Add log list support for static-ct-api logs
This commit is contained in:
parent
1b441660ab
commit
9483eb0d4c
|
@ -158,18 +158,19 @@ func main() {
|
||||||
|
|
||||||
var logs []Log
|
var logs []Log
|
||||||
for _, ctlog := range list.AllLogs() {
|
for _, ctlog := range list.AllLogs() {
|
||||||
|
submissionURL := ctlog.GetSubmissionURL()
|
||||||
pubkey, err := x509.ParsePKIXPublicKey(ctlog.Key)
|
pubkey, err := x509.ParsePKIXPublicKey(ctlog.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("%s: Failed to parse log public key: %s", ctlog.URL, err)
|
log.Fatalf("%s: Failed to parse log public key: %s", submissionURL, err)
|
||||||
}
|
}
|
||||||
verifier, err := ct.NewSignatureVerifier(pubkey)
|
verifier, err := ct.NewSignatureVerifier(pubkey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("%s: Failed to create signature verifier for log: %s", ctlog.URL, err)
|
log.Fatalf("%s: Failed to create signature verifier for log: %s", submissionURL, err)
|
||||||
}
|
}
|
||||||
logs = append(logs, Log{
|
logs = append(logs, Log{
|
||||||
Log: ctlog,
|
Log: ctlog,
|
||||||
SignatureVerifier: verifier,
|
SignatureVerifier: verifier,
|
||||||
LogClient: client.New(strings.TrimRight(ctlog.URL, "/")),
|
LogClient: client.New(strings.TrimRight(submissionURL, "/")),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -212,11 +213,11 @@ func main() {
|
||||||
go func(fingerprint [32]byte, ctlog Log) {
|
go func(fingerprint [32]byte, ctlog Log) {
|
||||||
sct, err := ctlog.SubmitChain(chain)
|
sct, err := ctlog.SubmitChain(chain)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("%x (%s): %s: Submission Error: %s", fingerprint, cn, ctlog.URL, err)
|
log.Printf("%x (%s): %s: Submission Error: %s", fingerprint, cn, ctlog.GetSubmissionURL(), err)
|
||||||
atomic.AddUint32(&submitErrors, 1)
|
atomic.AddUint32(&submitErrors, 1)
|
||||||
} else if *verbose {
|
} else if *verbose {
|
||||||
timestamp := time.Unix(int64(sct.Timestamp)/1000, int64(sct.Timestamp%1000)*1000000)
|
timestamp := time.Unix(int64(sct.Timestamp)/1000, int64(sct.Timestamp%1000)*1000000)
|
||||||
log.Printf("%x (%s): %s: Submitted at %s", fingerprint, cn, ctlog.URL, timestamp)
|
log.Printf("%x (%s): %s: Submitted at %s", fingerprint, cn, ctlog.GetSubmissionURL(), timestamp)
|
||||||
}
|
}
|
||||||
wg.Done()
|
wg.Done()
|
||||||
}(fingerprint, ctlog)
|
}(fingerprint, ctlog)
|
||||||
|
|
|
@ -13,12 +13,16 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Return all tiled and non-tiled logs from all operators
|
||||||
func (list *List) AllLogs() []*Log {
|
func (list *List) AllLogs() []*Log {
|
||||||
logs := []*Log{}
|
logs := []*Log{}
|
||||||
for operator := range list.Operators {
|
for operator := range list.Operators {
|
||||||
for log := range list.Operators[operator].Logs {
|
for log := range list.Operators[operator].Logs {
|
||||||
logs = append(logs, &list.Operators[operator].Logs[log])
|
logs = append(logs, &list.Operators[operator].Logs[log])
|
||||||
}
|
}
|
||||||
|
for log := range list.Operators[operator].TiledLogs {
|
||||||
|
logs = append(logs, &list.Operators[operator].TiledLogs[log])
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return logs
|
return logs
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,13 +25,16 @@ type Operator struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Email []string `json:"email"`
|
Email []string `json:"email"`
|
||||||
Logs []Log `json:"logs"`
|
Logs []Log `json:"logs"`
|
||||||
|
