1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
package main
import (
"context"
"flag"
"fmt"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"io/ioutil"
"net/http"
"github.com/golang/glog"
"github.com/system-transparency/stfe"
"github.com/system-transparency/stfe/client"
"github.com/system-transparency/stfe/server/descriptor"
)
var (
operators = flag.String("operators", "../../server/descriptor/stfe.json", "path to json-encoded list of log operators")
logId = flag.String("log_id", "B9oCJk4XIOMXba8dBM5yUj+NLtqTE6xHwbvR9dYkHPM=", "base64-encoded log identifier")
chain = flag.String("chain", "../../server/testdata/chain/ee.pem", "path to pem-encoded certificate chain that the log accepts")
key = flag.String("key", "../../server/testdata/chain/ee.key", "path to ed25519 private key that corresponds to the chain's end-entity certificate")
name = flag.String("name", "foobar-1.2.3", "package name")
checksum = flag.String("checksum", "50e7967bce266a506f8f614bb5096beba580d205046b918f47d23b2ec626d75e", "base64-encoded package checksum")
)
func main() {
flag.Parse()
client, err := setup()
if err != nil {
glog.Fatal(err)
}
pname, psum, err := params()
if err != nil {
glog.Fatal(err)
}
sdi, err := client.AddEntry(context.Background(), pname, psum)
if err != nil {
glog.Fatalf("add-entry failed: %v", err)
}
str, err := sdi.MarshalB64()
if err != nil {
glog.Fatalf("failed encoding valid signed debug info: %v", err)
}
glog.Infof("add-request succeeded: %s", str)
glog.Flush()
}
func params() ([]byte, []byte, error) {
b, err := base64.StdEncoding.DecodeString(*checksum)
if err != nil {
return nil, nil, fmt.Errorf("failed decoding checksum: %v", err)
}
return []byte(*name), b, nil
}
func setup() (*client.Client, error) {
blob, err := ioutil.ReadFile(*chain)
if err != nil {
return nil, fmt.Errorf("failed reading certificate chain: %v", err)
}
c, err := parseChain(blob)
if err != nil {
return nil, fmt.Errorf("failed loading certificate chain: %v", err)
}
k, err := stfe.LoadEd25519SigningKey(*key)
if err != nil {
return nil, fmt.Errorf("failed loading key: %v", err)
}
blob, err = ioutil.ReadFile(*operators)
if err != nil {
return nil, fmt.Errorf("failed reading log operators: %v", err)
}
var ops []descriptor.Operator
if err := json.Unmarshal(blob, &ops); err != nil {
return nil, fmt.Errorf("failed decoding log operators: %v", err)
}
id, err := base64.StdEncoding.DecodeString(*logId)
if err != nil {
return nil, fmt.Errorf("failed decoding log identifier: %v", err)
}
log, err := descriptor.FindLog(ops, id)
if err != nil {
return nil, err
}
return client.NewClient(log, &http.Client{}, c, &k), nil
}
func parseChain(rest []byte) ([]*x509.Certificate, error) {
var chain []*x509.Certificate
for len(rest) > 0 {
var block *pem.Block
block, rest = pem.Decode(rest)
if block == nil {
break
}
if block.Type != "CERTIFICATE" {
return nil, fmt.Errorf("unexpected pem block type: %v", block.Type)
}
certificate, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, fmt.Errorf("failed parsing x509 certificate: %v", err)
}
chain = append(chain, certificate)
}
return chain, nil
}
|