Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add log list support for static-ct-api logs

This commit is contained in:
Andrew Ayer 2024-11-25 08:09:57 -05:00
parent 0ba0a1fef0
commit 8472e14d4c
4 changed files with 53 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/submitct/main.go
View File

@ -158,18 +158,19 @@ func main() {
var logs []Log var logs []Log
for _, ctlog := range list.AllLogs() { for _, ctlog := range list.AllLogs() {
submissionURL := ctlog.GetSubmissionURL()
pubkey, err := x509.ParsePKIXPublicKey(ctlog.Key) pubkey, err := x509.ParsePKIXPublicKey(ctlog.Key)
if err != nil { if err != nil {
log.Fatalf("%s: Failed to parse log public key: %s", ctlog.URL, err) log.Fatalf("%s: Failed to parse log public key: %s", submissionURL, err)
} }
verifier, err := ct.NewSignatureVerifier(pubkey) verifier, err := ct.NewSignatureVerifier(pubkey)
if err != nil { if err != nil {
log.Fatalf("%s: Failed to create signature verifier for log: %s", ctlog.URL, err) log.Fatalf("%s: Failed to create signature verifier for log: %s", submissionURL, err)
} }
logs = append(logs, Log{ logs = append(logs, Log{
Log: ctlog, Log: ctlog,
SignatureVerifier: verifier, SignatureVerifier: verifier,
LogClient: client.New(strings.TrimRight(ctlog.URL, "/")), LogClient: client.New(strings.TrimRight(submissionURL, "/")),
}) })
} }
@ -212,11 +213,11 @@ func main() {
go func(fingerprint [32]byte, ctlog Log) { go func(fingerprint [32]byte, ctlog Log) {
sct, err := ctlog.SubmitChain(chain) sct, err := ctlog.SubmitChain(chain)
if err != nil { if err != nil {
log.Printf("%x (%s): %s: Submission Error: %s", fingerprint, cn, ctlog.URL, err) log.Printf("%x (%s): %s: Submission Error: %s", fingerprint, cn, ctlog.GetSubmissionURL(), err)
atomic.AddUint32(&submitErrors, 1) atomic.AddUint32(&submitErrors, 1)
} else if *verbose { } else if *verbose {
timestamp := time.Unix(int64(sct.Timestamp)/1000, int64(sct.Timestamp%1000)*1000000) timestamp := time.Unix(int64(sct.Timestamp)/1000, int64(sct.Timestamp%1000)*1000000)
log.Printf("%x (%s): %s: Submitted at %s", fingerprint, cn, ctlog.URL, timestamp) log.Printf("%x (%s): %s: Submitted at %s", fingerprint, cn, ctlog.GetSubmissionURL(), timestamp)
} }
wg.Done() wg.Done()
}(fingerprint, ctlog) }(fingerprint, ctlog)

4
loglist/helpers.go
View File

@ -13,12 +13,16 @@ import (
"time" "time"
) )
// Return all tiled and non-tiled logs from all operators
func (list *List) AllLogs() []*Log { func (list *List) AllLogs() []*Log {
logs := []*Log{} logs := []*Log{}
for operator := range list.Operators { for operator := range list.Operators {
for log := range list.Operators[operator].Logs { for log := range list.Operators[operator].Logs {
logs = append(logs, &list.Operators[operator].Logs[log]) logs = append(logs, &list.Operators[operator].Logs[log])
} }
for log := range list.Operators[operator].TiledLogs {
logs = append(logs, &list.Operators[operator].TiledLogs[log])
}
} }
return logs return logs
} }

28
loglist/schema.go
View File

@ -25,13 +25,16 @@ type Operator struct {
Name string `json:"name"` Name string `json:"name"`
Email []string `json:"email"` Email []string `json:"email"`
Logs []Log `json:"logs"` Logs []Log `json:"logs"`
TiledLogs []Log `json:"tiled_logs"`
} }
type Log struct { type Log struct {
Key []byte `json:"key"` Key []byte `json:"key"`
LogID ct.SHA256Hash `json:"log_id"` LogID ct.SHA256Hash `json:"log_id"`
MMD int `json:"mmd"` MMD int `json:"mmd"`
URL string `json:"url"` URL string `json:"url,omitempty"` // only for rfc6962 logs
SubmissionURL string `json:"submission_url,omitempty"` // only for static-ct-api logs
MonitoringURL string `json:"monitoring_url,omitempty"` // only for static-ct-api logs
Description string `json:"description"` Description string `json:"description"`
State State `json:"state"` State State `json:"state"`
DNS string `json:"dns"` DNS string `json:"dns"`
@ -44,6 +47,29 @@ type Log struct {
// TODO: add previous_operators // TODO: add previous_operators
} }
func (log *Log) IsRFC6962() bool { return log.URL != "" }
func (log *Log) IsStaticCTAPI() bool { return log.SubmissionURL != "" && log.MonitoringURL != "" }
// Return URL prefix for submission using the RFC6962 protocol
func (log *Log) GetSubmissionURL() string {
if log.SubmissionURL != "" {
return log.SubmissionURL
} else {
return log.URL
}
}
// Return URL prefix for monitoring.
// Since the protocol understood by the URL might be either RFC6962 or static-ct-api, this URL is
// only useful for informational purposes.
func (log *Log) GetMonitoringURL() string {
if log.MonitoringURL != "" {
return log.MonitoringURL
} else {
return log.URL
}
}
type State struct { type State struct {
Pending *struct { Pending *struct {
Timestamp time.Time `json:"timestamp"` Timestamp time.Time `json:"timestamp"`

14
loglist/validate.go
View File

@ -26,7 +26,12 @@ func (list *List) Validate() error {
func (operator *Operator) Validate() error { func (operator *Operator) Validate() error {
for i := range operator.Logs { for i := range operator.Logs {
if err := operator.Logs[i].Validate(); err != nil { if err := operator.Logs[i].Validate(); err != nil {
return fmt.Errorf("problem with %dth log (%s): %w", i, operator.Logs[i].LogIDString(), err) return fmt.Errorf("problem with %dth non-tiled log (%s): %w", i, operator.Logs[i].LogIDString(), err)
}
}
for i := range operator.TiledLogs {
if err := operator.TiledLogs[i].Validate(); err != nil {
return fmt.Errorf("problem with %dth tiled log (%s): %w", i, operator.TiledLogs[i].LogIDString(), err)
} }
} }
return nil return nil
@ -37,5 +42,12 @@ func (log *Log) Validate() error {
if log.LogID != realLogID { if log.LogID != realLogID {
return fmt.Errorf("log ID does not match log key") return fmt.Errorf("log ID does not match log key")
} }
if !log.IsRFC6962() && !log.IsStaticCTAPI() {
return fmt.Errorf("URL(s) not provided")
} else if log.IsRFC6962() && log.IsStaticCTAPI() {
return fmt.Errorf("inconsistent URLs provided")
}
return nil return nil
} }