TiledLogs []Log `json:"tiled_logs"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Log struct {
|
type Log struct {
|
||||||
Key []byte `json:"key"`
|
Key []byte `json:"key"`
|
||||||
LogID ct.SHA256Hash `json:"log_id"`
|
LogID ct.SHA256Hash `json:"log_id"`
|
||||||
MMD int `json:"mmd"`
|
MMD int `json:"mmd"`
|
||||||
URL string `json:"url"`
|
URL string `json:"url,omitempty"` // only for rfc6962 logs
|
||||||
|
SubmissionURL string `json:"submission_url,omitempty"` // only for static-ct-api logs
|
||||||
|
MonitoringURL string `json:"monitoring_url,omitempty"` // only for static-ct-api logs
|
||||||
Description string `json:"description"`
|
Description string `json:"description"`
|
||||||
State State `json:"state"`
|
State State `json:"state"`
|
||||||
DNS string `json:"dns"`
|
DNS string `json:"dns"`
|
||||||
|
@ -44,6 +47,29 @@ type Log struct {
|
||||||
// TODO: add previous_operators
|
// TODO: add previous_operators
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (log *Log) IsRFC6962() bool { return log.URL != "" }
|
||||||
|
func (log *Log) IsStaticCTAPI() bool { return log.SubmissionURL != "" && log.MonitoringURL != "" }
|
||||||
|
|
||||||
|
// Return URL prefix for submission using the RFC6962 protocol
|
||||||
|
func (log *Log) GetSubmissionURL() string {
|
||||||
|
if log.SubmissionURL != "" {
|
||||||
|
return log.SubmissionURL
|
||||||
|
} else {
|
||||||
|
return log.URL
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return URL prefix for monitoring.
|
||||||
|
// Since the protocol understood by the URL might be either RFC6962 or static-ct-api, this URL is
|
||||||
|
// only useful for informational purposes.
|
||||||
|
func (log *Log) GetMonitoringURL() string {
|
||||||
|
if log.MonitoringURL != "" {
|
||||||
|
return log.MonitoringURL
|
||||||
|
} else {
|
||||||
|
return log.URL
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
type State struct {
|
type State struct {
|
||||||
Pending *struct {
|
Pending *struct {
|
||||||
Timestamp time.Time `json:"timestamp"`
|
Timestamp time.Time `json:"timestamp"`
|
||||||
|
|
|
@ -26,7 +26,12 @@ func (list *List) Validate() error {
|
||||||
func (operator *Operator) Validate() error {
|
func (operator *Operator) Validate() error {
|
||||||
for i := range operator.Logs {
|
for i := range operator.Logs {
|
||||||
if err := operator.Logs[i].Validate(); err != nil {
|
if err := operator.Logs[i].Validate(); err != nil {
|
||||||
return fmt.Errorf("problem with %dth log (%s): %w", i, operator.Logs[i].LogIDString(), err)
|
return fmt.Errorf("problem with %dth non-tiled log (%s): %w", i, operator.Logs[i].LogIDString(), err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for i := range operator.TiledLogs {
|
||||||
|
if err := operator.TiledLogs[i].Validate(); err != nil {
|
||||||
|
return fmt.Errorf("problem with %dth tiled log (%s): %w", i, operator.TiledLogs[i].LogIDString(), err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -37,5 +42,12 @@ func (log *Log) Validate() error {
|
||||||
if log.LogID != realLogID {
|
if log.LogID != realLogID {
|
||||||
return fmt.Errorf("log ID does not match log key")
|
return fmt.Errorf("log ID does not match log key")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !log.IsRFC6962() && !log.IsStaticCTAPI() {
|
||||||
|
return fmt.Errorf("URL(s) not provided")
|
||||||
|
} else if log.IsRFC6962() && log.IsStaticCTAPI() {
|
||||||
|
return fmt.Errorf("inconsistent URLs provided")
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue