Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

submitct: reorganize code

This commit is contained in:
Andrew Ayer 2017-02-05 10:09:19 -08:00
parent b94d850dbe
commit 732a660767
1 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
cmd/submitct/main.go
View File

@ -29,69 +29,6 @@ import (
var verbose = flag.Bool("v", false, "Enable verbose output") var verbose = flag.Bool("v", false, "Enable verbose output")
type CertificateBunch struct {
byFingerprint map[[32]byte]*Certificate
bySubject map[[32]byte]*Certificate
}
func MakeCertificateBunch() CertificateBunch {
return CertificateBunch{
byFingerprint: make(map[[32]byte]*Certificate),
bySubject: make(map[[32]byte]*Certificate),
}
}
func (certs *CertificateBunch) Add(cert *Certificate) {
certs.byFingerprint[cert.Fingerprint()] = cert
certs.bySubject[sha256.Sum256(cert.Subject)] = cert
}
func (certs *CertificateBunch) FindBySubject(subject []byte) *Certificate {
return certs.bySubject[sha256.Sum256(subject)]
}
type Chain []*Certificate
func (c Chain) GetRawCerts() [][]byte {
rawCerts := make([][]byte, len(c))
for i := range c {
rawCerts[i] = c[i].Raw
}
return rawCerts
}
type Log struct {
info certspotter.LogInfo
verify *ct.SignatureVerifier
client *client.LogClient
}
func (ctlog *Log) SubmitChain(chain Chain) (*ct.SignedCertificateTimestamp, error) {
rawCerts := chain.GetRawCerts()
sct, err := ctlog.client.AddChain(rawCerts)
if err != nil {
return nil, err
}
entry := ct.LogEntry{
Leaf: ct.MerkleTreeLeaf{
Version: 0,
LeafType: ct.TimestampedEntryLeafType,
TimestampedEntry: ct.TimestampedEntry{
Timestamp: sct.Timestamp,
EntryType: ct.X509LogEntryType,
X509Entry: rawCerts[0],
Extensions: sct.Extensions,
},
},
}
if err := ctlog.verify.VerifySCTSignature(*sct, entry); err != nil {
return nil, fmt.Errorf("Bad SCT signature: %s", err)
}
return sct, nil
}
type Certificate struct { type Certificate struct {
Subject []byte Subject []byte
Issuer []byte Issuer []byte
@ -132,6 +69,69 @@ func parseCertificate(data []byte) (*Certificate, error) {
}, nil }, nil
} }
type Chain []*Certificate
func (c Chain) GetRawCerts() [][]byte {
rawCerts := make([][]byte, len(c))
for i := range c {
rawCerts[i] = c[i].Raw
}
return rawCerts
}
type CertificateBunch struct {
byFingerprint map[[32]byte]*Certificate
bySubject map[[32]byte]*Certificate
}
func MakeCertificateBunch() CertificateBunch {
return CertificateBunch{
byFingerprint: make(map[[32]byte]*Certificate),
bySubject: make(map[[32]byte]*Certificate),
}
}
func (certs *CertificateBunch) Add(cert *Certificate) {
certs.byFingerprint[cert.Fingerprint()] = cert
certs.bySubject[sha256.Sum256(cert.Subject)] = cert
}
func (certs *CertificateBunch) FindBySubject(subject []byte) *Certificate {
return certs.bySubject[sha256.Sum256(subject)]
}
type Log struct {
info certspotter.LogInfo
verify *ct.SignatureVerifier
client *client.LogClient
}
func (ctlog *Log) SubmitChain(chain Chain) (*ct.SignedCertificateTimestamp, error) {
rawCerts := chain.GetRawCerts()
sct, err := ctlog.client.AddChain(rawCerts)
if err != nil {
return nil, err
}
entry := ct.LogEntry{
Leaf: ct.MerkleTreeLeaf{
Version: 0,
LeafType: ct.TimestampedEntryLeafType,
TimestampedEntry: ct.TimestampedEntry{
Timestamp: sct.Timestamp,
EntryType: ct.X509LogEntryType,
X509Entry: rawCerts[0],
Extensions: sct.Extensions,
},
},
}
if err := ctlog.verify.VerifySCTSignature(*sct, entry); err != nil {
return nil, fmt.Errorf("Bad SCT signature: %s", err)
}
return sct, nil
}
func buildChain(cert *Certificate, certs *CertificateBunch) Chain { func buildChain(cert *Certificate, certs *CertificateBunch) Chain {
chain := make([]*Certificate, 0) chain := make([]*Certificate, 0)
for len(chain) < 16 && cert != nil && !bytes.Equal(cert.Subject, cert.Issuer) { for len(chain) < 16 && cert != nil && !bytes.Equal(cert.Subject, cert.Issuer) {