aboutsummaryrefslogtreecommitdiff
path: root/server/main.go
blob: c60f95df3e24825e3948caf2e6f7b25631253c40 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Package main provides an STFE server binary
package main

import (
	"flag"
	"fmt"
	"time"

	"crypto/x509"
	"io/ioutil"
	"net/http"

	"github.com/golang/glog"
	"github.com/google/trillian"
	"github.com/prometheus/client_golang/prometheus/promhttp"
	"github.com/system-transparency/stfe"
	"github.com/system-transparency/stfe/x509util"
	"google.golang.org/grpc"
)

var (
	httpEndpoint = flag.String("http_endpoint", "localhost:6965", "host:port specification of where stfe serves clients")
	rpcBackend   = flag.String("log_rpc_server", "localhost:6962", "host:port specification of where Trillian serves clients")
	prefix       = flag.String("prefix", "st/v1", "a prefix that proceeds each endpoint path")
	trillianID   = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database")
	rpcDeadline  = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests")
	anchorPath   = flag.String("anchor_path", "../x509util/testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates")
	keyPath      = flag.String("key_path", "../x509util/testdata/log.key", "path to a PEM-encoded ed25519 signing key")
	maxRange     = flag.Int64("max_range", 2, "maximum number of entries that can be retrived in a single request")
	maxChain     = flag.Int64("max_chain", 3, "maximum number of certificates in a chain, including the trust anchor")
)

func main() {
	flag.Parse()

	glog.Info("Dialling Trillian gRPC log server")
	dialOpts := []grpc.DialOption{grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(*rpcDeadline)}
	conn, err := grpc.Dial(*rpcBackend, dialOpts...)
	if err != nil {
		glog.Fatal(err)
	}
	client := trillian.NewTrillianLogClient(conn)

	glog.Info("Creating HTTP request multiplexer")
	mux := http.NewServeMux()
	http.Handle("/", mux)

	glog.Info("Adding prometheus handler on path: /metrics")
	http.Handle("/metrics", promhttp.Handler())

	glog.Infof("Loading trust anchors from file: %s", *anchorPath)
	anchors, err := loadCertificates(*anchorPath)
	if err != nil {
		glog.Fatalf("no trust anchors: %v", err)
	}

	glog.Infof("Loading Ed25519 signing key from file: %s", *keyPath)
	pem, err := ioutil.ReadFile(*keyPath)
	if err != nil {
		glog.Fatalf("no signing key: %v", err)
	}
	signer, err := x509util.NewEd25519PrivateKey(pem)
	if err != nil {
		glog.Fatalf("no signing key: %v", err)
	}

	lp, err := stfe.NewLogParameters(*trillianID, *prefix, anchors, signer, *maxRange, *maxChain)
	if err != nil {
		glog.Fatalf("failed setting up log parameters: %v", err)
	}

	i := stfe.NewInstance(lp, client, *rpcDeadline, mux)
	for _, handler := range i.Handlers() {
		glog.Infof("adding handler: %s", handler.Path())
		mux.Handle(handler.Path(), handler)
	}
	glog.Infof("Configured: %s", i)

	glog.Infof("Serving on %v/%v", *httpEndpoint, *prefix)
	srv := http.Server{Addr: *httpEndpoint}
	err = srv.ListenAndServe()
	if err != http.ErrServerClosed {
		glog.Warningf("Server exited: %v", err)
	}

	glog.Flush()
}

// loadCertificates loads a non-empty list of PEM-encoded certificates from file
func loadCertificates(path string) ([]*x509.Certificate, error) {
	pem, err := ioutil.ReadFile(path)
	if err != nil {
		return nil, fmt.Errorf("failed reading %s: %v", path, err)
	}
	anchors, err := x509util.NewCertificateList(pem)
	if err != nil {
		return nil, fmt.Errorf("failed parsing: %v", err)
	}
	if len(anchors) == 0 {
		return nil, fmt.Errorf("no trust anchors")
	}
	return anchors, nil
}