aboutsummaryrefslogtreecommitdiff
path: root/request.go
blob: 7c95f3492a221c407846b51966d7743a74ef7f4b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package stfe

import (
	"fmt"

	"io/ioutil"
	"net/http"

	"github.com/system-transparency/stfe/types"
)

func (lp *LogParameters) parseAddEntryV1Request(r *http.Request) (*types.StItem, error) {
	var item types.StItem
	if err := unpackOctetPost(r, &item); err != nil {
		return nil, fmt.Errorf("unpackOctetPost: %v", err)
	}
	if item.Format != types.StFormatSignedChecksumV1 {
		return nil, fmt.Errorf("invalid StItem format: %v", item.Format)
	}

	// Check that submitter namespace is valid
	namespace := &item.SignedChecksumV1.Signature.Namespace
	if lp.SubmitterPolicy {
		var ok bool
		if namespace, ok = lp.Submitters.Find(namespace); !ok {
			return nil, fmt.Errorf("unknown submitter namespace: %v", namespace)
		}
	}
	// Check that namespace signed add-entry request
	if msg, err := types.Marshal(item.SignedChecksumV1.Data); err != nil {
		return nil, fmt.Errorf("Marshal: %v", err) // should never happen
	} else if err := namespace.Verify(msg, item.SignedChecksumV1.Signature.Signature); err != nil {
		return nil, fmt.Errorf("Verify: %v", err)
	}
	return &item, nil
}

func (lp *LogParameters) parseAddCosignatureV1Request(r *http.Request) (*types.StItem, error) {
	var item types.StItem
	if err := unpackOctetPost(r, &item); err != nil {
		return nil, fmt.Errorf("unpackOctetPost: %v", err)
	}
	if item.Format != types.StFormatCosignedTreeHeadV1 {
		return nil, fmt.Errorf("invalid StItem format: %v", item.Format)
	}
	if got, want := len(item.CosignedTreeHeadV1.Cosignatures), 1; got != want {
		return nil, fmt.Errorf("invalid number of cosignatures: %d", got)
	}

	// Check that witness namespace is valid
	namespace := &item.CosignedTreeHeadV1.Cosignatures[0].Namespace
	if lp.WitnessPolicy {
		var ok bool
		if namespace, ok = lp.Witnesses.Find(namespace); !ok {
			return nil, fmt.Errorf("unknown witness namespace: %v", namespace)
		}
	}
	// Check that namespace signed add-cosignature request
	if msg, err := types.Marshal(*types.NewSignedTreeHeadV1(&item.CosignedTreeHeadV1.SignedTreeHead.TreeHead, &item.CosignedTreeHeadV1.SignedTreeHead.Signature).SignedTreeHeadV1); err != nil {
		return nil, fmt.Errorf("Marshal: %v", err) // should never happen
	} else if err := namespace.Verify(msg, item.CosignedTreeHeadV1.Cosignatures[0].Signature); err != nil {
		return nil, fmt.Errorf("Verify: %v", err)
	}
	return &item, nil
}

func (lp *LogParameters) parseGetConsistencyProofV1Request(r *http.Request) (*types.GetConsistencyProofV1, error) {
	var item types.GetConsistencyProofV1
	if err := unpackOctetPost(r, &item); err != nil {
		return nil, fmt.Errorf("unpackOctetPost: %v", err)
	}
	if item.First < 1 {
		return nil, fmt.Errorf("first(%d) must be larger than zero", item.First)
	}
	if item.Second <= item.First {
		return nil, fmt.Errorf("second(%d) must be larger than first(%d)", item.Second, item.First)
	}
	return &item, nil
}

func (lp *LogParameters) parseGetProofByHashV1Request(r *http.Request) (*types.GetProofByHashV1, error) {
	var item types.GetProofByHashV1
	if err := unpackOctetPost(r, &item); err != nil {
		return nil, fmt.Errorf("unpackOctetPost: %v", err)
	}
	if item.TreeSize < 1 {
		return nil, fmt.Errorf("TreeSize(%d) must be larger than zero", item.TreeSize)
	}
	return &item, nil
}

func (lp *LogParameters) parseGetEntriesV1Request(r *http.Request) (*types.GetEntriesV1, error) {
	var item types.GetEntriesV1
	if err := unpackOctetPost(r, &item); err != nil {
		return nil, fmt.Errorf("unpackOctetPost: %v", err)
	}

	if item.Start > item.End {
		return nil, fmt.Errorf("start(%v) must be less than or equal to end(%v)", item.Start, item.End)
	}
	if item.End-item.Start+1 > uint64(lp.MaxRange) {
		item.End = item.Start + uint64(lp.MaxRange) - 1
	}
	return &item, nil
}

func unpackOctetPost(r *http.Request, out interface{}) error {
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		return fmt.Errorf("failed reading request body: %v", err)
	}
	if err := types.Unmarshal(body, out); err != nil {
		return fmt.Errorf("Unmarshal: %v", err)
	}
	return nil
}