certspotter/logs.go

package ctwatch

import (
	"encoding/base64"
	"crypto"
	"crypto/x509"
)

type LogInfoFile struct {
	Logs		[]LogInfo	`json:"logs"`
}
type LogInfo struct {
	Description	string		`json:"description"`
	Key		[]byte		`json:"key"`
	Url		string		`json:"url"`
	MMD		int		`json:"maximum_merge_delay"`
}

func (info *LogInfo) FullURI () string {
	return "https://" + info.Url
}

func (info *LogInfo) ParsedPublicKey () (crypto.PublicKey, error) {
	return x509.ParsePKIXPublicKey(info.Key)
}

var DefaultLogs = []LogInfo{
	{
		Description: "Google 'Pilot' log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA=="),
		Url: "ct.googleapis.com/pilot",
		MMD: 86400,
	},
	{
		Description: "Google 'Aviator' log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q=="),
		Url: "ct.googleapis.com/aviator",
		MMD: 86400,
	},
	{
		Description: "DigiCert Log Server",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A=="),
		Url: "ct1.digicert-ct.com/log",
		MMD: 86400,
	},
	{
		Description: "Google 'Rocketeer' log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg=="),
		Url: "ct.googleapis.com/rocketeer",
		MMD: 86400,
	},
	{
		Description: "Izenpe log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg=="),
		Url: "ct.izenpe.com",
		MMD: 86400,
	},
	{
		Description: "Symantec log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg=="),
		Url: "ct.ws.symantec.com",
		MMD: 86400,
	},
	{
		Description: "Venafi log",
		Key: mustDecodeBase64("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB"),
		Url: "ctlog.api.venafi.com",
		MMD: 86400,
	},
	{
		Description: "Symantec 'Vega' log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6pWeAv/u8TNtS4e8zf0ZF2L/lNPQWQc/Ai0ckP7IRzA78d0NuBEMXR2G3avTK0Zm+25ltzv9WWis36b4ztIYTQ=="),
		Url: "vega.ws.symantec.com",
		MMD: 86400,
	},
}

// Logs which monitor certs from distrusted roots
var UnderwaterLogs = []LogInfo{
	{
		Description: "Google 'Submariner' log",
		Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOfifIGLUV1Voou9JLfA5LZreRLSUMOCeeic8q3Dw0fpRkGMWV0Gtq20fgHQweQJeLVmEByQj9p81uIW4QkWkTw=="),
		Url: "ct.googleapis.com/submariner",
		MMD: 86400,
	},
}

func mustDecodeBase64 (str string) []byte {
	bytes, err := base64.StdEncoding.DecodeString(str)
	if err != nil {
		panic("MustDecodeBase64: " + err.Error())
	}
	return bytes
}
Verify STH signatures 2016-02-18 01:03:49 +01:00			`package ctwatch`

			`import (`
			`"encoding/base64"`
			`"crypto"`
			`"crypto/x509"`
			`)`

			`type LogInfoFile struct {`
			Logs []LogInfo `json:"logs"`
			`}`
			`type LogInfo struct {`
			Description string `json:"description"`
			Key []byte `json:"key"`
			Url string `json:"url"`
			MMD int `json:"maximum_merge_delay"`
			`}`

			`func (info *LogInfo) FullURI () string {`
			`return "https://" + info.Url`
			`}`

			`func (info *LogInfo) ParsedPublicKey () (crypto.PublicKey, error) {`
			`return x509.ParsePKIXPublicKey(info.Key)`
			`}`

			`var DefaultLogs = []LogInfo{`
			`{`
			`Description: "Google 'Pilot' log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA=="),`
			`Url: "ct.googleapis.com/pilot",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Google 'Aviator' log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q=="),`
			`Url: "ct.googleapis.com/aviator",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "DigiCert Log Server",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A=="),`
			`Url: "ct1.digicert-ct.com/log",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Google 'Rocketeer' log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg=="),`
			`Url: "ct.googleapis.com/rocketeer",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Izenpe log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg=="),`
			`Url: "ct.izenpe.com",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Symantec log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg=="),`
			`Url: "ct.ws.symantec.com",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Venafi log",`
			`Key: mustDecodeBase64("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB"),`
			`Url: "ctlog.api.venafi.com",`
			`MMD: 86400,`
			`},`
			`{`
			`Description: "Symantec 'Vega' log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6pWeAv/u8TNtS4e8zf0ZF2L/lNPQWQc/Ai0ckP7IRzA78d0NuBEMXR2G3avTK0Zm+25ltzv9WWis36b4ztIYTQ=="),`
			`Url: "vega.ws.symantec.com",`
			`MMD: 86400,`
			`},`
			`}`

			`// Logs which monitor certs from distrusted roots`
			`var UnderwaterLogs = []LogInfo{`
			`{`
			`Description: "Google 'Submariner' log",`
			`Key: mustDecodeBase64("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOfifIGLUV1Voou9JLfA5LZreRLSUMOCeeic8q3Dw0fpRkGMWV0Gtq20fgHQweQJeLVmEByQj9p81uIW4QkWkTw=="),`
			`Url: "ct.googleapis.com/submariner",`
			`MMD: 86400,`
			`},`
			`}`

			`func mustDecodeBase64 (str string) []byte {`
			`bytes, err := base64.StdEncoding.DecodeString(str)`
			`if err != nil {`
			`panic("MustDecodeBase64: " + err.Error())`
			`}`
			`return bytes`
			`}`