 Dec 2020 20:42:21 +0100 Subject: started to clean-up instance Things like opening files is better place in the server package. Any code that is difficult to test should also not be in the STFE package. --- server/main.go | 45 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) (limited to 'server') diff --git a/server/main.go b/server/main.go index d6a7aa5..c60f95d 100644 --- a/server/main.go +++ b/server/main.go @@ -3,14 +3,18 @@ package main import ( "flag" + "fmt" "time" + "crypto/x509" + "io/ioutil" "net/http" "github.com/golang/glog" "github.com/google/trillian" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/system-transparency/stfe" + "github.com/system-transparency/stfe/x509util" "google.golang.org/grpc" ) @@ -44,14 +48,31 @@ func main() { glog.Info("Adding prometheus handler on path: /metrics") http.Handle("/metrics", promhttp.Handler()) - lp, err := stfe.NewLogParameters(*trillianID, *prefix, *anchorPath, *keyPath, *maxRange, *maxChain) + glog.Infof("Loading trust anchors from file: %s", *anchorPath) + anchors, err := loadCertificates(*anchorPath) if err != nil { - glog.Fatalf("failed setting up log parameters: %v", err) + glog.Fatalf("no trust anchors: %v", err) + } + + glog.Infof("Loading Ed25519 signing key from file: %s", *keyPath) + pem, err := ioutil.ReadFile(*keyPath) + if err != nil { + glog.Fatalf("no signing key: %v", err) + } + signer, err := x509util.NewEd25519PrivateKey(pem) + if err != nil { + glog.Fatalf("no signing key: %v", err) } - i, err := stfe.NewInstance(lp, client, *rpcDeadline, mux) + lp, err := stfe.NewLogParameters(*trillianID, *prefix, anchors, signer, *maxRange, *maxChain) if err != nil { - glog.Fatalf("failed setting up log instance: %v", err) + glog.Fatalf("failed setting up log parameters: %v", err) + } + + i := stfe.NewInstance(lp, client, *rpcDeadline, mux) + for _, handler := range i.Handlers() { + glog.Infof("adding handler: %s", handler.Path()) + mux.Handle(handler.Path(), handler) } glog.Infof("Configured: %s", i) @@ -64,3 +85,19 @@ func main() { glog.Flush() } + +// loadCertificates loads a non-empty list of PEM-encoded certificates from file +func loadCertificates(path string) ([]*x509.Certificate, error) { + pem, err := ioutil.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed reading %s: %v", path, err) + } + anchors, err := x509util.NewCertificateList(pem) + if err != nil { + return nil, fmt.Errorf("failed parsing: %v", err) + } + if len(anchors) == 0 { + return nil, fmt.Errorf("no trust anchors") + } + return anchors, nil +} -- cgit v1.2.3